------------------------------------------------------------------ --- Changelog.all ----------- Mon Apr 20 18:13:50 UTC 2026 ------ ------------------------------------------------------------------ ------------------------------------------------------------------ ------------------ 2026-4-20 - Apr 20 2026 ------------------- ------------------------------------------------------------------ ++++ Aeon-release: - automatically generated by openSUSE-release-tools/pkglistgen ++++ Kalpa-release: - automatically generated by openSUSE-release-tools/pkglistgen ++++ MicroOS-release: - automatically generated by openSUSE-release-tools/pkglistgen ++++ azure-cli: - New upstream release + Version 2.85.0 + For detailed information about changes see the HISTORY.rst file provided with this package - Fix regular expression for extracting test commands - Skip testing failing mariadb command for now - Update Requires from setup.py ++++ azure-cli-core: - New upstream release + Version 2.85.0 + For detailed information about changes see the HISTORY.rst file provided with this package - Update Requires from setup.py ++++ byte-buddy: - Update to v1.18.8 * Changes of v1.18.8 + Improve support for repeatable builds + Fix reordering of exception table in type initializers when instrumenting * Changes of v1.18.7 + Introduce new versioning concept with -jdk5 suffix for backwards-compatible jar and Java 8 baseline for regular jar * No tag v1.18.6 * Changes of v1.18.5 + Eagerly resolve of canonical files during attach emulation to avoid failure when process ends before file can be deleted + Add super classes to hash code / equals computation in Advice that were missing * Changes of v1.18.4 + Add support for new build description in Android 9 ++++ haproxy: - Update to version 3.3.6+git91.af5637e93: * BUG/MINOR: task: fix uninitialised read in run_tasks_from_lists() * BUG/MEDIUM: mux-h2: ignore conn->owner when deciding if a connection is dead * BUG/MINOR: threads: properly set the number of tgroups when non using policy * BUG/MEDIUM: peers: trash of expired entries delayed after fullresync * BUG/MINOR: acme: don't pass NULL into format string * BUG/MEDIUM: htx: Don't count delta twice when block value is replaced * BUG/MEDIUM: htx: Fix function used to change part of a block value when defrag * BUG/MEDIUM: cli: Properly handle too big payload on a command line * BUG/MINOR: log: Fix error message when using unavailable fetch in logfmt * BUG/MINOR: ot: fixed wrong NULL check in flt_ot_parse_cfg_group() * BUG/MINOR: hlua: fix use-after-free of HTTP reason string * BUG/MEDIUM: mux-fcgi: prevent record-length truncation with large bufsize * BUG/MINOR: sample: fix info leak in regsub when exp_replace fails * BUG/MEDIUM: samples: Fix handling of SMP_T_METH samples * BUG/MINOR: spoe: fix pointer arithmetic overflow in spoe_decode_buffer() * BUG/MINOR: resolvers: fix memory leak on AAAA additional records * BUG/MAJOR: slz: always make sure to limit fixed output to less than worst case literals * BUG/MINOR: peers: fix OOB heap write in dictionary cache update * BUG/MINOR: hlua: fix format-string vulnerability in Patref error path * BUG/MINOR: hlua: fix stack overflow in httpclient headers conversion * BUG: hlua: fix stack overflow in httpclient headers conversion * BUG/MEDIUM: jwt: fix heap overflow in ECDSA signature DER conversion * BUG/MEDIUM: payload: validate SNI name_len in req.ssl_sni * BUG/MINOR: counters: fix unexpected 127 char GUID truncation for shm-stats-file objects * BUG/MINOR: http-act: fix a typo in the "pause" action error message * BUG/MEDIUM: mux-h1: Disable 0-copy forwarding when draining the request * DOC: config: fix ambiguous info in log-steps directive description * BUG/MINOR: cfgcond: fail cleanly on missing argument for "feature" * BUG/MINOR: cfgcond: always set the error string on awslc_api checks * BUG/MINOR: cfgcond: always set the error string on openssl_version checks * BUG/MINOR: cfgcond: properly set the error pointer on evaluation error * BUG/MINOR: quic: fix documentation for transport params decoding * BUG/MINOR: tcpcheck: Use tcpcheck context for expressions parsing * BUG/MINOR: tcpcheck: Don't enable http_needed when parsing HTTP samples * BUG/MINOR: tcpcheck: Remove unexpected flag on tcpcheck rules for httchck option * BUG/MEDIUM: mux-h1: Don't set MSG_MORE on bodyless responses forwarded to client * DOC: configuration: mention QUIC server support * BUG/MEDIUM: map/cli: CLI commands lack admin permission checks * BUG/MEDIUM: ssl/ocsp: ocsp commands are missing permission checks * BUG/MEDIUM: ssl/cli: tls-keys commands are missing permission checks * BUG/MEDIUM: map/cli: map/acl commands warn when accessed without admin level * BUG/MEDIUM: ssl/ocsp: ocsp commands warn when accessed without admin level * BUG/MEDIUM: ssl/cli: tls-keys commands warn when accessed without admin level - Update to version 3.3.6+git48.b25b83c54: * SCRIPTS: git-show-backports: list new commits and how to review them with -L * MINOR: mux-h2: report glitches on early RST_STREAM * MINOR: stconn: flag the stream endpoint descriptor when the app has started * BUG/MINOR: stconn: Always declare the SC created from healthchecks as a back SC * BUG/MINOR: quic: close conn on packet reception with incompatible frame * CI: github: fix tag listing by implementing proper API pagination * BUG/MINOR: acme: fix task allocation leaked upon error * BUG/MEDIUM: acme: skip doing challenge if it is already valid * BUG/MINOR: http-ana: Only consider client abort for abortonclose * BUG/MINOR: config: Properly test warnif_misplaced_* return values * BUG/MINOR: acme: permission checks on the CLI * BUG/MINOR: ech: permission checks on the CLI * BUILD: tools: potential null pointer dereference in dl_collect_libs_cb * BUG/MINOR: acme/cli: fix argument check and error in 'acme challenge_ready' * BUG/MINOR: acme: replace atol with len-bounded __strl2uic() for retry-after * BUG/MINOR: acme: free() DER buffer on a2base64url error path * BUG/MINOR: quic: missing app ops init during backend 0-RTT sessions * MINOR: ncbmbuf: improve itbmap_next() code * BUG/MEDIUM: spoe: Acquire context buffer in applet before consuming a frame * BUG/MINOR: acme: fix incorrect number of arguments allowed in config * BUG/MINOR: acme: wrong labels logic always memprintf errmsg * BUG/MINOR: acme: acme_ctx_destroy() leaks auth->dns * BUG/MINOR: quic/h3: display QUIC/H3 backend module on HTML stats * BUG/MINOR: quic: fix counters used on BE side * BUG/MINOR: server: enable no-check-sni-auto for dynamic servers * BUG/MINOR: server: set auto SNI for dynamic servers * BUG/MINOR: proxy: detect strdup error on server auto SNI * BUG/MEDIUM: stats-file: detect and fix inconsistent shared clock when resuming from shm-stats-file * BUG/MINOR: stats-file: manipulate shm-stats-file heartbeat using unsigned int * DOC: config: Reorder params for 'tcp-check expect' directive * DOC: config: Add missing 'status-code' param for 'http-check expect' directive * DOC: config: Fix alphabetical ordering of external-check directives * DOC: config: Fix alphabetical ordering of proxy options * Revert "BUG/MEDIUM: mux-h2: make sure to always report pending errors to the stream" * BUG/MINOR: acme/cli: wrong argument check in 'acme renew' * BUG/MINOR: acme: wrong error when checking for duplicate section * BUG/MINOR: acme: leak of ext_san upon insertion error * BUG/MEDIUM: acme: fix multiple resource leaks in acme_x509_req() * BUILD: sched: fix leftover of debugging test in single-run changes * MINOR: mux-h2: assign a limited frames processing budget * MEDIUM: sched: change scheduler budgets to lower TL_BULK * MEDIUM: sched: do not punish self-waking tasklets if TASK_WOKEN_ANY * MINOR: sched: do not punish self-waking tasklets anymore * MINOR: sched: do not requeue a tasklet into the current queue * MEDIUM: sched: do not run a same task multiple times in series * BUG/MINOR: qpack: fix 62-bit overflow and 1-byte OOB reads in decoding * BUG/MINOR: sock: adjust accept() error messages for ENFILE and ENOMEM * BUG/MINOR: mworker: fix sort order of mworker_proc in 'show proc' * [RELEASE] Released version 3.3.6 * CI: github: treat vX.Y.Z release tags as stable like haproxy-* branches * BUG/MINOR: mworker/cli: fix show proc pagination losing entries on resume * MINOR: mworker/cli: extract worker "show proc" row printer * BUG/MEDIUM: h3: reject unaligned frames except DATA * BUG/MAJOR: h3: check body size with content-length on empty FIN (bsc#1262103) VUL-0: CVE-2026-33555: haproxy: Request smuggling via HTTP/3 parser desynchronization * BUG/MINOR: mux-h2: properly ignore R bit in WINDOW_UPDATE increments * BUG/MINOR: mux-h2: properly ignore R bit in GOAWAY stream ID * BUG/MEDIUM: peers: enforce check on incoming table key type * BUG/MINOR: mworker: don't try to access an initializing process * DOC: internals: short explanation on how thread_exec_ctx works * MINOR: activity: raise the default number of memprofile buckets to 4k * MINOR: activity: support aggregating by caller also for memprofile * MINOR: cli: implement execution context for manually registered keywords * MINOR: cli: keep track of the initcall context since kw registration * MINOR: cli: keep the info of the current keyword being processed in the appctx * MINOR: applet: set execution context on applet calls * MINOR: task: set execution context on task/tasklet calls * MINOR: connection: track mux calls to report their allocation context * MINOR: ssl: set the thread execution context during message callbacks * MINOR: filters: set the exec context to the current filter config * MINOR: actions: also report execution contexts registered directly * MINOR: actions: store the location of keywords registered via initcalls * MINOR: tools: support an execution context that is just a function * MINOR: sample: also report contexts registered directly * MINOR: sample: store location for fetch/conv via initcalls * MINOR: tools: support decoding ha_caller type exec context * MINOR: tools: decode execution context TH_EX_CTX_INITCALL * MINOR: initcall: record the file and line declaration of an INITCALL * MINOR: memprof: report the execution context on profiling output * MINOR: debug: report the execution context on thread dumps * MINOR: tools: add a function to write a thread execution context. * MINOR: memprof: also permit to sort output by calling context * MINOR: memprof: prepare to consider exec_ctx in reporting * MINOR: tinfo: start to add basic thread_exec_ctx * MINOR: tools: add a new pointer hash function that also takes an argument * BUILD: makefile: fix range build without test command * MINOR: debug: opportunistically load libthread_db.so.1 with set-dumpable=libs * MINOR: debug: copy debug symbols from /usr/lib/debug when present * DEV: gdb: add a new utility to extract libs from a core dump: libs-from-core * MINOR: debug: read all libs in memory when set-dumpable=libs * MINOR: config: support explicit "on" and "off" for "set-dumpable" * MINOR: tools: add a function to load a file into a tar archive * MINOR: tools: add a function to create a tar file header * DEV: gdb: add a utility to find the post-mortem address from a core * BUILD: spoe: Remove unsused variable * BUG/MINOR: spoe: Fix condition to abort processing on client abort * BUG/MINOR: mjson: make mystrtod() length-aware to prevent out-of-bounds reads * BUG/MINOR: stream: Fix crash in stream dump if the current rule has no keyword * BUG/MINOR: proxy: do not forget to validate quic-initial rules * BUG/MINOR: http-ana: Swap L7 buffer with request buffer by hand * BUG/MINOR: h2/h3: Never insert partial headers/trailers in an HTX message * MINOR: htx: Add function to truncate all blocks after a specific block * BUG/MINOR: h2/h3: Only test number of trailers inserted in HTX message * BUG/MEDIUM: spoe: Properly abort processing on client abort * BUG/MINOR: spoe: Properly switch SPOE filter to WAITING_ACK state * BUG/MINOR: sockpair: set FD_CLOEXEC on fd received via SCM_RIGHTS * BUG/MINOR: mworker: avoid passing NULL version in proc list serialization * BUG/MINOR: mworker: set a timeout on the worker socketpair read at startup * BUG/MINOR: mworker: fix typo &= instead of & in proc list serialization * BUG/MINOR: mworker: only match worker processes when looking for unspawned proc * MINOR: memprof: attempt different retry slots for different hashes on collision * MINOR: tools: extend the pointer hashing code to ease manipulations * MINOR: activity: use dynamic allocation for "show profiling" entries * BUG/MINOR: memprof: avoid a small memory leak in "show profiling" * BUG/MEDIUM: ssl: Don't report read data as early data with AWS-LC * BUG/MINOR: mworker: always stop the receiving listener * BUG/MEDIUM: ssl: Handle receiving early data with BoringSSL/AWS-LC * DOC/CLEANUP: config: update mentions of the old "Global parameters" section * DOC: configuration: http-check expect example typo * BUG/MINOR: jws: fix memory leak in jws_b64_signature * BUG/MINOR: tcpcheck: Fix typo in error error message for `http-check expect` * BUG/MINOR: mworker: don't set the PROC_O_LEAVING flag on master process * BUG/MEDIUM: shctx: Use the next block when data exactly filled a block ++++ openhtj2k: - Update to 0.15.1: * HT block decoding stack buffer overflow * https://github.com/osamu620/OpenHTJ2K/releases/tag/v0.15.1 - Update to 0.15.0: * https://github.com/osamu620/OpenHTJ2K/releases/tag/v0.15.0 ++++ trousers: - add setid-hardening.patch (bsc#1262318): detect privilege drop errors, also drop supplementary group membership. ++++ openQA: - Update to version 5.1776681647.73d96c66: * feat(Git): Use nickname as a fallback for fullname * perf: Select only needed columns in _previous_scenario_jobs * perf(IssueReporter): Cache regression_links * feat: ignore "Investigations" job group on dashboard by default * fix: prevent "Not enough storage" with consistent setting * refactor: Improve code for `None` auth method * refactor: Avoid duplicating code for OAuth2 and OpenID auth * test: Improve OAuth2 tests * docs: Explain the design of the OAuth2 plugin * feat: Return to previous page after login via OAuth2 * fix: ensure priority increases for job groups with NULL description * feat(Makefile): add convenience targets for all services * feat: Handle deleted/altered system user more gracefully * fix(worker): handle missing D-Bus socket gracefully * test: Consider everything we track coverage of as covered * test: Cover YAML validation script * feat(cli): support lower-case test argument passing * feat(mcp): promote endpoint from /experimental/mcp to /mcp ++++ openSUSE-release: - automatically generated by openSUSE-release-tools/pkglistgen ++++ python-PyPDF2: - CVE-2026-40260: crafted PDF can lead to large memory usage (bsc#1262284) Add security patch: CVE-2026-40260.patch ++++ python-adblock: - Upstream is unresponsive -- switch to downstream Git repository with applied changes to make dealing with Cargo easier. Unfortunately, updating dependencies is not possible because all compatible versions of rmp-serde have been yanked, and updating the adblock crate itself leads to both dependency hell and changes that would break downstream users of this module. - Update to version 0.6.0+14.compat.g9e997bcbd: * PyO3: Build flavor-specific versions * update configuration for poetry 2.0 * upgrade to pyo3 0.28 * PEP 621 compatibility - Drop python-adblock-maturin-0-14-compat.patch ++++ python-aenum: - update to 3.1.16: * standardized handling of negative numbers in flags * support dictionary-like key access to NamedTuple * remove newer setup.py option include_package_data ++++ python-azure-keyvault-certificates: - New upstream release + Version 4.11.0 + For detailed information about changes see the CHANGELOG.md file provided with this package ++++ python-cli-helpers: - Update to 2.14.0: * Downgrade Pygments requirement to v1.6+, and fix tests to support all versions. * Pin Pygments library to older version v2.19.2 to fix tests. ++++ python-dfVFS: - Update to release 20260411 * Python 3.14 support ++++ python-langfuse: - update to 4.3.1: * feat(api): update API spec from langfuse/langfuse 07cae52 * chore(deps): bump actions/github-script from 8.0.0 to 9.0.0 in the github-actions group * refactor(tests): split suites by execution level and speed up CI * ci: add 7-day dependabot cooldown * ci: harden GitHub Actions workflows with zizmor * ci: make uv action tag explicit * fix(langchain): propagate trace name metadata ++++ python-packaging-legacy: - include licenses ++++ python-poetry-plugin-export: - update to 1.10.0: [#]# Added * Add support for exporting pylock.toml files. [#]# Changed * Drop support for Python 3.9. [#]# Fixed * Fix an issue where a "dependency walk failed" error message gave an outdated advice. - Drop patch tests.patch, merged. ++++ python-pypdf: - Update to 6.10.2 (bsc#1262284, CVE-2026-40260) * Do not rely on possibly invalid /Size for incremental cloning * Introduce limits for FlateDecode parameters and image decoding - 6.10.1 * Limit the allowed size of xref and object streams * Consider strict mode setting for decryption errors * Use new parameter names for compress_identical_objects - 6.10.0 * Disallow custom XML entity declarations for XMP metadata * Skip MD5 key derivation for AES-256 encrypted PDFs * Use remove_orphans in compress_identical_objects * Fix PdfReadError when xref table contains comments before trailer * Correctly verify AES padding during decryption * Fix stale object cache from non-authoritative object streams * Fix extract_links pairing when annotations include non-links * Add AI policy ++++ safeeyes: - Update to 3.4.1: * configuration: small fixes #837 * Update README with per-language translation status widget #880 * Add new long and short breaks #861 * translation updates for update version for new release #882 * New version (v3.4.1): Translation updates and new breaks #883 ++++ starship: - Update to version 1.25.0: * Features: - add Maven module. - add statusline subcommand for Claude Code integration. - battery: Update default unknown_symbol. - directory: add support for regexes in substitutions. - env_var: include $symbol in default format. - git_status: add variables to track worktree and index changes. - python: add option to replace generic venv-names with parent dir. - vcs: Introduce the VCS module. * Bug Fixes: - aws: isolate tests from host AWS config files. - aws: support $duration for sso_session. - direnv: accept null loadedRC state. - docs: Re-add style option to env_var module. - enable std feature for whoami crate. - format: allow empty textgroups to set prev_fg/prev_bg. - helm: remove deprecated --client flag from helm version command. - hg_state: avoid false-positive MERGING state. - install: improve UX for version option. ++++ xgc: - update to 1.0.7: * man page: fix warnings from `mandoc -T lint` ------------------------------------------------------------------ ------------------ 2026-4-19 - Apr 19 2026 ------------------- ------------------------------------------------------------------ ++++ lagrange: - update to 1.20.4 - Fixed potential hang when stopping a network connection when a SOCKS proxy is active. - Possible fix for Heading subscription entries returning to an unread state after a long time. - Quit the app cleanly when receiving a SIGTERM signal. - Improved CJK IME presentation. (Courtesy of Sidney Cammeresi.) - Added a "Copy Link as Gemtext" context menu action and fixed missing items. (Courtesy of Sidney Cammeresi.) - Updated UI translations. ++++ editres: - update to version 1.1.0 * This release updates to version 6 of the editres protocol, introduced in version 1.3.0 of libXmu (which is required to build this version), providing support for 64-bit pointers to windows & widgets. * This release adds support for building with meson as well as autoconf. - switched to meson ++++ frei0r-plugins: - Update to version 3.1.3: * fix(gateweave): add a missing constraint condition - Changes from version 3.0.1: * Correct versioning follows semver through all packaging including pkg-config. - Changes from version 3.0.0: * Suite to test running plugin instances * Includes several important bugfixes to filters. * Frei0r now explicitly requires C++11 to build. - Please see https://github.com/dyne/frei0r/releases for full list of changes. ++++ gemini-cli: - update to 0.38.2: * fix(patch): cherry-pick 14b2f35 to release/v0.38.1-pr-24974 to patch version v0.38.1 and create version 0.38.2 ++++ grim: - Update to 1.5.0 * write_jpg: use no/444 subsampling * build: print feature summary * Move man pages into doc/ directory * build: always set HAVE_JPEG * build: drop grim_inc * build: use cc.get_supported_arguments() to check for -W flags * build: turn on -Wundef * build: find wayland-scanner via pkg-config * build: require wayland-scanner >=1.14.91 * build: drop unnecessary join_paths() call * build: drop unnecessary intermediate protocols static library * Define _POSIX_C_SOURCE globally * build: move wayland-protocols dep to protocol/ * Move generated protocol header includes to source files * Check for wl_display_roundtrip() errors * Drop "client" suffix in generated protocol header filenames * Move screencopy manager check up * gitignore: only ignore Meson subprojects/ directory * Add support for ext-image-copy-capture-v1 * Prefer wl_output.name over xdg-output-unstable-v1 when available * Migrate to gitlab.freedesktop.org * Remove unnecessary strdup() for -o * Bail out when both -o and -g are provided * readme: quote -o argument in output capture example * Add comment to describe what grim_output.geometry describes * Stop using output->geometry in render() * Introduce grim_capture * Add support for toplevel capture * Split grim_output.geometry into fallback_{x,y} and mode_{width,height * build: bump version to 1.5.0 ++++ iceauth: - Update to version 1.0.11 * This release adds support for building with meson as well as autoconf. - switched to meson ++++ ico: - Update to version 1.0.7 * This release adds support for building with meson as well as autoconf. - switch to meson ++++ partio: - update to 1.20.0: * python: add compatibility with newer versions of swig * partedit: reorder imports * partedit: avoid importing PyQt5 directly * enable C++17 * python: improve swig bindings * tests: avoid deprecated assertEquals() ++++ listres: - update to version 1.0.7 * This release adds support for building with meson as well as autoconf. - switch to meson ++++ mkcomposecache: - Update to version 1.2.3 * This release adds support for building with meson as well as autoconf. - switch to meson ++++ mkfontscale: - Update to version 1.2.4 * This release adds support for building with meson as well as autoconf. - switch to meson ++++ monitoring-plugins-nwc_health: - Update to version 12.12.2.5 * bugfix in Cisco WLC caching * no more parameter tweaking for Huawei hwEntity (since GLPlugin uses SNMP-XS). - Update to version 12.12.2.4 * rescan the accesspoints if a name was not immediately found. - Update to version 12.12.2.3 * improve queries to cisco wlc accesspoint-status use index cacheing. ++++ nekobox: Update to 5.10.39 - Update sing-box - Migrate to lmdb database - Fix core dump on permission elevation ++++ nextcloud: - Remove require of php-opcache if php8 >= 8.5 is installed. ++++ photoqt: - Update to 5.2: * add: controls for ignoring/limiting large archives * add: customizable sort order for folder thumbnails * improve: handle different screen scale factors for different screens on Wayland * improve: interpolation of normal images, both large and small * improve: filter not applied if no matches, showing notification instead * improve: only ever fully load one of the file views in the file dialog * improve: mouse events also captured on empty area around files in file dialog * improve: show busy indicator while loading large archives * improve: better information in status bar when in viewer mode * improve: handling of modal windows/elements * fix: building with ZXing-C++ 3.x * fix: scroll to thumbnail when PhotoQt started with an image * fix: don't load same archive more than once concurrently, keeping interface responsive * fix: setting/previewing custom accent colors * fix: width of slider in slideshow settings * fix: don't apply Exif orientation twice with any image plugin * fix: don't set up file view twice at startup * fix: don't always load image sizes in file dialog unless needed * change: removed support for FreeImage - Update BuildRequires, because PhotoQt now based on Qt6 - Drop photoqt-exiv2.patch, fixed upstream ++++ pqiv: - update to 2.13.3: * This patch release contains two relevant changes: * Backends now have a priority so more specialized or faster ones are preferred, rather than alphabetic order * ffmpeg 8.0 build compatibility - drop pqiv-2.13.2-avcodec_close.patch (upstream) ++++ python-oslo.concurrency: - update to 7.4.1: * Make lock_path_prefix optional again * Update TOX_CONSTRAINTS_FILE for stable/2026.1 * Update .gitreview for stable/2026.1 ++++ python-pysnmp: - Update to version 7.1.24 * Fixed Counter32 and TimeTicks overflow handling. * Improved type hints and test coverage for SET command functions. * Improved AsyncioDispatcher to track loop state and ensure proper event loop closure. * Refined MibBuilder error handling and added tests for MIB compilation errors. * Fixed dispatcher close handling to avoid event loop/resource leaks. ++++ python-cloup: - update to 3.0.9: * fix for the click.__version__ deprecation warning * Pin setuptools<81 in docs requirements * Pin setuptools_scm<10 in setup_requires ++++ python-django-rq: - update to 4.1: * Job detail page now shows execution results. Thanks @selwin! * Fixed RQ worker-pool command for projects using Postgres with SSL connections. Thanks @selwin! ++++ python-google-cloud-firestore: - update to 2.27.0: * Prep for firestore GA ++++ python-hepunits: - update to 2.4.5: * Add a couple more non-SI units related to electromagnetism actions group ++++ python-hishel: - update to 1.1.10: * fix non-existing rfc reference by @karpetrosyan * don't discard no-cache and vary-mismatched entries * fix: properly save per-request hishel_ttl setting * document storages * move docs to vitepress ++++ python-identify: - update to 2.6.19: * Add support for *.tif ++++ python-lib4sbom: - update to 0.10.4: * feat: add license exception handling * fix: handle orlater (fixes #88) * fix: SPDX3 license with exception (fixes #89) * fix: SPDX handling of OPERATING-SYSTEM for JSON (fixes #78) * test: add license test suite ++++ python-librouteros: - update to 4.0.1: * fix: handle IPv6 correctly when saddr is not specified * Fix 'cmd' in kwargs collision * Remove Fix 'cmd' in kwargs collision. Breaks backwards compatibility. * Fix 'cmd' in kwargs collision * Pass source address to async connect * Drop Encoder, Decoder classes * Handle broken stream errors * Pass SSLContext to async connect ++++ python-lupa: - update to 2.8: * GH#288: No changes in source or functionality, just removed files from the sdist content that prevented it from building on non-x86_64 platforms. * Py3.8 wheels were excluded due to lack of usage. The package still builds and is tested on Py3.8, but no pre-built wheels are provided. ++++ python-mediafile: - update to 0.16.2: * Add raise_on_unsupported_wav parameter to MediaFile.__init__ to optionally raise FileTypeError for WAV files containing non-PCM audio streams (WAVE_FORMAT_MPEGLAYER3, WAVE_FORMAT_ADPCM, WAVE_FORMAT_ALAW, WAVE_FORMAT_MULAW). * Raise FileTypeError for WAV files containing non-PCM audio streams that mutagen cannot tag correctly, including WAVE_FORMAT_MPEGLAYER3 (0x0055), WAVE_FORMAT_ADPCM (0x0002), WAVE_FORMAT_ALAW (0x0006), and WAVE_FORMAT_MULAW (0x0007). * Added a multiple-valued lyricists, composers and arrangers fields while preserving lyricist, composer and arranger as first-value convenience aliases. * Added a multiple-valued remixers field. ++++ python-modern-colorthief: - update to 0.2.0: * chore: update to new maturin action * Update all dependencies (major) * Update dependency python to 3.14 ++++ rclone: - Update to version 1.73.5: * Version v1.73.5 * operations: add AuthRequired to operations/fsinfo to prevent backend creation CVE-2026-41179 * rc: snapshot NoAuth at startup to prevent runtime auth bypass CVE-2026-41176 * rc: add AuthRequired to options/set to prevent auth bypass CVE-2026-41176 * s3: fix empty delimiter parameter rejected by Archiware P5 server * azureblob/auth: add Microsoft Partner Network User-Agent prefix * drime: fix User.EntryPermissions JSON unmarshalling * filter: fix debug logs that fire before logger is configured - fixes #9291 * s3: fix TencentCOS CDN endpoint failing on bucket check * iclouddrive: fix 'directory not found' error when the directory contains accent marks * Start v1.73.5-DEV development ++++ syncterm: - Update to version 1.8 * Add RIPterm v1.54.00 pixel-level compatibility. * Add OSC 8 hyperlink support (clickable URLs). * Add Ctrl+click detects plain-text URLs in terminal output. * Add Support for encrypted dialing directories. * Add support for explicit sort order. * Add Wayland backend. * Add named sort profiles with < and > keys to cycle through them * Add [ and ] keys to navigate between items in edit submenus. * Add Support for web-based main dialing directory. * Add support to allow specifying terminal type for each entry. * Add default cursor style setting. * Add support for modifying UIFC colours. * Add ECMA-48 screen content readback (SSA/ESA/STS). * Add DEC rectangular area operations (DECERA, DECFRA, DECCRA, DECIC, DECDC). * Add DECCARA, DECRARA, DECSACE (change/reverse attributes in rectangular areas). * Add vertical line tabulation (VTS, CVT). * Add DECRQM reporting for all ECMA-48 standard modes. * Add DECRQSS queries for communication speed and DECSACE. * Add support for DECSCUSR. * Fix many security issues found by jquast. * Fix curses CPU spin when PTY is deleted (e.g., ttyd disconnect) * Fix 9 termcap/terminfo entry bugs, add 5 missing capabilities. * Fix custom entry palette lost on terminal reset. * Fix crash associated with movetext() and custom fonts. * Fix black bar at bottom of 132x37 mode. * Fix snapping of height-controlled modes. * Fix delay at end of ZModem transfer. * Fix compatibility with "SSH-2.0-Go". * Fix curses mode stdio drop detection. * Fix status bar smear during fast scroll. * Fix zombie process when closing window while connected. * Full code audit by Claude Opus, many fixes. - Add patch: * syncterm-1.8-cmake.patch ++++ tor: - upate to 0.4.9.5: * first stable release in the 0.4.9 series * introduces a new circuit-level encryption design for better client security * introduce a more scalable way for large relay operators to annotate which relays they run so clients can avoid using too many of them in a single circuit - update to 0.4.8.23: * Fix a memory compare using the wrong length. This could lead to a remote crash when using the conflux subsystem (TROVE-2026-004, boo#1262302) * Fix a series of defense in depth security issues found across the codebase * Regenerate fallback directories generated on March 25, 2026. * Update the geoip files to match the IPFire Location Database, as retrieved on 2026/03/25. - includes changes from 0.4.8.22: * Avoid an out-of-bounds read error that could occur with V1-formatted EXTEND cells (TROVE-2025-016, boo#1262301) * Allow old clients to fetch the consensus even if they use version 0 of the SENDME protocol * Do not check for compression bombs for buffers smaller than 5MB (increased from 64 KB) * Improvements to directory server statistics ++++ upmpdcli: - Update to 1.9.17 * A 1.9.16 briefly existed, with a typo in a Python file in the Qobuz plugin ++++ vdu_controls: - Version 2.6.0 * Added laptop-panel support, see Setting option "laptop-panel-enabled". Requires the commonly available "brightnessctr" command to be installed. * Udev is used to detect laptop brightness events, such as up/down function-keys and inactivity-dimming. * The control-panel's icons/titles are now shortcuts to the relevant Settings tabs. * Fixed Settings text-input line-height on small screens. * Cosmetic fixes to icons and spacing in the main panel layout. * New recommended packages: brightnessctl, python3-pyudev ++++ vermouth: - Bump to version 1.3.2 - Upstream changes: * UMU prefix fixes and single instance * Add discord badge * Updated the README, changed screenshots ++++ xbiff: - Update to version 1.0.6 * This release adds support for building with meson as well as autoconf. - switch to meson ++++ xconsole: - Update to version 1.1.1 * This release adds support for building with meson as well as autoconf. - switch to meson ++++ yazi: - Update to version 26.1.22: * chore: bump version to 26.1.22 * feat: experimental module-level async support (#3594) * fix: properly drop the permit for terminal resources (#3592) * fix: make environment detection work on WSL 2 (#3587) * fix: `sort extension` excludes directories since only files have extensions (#3582) * fix: set `orphan=true` for `xdg-open` to work around its odd behavior with programs that are both CLI/GUI (#3581) * fix: build error on NetBSD (#3506) * feat: disable ANSI escape sequences in `ya pkg` when stdout is not a TTY (#3566) * feat: re-enable the TIFF feature (#3573) * fix: merge duplicate top directories in archive previews - Disable update of vendored dependencies, breaks the build currently. ------------------------------------------------------------------ ------------------ 2026-4-18 - Apr 18 2026 ------------------- ------------------------------------------------------------------ ++++ chirp: - Update to version 20260417: * Add Wouxun XS20 series channel memory support * Wouxun 935/8h series extra memory settings * TK-372G correct variants and names * Add BF-V12D support * Improve cache performance for RepeaterBook queries * Improve reliability of network source requests and bug reports * radtel_rt900: Fix flake8 E501 line too long in FHSS Code setting * radtel_rt900: Fix FHSS Code init crash on out-of-range image values * radtel_rt900: Expose FHSS Code per-channel setting * radtel_rt900: Expose LearnFHSS per-channel setting ++++ garage: - update to 2.3.0: This release is a stable release. There are no breaking changes when migrating from Garage v2.2.0. * Features/improvements: - Make initial setup easier (#1329) - allow to use garage server --single-node to autocreate a layout and get a functional cluster right away for single nodes - --default-access-key to automatically create an access key based on environment variable GARAGE_DEFAULT_ACCESS_KEY and GARAGE_DEFAULT_SECRET_KEY - --default-bucket to automatically create a bucket based on environment variable GARAGE_DEFAULT_BUCKET - relax requirements on imported access keys to allow easier transition from other S3 storage providers (#1262) - log api error in one self-sufficient line (#1381, #1390) - Suppress log noise from /metrics and /health endpoints, change log level for 'netapp: incomming connection ...' message (#1292, #1310, #1361) - Add completions sub-command for generating shell completions (#1386) - consul: support token auth for catalog api requests, too (#1353) - code maintenance with help clippy (#1314) - style: replace wildcard import of garage model in website (#1334) * Bug fixes: - db: avoid iterating bounded from empty slice (#1401, #1408) - fix: bound known_addrs growth and add TCP connect timeout (#1345) - Fix the LifecycleWorker being uncooperative (#1396, #1404) - WebsiteConfiguration: do not emit empty XML attributes for absent values (#1391) - Fix: correctly parse CORS website configuration with no rules (#1392) - force uri encoding before check signature (#1382) - don't panic on missing checksum (#1387, #1389) - s3: fix DeleteObjects XML parsing with pretty-printed bodies (#1374) - S3 api DeleteObject fix invalid XML (#1324) - don't send empty 404 on GetBucketCORS/GetBucketLifecycle (#1378) - Use error NoSuchAccessKey in get info request processing (#1293, #1356) - Support streaming of gzip content involving multiple Content-Encoding headers (#1369) - fix silent write errors (#1360) - fix: enable TCP keepalive on RPC connections (#1348) - Implement error 409 BucketAlreadyOwnedByYou (#1352) - emit headers on Not Modified per RFC-9110, fix (#1330, #1340) - adapt code to unsafety of env::set_var fn (#1317) * CI and build: - release builds: set lto="thin" and strip="debuginfo" (#1342) - update almost all dependencies to the last version (#1316) - upgrade heed to version 0.22 (#1318) - Upgrade quick-xml crate to 0.39' (#1319) - chore: update nom dependency to 0.8 (#1341) - run push CI only on main branch (#1343) * Kubernetes: - helm: Conditionally skip CRD management RBAC rule (#1248) - Fix helm existing configmap volume ref in workload (#1388) - add missing admin API endpoints for admin UI (#1376) - helm: add priorityClassName support (#1357) * Documentation: - documentation improvements (#1331, #1339, #1344, #1350, [#1379], #1402) ++++ gitea-tea: - update to 0.14.0: * 63bc90e feat(branches): add rename subcommand (#939) * 9e0a620 feat(pulls): add ci status field to pull request list (#956) * 84ecd16 fix(deps): update Go dependencies to latest versions (#955) * 53e53e1 feat(workflows): add dispatch, view, enable and disable subcommands (#952) * 0489d8c fix(deps): update module golang.org/x/sys to v0.43.0 (#951) * f538c05 refactor: code cleanup across codebase (#947) * 662e339 feat(pulls): add resolve, unresolve and review-comments subcommands (#948) ++++ haguichi: - update to 1.5.4 * Increased border radius of network list rows for libadwaita 1.7 and later. * Now using static light and dark colors for the style selector to prevent issues with custom themes. * Added Menu and Shift+F10 keyboard shortcuts to open the menu of commands editor rows. * Added support for starting the Hamachi daemon directly without using any init system. * Added support for using the Hamachi daemon directly as command line interface. * Added support for run0 to gain super user privileges. * Reinstated support for kdesu to gain super user privileges. * Dropped support for all Hamachi versions older than 2.1.0.203. * Improved memory safety for background threads that determine network ownership or retrieve long nicks. * Disabled markup parsing in action row labels and toasts that may contain user input. * Removed extra initial space in parsed %TERMINAL commands. * Fixed issue on GTK versions before 4.18 where a long network or member name could mess up the sidebar layout. * Updated Hungarian, Japanese, Slovak and Turkish translations. * Other minor fixes, improvements and optimizations. ++++ imapfilter: - update to 2.8.5: * Re-added OAuth2 example in the sample extend file * Bug fix; minor incompatibility with Lua 5.5 ++++ intel-media-driver: - update to 26.1.6: * Added MosParseEnvFromConfig() modeled on va_parseConfig() from libva * Also added m_szUserFeatureFileReport static member so the report file path is no longer hardcoded at write time. ++++ iperf: - update to 3.21: * Support has been added for Global Segmentation Offload (GSO) and Global Receive Offload (GRO) under Linux * The `--bind-dev` option is now supported on macOS (PR #1945). * The iperf3 server provides more information about various error conditions to the client * The maximum value for the `--set-mss` option is now 32K * The cancellation type of child threads was changed from * `PTHREAD_CANCEL_ASYNCHRONOUS` to `PTHREAD_CANCEL_DEFERRED` * iperf3 no longer erroneously prints that zero UDP packets were lost during a lossy UDP test (#1984, PR #1988). * A division by zero error has been avoided (PR #2002). * The security posture of the `iperf3.service` file has been * improved considerably by updating a number of settings (PR * #1855). Note that this file is neither installed nor activated by default. ++++ iw: - Update to version 6.17: * keys: don't require NL80211_ATTR_KEY_DATA * iw: fix station dump beacon RX indent * iw: scan: print RSN Element Override IEs * iw: scan: rename OWE Transition parsing function * update nl80211.h * iw: util: use u8 type to print HE MAC capabilities * iw: util: Fix 6 GHz 80 MHz CF1 configuration * iw: survey: add BSS receive time to survey * iw: Print Toffset as signed value * iw: connect: Add support for WPA3 SAE association * iw: bitrate: support link id * iw: bitrate: support EHT rate/gi/ltf * iw: bitrate: refactor description * iw: util: support parsing link id * update nl80211.h * bump version to 6.17 * iw: add support to print link level information in station dump * iw: Add support to set per-radio RTS threshold in multi-radio wiphy * update nl80211.h * iw: don't set stupid socket buffer size * iw: scan: Add partial Multi-Link element printing * iw: print HE mcs correctly when mcs_len * iw: Add command to enable/disable EPCS * update nl80211.h * iw: Prevent segfault in ftm get stats * iw: print NO-EHT flags for reg get command * iw: fix EHT capabilities on Big Endian platforms * iw: scan: Add printing of EHT Operation Element * util: rename hz to Hz vol 2 * util: rename hz to Hz * iw: scan: Decode additional WPA3 group ciphers * iw: scan: Decode additional WPA3 AKM suite types * iw: fix HE operation on Big Endian platforms * iw: fix HE capabilities on Big Endian platforms * iw: scan: add eht capability parsing * iw: util: update and clean up eht capa printing * iw: scan: replace passed ie buffer with ie context * iw: print tx power per link for MLD * iw: add output for wiphy interface combinations * update nl80211.h * iw: scan: add enum for element IDs * scan: Add printing of HE Operation Element * update nl80211.h * iw: fix formats under MIPS64/PPC ++++ jenkins-x-cli: - Update to version 3.16.71: * Bug Fixes - gofmt formatting for upgrade_cli.go (Mallikarjunadevops) * Chores - enable revive exported linter and add missing comments (Mallikarjunadevops) #8037 * Issues - #8037 linting checks pass even if exported structs do not have any comments - Update to version 3.16.70: * chore(deps): upgrade jenkins-x-plugins/jx-promote to version 0.6.38 - Update to version 3.16.69: * chore(deps): upgrade jenkins-x-plugins/jx-promote to version 0.6.37 - Update to version 3.16.68: * chore(deps): upgrade jenkins-x-plugins/jx-changelog to version 0.10.22 - Update to version 3.16.67: * chore(deps): upgrade jenkins-x-plugins/jx-preview to version 0.7.8 - Update to version 3.16.66: * chore(deps): upgrade jenkins-x-plugins/jx-gitops to version 1.1.10 - Update to version 3.16.65: * chore(deps): upgrade jenkins-x-plugins/jx-pipeline to version 0.7.36 - Update to version 3.16.64: * chore(deps): upgrade jenkins-x-plugins/jx-preview to version 0.7.7 ++++ jetty-minimal: - Added patch: * jetty-CVE-2026-2332.patch + backport of upstream patch fixing bsc#1262115 (CVE-2026-2332): HTTP/1.1 parser vulnerable to request smuggling when chunk extensions are used ++++ jfrog-cli: - Update to version 2.101.0: * New Features - [jfrog-cli] Add conan support to JFrog CLI #3346 (@basel1322) - [jfrog-cli-core] Added conan to projects #1522 (@basel1322) - [jfrog-client-go] add build filter in pattern aql #1329 (@reshmifrog) * Bug Fixes - [jfrog-cli-artifactory] fix/build-filter-in-pattern-aql #415 (@reshmifrog) * Internal Changes - [jfrog-cli-core] Bump github.com/go-git/go-git/v5 from 5.17.1 to 5.18.0 #1544 (@dependabot[bot]) * Other Changes - [jfrog-cli] RTECO-1049 - switch between podman and docker [#3442] (@fluxxBot) ++++ kargo-cli: - Update to version 1.10.0: Large update, please check the release notes: https://github.com/akuity/kargo/releases/tag/v1.10.0 * Breaking Changes - The optional second arugment for freightMetadata that was deprecated in v1.8.0 has now been removed. If you were using this argument before, use either dot notation (freightMetadata(freightName).keyName) or map access syntax (freightMetadata(freightName)['key-name']) to access specific values * New Deprecations - git-push Default Integration Policy Changing in v1.12.0: The git-push step now supports four configurable push integration policies that control how remote changes are integrated before pushing: AlwaysRebase, RebaseOrMerge, RebaseOrFail, and AlwaysMerge. The current default remains AlwaysRebase (i.e. the current behavior), but the default will change to RebaseOrMerge in v1.12.0. RebaseOrMerge uses signature-trust analysis to prefer rebase when safe but falls back to a merge commit when a rebase would alter commit signature semantics. If you rely on the current unconditional rebase behavior, set the policy explicitly via the [controller.gitClient.pushIntegrationPolicy](https://docs.kargo.io/operator-guide/advanced-installation/common configurations#push-integration-policy) Helm value before upgrading to v1.12.0. - SSH URLs and SSH Private Keys for Git Repositories: SSH-based Git credentials are deprecated and scheduled for removal in v1.13.0. SSH keys cannot authenticate to git provider APIs, forcing users to maintain two sets of credentials. Use HTTPS URLs with a personal access token or equivalent instead. See [#5858] for details. - createTargetBranch Option in git-open-pr Promotion Step: The createTargetBranch option has been deprecated as the feature never worked. It is scheduled for removal in v1.12. See #5847 for details. - git-commit Step author Field: The author configuration block (including name, email, and signingKey) on the git-commit step is deprecated and scheduled for removal in v1.12.0. Authorship and signing configuration should be set in the git-clone step or via ClusterConfig instead, as git-clone is the single authority for work tree identity and signing configuration. All downstream steps inherit from it. * UI Improvements - Version-Matched CLI Downloads: The CLI download page now links to the specific version of Kargo currently running rather than always pointing to "latest," preventing inadvertent version mismatches. * Dependencies - chore(deps): bump step-security/harden-runner from 2.16.0 to 2.16.1 (#6038) - chore(deps): bump actions/configure-pages from 5.0.0 to 6.0.0 (#6039) - chore(deps): bump docker/login-action from 4.0.0 to 4.1.0 (#6040) - chore(deps): bump svenstaro/upload-release-action from 2.11.4 to 2.11.5 (#6042) - chore(deps): bump actions/setup-go from 6.3.0 to 6.4.0 (#6043) - chore(deps): bump the go-patch group with 3 updates (#6045) - chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 (#6036) - chore(deps): bump github.com/go-git/go-git/v5 from 5.16.5 to 5.17.1 (#6015) - chore(deps): bump the go-patch group across 1 directory with 4 updates (#6010) - chore(deps): bump korthout/backport-action from 4.2.0 to 4.3.0 (#6008) - chore(deps): bump codecov/codecov-action from 5.5.3 to 6.0.0 (#6005) - chore(deps): bump actions/deploy-pages from 4.0.5 to 5.0.0 (#6004) - chore(deps): bump azure/setup-helm from 4.3.1 to 5.0.0 (#6003) - chore(deps): bump sigstore/cosign-installer from 4.0.0 to 4.1.1 (#6002) - chore(deps/tools): bump github.com/go-swagger/go-swagger from 0.33.1 to 0.33.2 in /hack/tools in the go-patch group (#5960) - chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 (#5956) - chore(deps): bump anchore/sbom-action from 0.23.1 to 0.24.0 (#5957) - chore(deps): bump codecov/codecov-action from 5.5.2 to 5.5.3 (#5958) - chore(deps): bump step-security/harden-runner from 2.15.1 to 2.16.0 (#5959) - chore(deps): bump actions/cache from 5.0.3 to 5.0.4 (#5961) - chore(deps): bump the go-patch group with 2 updates (#5963) - chore(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.3 (#5948) - chore(deps/tools): bump google.golang.org/grpc from 1.75.0 to 1.79.3 in /hack/tools (#5947) - chore(deps): bump pnpm/action-setup from 4.2.0 to 4.4.0 (#5927) - chore(deps): bump actions/download-artifact from 8.0.0 to 8.0.1 (#5922) - chore(deps): bump docker/setup-qemu-action from 3.7.0 to 4.0.0 (#5923) - chore(deps): bump anchore/sbom-action from 0.23.0 to 0.23.1 (#5924) - chore(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0 (#5926) - chore(deps): bump the go-patch group with 10 updates (#5929) - chore(deps): bump @orval/core from 7.19.0 to 8.2.0 in /ui (#5909) - chore(deps): Bump swag (#5892) - chore(deps/tools): bump github.com/docker/cli from 28.5.1+incompatible to 29.2.0+incompatible in /hack/tools (#5859) - chore(deps): bump korthout/backport-action from 4.1.0 to 4.2.0 (#5877) - chore(deps): bump golang from 1.26.0-trixie to 1.26.1-trixie (#5876) - chore(deps): bump docker/metadata-action from 5.10.0 to 6.0.0 (#5878) - chore(deps): bump step-security/harden-runner from 2.15.0 to 2.15.1 (#5879) - chore(deps): bump docker/login-action from 3.7.0 to 4.0.0 (#5880) - chore(deps): bump docker/build-push-action from 6.19.2 to 7.0.0 (#5881) - chore(deps): bump the go-patch group with 6 updates (#5884) - chore(deps): bump svenstaro/upload-release-action from 2.11.3 to 2.11.4 (#5816) - chore(deps): bump actions/setup-go from 6.2.0 to 6.3.0 (#5817) - chore(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 (#5818) - chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#5819) - chore(deps): bump anchore/sbom-action from 0.22.2 to 0.23.0 (#5820) - chore(deps): bump the go-patch group with 5 updates (#5824) - chore(deps): bump the go-patch group with 3 updates (#5776) - chore(deps): bump actions/stale from 10.1.1 to 10.2.0 (#5773) - chore(deps): bump korthout/backport-action from 4.0.1 to 4.1.0 (#5772) - chore(deps): bump docker/build-push-action from 6.18.0 to 6.19.2 (#5742) - chore(deps): bump the go-patch group with 2 updates (#5745) - chore(deps): bump @orval/core from 7.19.0 to 8.2.0 in /ui (#5683) - chore(deps): bump anchore/sbom-action from 0.22.1 to 0.22.2 (#5712) - chore(deps): bump github.com/go-git/go-git/v5 from 5.16.4 to 5.16.5 (#5717) - chore(deps): bump golang from 1.25.6-trixie to 1.25.7-trixie (#5711) - chore(deps): bump aws-actions/configure-aws-credentials from 5.1.1 to 6.0.0 (#5713) - chore(deps): bump github.com/golang-jwt/jwt/v5 from 5.3.0 to 5.3.1 in the go-patch group (#5688) - chore(deps): bump anchore/sbom-action from 0.22.0 to 0.22.1 (#5687) - chore(deps): bump actions/cache from 5.0.2 to 5.0.3 (#5686) - chore(deps): bump docker/login-action from 3.6.0 to 3.7.0 (#5685) - chore(deps): bump @orval/core from 8.1.0 to 8.2.0 in /ui (#5676) - chore(deps): bump github.com/quic-go/quic-go from 0.54.0 to 0.57.0 (#5632) - chore(deps): bump golang from 1.25.5-trixie to 1.25.6-trixie (#5624) - chore(deps): bump actions/checkout from 6.0.1 to 6.0.2 (#5625) - chore(deps): bump anchore/sbom-action from 0.21.1 to 0.22.0 (#5623) ++++ kernel-source-longterm: - Linux 6.18.23 (bsc#1258210). - x86/CPU: Fix FPDSS on Zen1 (bsc#1258210). - net: skb: fix cross-cache free of KFENCE-allocated skb head (bsc#1258210). - rxrpc: proc: size address buffers for %pISpc output (bsc#1258210). - rxrpc: only handle RESPONSE during service challenge (bsc#1258210). - rxrpc: Fix buffer overread in rxgk_do_verify_authenticator() (bsc#1258210). - rxrpc: Fix leak of rxgk context in rxgk_verify_response() (bsc#1258210). - rxrpc: Fix integer overflow in rxgk_verify_response() (bsc#1258210). - rxrpc: Fix missing error checks for rxkad encryption/decryption failure (bsc#1258210). - rxrpc: Fix key/keyring checks in setsockopt(RXRPC_SECURITY_KEY/KEYRING) (bsc#1258210). - rxrpc: fix reference count leak in rxrpc_server_keyring() (bsc#1258210). - rxrpc: fix oversized RESPONSE authenticator length check (bsc#1258210). - rxrpc: fix RESPONSE authenticator parser OOB read (bsc#1258210). - rxrpc: reject undecryptable rxkad response tickets (bsc#1258210). - rxrpc: Only put the call ref if one was acquired (bsc#1258210). - rxrpc: Fix to request an ack if window is limited (bsc#1258210). - rxrpc: Fix key reference count leak from call->key (bsc#1258210). - rxrpc: Fix rack timer warning to report unexpected mode (bsc#1258210). - rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial (bsc#1258210). - rxrpc: Fix RxGK token loading to check bounds (bsc#1258210). - rxrpc: Fix call removal to use RCU safe deletion (bsc#1258210). - rxrpc: Fix anonymous key handling (bsc#1258210). - rxrpc: Fix key parsing memleak (bsc#1258210). - rxrpc: Fix key quota calculation for multitoken keys (bsc#1258210). - net: lan966x: fix use-after-free and leak in lan966x_fdma_reload() (bsc#1258210). - net: lan966x: fix page pool leak in error paths (bsc#1258210). - net: lan966x: fix page_pool error handling in lan966x_fdma_rx_alloc_page_pool() (bsc#1258210). - idpf: set the payload size before calling the async handler (bsc#1258210). - idpf: improve locking around idpf_vc_xn_push_free() (bsc#1258210). - idpf: fix PREEMPT_RT raw/bh spinlock nesting for async VC handling (bsc#1258210). - mm: filemap: fix nr_pages calculation overflow in filemap_map_pages() (bsc#1258210). - net: stmmac: fix integer underflow in chain mode (bsc#1258210). - net: qualcomm: qca_uart: report the consumed byte on RX skb allocation failure (bsc#1258210). - mmc: vub300: fix use-after-free on disconnect (bsc#1258210). - mmc: vub300: fix NULL-deref on disconnect (bsc#1258210). - mm/damon/stat: deallocate damon_call() failure leaking damon_ctx (bsc#1258210). - mm/damon/sysfs: dealloc repeat_call_control if damon_call() fails (bsc#1258210). - mm/memory_hotplug: maintain N_NORMAL_MEMORY during hotplug (bsc#1258210). - igb: remove napi_synchronize() in igb_down() (bsc#1258210). - pmdomain: imx8mp-blk-ctrl: Keep the NOC_HDCP clock enabled (bsc#1258210). - net/mlx5: Update the list of the PCI supported devices (bsc#1258210). - drm/i915/psr: Do not use pipe_src as borders for SU area (bsc#1258210). - drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat (bsc#1258210). - batman-adv: hold claim backbone gateways by reference (bsc#1258210). - net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit() (bsc#1258210). - net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption (bsc#1258210). - EDAC/mc: Fix error path ordering in edac_mc_alloc() (bsc#1258210). - X.509: Fix out-of-bounds access when parsing extensions (bsc#1258210). - batman-adv: reject oversized global TT response buffers (bsc#1258210). - nfc: pn533: allocate rx skb before consuming bytes (bsc#1258210). - arm64: dts: hisilicon: hi3798cv200: Add missing dma-ranges (bsc#1258210). - arm64: dts: hisilicon: poplar: Correct PCIe reset GPIO polarity (bsc#1258210). - arm64: dts: renesas: sparrow-hawk: Reserve first 128 MiB of DRAM (bsc#1258210). - arm64: dts: imx8mq-librem5: Bump BUCK1 suspend voltage up to 0.85V (bsc#1258210). - Revert "arm64: dts: imx8mq-librem5: Set the DVS voltages lower" (bsc#1258210). - Revert "arm64: dts: rockchip: Further describe the WiFi for the Pinebook Pro" (bsc#1258210). - platform/x86/intel-uncore-freq: Handle autonomous UFS status bit (bsc#1258210). - platform/x86: ISST: Reset core count to 0 (bsc#1258210). - wifi: brcmsmac: Fix dma_free_coherent() size (bsc#1258210). - tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG (bsc#1258210). - xfrm: hold dev ref until after transport_finish NF_HOOK (bsc#1258210). - xfrm: clear trailing padding in build_polexpire() (bsc#1258210). - modpost: Declare extra_warn with unused attribute (bsc#1258210). - workqueue: Add pool_workqueue to pending_pwqs list when unplugging multiple inactive works (bsc#1258210). - firmware: thead: Fix buffer overflow and use standard endian macros (bsc#1258210). - netfilter: nft_ct: fix use-after-free in timeout object destroy (bsc#1258210). - i2c: imx: zero-initialize dma_slave_config for eDMA (bsc#1258210). - af_unix: Give up GC if MSG_PEEK intervened (bsc#1258210). - af_unix: Simplify GC state (bsc#1258210). - af_unix: Count cyclic SCC (bsc#1258210). - btrfs: fix incorrect return value after changing leaf in lookup_extent_data_ref() (bsc#1258210). - btrfs: remove pointless out labels from extent-tree.c (bsc#1258210). - MIPS: mm: Rewrite TLB uniquification for the hidden bit feature (bsc#1258210). - MIPS: mm: Suppress TLB uniquification on EHINV hardware (bsc#1258210). - MIPS: Always record SEGBITS in cpu_data.vmbits (bsc#1258210). - Input: uinput - take event lock when submitting FF request "event" (bsc#1258210). - Input: uinput - fix circular locking dependency with ff-core (bsc#1258210). - seg6: separate dst_cache for input and output paths in seg6 lwtunnel (bsc#1258210). - mptcp: fix slab-use-after-free in __inet_lookup_established (bsc#1258210). - Revert "mptcp: add needs_id for netlink appending addr" (bsc#1258210). - Revert "ALSA: hda/realtek: Add quirk for Gigabyte Technology to fix headphone" (bsc#1258210). - net: rfkill: prevent unlimited numbers of rfkill events from being created (bsc#1258210). - xfrm_user: fix info leak in build_report() (bsc#1258210). - wifi: rt2x00usb: fix devres lifetime (bsc#1258210). - usb: typec: ucsi: skip connector validation before init (bsc#1258210). - commit a4ee290 ++++ kernel-longterm: - Linux 6.18.23 (bsc#1258210). - x86/CPU: Fix FPDSS on Zen1 (bsc#1258210). - net: skb: fix cross-cache free of KFENCE-allocated skb head (bsc#1258210). - rxrpc: proc: size address buffers for %pISpc output (bsc#1258210). - rxrpc: only handle RESPONSE during service challenge (bsc#1258210). - rxrpc: Fix buffer overread in rxgk_do_verify_authenticator() (bsc#1258210). - rxrpc: Fix leak of rxgk context in rxgk_verify_response() (bsc#1258210). - rxrpc: Fix integer overflow in rxgk_verify_response() (bsc#1258210). - rxrpc: Fix missing error checks for rxkad encryption/decryption failure (bsc#1258210). - rxrpc: Fix key/keyring checks in setsockopt(RXRPC_SECURITY_KEY/KEYRING) (bsc#1258210). - rxrpc: fix reference count leak in rxrpc_server_keyring() (bsc#1258210). - rxrpc: fix oversized RESPONSE authenticator length check (bsc#1258210). - rxrpc: fix RESPONSE authenticator parser OOB read (bsc#1258210). - rxrpc: reject undecryptable rxkad response tickets (bsc#1258210). - rxrpc: Only put the call ref if one was acquired (bsc#1258210). - rxrpc: Fix to request an ack if window is limited (bsc#1258210). - rxrpc: Fix key reference count leak from call->key (bsc#1258210). - rxrpc: Fix rack timer warning to report unexpected mode (bsc#1258210). - rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial (bsc#1258210). - rxrpc: Fix RxGK token loading to check bounds (bsc#1258210). - rxrpc: Fix call removal to use RCU safe deletion (bsc#1258210). - rxrpc: Fix anonymous key handling (bsc#1258210). - rxrpc: Fix key parsing memleak (bsc#1258210). - rxrpc: Fix key quota calculation for multitoken keys (bsc#1258210). - net: lan966x: fix use-after-free and leak in lan966x_fdma_reload() (bsc#1258210). - net: lan966x: fix page pool leak in error paths (bsc#1258210). - net: lan966x: fix page_pool error handling in lan966x_fdma_rx_alloc_page_pool() (bsc#1258210). - idpf: set the payload size before calling the async handler (bsc#1258210). - idpf: improve locking around idpf_vc_xn_push_free() (bsc#1258210). - idpf: fix PREEMPT_RT raw/bh spinlock nesting for async VC handling (bsc#1258210). - mm: filemap: fix nr_pages calculation overflow in filemap_map_pages() (bsc#1258210). - net: stmmac: fix integer underflow in chain mode (bsc#1258210). - net: qualcomm: qca_uart: report the consumed byte on RX skb allocation failure (bsc#1258210). - mmc: vub300: fix use-after-free on disconnect (bsc#1258210). - mmc: vub300: fix NULL-deref on disconnect (bsc#1258210). - mm/damon/stat: deallocate damon_call() failure leaking damon_ctx (bsc#1258210). - mm/damon/sysfs: dealloc repeat_call_control if damon_call() fails (bsc#1258210). - mm/memory_hotplug: maintain N_NORMAL_MEMORY during hotplug (bsc#1258210). - igb: remove napi_synchronize() in igb_down() (bsc#1258210). - pmdomain: imx8mp-blk-ctrl: Keep the NOC_HDCP clock enabled (bsc#1258210). - net/mlx5: Update the list of the PCI supported devices (bsc#1258210). - drm/i915/psr: Do not use pipe_src as borders for SU area (bsc#1258210). - drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat (bsc#1258210). - batman-adv: hold claim backbone gateways by reference (bsc#1258210). - net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit() (bsc#1258210). - net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption (bsc#1258210). - EDAC/mc: Fix error path ordering in edac_mc_alloc() (bsc#1258210). - X.509: Fix out-of-bounds access when parsing extensions (bsc#1258210). - batman-adv: reject oversized global TT response buffers (bsc#1258210). - nfc: pn533: allocate rx skb before consuming bytes (bsc#1258210). - arm64: dts: hisilicon: hi3798cv200: Add missing dma-ranges (bsc#1258210). - arm64: dts: hisilicon: poplar: Correct PCIe reset GPIO polarity (bsc#1258210). - arm64: dts: renesas: sparrow-hawk: Reserve first 128 MiB of DRAM (bsc#1258210). - arm64: dts: imx8mq-librem5: Bump BUCK1 suspend voltage up to 0.85V (bsc#1258210). - Revert "arm64: dts: imx8mq-librem5: Set the DVS voltages lower" (bsc#1258210). - Revert "arm64: dts: rockchip: Further describe the WiFi for the Pinebook Pro" (bsc#1258210). - platform/x86/intel-uncore-freq: Handle autonomous UFS status bit (bsc#1258210). - platform/x86: ISST: Reset core count to 0 (bsc#1258210). - wifi: brcmsmac: Fix dma_free_coherent() size (bsc#1258210). - tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG (bsc#1258210). - xfrm: hold dev ref until after transport_finish NF_HOOK (bsc#1258210). - xfrm: clear trailing padding in build_polexpire() (bsc#1258210). - modpost: Declare extra_warn with unused attribute (bsc#1258210). - workqueue: Add pool_workqueue to pending_pwqs list when unplugging multiple inactive works (bsc#1258210). - firmware: thead: Fix buffer overflow and use standard endian macros (bsc#1258210). - netfilter: nft_ct: fix use-after-free in timeout object destroy (bsc#1258210). - i2c: imx: zero-initialize dma_slave_config for eDMA (bsc#1258210). - af_unix: Give up GC if MSG_PEEK intervened (bsc#1258210). - af_unix: Simplify GC state (bsc#1258210). - af_unix: Count cyclic SCC (bsc#1258210). - btrfs: fix incorrect return value after changing leaf in lookup_extent_data_ref() (bsc#1258210). - btrfs: remove pointless out labels from extent-tree.c (bsc#1258210). - MIPS: mm: Rewrite TLB uniquification for the hidden bit feature (bsc#1258210). - MIPS: mm: Suppress TLB uniquification on EHINV hardware (bsc#1258210). - MIPS: Always record SEGBITS in cpu_data.vmbits (bsc#1258210). - Input: uinput - take event lock when submitting FF request "event" (bsc#1258210). - Input: uinput - fix circular locking dependency with ff-core (bsc#1258210). - seg6: separate dst_cache for input and output paths in seg6 lwtunnel (bsc#1258210). - mptcp: fix slab-use-after-free in __inet_lookup_established (bsc#1258210). - Revert "mptcp: add needs_id for netlink appending addr" (bsc#1258210). - Revert "ALSA: hda/realtek: Add quirk for Gigabyte Technology to fix headphone" (bsc#1258210). - net: rfkill: prevent unlimited numbers of rfkill events from being created (bsc#1258210). - xfrm_user: fix info leak in build_report() (bsc#1258210). - wifi: rt2x00usb: fix devres lifetime (bsc#1258210). - usb: typec: ucsi: skip connector validation before init (bsc#1258210). - commit a4ee290 ++++ kernel-syms-longterm: - Linux 6.18.23 (bsc#1258210). - x86/CPU: Fix FPDSS on Zen1 (bsc#1258210). - net: skb: fix cross-cache free of KFENCE-allocated skb head (bsc#1258210). - rxrpc: proc: size address buffers for %pISpc output (bsc#1258210). - rxrpc: only handle RESPONSE during service challenge (bsc#1258210). - rxrpc: Fix buffer overread in rxgk_do_verify_authenticator() (bsc#1258210). - rxrpc: Fix leak of rxgk context in rxgk_verify_response() (bsc#1258210). - rxrpc: Fix integer overflow in rxgk_verify_response() (bsc#1258210). - rxrpc: Fix missing error checks for rxkad encryption/decryption failure (bsc#1258210). - rxrpc: Fix key/keyring checks in setsockopt(RXRPC_SECURITY_KEY/KEYRING) (bsc#1258210). - rxrpc: fix reference count leak in rxrpc_server_keyring() (bsc#1258210). - rxrpc: fix oversized RESPONSE authenticator length check (bsc#1258210). - rxrpc: fix RESPONSE authenticator parser OOB read (bsc#1258210). - rxrpc: reject undecryptable rxkad response tickets (bsc#1258210). - rxrpc: Only put the call ref if one was acquired (bsc#1258210). - rxrpc: Fix to request an ack if window is limited (bsc#1258210). - rxrpc: Fix key reference count leak from call->key (bsc#1258210). - rxrpc: Fix rack timer warning to report unexpected mode (bsc#1258210). - rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial (bsc#1258210). - rxrpc: Fix RxGK token loading to check bounds (bsc#1258210). - rxrpc: Fix call removal to use RCU safe deletion (bsc#1258210). - rxrpc: Fix anonymous key handling (bsc#1258210). - rxrpc: Fix key parsing memleak (bsc#1258210). - rxrpc: Fix key quota calculation for multitoken keys (bsc#1258210). - net: lan966x: fix use-after-free and leak in lan966x_fdma_reload() (bsc#1258210). - net: lan966x: fix page pool leak in error paths (bsc#1258210). - net: lan966x: fix page_pool error handling in lan966x_fdma_rx_alloc_page_pool() (bsc#1258210). - idpf: set the payload size before calling the async handler (bsc#1258210). - idpf: improve locking around idpf_vc_xn_push_free() (bsc#1258210). - idpf: fix PREEMPT_RT raw/bh spinlock nesting for async VC handling (bsc#1258210). - mm: filemap: fix nr_pages calculation overflow in filemap_map_pages() (bsc#1258210). - net: stmmac: fix integer underflow in chain mode (bsc#1258210). - net: qualcomm: qca_uart: report the consumed byte on RX skb allocation failure (bsc#1258210). - mmc: vub300: fix use-after-free on disconnect (bsc#1258210). - mmc: vub300: fix NULL-deref on disconnect (bsc#1258210). - mm/damon/stat: deallocate damon_call() failure leaking damon_ctx (bsc#1258210). - mm/damon/sysfs: dealloc repeat_call_control if damon_call() fails (bsc#1258210). - mm/memory_hotplug: maintain N_NORMAL_MEMORY during hotplug (bsc#1258210). - igb: remove napi_synchronize() in igb_down() (bsc#1258210). - pmdomain: imx8mp-blk-ctrl: Keep the NOC_HDCP clock enabled (bsc#1258210). - net/mlx5: Update the list of the PCI supported devices (bsc#1258210). - drm/i915/psr: Do not use pipe_src as borders for SU area (bsc#1258210). - drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat (bsc#1258210). - batman-adv: hold claim backbone gateways by reference (bsc#1258210). - net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit() (bsc#1258210). - net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption (bsc#1258210). - EDAC/mc: Fix error path ordering in edac_mc_alloc() (bsc#1258210). - X.509: Fix out-of-bounds access when parsing extensions (bsc#1258210). - batman-adv: reject oversized global TT response buffers (bsc#1258210). - nfc: pn533: allocate rx skb before consuming bytes (bsc#1258210). - arm64: dts: hisilicon: hi3798cv200: Add missing dma-ranges (bsc#1258210). - arm64: dts: hisilicon: poplar: Correct PCIe reset GPIO polarity (bsc#1258210). - arm64: dts: renesas: sparrow-hawk: Reserve first 128 MiB of DRAM (bsc#1258210). - arm64: dts: imx8mq-librem5: Bump BUCK1 suspend voltage up to 0.85V (bsc#1258210). - Revert "arm64: dts: imx8mq-librem5: Set the DVS voltages lower" (bsc#1258210). - Revert "arm64: dts: rockchip: Further describe the WiFi for the Pinebook Pro" (bsc#1258210). - platform/x86/intel-uncore-freq: Handle autonomous UFS status bit (bsc#1258210). - platform/x86: ISST: Reset core count to 0 (bsc#1258210). - wifi: brcmsmac: Fix dma_free_coherent() size (bsc#1258210). - tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG (bsc#1258210). - xfrm: hold dev ref until after transport_finish NF_HOOK (bsc#1258210). - xfrm: clear trailing padding in build_polexpire() (bsc#1258210). - modpost: Declare extra_warn with unused attribute (bsc#1258210). - workqueue: Add pool_workqueue to pending_pwqs list when unplugging multiple inactive works (bsc#1258210). - firmware: thead: Fix buffer overflow and use standard endian macros (bsc#1258210). - netfilter: nft_ct: fix use-after-free in timeout object destroy (bsc#1258210). - i2c: imx: zero-initialize dma_slave_config for eDMA (bsc#1258210). - af_unix: Give up GC if MSG_PEEK intervened (bsc#1258210). - af_unix: Simplify GC state (bsc#1258210). - af_unix: Count cyclic SCC (bsc#1258210). - btrfs: fix incorrect return value after changing leaf in lookup_extent_data_ref() (bsc#1258210). - btrfs: remove pointless out labels from extent-tree.c (bsc#1258210). - MIPS: mm: Rewrite TLB uniquification for the hidden bit feature (bsc#1258210). - MIPS: mm: Suppress TLB uniquification on EHINV hardware (bsc#1258210). - MIPS: Always record SEGBITS in cpu_data.vmbits (bsc#1258210). - Input: uinput - take event lock when submitting FF request "event" (bsc#1258210). - Input: uinput - fix circular locking dependency with ff-core (bsc#1258210). - seg6: separate dst_cache for input and output paths in seg6 lwtunnel (bsc#1258210). - mptcp: fix slab-use-after-free in __inet_lookup_established (bsc#1258210). - Revert "mptcp: add needs_id for netlink appending addr" (bsc#1258210). - Revert "ALSA: hda/realtek: Add quirk for Gigabyte Technology to fix headphone" (bsc#1258210). - net: rfkill: prevent unlimited numbers of rfkill events from being created (bsc#1258210). - xfrm_user: fix info leak in build_report() (bsc#1258210). - wifi: rt2x00usb: fix devres lifetime (bsc#1258210). - usb: typec: ucsi: skip connector validation before init (bsc#1258210). - commit a4ee290 ++++ kubeone: - Update to version 1.13.4: * Updates - Upgrade AzureFile CSI Driver to v1.35.2 #4055, @kron4eg - Upgrade AzureDisk CSI Driver to v1.34.3 #4055, @kron4eg - Upgrade DigitalOcean CCM to v0.1.66 #4054, @kron4eg - Upgrade DigitalOceam CSI Driver to v4.16.0 #4054, @kron4eg - Upgrade GCP CCM to v35.0.2 #4054, @kron4eg - Upgrade GCP CSI compute-persistent driver to v1.23.3 #4054, @kron4eg - Update to version 1.13.3: * Fixes of Bugs or Regressions - Fix release formats, return zip files in release assets back [#4049], @kron4eg - Update to version 1.13.2: * Fixes of Bugs or Regressions - Fix typo in cilium config #4044, @kron4eg - Update to version 1.13.1: * Fixes of Bugs or Regressions - Fix Azure CCM and CNM image versions #4042, @kron4eg - Update to version 1.13.0: Urgent and BREAKING Upgrade Notes (No, really, you MUST read this before you upgrade) * Support for Kubernetes 1.31 and 1.32 has been removed. KubeOne v1.13 supports Kubernetes versions 1.33, 1.34, and 1.35. Before upgrading KubeOne, ensure your clusters are running Kubernetes v1.33 or newer. (#3973, @kron4eg) * Delete long deprecated MachineAnnotations (#3936, @kron4eg) * REQUIRES FIPS-140 ENABLED VCENTER! Upgrade vSphere CSI driver to v3.7.0 https://github.com/kubermatic/kubeone/releases/tag/v1.13.0 ++++ libjodycode: - update to 4.1.2: * Fix off-by-one error in jc_strtoepoch for the month value * Faster directory enumeration on Windows Vista or higher * Document the "project skeleton" so others can use libjodycode easily * Fix moderate performance regression caused by jc_setup_unicode_terminal() * Performance optimization for Windows directory reading * Fix some man page issues * Add a project "skeleton" for easily starting new libjodycode programs * Add jc_setup_unicode_terminal() * Add size-prefixed string type JC_STR_T and some relevant functions * Move manual from section 7 to 3 * Update manual to include all existing function definitions * Build fixes for old Synology toolchains ++++ python315-core: - Rewrite structure of Python interpreter packages. `python3*` symbols should be now provided by real python3 packages and its subpackages instead of the virtual provides (bsc#1258364). ++++ python315-nogil-nogil-core: - Rewrite structure of Python interpreter packages. `python3*` symbols should be now provided by real python3 packages and its subpackages instead of the virtual provides (bsc#1258364). ++++ umockdev: - update to 0.19.7: * tests: Don't assume a fixed baud rate when identifying ttys (thanks Thanks Daniel van Vugt) ++++ lowfi: - update to 2.0.6: * docs: make a logo * fix: sync mpris state before emission and send PlaybackStatus property alongside Metadata ++++ melange: - Update to version 0.50.1: * fix(qemu): fix CPU/Memory resource precedence (#2489) ++++ nfpm: - Update to version 2.46.3: * Build process updates - dbae6d5: ci: fix deprecated config (@caarlos0) - Update to version 2.46.2: * Build process updates - 6d0592b: ci: improve PAT usage (@caarlos0) * Other work - ed2a054: docs: update cmd docs (@caarlos0) - chore(deps): bump github.com/go-git/go-git/v5 from 5.17.1 to 5.18.0 (#1073) ++++ nss-pam-ldapd: - Add nss-pam-ldapd-c23.patch: Fix variable name (bool) which is a keyword in C23. ++++ oras: - Update to version 1.3.2: * bump: tag and release ORAS CLI v1.3.2 (#2027) * chore: bump Go to 1.26.2 (#2026) * fix: bump alpine base image from 3.22.1 to 3.22.3 (#2014) * fix: upgrade Go snap to 1.26 in snapcraft.yaml (#2011) ++++ pantheon-terminal: - Update to version 8.0.0: + Ctrl + BackSpace can now be used delete words + Ctrl + Click is now required to open a link + Update code and packaging for Gtk4 + Flatter styles + Tab bar now in window drag area + Smart copy no longer deselects + Translation updates ++++ prek: - Update to version 0.3.9: * Highlight - prek auto-update is now stricter about pinned revisions and more useful in CI. It now keeps rev and # frozen: comments in sync, can detect impostor commits when validating pinned SHAs, and lets you use prek auto-update --check to fail on both available updates and frozen-ref mismatches without rewriting the config. Examples: $ prek auto-update [#] updates revs and repairs stale `# frozen:` comments $ prek auto-update --freeze [#] writes frozen SHAs with matching `# frozen: ` comments $ prek auto-update --check [#] exits non-zero when updates are available, a `# frozen:` comment is stale, [#] or a pinned SHA does not belong to the fetched upstream refs * Enhancements - Check and sync frozen comments during auto-update (#1896) - Handle impostor commits in auto-update (#1919) - Add experimental language: dotnet support (#1871) - Honor repo and worktree core.hooksPath (#1892) - Add prek run --no-fail-fast to override config file (#1859) - Add forbid-new-submodules as builtin hook (#1853) - Clean stale patch files in cache gc (#1877) - Display auto-update results by config entry (#1922) - Restrict patch directory permissions (#1876) - Show tag names in auto-update --freeze output (#1916) - Use a bitset for hook stages (#1860) * Bug fixes - Canonicalize CWD and GIT_ROOT paths (#1878) - Ensure quotes are added for non-string revisions in auto-update (#1936) * Documentation - Update docs for case of hooks modifying files with a non-zero exit code (#1879) ++++ python-click-extra: - update to 7.13.0: * Add MkDocs plugin for ANSI color rendering in code blocks. Install with pip install click-extra[mkdocs], then add click-extra to your mkdocs.yml plugins list. Patches pymdownx.highlight formatters to use AnsiHtmlFormatter. * Automatically patch mkdocs-click code blocks to use the ansi-output lexer when the click-extra MkDocs plugin is enabled. CLI help text with ANSI escape codes now renders with colors instead of garbled [1m/[0m sequences. * Fix API reference sections rendering as raw RST markup instead of formatted documentation. Wrap all automodule and autoclasstree directives in eval-rst blocks to force RST parsing, working around MyST-Parser's MockState.nested_parse() treating autodoc output as Markdown. * Add OSC 8 hyperlink support to AnsiColorLexer and AnsiHtmlFormatter. Terminal hyperlinks in CLI output are rendered as clickable HTML tags in Sphinx documentation. Other OSC sequences are now fully stripped instead of leaking their payload as visible text. - update to 7.12.0: * Add JobsOption and jobs_option decorator for controlling parallel execution. Defaults to available CPUs minus one. Warns when the requested count is clamped or exceeds available cores. * Improve error messages for single-dash multi-character tokens. When Click splits -dbgwrong character by character and reports "No such option: -d", ExtraCommand now catches that and re-raises with the full token and close-match suggestions. * Replace pygments-ansi-color dependency with inline ANSI SGR parser. Adds support for italic (SGR 3), underline (SGR 4), reverse video (SGR 7), strikethrough (SGR 9), and 24-bit RGB colors (quantized to the 256-color palette). The token namespace changes from Token.Color.*/Token.C.* to a unified Token.Ansi.*, and CSS classes change accordingly (from .-Color-*/.-C-* to .-Ansi-*). Fixes bold, italic, underline, and other text attributes not rendering in Sphinx/Furo: Furo's dark-mode CSS generator injected color: #D0D0D0 fallbacks for every Pygments style dict entry, overriding foreground color rules on compound tokens. All SGR attribute CSS is now injected separately via EXTRA_ANSI_CSS. * Rename lexer_map to LEXER_MAP. * Change render-matrix --matrix= option to a positional argument: render-matrix . Add palette, 8color, and gradient choices. palette shows a compact 256-color indexed swatch. 8color shows all standard foreground/background combinations. gradient renders 24-bit RGB gradients alongside their 256-color quantized equivalents to visualize the palette resolution limits. * Fix render-matrix colors background color column headers: the color swatches were styled as foreground instead of background colors. - update to 7.11.0: * Add serialize_data() and print_data() functions for serializing arbitrary nested Python data (not just tabular rows) to JSON, HJSON, TOML, YAML, and XML. Complements the existing render_table()/print_table() pair. * Add sort_key parameter to render_table() and print_table() for pre-render row sorting. * Catch ImportError from missing optional dependencies in print_table() and print_data(), producing a clean one-line error instead of a traceback. The print_data() package parameter lets downstream projects customize install instructions. * Add print_sorted_table() and SortByOption for column-based table sorting. SortByOption generates a --sort-by CLI option from column definitions and auto-wires ctx.print_table to the sorted variant. * Add auto-injected help subcommand to ExtraGroup. mycli help shows group help, mycli help subcommand shows that subcommand's help (with nested group resolution). mycli help --search term searches all subcommands for matching options or descriptions. Disable with help_command=False. * Relax ParamStructure._recurse_cmd to skip subcommands whose name collides with a top-level parameter (e.g. the help subcommand vs Click's --help option) instead of raising. * Expose HelpKeywords dataclass and collect_keywords() as public API for extending help screen highlighting. collect_keywords() (renamed from the private _collect_keywords()) can be overridden to customize keyword collection. * Add extra_keywords and excluded_keywords parameters to ExtraCommand and ExtraGroup. extra_keywords injects additional strings for highlighting; excluded_keywords suppresses highlighting of specific strings. Both accept a HelpKeywords instance. * Switch deprecated-message highlighting from pre-collected keyword sets to a case-insensitive regex. Manually-added markers like (Deprecated) or (deprecated: reason) in help strings are now styled alongside Click-native (DEPRECATED) markers. * Style individual choices inside their own metavar ([json|csv|xml]) as structural elements. Excluded choices and cross_ref_highlight=False only suppress free-text highlighting; the metavar itself is always styled. * Propagate excluded_keywords from parent groups to subcommands. Parent exclusions are merged with child exclusions so that choices excluded at the group level are not styled in subcommand descriptions. * Fix command aliases not being highlighted in help screens. Aliases rendered by Cloup inside parenthetical groups (like backup (save, freeze)) were not matched by the subcommand highlighting regex, which only recognized 2-space-indented names. * Fix choice cross-reference highlighting bleeding into bracket fields. When a default value contained a choice keyword (e.g. outline in rounded-outline), the choice style would override the default value style. Bracket fields are now placeholder-protected before cross-reference passes run. * Fix parent-context choice collection always normalizing (lowercasing) case-insensitive choices, ignoring custom metavars. Parent choices with a custom metavar now preserve original case, matching the behavior already applied to the current command's parameters. ++++ python315: - Rewrite structure of Python interpreter packages. `python3*` symbols should be now provided by real python3 packages and its subpackages instead of the virtual provides (bsc#1258364). ++++ python315-documentation: - Rewrite structure of Python interpreter packages. `python3*` symbols should be now provided by real python3 packages and its subpackages instead of the virtual provides (bsc#1258364). ++++ python315-nogil: - Rewrite structure of Python interpreter packages. `python3*` symbols should be now provided by real python3 packages and its subpackages instead of the virtual provides (bsc#1258364). ++++ regclient: - Update to version 0.11.3: * Features: - Add support for pushing digest with tags. (PR 1062) - Handle OCI-Tag headers with comma separators. (PR 1070) ++++ rumdl: - Update to version 0.1.74: * Fixed - md077: emit atomic compound fix for under-indented fences in lists (455822c) - doctests: correct rotted imports and blockquote indent assertions (0238728) - Update to version 0.1.73: * Fixed - test: make test_performance_md051 actually exercise MD051 (c550ef6) - md013,bench: enforce CommonMark 3-space indent on thematic breaks; hoist LintContext out of bench loop (1aafb9a) - Update to version 0.1.72: * Added - config: resolve rule aliases in config get command (69058cd) - import: support JSONC comments in markdownlint config files (26ae457) - cli: introduce FmtArgs with formatter-appropriate interface (dce2b40) * Fixed - md034: detect code spans inside MDX JSX component bodies (d881713) - md025: cascade level adjustment to subordinate headings when demoting duplicate title (2399dca) - formatter: inline format args to satisfy clippy (250a194) - commands: resolve rule aliases in explain and rule commands (5d04351) - use verified fix counts in summaries and correct dry-run label (cd55dc1) - Update to version 0.1.71: * Added - config: support bare rule name in rumdl config get (8369fb1) * Fixed - config: move test module to end of flavor.rs to satisfy clippy items_after_test_module (e30714d) - config: load user config alongside discovered markdownlint project config (c0f79c1) - config: display global.flavor as lowercase quoted string in rumdl config output (b162295) ++++ tempo-cli: - Update to version 2.10.4: * chore(deps): lock file maintenance (#6944) * fix(deps): update module go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp to v1.43.0 [security] (#6896) * chore(deps): update module go.opentelemetry.io/otel/sdk to v1.43.0 [security] (#6897) * chore(deps): update module go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp to v1.43.0 [security] (#6895) * chore(deps): update module github.com/go-jose/go-jose/v4 to v4.1.4 [security] (#6853) * chore(deps): update module go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp to v0.19.0 [security] (#6894) * chore(deps): lock file maintenance (#6826) * chore(deps): lock file maintenance (#6790) * update go version for CVE-2026-25679 (#6779) (#6794) * chore(deps): update module github.com/antchfx/xpath to v1.3.6 [security] (#6765) * chore(deps): update module github.com/buger/jsonparser to v1.1.2 [security] (#6745) * fix(deps): update module google.golang.org/grpc to v1.79.3 [security] (#6736) * chore(deps): lock file maintenance (#6690) ++++ terragrunt: - Update to version 1.0.1: * Experiments Added - dag-queue-display — DAG tree visualization for the run queue A new dag-queue-display experiment renders the run queue as a dependency tree instead of a flat list, making it easier to understand execution order and dependency relationships at a glance. $ terragrunt run --all --experiment dag-queue-display -- plan 19:06:59.108 INFO The following units will be run, starting with dependencies and then their dependents: . ├── monitoring ╰── vpc ╰── database ╰── backend-app ╰── frontend-app To learn more, see the experiment documentation. https://docs.terragrunt.com/reference/experiments/active#dag-queue-display - slow-task-reporting — Progress reporting for long-running operations A new slow-task-reporting experiment displays animated progress spinners for operations that take longer than 1 second, such as source downloads, Git worktree creation, and catalog repository cloning. In non-interactive environments (CI/CD, piped output), spinners are replaced with periodic INFO log lines every 30 seconds to prevent CI systems from killing jobs due to output inactivity. $ terragrunt run --all --experiment slow-task-reporting -- plan INFO Downloading source from git::https://github.com/example/module.git... INFO Downloaded source from git::https://github.com/example/module.git (3.2s) To learn more, see the experiment documentation. https://docs.terragrunt.com/reference/experiments/active#slow-task-reporting - stack-dependencies — Dependency wiring between units in stacks A new stack-dependencies experiment enables the autoinclude block in terragrunt.stack.hcl files, allowing units and stacks to define dependency relationships and arbitrary configuration overrides during stack generation. This implements RFC #5663. unit "vpc" { source = "../catalog/units/vpc" path = "vpc" } unit "app" { source = "../catalog/units/app" path = "app" autoinclude { dependency "vpc" { config_path = unit.vpc.path } inputs = { vpc_id = dependency.vpc.outputs.vpc_id } } } terragrunt run --all --experiment stack-dependencies -- plan To learn more, see the experiment documentation. https://docs.terragrunt.com/reference/experiments/active#stack-dependencies * Bug Fixes - hcl validate no longer fails on dependency.outputs references terragrunt hcl validate previously failed with "Unsupported attribute" when a configuration referenced dependency..outputs. without mock_outputs. During validation, output resolution is skipped, but the outputs attribute was never added to the dependency evaluation context, causing any output reference to error. The fix provides a dynamic placeholder for dependency outputs (and inputs) during validation so that attribute access evaluates to unknown rather than failing. Additionally, the dependency resolution pipeline is now more resilient during validation. Dependencies with unresolvable config_path values or nonexistent targets no longer cause the entire dependency namespace to disappear from the evaluation context. - Destroy queue now displays units in correct order Previously, the run queue display showed units in apply order even for destroy commands. The queue now correctly shows dependents before their dependencies when running destroy, matching the actual execution order. - Dependent discovery fixed in worktrees Dependents are now correctly discovered when units are discovered in worktrees. Previously, dependent discovery could fail to find related units when operating within a git worktree. - Filter exclusions now respected in worktree sub-discoveries Negated filters (e.g., !./catalog/** from .terragrunt-filters or --filter) are now propagated to worktree sub-discoveries used by git-based filtering (--filter-affected, --filter '[ref...ref]'). Previously, excluded source catalog units in worktrees were still discovered and parsed, causing errors when they referenced values.* or dependency.* variables without the stack generation context. - read_terragrunt_config() behavior in implicit stacks fixed A regression introduced in v0.99.4 caused read_terragrunt_config() to fail to parse dependency blocks in external configurations during stack execution. This is fixed by resetting parsing context fields that prevented proper evaluation of dependencies in configurations read by read_terragrunt_config(). - get_original_terragrunt_dir() now resolves correctly during dependency parsing A regression introduced in v1.0.0-rc3 caused get_original_terragrunt_dir() to return the dependent directory instead of the dependency's directory when parsing dependency configurations from a unit. This broke configurations where a dependency's read_terragrunt_config() chain relied on get_original_terragrunt_dir() to locate sibling files. The fix introduces a dedicated WithDependencyConfigPath method that correctly resets the original config path when parsing a dependency as an independent unit. - Chained dependency with exposed include conversion fixed Chaining dependencies with exposed includes no longer produces a spurious "Could not convert include to the execution ctx to evaluate additional locals" error during partial parsing. - Provider cache fixed on Windows for remote URLs The provider cache failed on Windows with CreateFile https://...: The filename, directory name, or volume label syntax is incorrect because remote download URLs were passed to os.Stat, and the colon in https: is invalid Windows path syntax. The fix skips the filesystem existence check when the download URL is a remote URL (://), going directly to the download path. - Additional transient network errors now retried automatically Added retry patterns for provider resolution and registry connection failures commonly seen in CI environments, including TLS handshake timeouts, TCP connection resets, context deadline exceeded errors, and failed discovery document requests. These cover both Terraform and OpenTofu provider workflows. - File copy performance improved Terragrunt now streams data from source files to target files more often by replacing some instances where files were read into memory in their entirety and written to a target file. This results in improved performance when copying files and reduced memory footprint. * Process Updates - Tip builds now available from main Every successful CI run on the main branch now automatically produces tip build binaries with signed checksums for all supported platforms (Windows and macOS binaries are not codesigned in tip builds). These builds are accessible via the builds API at https://builds.terragrunt.com — see the releases process documentation for API endpoints and usage examples. Maintainers can also trigger on-demand test builds from any branch using the test-build.yml workflow. - Concurrency limits now respect GOMAXPROCS All internal concurrency limits now use runtime.GOMAXPROCS(0) instead of runtime.NumCPU(). This means Terragrunt correctly honors the GOMAXPROCS environment variable and container CPU quotas (e.g., cgroups), resulting in better behavior in resource-constrained environments like Kubernetes pods and CI runners with CPU limits. - AWS SDK updated to v1.41.5 The aws-sdk-go-v2 dependency has been updated to v1.41.5. - Terragrunt Scale documentation added A new Terragrunt Scale section has been added to the docs, covering Pipelines, Drift Detection, and Patcher with brief overviews and links to the full Gruntwork documentation. * What's Changed - fix: Fixing up lints (#5887) - misc testing and lint updates (#5885) - fix: Addressing #5828 feedback (#5876) - chore: Upgrading go deps (#5795) - docs: Adding TGS docs (#5831) - fix: Preventing parse errors in stack generation in worktrees (#5826) - fix: Using cty.DynamicVal to avoid 'Unsupported Attribute' errors (#5827) - fix: Fixing `get_original_terragrunt_dir()` interaction with dependencies (#5828) - docs: Documenting tip/test build installation instructions (#5829) - chore: Adding tip build workflows (#5823) - feat: add stack dependencies experiment (#5809) - various lint fixes (#5796) - chore: Replace `runtime.NumCPU()` usage with `runtime.GOMAXPROCS(0)` (#5794) - fix: add retry patterns for transient provider/registry network errors (#5779) - feat: experiment for reporting long running tasks (#5730) - fix coverage compare regarding retries (#5793) - use io.Copy instead of reading files into memory (#5608) - fix: Fixing generation in stacks that read files (#5790) - chore(deps): bump peter-evans/create-pull-request from 7.0.8 to 8.1.0 (#5736) - fix: Addressing test flakes for `TestReadTerragruntConfigDependencyInStack` (#5781) - chore(deps): bump the js-dependencies group across 1 directory with 5 updates (#5764) - fix: Adding Windows symlink tip (#5778) - fix: provider cache path handling in Windows (#5788) - Disable vercel skew protection (#5789) - chore: disabled tmpfs usage in GHA (#5787) - docs: Fixing up changelog implementation (#5784) - docs: Fixing strict controls (#5782) - fix: Discover dependents in worktrees if units are discovered there (#5763) - chore: updated aws-sdk-go-v2 to 1.41.5 (#5771) - fix: Refactoring unit display in runs for better communication (#5752) - docs: Fixing search (#5776) - fix: Fixing macOS linting (#5775) - chore: updating GTM tag (#5769) - fix: Fixing #4153 (#5746) - docs: Adding `v1.0.0` call out (#5768) - fix: Fixing #5624 (#5766) - chore: Adding tests to confirm #4395 is resolved (#5761) ++++ ucode-intel: - update to microcode-20260227: * Update for functional issues. Refer to Intel® Xeon® 6700P-B/6500P-B-Series SoC with P-Cores for details. * ### Updated Platforms * | GNR-D | B0/B1 | 06-ae-01/97 | 010002f3 | 01000303 | Xeon 6700P-B/6500P-B Series SoC with P-Cores ++++ werf: - Update to version 2.65.4: * Miscellaneous Chores - release: force 2.65.4 (07a5770) - Update to version 2.65.3: * Bug Fixes - deploy: restore WERF_EXPERIMENT_NO_GLOBAL_SERVICE_VALUES env (#7468) (3ceed0c) - Update to version 2.65.2: * Bug Fixes - deploy: restore global.env (5e5defd) - Update to version 2.65.1: * Bug Fixes - includes: create local branch refs after fresh clone in CloneAndFetch (#7425) (4c94b0b) - Update to version 2.65.0: * Features - build-report: support reading .env format build reports (8e1501c) - ci-env: add --use-docker-auth-config flag to generate Docker config from DOCKER_AUTH_CONFIG env var (c2701f7) - deploy: add structured image values to $.Values.global.werf.images (#7413) (1b93dcc) * Bug Fixes - build: fix git owner and group with buildah backend (#7415) (7af23b6) - build: use path.Join for container-internal paths in stapel (#7258) (c974594) - deploy: goroutine leak in watch error channel consumer for ReleaseInstall, ReleaseUninstall and ReleaseRollback (#7418) (f2d817c) - deploy: release had pending status after error instead of failed (#7416) (b523cf2) - host-cleanup: handle race condition in tmp files GC when entries disappear between readdir and stat (18ff151) - includes: respect --loose-giterminism for - -allow-includes-update (#7414) (db75a5a) ++++ wine: - updated to 11.7 release - Beginnings of MSXML reimplementation without libxml2. - VBScript compatibility fixes and optimizations. - SRGB filter support in D3DX. - 7.1 speaker configuration in DirectSound. - Various bug fixes. - update staging to 11.7 release ++++ wine-staging: - updated to 11.7 release - Beginnings of MSXML reimplementation without libxml2. - VBScript compatibility fixes and optimizations. - SRGB filter support in D3DX. - 7.1 speaker configuration in DirectSound. - Various bug fixes. - update staging to 11.7 release ++++ wine-staging-wow64: - updated to 11.7 release - Beginnings of MSXML reimplementation without libxml2. - VBScript compatibility fixes and optimizations. - SRGB filter support in D3DX. - 7.1 speaker configuration in DirectSound. - Various bug fixes. - update staging to 11.7 release ++++ wine-wow64: - updated to 11.7 release - Beginnings of MSXML reimplementation without libxml2. - VBScript compatibility fixes and optimizations. - SRGB filter support in D3DX. - 7.1 speaker configuration in DirectSound. - Various bug fixes. - update staging to 11.7 release ++++ wolfictl: - Update to version 0.39.10: * build(deps): bump cloud.google.com/go/storage from 1.61.3 to 1.62.1 (#1948) * build(deps): bump chainguard.dev/melange in the chainguard group * build(deps): bump step-security/harden-runner from 2.17.0 to 2.18.0 * build(deps): bump github.com/lucasb-eyer/go-colorful from 1.3.0 to 1.4.0 * build(deps): bump github.com/anchore/go-logger * build(deps): bump zizmorcore/zizmor-action from 0.5.2 to 0.5.3 (#1940) * build(deps): bump the chainguard group with 3 updates (#1941) * build(deps): bump golang.org/x/term from 0.41.0 to 0.42.0 (#1942) * build(deps): bump golang.org/x/text from 0.35.0 to 0.36.0 (#1931) * build(deps): bump step-security/harden-runner from 2.16.1 to 2.17.0 (#1934) * build(deps): bump github.com/hashicorp/go-version from 1.8.0 to 1.9.0 (#1933) * build(deps): bump step-security/action-actionlint from 1.69.1 to 1.72.0 (#1936) * build(deps): bump github.com/hashicorp/go-getter from 1.8.3 to 1.8.6 (#1937) * build(deps): bump chainguard-dev/actions from 1.6.13 to 1.6.14 (#1938) * build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#1939) ++++ zizmor: - Update to version 1.24.1: * Bug Fixes - Fixed a bug where the ref-version-mismatch audit would incorrectly flag some version comments as not containing an appropriate version (#1900) ------------------------------------------------------------------ ------------------ 2026-4-17 - Apr 17 2026 ------------------- ------------------------------------------------------------------ ++++ Mesa: - Update to 26.0.5 bugfix release - -> https://docs.mesa3d.org/relnotes/26.0.5 ++++ Mesa-drivers: - Update to 26.0.5 bugfix release - -> https://docs.mesa3d.org/relnotes/26.0.5 ++++ argocd-cli: - Update to version 3.3.7: No CLI-related changes * chore(deps): bump fast-xml-parser from 4.5.3 to 4.5.6 in /ui - 3.3 (#27360) * chore(deps): bump go-jose from 4.1.3 to 4.1.4 (cherry-pick [#27101] for… (#27208) * chore(deps): update notifications-engine dependency in release-3.3 to v0.5.1-0.20260316232552-d27ba0152c1c (#27093) ++++ mongo-c-driver: - Update to version 2.3.0 libbson * bson_t is now trivially relocatable. * deprecate bson_append_array_begin Use bson_append_array_builder_begin or bson_append_array_unsafe_begin instead. libmongoc * Added support for MongoDB's Intelligent Workload Management (IWM) and ingress connection rate limiting features. The driver now gracefully handles write-blocking scenarios and optimizes connection establishment during high-load conditions to maintain application availability. * Support appending client handshake metadata after initialization and per-client/pool. * Support Kubernetes as a credential provider for MONGODB-OIDC authentication. * Improve cursor handling on client-side timeouts ++++ chezmoi: - Update to version 2.70.2: - Features * feat: Add .chezmoi.flags template variable * feat: Make stdinIsATTY template func available in all templates * feat: Switch to betterleaks for secret detection - Fixes * fix: Re-enable support for TOML 1.1 - Documentation * docs: Always use https to get install script * docs: Improve documentation of secret command ++++ conftest: - Update to version 0.68.2: * build(deps): bump github.com/open-policy-agent/opa from 1.15.1 to 1.15.2 (#1311) * build(deps): bump github.com/hashicorp/go-getter from 1.8.5 to 1.8.6 (#1307) - Update to version 0.68.1: * fix(push): Use Rego v1 by default (#1290) ++++ gcc16: - Update to 16.0.1+git8711 ++++ cpptrace: - Initial package of cpptrace 1.0.4. Simple, portable, drop-in C++ stacktrace library, using libdwarf for symbol resolution and libunwind for stack unwinding. - Split into libcpptrace1 (shared library) and cpptrace-devel (headers, pkg-config data, CMake config files) per the openSUSE Shared Library Packaging Policy. ++++ cross-aarch64-gcc16: - Update to 16.0.1+git8711 ++++ cross-aarch64-gcc16-bootstrap: - Update to 16.0.1+git8711 ++++ cross-amdgcn-gcc16: - Update to 16.0.1+git8711 ++++ cross-arm-gcc16: - Update to 16.0.1+git8711 ++++ cross-arm-none-gcc16: - Update to 16.0.1+git8711 ++++ cross-arm-none-gcc16-bootstrap: - Update to 16.0.1+git8711 ++++ cross-avr-gcc16: - Update to 16.0.1+git8711 ++++ cross-avr-gcc16-bootstrap: - Update to 16.0.1+git8711 ++++ cross-bpf-gcc16: - Update to 16.0.1+git8711 ++++ cross-hppa-gcc16: - Update to 16.0.1+git8711 ++++ cross-hppa-gcc16-bootstrap: - Update to 16.0.1+git8711 ++++ cross-loongarch64-gcc16: - Update to 16.0.1+git8711 ++++ cross-loongarch64-gcc16-bootstrap: - Update to 16.0.1+git8711 ++++ cross-nvptx-gcc16: - Update to 16.0.1+git8711 ++++ cross-ppc64-gcc16: - Update to 16.0.1+git8711 ++++ cross-ppc64le-gcc16: - Update to 16.0.1+git8711 ++++ cross-ppc64le-gcc16-bootstrap: - Update to 16.0.1+git8711 ++++ cross-pru-gcc16-bootstrap: - Update to 16.0.1+git8711 ++++ cross-riscv64-elf-gcc16: - Update to 16.0.1+git8711 ++++ cross-riscv64-elf-gcc16-bootstrap: - Update to 16.0.1+git8711 ++++ cross-riscv64-gcc16: - Update to 16.0.1+git8711 ++++ cross-riscv64-gcc16-bootstrap: - Update to 16.0.1+git8711 ++++ cross-rx-gcc16: - Update to 16.0.1+git8711 ++++ cross-rx-gcc16-bootstrap: - Update to 16.0.1+git8711 ++++ cross-s390x-gcc16: - Update to 16.0.1+git8711 ++++ cross-s390x-gcc16-bootstrap: - Update to 16.0.1+git8711 ++++ decibels: - Update to version 49.6.1: * Fix invalid git tag - Changes from version 49.6: * Bugs fixed: - Decibels doesn't set audio stream metadata (pretty name, icon and current playback title) for other PipeWire apps - Volume Meter shows incorrect default value (50%) after starting the application - metainfo: Change component type to "desktop-application" - fix(mpris): SetPosition and OpenUri - metainfo: Use supports for controls * Updated translations. ++++ docker-compose: - Update to version 5.1.3: * Fixes - fix: provider output handling and watch rebuild re-invocation by @glours in #13732 * Internal - Add Docker Desktop Logs view hints and navigation shortcut by @glours in #13721 - Build and push Docker Desktop module image on release by @glours in #13726 - Fix typo in SECURITY.md by @glours in #13730 - Make hook hint deep links clickable using OSC 8 terminal hyperlinks by @glours in #13734 - Remove 'provenance' attribute' by @glours in #13738 * Dependencies - build(deps): bump github.com/containerd/containerd/v2 from 2.2.2 to 2.2.3 by @dependabot[bot] in #13737 ++++ easyeffects: - Update to version 8.2.0 * Fixed a regression in the deep noise remover plugin. When the plugin was restarted its settings were not being reapplied. ++++ evdi: - Update to version 1.14.15 * Preliminary support for linux kernel v7.0 * Improve performance on Intel Core Ultra 7 platform * Fix audio issues during MS Teams call * Fix "Failed to map scanout buffer" error on Intel Core Ultra 7 platform * Set libEvdi license to LGPL v2.1-or-later ++++ facetimehd: - Update to version 0.7.0.1 * Fixes build against 7.0 kernel ++++ faugus-launcher: - Remove python-filelock dependency from .spec file - Bump to version 1.18.3 - Upstream changes: * Added gamepad mapping * Updated Portuguese translation * Prevent duplicating dialogs when pressing gamepad buttons * More keybindings for Gamepad navigation * Fixed Proton-CachyOS (System) not working with tools * Added support for gamepad navigation * Updated splash window closing * Now allows relative paths for the default prefix and Lossless Location ++++ forgejo-cli: - update to 0.5.0: * Additions - (!334) Support for managing labels on issues and repos. - (!349) repo edit and repo units for modifying settings on a repo and repo units. - (!373) Use the needed CLI flags for more editors when opening them. - (!385) Use the editor defined in git's core.editor config option by default (falling back to $EDITOR if it is not set). - (!414) Add commands to assign and unassign users to issues and PRs. - (!415) Support all README files in fj repo readme, regardless of case or extension. - (!416) Add the option to choose what repo to own the new repo to fj repo migrate. - (!419) Show a warning when viewing an archived repo. - (!420) Add a notice about git push --force not being supported on AGit PRs. - Added fj auth login support for the following instances: - v15.next.forgejo.org - codefloe.com * Fixes - (!393) Don't include pull requests in fj issues search. - (!407) Guarantee opening the browser in fj auth login doesn't block. - (!417) Prevent incorrectly reusing the refresh token when refreshing OAuth tokens. * Other - (!278) Improved "no repo info" error message. - (!403) Build aarch64 artifacts for new releases. ++++ ft2-clone: - Update to version 2.17 * Bug fix: The "Precise BPM" checkbox in Config->Audio was not uninitialized properly and could accidentally be interacted with in other screens. ++++ gasket-driver: - Exclude bulding for 32 bit architectures (%{ix86} %arm): this package/driver has not ever built on those arches. ++++ gcc16-testresults: - Update to 16.0.1+git8711 ++++ gemini-cli: - add fix-mount-path.patch for sandbox handling ++++ gnutls: - Fix build with libnettle 4.0: (bsc#1257934) * Support building with Nettle 4 [PR2075] * accelerated: don't register custom HMAC for AArch64 if Nettle 4 [PR2080] * Add patches: - gnutls-libnettle4-2075.patch - gnutls-libnettle4-2080.patch ++++ gstreamer-plugins-bad: - Add an explicit BuildRequires: pkgconfig(libvmaf) instead of relying on some other package to pull it. This fixes build in SLFO. ++++ helm-schema: - Update to version 0.23.1: * Bug Fixes - top-level ref to schema root works now by @outofrange * Chores - Adjut cliff version format by @dadav * Testing - adding test cases for reproducing top-level ref issues by @outofrange - adding testcases for bugfix (#211) by @outofrange ++++ hyprland: - Obsolete hyprland-plugin-hyprscrolling as functionality was included in hyprland proper. Consult https://wiki.hypr.land/0.54.0/Configuring/Scrolling-Layout/ for more information. ++++ hyprland-plugins: - Introduce necessary patches to target hyprland 0.54.0, as upstream did not make a release yet. + Added all-chase-hyprland.patch + Added expo-Chase-new-gesture-param-disableInhibit-581.patch + Added Fix-hyprtrails-compilation-errors.patch - Removed hyprland-plugin-hyprscrolling as functionality was introduced upstream. ++++ iodbc: - Fix build with gcc15: * Compile with `-std=gnu89 -fpermissive -Wno-error=strict-prototypes - Wno-error=implicit-function-declaration` * Add iodbc-gcc15-fixes.patch ++++ istioctl: - update to 1.29.2: https://istio.io/latest/news/releases/1.29.x/announcing-1.29.2/ * Fixed an issue where istioctl incorrectly reported an error on EnvoyFilter with REPLACE operation on VIRTUAL_HOST. (Issue #59495) ++++ jfrog-cli: - Update to version 2.100.0: * No changes in: build-info-go, gofrog, jfrog-cli-security, jfrog-client-go * New Features - [jfrog-cli] New Feature: Implement package alias to invoke jfrog-cli based on package manager #3375 (@bhanurp) - [jfrog-cli] JGC-448 - Add explicit GITHUB_TOKEN permissions to CLA workflow #3428 (@RemiBou) - [jfrog-cli] JGC-470 - Implement an api command #3418 (@ehl-jf) * Bug Fixes - [jfrog-cli-artifactory] Fix: Empty Build Info When Using Maven Plugin Goals #406 (@agrasth) - [jfrog-cli-artifactory] fix/reference-token-privilege-escalation #416 (@reshmifrog) - [jfrog-cli-core] Fix reference token privilege escalation [#1540] (@reshmifrog) * Internal Changes - [jfrog-cli-core] Bump pnpm/action-setup from 5 to 6 in the github-actions group #1541 (@dependabot[bot]) * Other Changes - [jfrog-cli-artifactory] set docker test platform url #419 (@reshmifrog) ++++ kargo-cli: - Update to version 1.9.6: no CLI-related changes or dependency updates ++++ kernel-source-longterm: - writeback: Fix use after free in inode_switch_wbs_work_fn() (bsc#1259701 git-fixes). - commit 0c4313e ++++ kernel-firmware-i915: - Update to version 20260416 (git commit a2f5a2941878): * i915: Xe3LPD DMC v2.34 * i915: Xe3LPD_3002 DMC v2.29 ++++ kernel-firmware-platform: - Update to version 20260416 (git commit a2f5a2941878): * powervr: update Imagination Rogue firmware images ++++ kernel-firmware-qcom: - Update to version 20260416 (git commit a2f5a2941878): * qcom: Update ADSP firmware for Kaanapali platform ++++ kernel-longterm: - writeback: Fix use after free in inode_switch_wbs_work_fn() (bsc#1259701 git-fixes). - commit 0c4313e ++++ kernel-syms-longterm: - writeback: Fix use after free in inode_switch_wbs_work_fn() (bsc#1259701 git-fixes). - commit 0c4313e ++++ kl: - Update to version 0.9.1: * fix: keep terminated containers and logs until manually deselected ++++ ktextaddons: - Update to 2.0.1. No changelog ++++ kubectl-browse-pvc: - Update to version 1.4.4: * trim job name to not end with invalid character * adjust how the tool responds to active browse pods * fix bad ns error check * add timeout * allow setting job names, truncate long job names - Update to version 1.4.3: * Bump github.com/moby/spdystream from 0.5.0 to 0.5.1 ++++ kubectl-switch: - Update to version 2.4.17: * Bug Fixes - 79df14f: fix(go): update charm.land/bubbletea/v2 ( v2.0.5 → v2.0.6 ) (@mr-borboto[bot]) - 5804a18: fix(go): update kubernetes monorepo ( v0.35.3 → v0.35.4 ) (@mr-borboto[bot]) * CI/CD - 52bf634: ci(github-action): update github/codeql-action ( v4.35.1 → v4.35.2 ) (@mr-borboto[bot]) * Chores - c2433e1: chore(mise): update aqua:goreleaser/goreleaser ( 2.15.2 → 2.15.3 ) (@mr-borboto[bot]) - Update to version 2.4.16: * Bug Fixes - 8b7bf00: fix(go): update charm.land/bubbletea/v2 ( v2.0.2 → v2.0.3 ) (@mr-borboto[bot]) - eef4da7: fix(go): update charm.land/bubbletea/v2 ( v2.0.3 → v2.0.4 ) (@mr-borboto[bot]) - 4f505cb: fix(go): update charm.land/bubbletea/v2 ( v2.0.4 → v2.0.5 ) (@mr-borboto[bot]) - 2672707: fix(go): update charm.land/lipgloss/v2 ( v2.0.2 → v2.0.3 ) (@mr-borboto[bot]) * CI/CD - 2be80ed: ci(github-action): update actions/create-github-app-token ( v3.0.0 → v3.1.0 ) (@mr-borboto[bot]) - 60aac54: ci(github-action): update actions/create-github-app-token ( v3.1.0 → v3.1.1 ) (@mr-borboto[bot]) - fd4ca38: ci(github-action): update docker/login-action ( v4.0.0 → v4.1.0 ) (@mr-borboto[bot]) - 57c2418: ci(github-action): update github/codeql-action ( v4.34.1 → v4.35.0 ) (@mr-borboto[bot]) - 7ac8c1c: ci(github-action): update github/codeql-action ( v4.35.0 → v4.35.1 ) (@mr-borboto[bot]) - f1866ec: ci(github-action): update renovatebot/github-action ( v46.1.6 → v46.1.7 ) (@mr-borboto[bot]) - 04724a7: ci(github-action): update renovatebot/github-action ( v46.1.7 → v46.1.8 ) (@mr-borboto[bot]) - 8c5357d: ci(github-action): update renovatebot/github-action ( v46.1.8 → v46.1.9 ) (@mr-borboto[bot]) * Chores - f1355f4: chore(mise): update aqua:goreleaser/goreleaser ( 2.14.3 → 2.15.0 ) (#240) (@mr-borboto[bot]) - 106227b: chore(mise): update aqua:goreleaser/goreleaser ( 2.15.0 → 2.15.2 ) (#241) (@mr-borboto[bot]) - 1e95801: chore(mise): update go ( 1.26.1 → 1.26.2 ) (@mr-borboto[bot]) ++++ kubescape: - Update to version 4.0.5: * build(deps): update Go version and bump dependencies - Update to version 4.0.4: * build(deps): Bump github.com/moby/spdystream from 0.5.0 to 0.5.1 * use go-logger v0.0.28 * build(deps): Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp * build(deps): Bump github.com/moby/buildkit from 0.26.1 to 0.28.1 * build(deps): Bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp * build(deps): Bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 * build(deps): Bump github.com/aws/aws-sdk-go-v2/service/s3 * build(deps): Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 * build(deps): Bump github.com/sigstore/timestamp-authority/v2 * build(deps): Bump github.com/hashicorp/go-getter from 1.7.9 to 1.8.6 * build(deps): Bump helm.sh/helm/v3 from 3.18.5 to 3.20.2 * build(deps): Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 * error handling improved * fix: duplicate flags removed from image.go * build(deps): Bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 * build(deps): Bump github.com/cilium/cilium from 1.16.17 to 1.17.14 * build(deps): Bump github.com/go-git/go-git/v5 from 5.16.5 to 5.17.1 * build(deps): Bump golang.org/x/image from 0.25.0 to 0.38.0 * build(deps): Bump google.golang.org/grpc from 1.78.0 to 1.79.3 ++++ kubeshark-cli: - Update to version 53.2.2: * Release Highlights Kubeshark 53.2.2 introduces MongoDB protocol dissection, bringing L7 visibility to MongoDB traffic across the dashboard, MCP tools, and KFL filtering. Kubernetes metadata enrichment has been moved from the hub to the worker nodes, significantly reducing hub load and improving scalability in large clusters. The eBPF tracer now supports Envoy BoringSSL TLS decryption via offset-based hooking and introduces a ring buffer-based packet poller for improved capture performance. * New Features - Add MongoDB protocol dissector with request parsing (Phase 1), MCP transform support, and dashboard UI - Add Envoy BoringSSL TLS decryption via offset-based hooking in the eBPF tracer - Add dashboard-level namespace, worker, and dissector filters for granular traffic scoping - Add back-end resolved entry summary display in the dashboard - Add time preset buttons in snapshot creation dialog for quick time window selection - Add external volume support for dissection jobs, enabling persistent storage across restarts - Add recvmsg/sendmsg/recvmmsg/sendmmsg/readv/writev syscall hooks for improved SSL-to-fd tracking * Improvements - Move Kubernetes metadata enrichment from hub to worker nodes — reduces hub load and improves scalability - Stream pod Modified events to workers when enrichment fields change, keeping worker-side K8s metadata up to date - Replace eBPF perf buffer with ring buffer-based packet poller for improved capture performance and memory efficiency - Add async pin cleanup for graceful eBPF tracer termination, improving shutdown reliability - Update MCP KFL schema to match KFL2 capabilities - Update Network RCA AI skill resolution tools to list_workloads/list_ips - Improve JSON payload detection and formatting in the dashboard - Reset API stream on targeting change for consistent real-time view - Extract snapshot tar archives directly during download for dissection - Pass dissection storage flags to dissection jobs - TCP flows in CLOSED state now bypass backend capture rules - Add subPathExpr to worker DaemonSet for shared persistent storage - Refactor string splitting in loops for improved performance - Bump Go base image from 1.25.7 to 1.26.1 * Bug Fixes - Fix pod targeting collision for same-named pods in different namespaces - Fix KFL K8s field filtering for MCP live queries - Fix eBPF-TLS capture source icon in the dashboard - Fix snapshot creation to use only healthy workers - Fix do_accept() compatibility issue in eBPF tracer - Fix processing of stop raw capture command - Fix flaking tests in hub ++++ lego: - Update to version 4.34.0: * b682f84 Add DNS provider for 1cloud.ru (#2921) * 79b83fe Add DNS provider for Netnod (#2919) * ca17894 Add DNS provider for UCloud (#2972) * 61bd6bf Add DNS provider for online.net (#2964) * 4f6a481 bluecatv2: fix documentation * aa6fceb fix: check base64url token * 1274ec8 oraclecloud: support profile session token (#2965) * cff2cd7 rfc2136: add RFC3645 (TSIG-GSS) support (#2946) * 33754b3 rfc2136: add dnsupdate as alias (#2957) * 79796e1 yandex360: update API docs links (#2922) ++++ openldap2: - Update to release 2.6.13 * slapd now uses a fresh timestamp for lastbind * Made slapd delta-syncrepl always use the logDB rootdn * Fixed slapd reverse lookup of proxied IPv6 addresses * Fixed a slapd logging buffer overflow * Fixed slapd-ldap response when invalid secprops is configured * Fixed a slapd-mdb error when deleting the last child of a branch * Fixed slapo-memberof clashing with refint on subtree renames * Fixed slapo-syncprov to use the correct rootDN for accesslog replay * Fixed libldap to reject empty types in LDIF * Fixed liblber to not run into a potential NULL deref in `ber_bvreplace_x` * Fixed a libldap heap buffer overflow in `parse_whsp` * Fixed some memory leaks and race conditions in slapd and one in slapo-syncprov * Fixed slapd-mdb always initialize pausepoll * Fixed slapo-dds incorrectly setting minttl in certain scenarios * Fixed slapo-{constaint,memberof,nestgroup,retcode,syncprov} to not propagate request controls to internal ops ++++ openldap2-contrib-src: - Update to release 2.6.13 * slapd now uses a fresh timestamp for lastbind * Made slapd delta-syncrepl always use the logDB rootdn * Fixed slapd reverse lookup of proxied IPv6 addresses * Fixed a slapd logging buffer overflow * Fixed slapd-ldap response when invalid secprops is configured * Fixed a slapd-mdb error when deleting the last child of a branch * Fixed slapo-memberof clashing with refint on subtree renames * Fixed slapo-syncprov to use the correct rootDN for accesslog replay * Fixed libldap to reject empty types in LDIF * Fixed liblber to not run into a potential NULL deref in `ber_bvreplace_x` * Fixed a libldap heap buffer overflow in `parse_whsp` * Fixed some memory leaks and race conditions in slapd and one in slapo-syncprov * Fixed slapd-mdb always initialize pausepoll * Fixed slapo-dds incorrectly setting minttl in certain scenarios * Fixed slapo-{constaint,memberof,nestgroup,retcode,syncprov} to not propagate request controls to internal ops ++++ libnl-doc: - Update to release 3.12.0 * Update for libnl's new APIs up to 3.12.0 ++++ polkit-qt5-1: - Update to 0.201.1: * defer Session destruction in KListener::completed * Remove Data(const Data& other), we don't need it * Save roundtrip from subject to string to subject * Mark Subject constructor as explicit * Return {} instead of nullptr * g_object_unref does not like being passed a nullptr * Remove unnecessary g_object_unref call in enumerateTemporaryAuthorizationsSync function * ListenerAdapter: uniquify the identities * Build examples on CI * Use undeprecated install dir variable * Fix examples build for Qt 6.8.1 - Update to 0.201.1: * defer Session destruction in KListener::completed * Remove Data(const Data& other), we don't need it * Save roundtrip from subject to string to subject * Mark Subject constructor as explicit * Return {} instead of nullptr * g_object_unref does not like being passed a nullptr * Remove unnecessary g_object_unref call in enumerateTemporaryAuthorizationsSync function * ListenerAdapter: uniquify the identities * Build examples on CI * Use undeprecated install dir variable * Fix examples build for Qt 6.8.1 ++++ ryokucha: - Update to 0.4.0: + fix: DropDownText: Add missing default values of active_id, max_width_chars, and ellipsize ++++ libstorage-ng: - merge gh#openSUSE/libstorage-ng#1068 - removed redundant device lookup - 4.5.313 ++++ libxkbcommon: - Update to release 1.13.1 [boo#1262256] * context: The default include paths initialization is delayed until required. This is more efficient for clients that only get the keymap from the server and thus do not need to look up any XKB files. * Added the XKB extensions directories, a new mechanism to facilitate keyboard layout packaging and distribution. ++++ linkerd-cli-edge: - Update to version 26.4.3: * build(deps): bump rand from 0.10.0 to 0.10.1 (#15162) * build(deps): bump cc from 1.2.59 to 1.2.60 (#15161) * build(deps): bump rustls-webpki from 0.103.10 to 0.103.11 (#15160) * build(deps): bump golang.org/x/tools from 0.43.0 to 0.44.0 (#15153) * build(deps): bump helm.sh/helm/v3 from 3.20.1 to 3.20.2 (#15154) ++++ melange: - Update to version 0.50.0: * build(deps): bump github.com/github/go-spdx/v2 from 2.4.0 to 2.5.0 in the gomod group (#2485) * build(deps): bump step-security/harden-runner from 2.17.0 to 2.18.0 in the actions group (#2486) * fix(observability): probe only when observability is installed (#2482) * feat(qemu): add DNS search domains (#2481) * build(deps): bump zizmorcore/zizmor-action from 0.5.2 to 0.5.3 in the actions group (#2483) * feat(pipelines): add reason fields to fetch and git-checkout (#2480) * fix(qemu): improve VM shutdown with graceful timeouts and PID safety (#2479) * build(deps): bump the gomod group with 3 updates (#2477) ++++ nfpm: - Update to version 2.46.1: * Bug fixes - 74c1509: fix(files): check ownedByFilesystem after destination is set (@caarlos0) - 1ecd691: fix(files): use info.Mode() instead of d.Type() for tree files (@caarlos0) - 752d21f: fix: rename Unwarp to Unwrap on ErrSigningFailure (@caarlos0) * Build process updates - 097ead3: ci(deps): bump docker/login-action in the actions group (#1066) (@dependabot[bot]) - 63f7e59: ci(deps): bump the actions group with 2 updates (#1070) (@dependabot[bot]) * Other work - 252bb74: docs: update cmd docs (@caarlos0) - 92dd1ee: fix(#1067): update go-msix version (#1071) (@djgilcrease) ++++ nginx-module-vts: - Update to release 0.2.5 * Added new directive `ignore_status` (`vhost_traffic_status_ignore_status 1xx 3xx;`) * Add support to measure status_codes ++++ nvtop: - Update to version 3.3.2: * Flush snapshot stream. - Changes from version 3.3.1: * Fix json cmdline indent. * Encode/decode usage and processes in snapshot. * Snapshot with delay by default. * Fix invalid JSON in snapshot. * Add loop snapshot mode. * Add interval mode to snapshot. - Changes from version 3.3.0: * Merge effective load within GPU percentage meter. * Refactor unified memory computation and sanitize process memory usage. * Fix NVIDIA memory reporting. * Fix metax warnings. * Bound effective load to 100%. * Add support for Enflame GCU. * Fix typos across documentation and source. * Fix assertion failure when duplicate client_id encountered. * When running on an AMD APU add VRAM + GTT together. * Fix: Clamp effective load plot value to 100%. * Feat: Add Effective Load metric and plot. * Fix incorrect gpu number for METAX GPU. * Update nvtop manpage with additional options. * Fix unified memory GPU reporting to use actual GPU allocations. * Fix unified memory reporting to use MemAvailable. * Add device_field for memory clock. * Add automatic screen redraw on tmux reconnection. * Add F5 and Ctrl+L screen refresh functionality. * Add rich memory stats. * Feat: add support for METAX GPU. - Update service to manual and use xz tarball. ++++ ollama: - Update to version 0.21.0 * launch: skip unchanged integration rewrite configration * launch/openclaw: fix --yes flag behaviour to skip channels configuration * launch: OpenCode inline config * launch: add hermes by * launch: always list cloud recommendations first * cmd/launch: add Copilot CLI integration - fixing vulkan dependencies, should also fix runtime (so far ollama claimed to use vulkan, but actually didn't) - check for missing symbols in cuda and vulkan backend if available ++++ orthanc-mysql: - mysql.patch added to fix build error some cleanup of spec file ++++ orthanc-stl: - math.diff added to fix build error with framework 1.12.11 some cleanup of spec file ++++ python-oslo.rootwrap: - skip functional/eventlet tests that are less stable ++++ python-glanceclient: - add 0001-Fix-bytes-related-test-failures-with-urllib-3.patch ++++ python-asdf-astropy: - update to 0.11.0: * Add support for astropy.wcs.wcsapi.HighLevelWCSWrapper. * Update version checks for transform schema compatibility to use package versions instead of manifests ++++ python-boost-histogram: - update to 1.7.2: * Correct repr for MultiCell by @henryiii in * Fix serialization round-trip for 3D histograms with empty axes * Fix `__setitem__` axis index mismatch when slices are not leading indices * Support 0D MeanView/WeightedMeanView * Broadcast scalar axis args to match array sample length in Mean/WeightedMean fill * Slightly better getitem type ++++ python-devpi-common: - update to 4.1.1: * Implement missing __hash__ for Version and CompareMixin classes. * Fix ``py.typed`` to properly export type information. * Use ``__slots__`` to reduce memory usage of ``Version``. * Use ``filter='data'`` for ``extractall`` call on supported Python versions as additional guard to the existing out of path checks against malicious tar files. * Remove custom ``LegacyVersion`` and use ``packaging-legacy`` instead, which is also used by pypi.org. ++++ python-devpi-server: - update to 6.19.3: * Fix #1112: Parse simple JSON reply even with wrong content- type in reply if the body seems to contain JSON. * Return stale project list for mirrors when the lock can't be acquired within the timeout. * Fix importing of toxresults from devpi-server 6.5.0 to 6.9.0 where the wrong hash was stored. ++++ python-django-tables2: - update to 3.0.0: * Rename the `querystring` templatetag to `querystring_replace` to avoid shadowing built-in one. * If you use custom templates to render tables with django- tables2, you should replace `{% querystring %}` with `{% querystring_replace %}` `RelatedLinkColumn` is removed. Replace `RelatedLinkColumn` with `Column(linkify=True)`. * Restore signature of `TemplateColumn.render()` (#1033) by * Remove declared support for Django 4.2 and 5.1, upgrade pre- commit dependencies ++++ python-drf-spectacular-sidecar: - update to version 2026.4.14 * Fix redoc files #16 ++++ python-ecdsa: - Add patch support-python-3.14.patch: * Support Python 3.13.13 (and 3.14.4) changes. ++++ python-fastapi: - update to 0.136.0: * Support free-threaded Python 3.14t. - update to 0.135.4: * Remove April Fool's `@app.vibe()` ++++ python-packaging-legacy: - Initial package ++++ python-pytest-gitconfig: - Initial packaging effort for pytest-gitconfig 0.9.0. ++++ python-ruff: - update to 0.15.11 * Preview features * [ruff] Ignore RUF029 when function is decorated with asynccontextmanager * [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) * [flake8-bandit] Fix S103 false positives and negatives in mask analysis * Bug fixes * [flake8-async] Omit overridden methods for ASYNC109 * Documentation * [flake8-async] Add override mention to ASYNC109 docs * Update Neovim config examples to use vim.lsp.config ++++ python-testflo: - Update to 1.4.22 * Previous release broke for projects that don't have a .coveragerc (#130) - from version 1.4.21 * Fixed a double initialization issue when coverage was active (#128) - from version 1.4.20 * Improved functionality of the -f option (#123) * Added a workflow to publish to PyPi when a release is made on GitHub (#122) - from version 1.4.19 * Added current directory to sys.path during try_import to avoid any relative import failures in test files (#118) - from version 1.4.18 * Removed setuptools as a dependency (#115) - from version 1.4.17 * Fixed a couple of bugs related to SubTests (#111) - from version 1.4.16 * Changed build system to hatchling; added a test workflow (#106) * Fixed handling of --skip_dirs arg (#105) - Update BuildRequires from pyproject.toml ++++ python-trio-websocket: - update to 0.12.2 * fix loss of context/cause on ExceptionGroup exceptions * support trio strict_exception_groups=True * expand type annotations * add ability to specify receive buffer size, including None to let trio choose * drop support for Python 3.7 * fix omitted direct dependency on outcome * fix incorrect port when using a wss:// URL without supplying an explicit SSL context ++++ python-webauthn: - Update to 2.7.1 * This project now uses the pyasn1 library to parse ASN.1-encoded values (#263), h/t @ggirol-rc) * Some bare `dict` type annotations have been replaced with `Dict[str, Any]` to satisfy stricter type checking setups (#262), h/t @typestring) - Update BuildRequires and Requires from pyproject.toml ++++ s390-tools: - Applied a patch to remove phmac_s390 kernel module load from dracut * s390-tools-Remove-phmac_s390.patch - Applied a modified patch (bsc#1262221) * s390-tools-combined.patch - Amended SUSE's 'pkey.conf' - Re-venor-ed vendor.tar.zst ++++ sparsehash: - fix build with gcc16, boo#1261682 ++++ strawberry: - Update to version 1.2.19 + Fixed MPRIS2 Play causing playback to restart if already playing (#1995) + Fixed incorrect use beginInsertRows() / endInsertRows() of when adding / removing devices (#2021) + Fixed album cover manager save cover to file not working (#2039) + Fixed repeat and shuffle button sizes (#1838) + Fixed MPRIS2 resetting previous played track history + Fixed Qobuz authentication (#2058) + Rewrote Discord RPC with Qt and removed RapidJSON dependency + New grouping shuffle mode + Use HTTP POST for AcoustID lookup + Write MusicBrainz Track Id when completing tags using MusicBrainz + Added rating filter to the collection (#2054) ++++ telemetrygen: - Update to version 0.150.0: * [chore] Update core dependencies (#47579) * [chore] Update core dependencies (#47524) * [chore] bump testcontainers to 0.42.0 (#47443) * Update module gitlab.com/gitlab-org/api/client-go/v2 to v2.16.0 (#47441) * [chore] bump otelgo dep (#47508) * Update module github.com/open-telemetry/otel-arrow/go to v0.47.0 (#47433) * Bump prometheus to v0.311.1 (#47454) * Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.53.1 to 1.97.3 in /receiver/snowflakereceiver (#47501) * Bump github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream from 1.6.2 to 1.7.8 in /receiver/snowflakereceiver (#47500) * [chore] update spanpruningprocessor dependencies (#47499) * Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 in /internal/docker (#47488) * [chore] Update core dependencies (#47475) * Migrate from docker/docker to moby/moby modules (#47417) * Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.53.1 to 1.97.3 in /receiver/sqlqueryreceiver (#47459) * Update golang:1.26 Docker digest to ec4debb (#47456) * Update module github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common to v1.3.73 (#47455) * Update module google.golang.org/grpc to v1.80.0 (#47446) * Update All github.com/aws packages (#47450) * Update opentelemetry-go monorepo (#47447) * Update module github.com/klauspost/compress to v1.18.5 (#47406) * Update golang:1.26 Docker digest to cd78d88 (#47449) * Update module google.golang.org/api to v0.275.0 (#47442) * Update module github.com/twmb/franz-go/pkg/kmsg to v1.13.1 (#47439) * Update module github.com/prometheus/exporter-toolkit to v0.16.0 (#47436) * [chore] Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 (#47362) * Update opentelemetry-operations-go dependencies (#47434) * Update module github.com/moby/moby/client to v0.4.0 (#47432) * Update prom/prometheus Docker tag to v3.11.1 (#47435) * Update module go.opentelemetry.io/ebpf-profiler to v0.0.202614 (#47412) * Update module cloud.google.com/go/compute to v1.58.0 (#47429) * Update module github.com/apache/cassandra-gocql-driver/v2 to v2.1.0 (#47425) * Update module github.com/googleapis/gax-go/v2 to v2.21.0 (#47426) * Update All cloud.google.com/go packages (#47416) * Update module modernc.org/sqlite to v1.48.1 (#47415) * Update module github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common to v1.3.72 (#47411) * Update docker-compose deps (#47424) * Update dependency simple-git to v3.35.2 (#47423) * Update All opentelemetry-go-contrib packages (#47422) * Update module github.com/DeRuina/timberjack to v1.4.1 (#47403) * Update golang:1.26 Docker digest to 5e69504 (#47405) * [chore](exporter/prometheusexporter) migrate feature gate to metadata.yaml (#47304) * Update module github.com/shirou/gopsutil/v4 to v4.26.3 (#47410) * Update module github.com/SAP/go-hdb to v1.16.3 (#47409) * [chore] (receiver/mongodbreceiver)-remove-obsolete-feature-gate (#47391) * Update module github.com/itchyny/timefmt-go to v0.1.8 (#47404) * Update All github.com/aws packages (#47400) * Update docker/login-action digest to 4907a6d (#47399) * [chore] Update core dependencies (#47354) * chore(deps): update fossas/fossa-action action to v1.9.0 (#47286) * fix(deps): update module github.com/clickhouse/clickhouse-go/v2 to v2.44.0 (#47287) * [chore] update new component docs make targets (#47154) * fix(deps): update module gitlab.com/gitlab-org/api/client-go/v2 to v2.11.0 (#47265) * fix(deps): update module github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager to v0.1.13 (#47285) * fix(deps): update module github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common to v1.3.69 (#47283) * fix(deps): update all github.com/aws packages (#47282) * chore(deps): update codecov/codecov-action action to v6 (#47274) * fix(deps): update module modernc.org/sqlite to v1.48.0 (#47271) * fix(deps): update module google.golang.org/api to v0.273.0 (#47270) ++++ tupitube: - Add Slowroll build support - More spec cleanup ++++ ucode-amd: - Update to version 20260416 (git commit a2f5a2941878): * linux-firmware: Update AMD cpu microcode ++++ upmpdcli: - Update to 1.9.16: * Media server: misc plugin updates and fixes: radio, Subsonic * Media server: restore Qobuz connectivite by supporting the new oauth connection method. See the manual for details - Update to 1.9.15: * Media server: plugins updates: subsonic, mother earth * OpenHome: Playlist: Improve compat with Linn version. * OpenHome: Radio: use album title if available in radio metadata ++++ vermouth: - Added proper checks for .desktop files - Bump to version 1.3.1 - Upstream changes: * fix: Building and packaging * fix: Better packaging * Updated Readme, added single click activation when hinted * feat: umu-launcher support * feat: Make the setting of the Global Drawer pinnable * feat: Add the ability to pin the drawer * Enable HDR per screen * feat: HDR toggle ++++ vexctl: - Update to version 0.4.1+git129.c7f3066: * Bump github.com/google/go-containerregistry in the all group * Bump github.com/sigstore/timestamp-authority/v2 from 2.0.3 to 2.0.6 * Bump softprops/action-gh-release from 2.6.1 to 3.0.0 * Bump chainguard-dev/actions from 1.6.13 to 1.6.14 in the all group * Bump actions/upload-artifact from 7.0.0 to 7.0.1 in the all group * Bump github.com/sigstore/cosign/v2 from 2.6.2 to 2.6.3 in the all group * Bump github.com/google/go-containerregistry in the all group * Bump kubernetes-sigs/release-actions in the all group * Bump github.com/in-toto/in-toto-golang from 0.9.0 to 0.10.0 * Bump the all group across 1 directory with 2 updates * Bump the all group across 1 directory with 2 updates * Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 * fix(add): allow add without --product flag * Use gomod version, bump linter * Port vexctl to intoto/attestation * Bump the all group across 1 directory with 5 updates * Bump google.golang.org/grpc from 1.78.0 to 1.79.3 ++++ virt-manager: - Add check for product name length to prevent exception virtinst-add-sle16-detection-support.patch ++++ virtui-manager: - version 3.0.2: * Fix Flatpak build and GUI resizing issues * Add Linux low resource support and XML export functionality * Claude: improve PCI and USB configuration - version 3.0.0: * use netifaces to find interface * improve network setup (create default bridge) * Boot config: fix freeze while saving boot order * Nvram back to raw format (qcow2 is causing too much issue) * remove Actions collapsible: now use a Quick Bar buttons * Update the doc * Claude: clean up vm_details, add pci passtrhoug, fix watchdog issue remove old virt-install code (no more used) ++++ xdg-desktop-portal-wlr: - Update to 0.8.2: * Add fuzzel and mew to the default list of choosers. * Various bugfixes and improvements. ------------------------------------------------------------------ ------------------ 2026-4-16 - Apr 16 2026 ------------------- ------------------------------------------------------------------ ++++ FreeCAD: - Update to version 1.1.1 This is a bugfix release, no new features - Add Fix_Lineformat_test.patch ++++ Mesa: - pick up GL header files from libglvnd, because in libglvnd sources these are still updated but in Mesa sources they are not any longer and are completely outdated (boo#1260932) - require gcc 15 in order to fix build on SLE16/Leap 16.0 ++++ Mesa-drivers: - pick up GL header files from libglvnd, because in libglvnd sources these are still updated but in Mesa sources they are not any longer and are completely outdated (boo#1260932) - require gcc 15 in order to fix build on SLE16/Leap 16.0 ++++ atuin: - Update to version 18.15.2: * Bug Fixes + Tab doesn't insert suggested command (#3420) - Update to version 18.15.1: * Bug Fixes + Enter runs suggested command when selecting permissions (#3418) - Update to version 18.15.0: * Bug Fixes + Install script incorrectly tries to install opencode hooks (#3410) + Dependency fix (#3414) + Loss of loading spinners + tokio panic on exit (#3415) * Features + Add OCI standard labels to Dockerfile (#3412) + Enable atuin hex for illumos (#3413) + Allow resuming previous AI sessions (#3407) * Miscellaneous Tasks + Add release script (#3411) ++++ blender-5.1: - Update to 5.1.1 https://developer.blender.org/docs/release_notes/5.1/corrective_releases/#blender-511 ++++ bouncycastle: - Update to 1.84: * Security Fixes: - CVE-2025-14813: GOSTCTR implementation unable to process more than 255 blocks correctly. (bsc#1262225) - CVE-2026-0636: LDAP Injection Vulnerability in LDAPStoreHelper.java. (bsc#1262226) - CVE-2026-3505: Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion. (bsc#1262232) - CVE-2026-5588: PKIX draft CompositeVerifier accepts empty signature sequence as valid. (bsc#1262228) - CVE-2026-5598: Non-constant time comparisons risk private key leakage in FrodoKEM. (bsc#1262227) * Additional Features and Functionality: - In line with JVM changes, KEM support has been backported to Java 17. - BCJSSE: Configurable (client) early key_share groups via BCSSLParameters.earlyKeyShares or 'org.bouncycastle.jsse.client.earlyKeyShares' system property. - BCJSSE: Support for curveSM2MLKEM768 hybrid NamedGroup in TLS 1.3 per draft-yang-tls-hybrid-sm2-mlkem-03. - BCJSSE: Log when default cipher suites are disabled. - BCJSSE: Experimental support for ShangMi crypto in TLS 1.3 per RFC 8998 (not enabled by default). - CMS: Added CMSAuthEnvelopedDataStreamGenerator.open taking an explicit content type. - HKDF: Provider support for HKDFParameterSpec.Expand. - Added initial support for RFC 9380 (Hashing to Elliptic Curves); see org.bouncycastle.crypto.hash2curve . - PKCS12: Added default max iteration count of 5,000,000 (configurable via 'org.bouncycastle.pkcs12.max_it_count' property). - TLS: Use javax.crypto.KEM API (when available) to access ML-KEM implementation (incl. hybrids). - A new KeyStore, PKCS12-PBMAC1, has been added which defaults to using PBMAC1 and supports RFC 9879. - A new property 'org.bouncycastle.asn1.max_cons_depth' has been added to allow setting of the maximum nesting for SETs/SEQUENCESs in ASN.1. Default is 32. - A new property 'org.bouncycastle.asn1.max_limit' has been added to allow setting of the stream size of ASN.1 encodings. The value can be either in bytes, or appended with k (1 kilobyte blocks), m (1 megabyte blocks), or g (1 gigabyte blocks). - Added NTRU+ support to the lightweight PQC API and the BCPQC provider. - Added SM4 key wrap/unwrap mode, SM2 key exchange, and logging to SM2Signer. - OpenPGP: Added encryption-key filtering by purpose, a new OpenPGPKey constructor, KeyPassphraseProvider-based passphrase change, wildcard (anonymous) recipient handling, and Web-of-Trust methods for third-party signature chains and delegations. - CMSSignedDataStreamGenerator can now support the generation of DER/DL encoded SignedData objects (note memory restrictions still apply). - It is now possible to add extra digest alorithm IDs to CMSSignedDataStreamGenerator when required. * Defects Fixed: - Random numbers being generated for DSTU4145 signature calculations were 1 bit shorter than they could be. The code has been corrected to allow the generated numbers to occupy the full numeric range available. - HKDF implementation has been corrected to use multiple IKMs if available. - CompositePublic/PrivateKey builders had an issue identifying brainpool and EdDSA curves from the algorithm names due to an error in the OID mapping table. This has been fixed. - S/MIME: Fix AuthEnveloped support for AES192/GCM and AES256/GCM. - CMS: Use implicit tag for AuthEnvelopedData.authEncryptedContentInfo.encryptedContent. - Fixed Strings.split to handle delimiters at position 0. - Fixed FrodoKEM error sampling to be constant-time. - Fixed PKIXNameConstraintValidator to treat a DNS name as intersecting itself. - Fixed PKCS12 key stores not calling getInstance with the original provider (which was forcing provider registration). - A resource leak due to the SMIMESigned constructor leaving background threads hanging on MessagingException has been fixed. - OpenPGP: Fixed an issue where a custom signature creation time was ignored when generating message signatures. - OpenPGP: Fixed SKESK encoding for direct-S2K-encrypted messages. * Additional Notes: - DSA was recently deprecated by NIST and several users have requested that we move to an RSA signing certificate for provider signing instead of our current DSA one. We are grateful to report that Oracle have been very supportive of this and issued us a second RSA certificate based on a new RSA key for signing providers. Providers signed with the previous DSA key will continue to work as before. - This will be the last release which will recognise Dilithium and SphincsPlus in the BC provider, the Kyber wrapper (which is just ML-KEM) will also be removed. The algorithms won't be deleted in 1.85, but will only be accessible via the low-level APIs and deleted in a later release. ++++ gcc16: - Streamline AMD GCN enablement and configuration by basing it on LLVM version availability. Support llvm19 and up. - Fix bootstrap cross compiler packaging and simplify handling by properly requesting suffixed binaries from configury. ++++ cross-aarch64-gcc16: - Streamline AMD GCN enablement and configuration by basing it on LLVM version availability. Support llvm19 and up. - Fix bootstrap cross compiler packaging and simplify handling by properly requesting suffixed binaries from configury. ++++ cross-aarch64-gcc16-bootstrap: - Streamline AMD GCN enablement and configuration by basing it on LLVM version availability. Support llvm19 and up. - Fix bootstrap cross compiler packaging and simplify handling by properly requesting suffixed binaries from configury. ++++ cross-amdgcn-gcc16: - Streamline AMD GCN enablement and configuration by basing it on LLVM version availability. Support llvm19 and up. - Fix bootstrap cross compiler packaging and simplify handling by properly requesting suffixed binaries from configury. ++++ cross-arm-gcc16: - Streamline AMD GCN enablement and configuration by basing it on LLVM version availability. Support llvm19 and up. - Fix bootstrap cross compiler packaging and simplify handling by properly requesting suffixed binaries from configury. ++++ cross-arm-none-gcc16: - Streamline AMD GCN enablement and configuration by basing it on LLVM version availability. Support llvm19 and up. - Fix bootstrap cross compiler packaging and simplify handling by properly requesting suffixed binaries from configury. ++++ cross-arm-none-gcc16-bootstrap: - Streamline AMD GCN enablement and configuration by basing it on LLVM version availability. Support llvm19 and up. - Fix bootstrap cross compiler packaging and simplify handling by properly requesting suffixed binaries from configury. ++++ cross-avr-gcc16: - Streamline AMD GCN enablement and configuration by basing it on LLVM version availability. Support llvm19 and up. - Fix bootstrap cross compiler packaging and simplify handling by properly requesting suffixed binaries from configury. ++++ cross-avr-gcc16-bootstrap: - Streamline AMD GCN enablement and configuration by basing it on LLVM version availability. Support llvm19 and up. - Fix bootstrap cross compiler packaging and simplify handling by properly requesting suffixed binaries from configury. ++++ cross-bpf-gcc16: - Streamline AMD GCN enablement and configuration by basing it on LLVM version availability. Support llvm19 and up. - Fix bootstrap cross compiler packaging and simplify handling by properly requesting suffixed binaries from configury. ++++ cross-hppa-gcc16: - Streamline AMD GCN enablement and configuration by basing it on LLVM version availability. Support llvm19 and up. - Fix bootstrap cross compiler packaging and simplify handling by properly requesting suffixed binaries from configury. ++++ cross-hppa-gcc16-bootstrap: - Streamline AMD GCN enablement and configuration by basing it on LLVM version availability. Support llvm19 and up. - Fix bootstrap cross compiler packaging and simplify handling by properly requesting suffixed binaries from configury. ++++ cross-loongarch64-gcc16: - Streamline AMD GCN enablement and configuration by basing it on LLVM version availability. Support llvm19 and up. - Fix bootstrap cross compiler packaging and simplify handling by properly requesting suffixed binaries from configury. ++++ cross-loongarch64-gcc16-bootstrap: - Streamline AMD GCN enablement and configuration by basing it on LLVM version availability. Support llvm19 and up. - Fix bootstrap cross compiler packaging and simplify handling by properly requesting suffixed binaries from configury. ++++ cross-nvptx-gcc16: - Streamline AMD GCN enablement and configuration by basing it on LLVM version availability. Support llvm19 and up. - Fix bootstrap cross compiler packaging and simplify handling by properly requesting suffixed binaries from configury. ++++ cross-ppc64-gcc16: - Streamline AMD GCN enablement and configuration by basing it on LLVM version availability. Support llvm19 and up. - Fix bootstrap cross compiler packaging and simplify handling by properly requesting suffixed binaries from configury. ++++ cross-ppc64le-gcc16: - Streamline AMD GCN enablement and configuration by basing it on LLVM version availability. Support llvm19 and up. - Fix bootstrap cross compiler packaging and simplify handling by properly requesting suffixed binaries from configury. ++++ cross-ppc64le-gcc16-bootstrap: - Streamline AMD GCN enablement and configuration by basing it on LLVM version availability. Support llvm19 and up. - Fix bootstrap cross compiler packaging and simplify handling by properly requesting suffixed binaries from configury. ++++ cross-pru-gcc16-bootstrap: - Streamline AMD GCN enablement and configuration by basing it on LLVM version availability. Support llvm19 and up. - Fix bootstrap cross compiler packaging and simplify handling by properly requesting suffixed binaries from configury. ++++ cross-riscv64-elf-gcc16: - Streamline AMD GCN enablement and configuration by basing it on LLVM version availability. Support llvm19 and up. - Fix bootstrap cross compiler packaging and simplify handling by properly requesting suffixed binaries from configury. ++++ cross-riscv64-elf-gcc16-bootstrap: - Streamline AMD GCN enablement and configuration by basing it on LLVM version availability. Support llvm19 and up. - Fix bootstrap cross compiler packaging and simplify handling by properly requesting suffixed binaries from configury. ++++ cross-riscv64-gcc16: - Streamline AMD GCN enablement and configuration by basing it on LLVM version availability. Support llvm19 and up. - Fix bootstrap cross compiler packaging and simplify handling by properly requesting suffixed binaries from configury. ++++ cross-riscv64-gcc16-bootstrap: - Streamline AMD GCN enablement and configuration by basing it on LLVM version availability. Support llvm19 and up. - Fix bootstrap cross compiler packaging and simplify handling by properly requesting suffixed binaries from configury. ++++ cross-rx-gcc16: - Streamline AMD GCN enablement and configuration by basing it on LLVM version availability. Support llvm19 and up. - Fix bootstrap cross compiler packaging and simplify handling by properly requesting suffixed binaries from configury. ++++ cross-rx-gcc16-bootstrap: - Streamline AMD GCN enablement and configuration by basing it on LLVM version availability. Support llvm19 and up. - Fix bootstrap cross compiler packaging and simplify handling by properly requesting suffixed binaries from configury. ++++ cross-s390x-gcc16: - Streamline AMD GCN enablement and configuration by basing it on LLVM version availability. Support llvm19 and up. - Fix bootstrap cross compiler packaging and simplify handling by properly requesting suffixed binaries from configury. ++++ cross-s390x-gcc16-bootstrap: - Streamline AMD GCN enablement and configuration by basing it on LLVM version availability. Support llvm19 and up. - Fix bootstrap cross compiler packaging and simplify handling by properly requesting suffixed binaries from configury. ++++ domination: - Update to 1.3.4 * Accessibility GameGUI: Color Blind mode for the game * Accessibility GameGUI: right click options to increase and decrease font size * better fallbacks for audio not loading from url * fix for small screen Domination not loading when space in path * installer updated to 5.2.4 to fix issue with Ubuntu jdk21 https://sf.net/p/domination/bugs/50/ - Drop BuildRequires update-desktop-files ++++ ffmpeg-8: - Add explicit symbol lists to work-around-abi-break.patch [boo#1261836] ++++ ffmpeg-8-mini: - Add explicit symbol lists to work-around-abi-break.patch [boo#1261836] ++++ flannel: - Update .spec file to bump go version build requirements: * `BuildRequires: golang(API) >= 1.25` * ref: https://github.com/flannel-io/flannel/compare/v0.28.3...v0.28.4 - Update to version 0.28.4: * fix go version (don't set patch version) (#2428) * Bump flannel-cni-plugin to v1.9.1-flannel1 (#2427) * Bump the other-go-modules group across 1 directory with 3 updates (#2425) * Bump the tencent group with 2 updates (#2417) * Bump the etcd group with 4 updates (#2398), includes fix for CVE-2026-33413 (bsc#1260853) and CVE-2026-33343 (bsc#1260847) * Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 (#2420) * Bump go to 1.25 (#2424) * Bump actions/upload-pages-artifact from 4.0.0 to 5.0.0 * Bump docker/build-push-action from 7.0.0 to 7.1.0 * Bump docker/login-action from 4.0.0 to 4.1.0 * Verify the kubectl sha256sum * Secure makefile (#2414) * Improve the security of Dockerfile * Bump github/codeql-action from 4.34.1 to 4.35.1 (#2409) * Bump actions/deploy-pages from 4.0.5 to 5.0.0 * lease: only print BackendData when json.Marshal succeeds * vxlan: delete v6 direct route with correct Route struct * fix: honor --stderrthreshold flag when --logtostderr is enabled * Bump actions/configure-pages from 5.0.0 to 6.0.0 * Bump actions/setup-go from 6.3.0 to 6.4.0 * don't use unquoted shell vars in extensions backend example * Don't use shell invocations in extensions backend. * Bump google.golang.org/grpc from 1.71.1 to 1.79.3 * Bump ossf/scorecard-action from 2.4.1 to 2.4.3 * Bump actions/upload-artifact from 4.6.1 to 7.0.0 * Bump docker/metadata-action from 5.10.0 to 6.0.0 * Bump actions/checkout from 4.2.2 to 6.0.2 * Bump docker/setup-buildx-action from 3.12.0 to 4.0.0 * Bump aquasecurity/trivy-action from 0.33.1 to 0.35.0 * Bump docker/setup-qemu-action from 3.7.0 to 4.0.0 * [StepSecurity] Apply security best practices * Bump actions/attest-build-provenance from 3.2.0 to 4.1.0 * Fix logic in AddBlackholeV4Route and AddBlackholeV6Route to correctly check for existing routes * Added check for nftables before checking br_netfilter module * Bump golang.org/x/crypto from 0.36.0 to 0.45.0 * Bump k8s deps to v0.32.10 * Bump golang-ci-lint to v2.7.2 * Bump golangci/golangci-lint-action from 6.1.1 to 9.2.0 * Additional check on podCIDR * ip: improve primary address selection to account for address flags * Added TAG to fix bin version ++++ gcc16-testresults: - Streamline AMD GCN enablement and configuration by basing it on LLVM version availability. Support llvm19 and up. - Fix bootstrap cross compiler packaging and simplify handling by properly requesting suffixed binaries from configury. ++++ govulncheck-vulndb: - Update to version 0.0.20260416T222113 2026-04-16T22:21:13Z. Refs jsc#PED-11136 Go CVE Numbering Authority IDs added or updated with aliases: * GO-2025-3503 CVE-2025-22870 GHSA-qxp5-gwg8-xv66 * GO-2026-4727 CVE-2026-26246 GHSA-44mv-jq72-gj49 * GO-2026-4736 CVE-2026-30405 GHSA-4p9m-8gc4-rw2h * GO-2026-4738 CVE-2026-32761 GHSA-68j5-4m99-w9w9 * GO-2026-4771 CVE-2026-33815 * GO-2026-4772 CVE-2026-33816 * GO-2026-4789 CVE-2026-26933 GHSA-27qj-9gvp-8rh9 * GO-2026-4790 CVE-2026-26931 GHSA-5vrw-qjxw-89r5 * GO-2026-4806 CVE-2026-33413 GHSA-q8m4-xhhv-38mg * GO-2026-4808 CVE-2026-33343 GHSA-rfx7-8w68-q57q * GO-2026-4815 CVE-2026-33809 GHSA-44p7-9xx4-hf2g * GO-2026-4864 CVE-2026-32282 * GO-2026-4865 CVE-2026-32289 * GO-2026-4866 CVE-2026-33810 * GO-2026-4867 CVE-2026-27144 * GO-2026-4868 CVE-2026-27143 * GO-2026-4869 CVE-2026-32288 * GO-2026-4870 CVE-2026-32283 * GO-2026-4871 CVE-2026-27140 * GO-2026-4879 CVE-2026-33898 GHSA-453r-g2pg-cxxq * GO-2026-4881 CVE-2026-33897 GHSA-83xr-5xxr-mh92 * GO-2026-4882 CVE-2026-33542 GHSA-p8mm-23gg-jc9r * GO-2026-4884 CVE-2026-33945 GHSA-q4q8-7f2j-9h9f * GO-2026-4885 CVE-2026-33711 GHSA-q9vp-3wcg-8p4x * GO-2026-4886 CVE-2026-33743 GHSA-vg76-xmhg-j5x3 * GO-2026-4909 CVE-2026-33762 GHSA-gm2x-2g9h-ccm8 * GO-2026-4910 CVE-2026-34165 GHSA-jhf3-xxhw-2wpp * GO-2026-4920 CVE-2026-34940 GHSA-324q-cwx9-7crr * GO-2026-4923 CVE-2026-33817 GHSA-6jwv-w5xf-7j27 * GO-2026-4924 CVE-2025-68153 GHSA-245v-p8fj-vwm2 * GO-2026-4946 CVE-2026-32281 * GO-2026-4947 CVE-2026-32280 ++++ hamlib: - Update to 4.7.1: * Various compiler and portability fixes * Fix rig port timeout * Fix various FTX-1 meter, level and CTCSS table * Add power off capability to Flrig backend * Add SWR to supported 'get levels' for K3/K4 * Add get_split_vfo to TS-850 backend * New simplecat backend * Fix and generalize clock handling for Icom radios * Fix Yaesu attenuator levels and LVL_KEYSPD reinitialization * Add new rig model Harris PRC-138 * Various FT-710 fixes, eespecially handling SH format and RX bandwidth * Ensure FT-710 simulator rejects RF command * Fix low power calculation for K3/K3S * Fix FTX-1 SH bandwidth command in set/get_mode ++++ heroic-gogdl: - Convert package to a single CLI application (system Python only): * Drop %python_subpackages and python_module macros * Avoid building for multiple Python versions * Replace unversioned python3-* requirements that pulled python313 dependencies into all builds * Use "python3 -m build" and "python3 -m installer" * Remove dependency on pyproject macros * Simplify BuildRequires to python3-* stack * Align packaging with openSUSE guidelines for Python applications ++++ iproute2: - Update to release 7.0 * iplink_can: add initial CAN XL support * dpll: add mode setting support * dpll: add support for fractional frequency offset in ppt ++++ keepalived: - ensure we are always using /etc/iproute2 and not /etc/iproute2.d for some reason the auto detection on code 15 does not work. ++++ kubernetes: - Bump meta package versions: * kubernetes (version) - 1.35.4 * kubernetes (versionminus1) - 1.34.7 * kubernetes (versionminus2) - 1.33.11 ++++ kubernetes1.33: - Update to version 1.33.11: * Update github.com/moby/spdystream from v0.5.0 to v0.5.1 * update go.opentelemetry.io/otel to v1.41.0 * Bump images and versions to go 1.25.9 and distroless iptables * Bump to go 1.25 * bump golang.org/x/vuln/cmd/govulncheck to v1.1.4 * Fix flaking RunTestDelayedWatchDelivery * pkg/proxy/nftables: fix kube-proxy crash with newer nftables versions * Update knftables to v0.0.21 * Fix RepairIPAddress controller startup failure when namespace informer is not yet synced - Update .spec file to bump go version build requirements: * `BuildRequires: go >= 1.25.9` * `BuildRequires: golang(API) = 1.25` * ref: https://github.com/kubernetes/kubernetes/blob/v1.33.11/build/dependencies.yaml#L119-L124 ++++ kubernetes1.34: - Update to version 1.34.7: * Update github.com/moby/spdystream from v0.5.0 to v0.5.1 * update go.opentelemetry.io/otel to v1.41.0 * Bump images and versions to go 1.25.9 and distroless iptables * Bump to go 1.25 * podresources: filter out inactive pods in Get() * e2e: node: podresources: fix expectations for Get() and terminated pods * Fix device plugin admission failure after container restart * Fix flaking RunTestDelayedWatchDelivery * pkg/proxy/nftables: fix kube-proxy crash with newer nftables versions * Update knftables to v0.0.21 * Bugfix: calculate request latency properly in audit log filter - Update .spec file to bump go version build requirements: * `BuildRequires: golang(API) = 1.25` * `BuildRequires: go >= 1.25.9` * ref: https://github.com/kubernetes/kubernetes/blob/v1.34.7/build/dependencies.yaml#L128-L135 ++++ kubernetes1.35: - Update to version 1.35.4: * Update github.com/moby/spdystream from v0.5.0 to v0.5.1 * update go.opentelemetry.io/otel to v1.41.0 * Bump images and versions to go 1.25.9 and distroless iptables * Deflake TestPodSubresourceAuth by waiting for effective permissions before testing * podresources: filter out inactive pods in Get() * e2e: node: podresources: fix expectations for Get() and terminated pods * Fix device plugin admission failure after container restart * Fix backport differences for 1.35 (remove WithOrigin and MarkAlpha) * Add slice and map union member support with tests * Use IsZero instead of IsNil for union ratcheting check * Add DRA test for device attribute with no value set * Add nil OldValue test coverage for union doc_tests * Fix union validation ratcheting when oldObj is nil * KEP-961: demote maxUnavailable feature in statefulset to off by default * kubelet: fix sidecar restart after kubelet restart * pkg/proxy/nftables: fix kube-proxy crash with newer nftables versions * Update knftables to v0.0.21 * Bugfix: calculate request latency properly in audit log filter - Update .spec file to bump go version build requirements: * `BuildRequires: go >= 1.25.9` * ref: https://github.com/kubernetes/kubernetes/blob/v1.35.4/build/dependencies.yaml#L132-L139 ++++ kubeseal: - Update to version 0.36.6: * Incomplete release for dockerhub credentials problems - Update to version 0.36.5: * Incomplete release for dockerhub credentials problems - Update to version 0.36.4: * ci: bump K8s integration matrix to latest 1.33/1.34/1.35 patches - Update to version 0.36.3: * Incomplete release for dockerhub credentials problems - Update to version 0.36.2: * 1af3ae8 Bump Golang to 1.26.2 (#1931) * 83c89ad Bump distroless/static from 28efbe9 to 47b2d72 in /docker (#1919) * e415448 Bump golang.org/x/crypto from 0.48.0 to 0.49.0 (#1918) * 4989d91 Bump k8s.io/client-go from 0.35.2 to 0.35.3 (#1920) * f1c7112 Bump k8s.io/code-generator from 0.35.2 to 0.35.3 (#1922) * 9698278 Release notes for 0.36.2 (#1932) * 8e87e40 Remove unneeded internal tests (#1930) * 57530e5 Use commit sha in GH Actions (#1924) * c4c281b fix: send INFO logs to stdout by default (#1925) ++++ kubevirt: - Update to version 1.8.0 Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.8.0 ++++ legendary: - Add .rpmlintrc to fix false setuptools and wheel missing require warning. - Rework packaging to treat legendary as a CLI application, not a Python module * Drop %python_subpackages and multi-interpreter builds * Build and install using python3 directly instead of %pyproject macros * Remove python alternatives and %python_clone handling * Fix incorrect Requires on python3-* modules which forced primary interpreter * Simplify spec to install only for system Python ++++ ois: - Update to version 1.6.0 * Fix typos * don't wrap not moved linux mouse * Add rudimentary XInput vibration support * Fix Win32 build without XInput support * Linux: scan all /dev/input/event* files for joysticks * Update CMakeLists.txt * Support Unicode character set * Update README.md * Require CMake 3.10 or newer ++++ libcotp: - Update to 4.0.1: Security Fixes * Fixed timing side-channel in validate_totp_in_window: comparison now uses min(gen_len, user_len) bytes to prevent reading past buffer bounds when lengths differ * Normalized secret key is now zeroed with cotp_secure_memzero before freeing in compute_hmac * Fixed memory leak in OpenSSL backend: EVP_MAC not freed when calloc fails in whmac_gethandle * Fixed memory leak in OpenSSL backend: EVP_MAC_CTX not freed in whmac_freehandle and on buffer-too-small error path in whmac_finalize * Added negative algorithm index validation (algo < 0) in all three HMAC backends (gcrypt, OpenSSL, MbedTLS) Hardening * All public symbols now use explicit __attribute__((visibility("default"))); library compiled with -fvisibility=hidden to minimize exported symbol surface * Added linker hardening flags: full RELRO (-Wl,-z,relro,-z,now) and non-executable stack (-Wl,-z,noexecstack) * REVERSE_BYTES macro wrapped in do { ... } while (0) for safe use in all statement contexts * CMake now detects explicit_bzero at configure time via check_function_exists Improvements * Base32 validation (valid_b32_str) now enforces RFC 4648 padding rules: rejects data characters after padding, validates padding count (0, 1, 3, 4, or 6), and requires padded strings to have length divisible by 8 * check_input max_len parameter changed from int32_t to size_t for type correctness ++++ rnp: - fix build on Tumbleweed, add rnp-v0.18.1-botan-1-1.patch ++++ linkerd-cli: - do not put the built binary into bin directory ++++ nml: - update to 0.9.0: Support for NewGRF additions of OpenTTD 16: - Add: Flag for allow unpowered wagons to lead a train when backing up (#420) - Add: Variable for when a train is driving backwards (#421) - Change: distinguish perimeter from area in station distributed cargo flag. (#422) Support for NewGRF additions of OpenTTD 15: - Add: Support for NewGRF badges. (#359) - Change: add support for vehicle var 0x65 (#378) Other changes and fixes: - Fix: Feature 0x14 missing from extract tables. (#403) - Fix #407: missing position for some action0 errors (#408) ++++ nudoku: - Update to 8.0.0: * Add option -S to customize PDF paper size (pr #85 #87) * Add Georgian and Vietnamese translation (pr #81 #82) * Update Russian translation (pr #88) ++++ nushell: - Update to version 0.112.2: * Fixed regressions in quoting for string arguments in Nu script calls. * Fixed regressions for `input list`. * Other fixes. * For a full list of changes with detailed descriptions, see: - https://www.nushell.sh/blog/2026-04-15-nushell_v0_112_2.html. - Update to version 0.112.2: + Bug fixes * Fix regressions in quoting for string arguments in Nu script calls * Fix regressions for `input list` behavior with `--fuzzy` and `--multi` (navigation, wrap-around, and streamed input search) * Properly quote empty strings and strings containing `[`, `{`, or `}` in script arguments + For a full list of changes with detailed descriptions, see: https://www.nushell.sh/blog/2026-04-15-nushell_v0_112_2.html ++++ ocaml-patch: - Relax requirement for ocaml-rpm-macros, remove ExclusiveArch ++++ ollama: - Add HIP compiler flag `--offload-compress` for builds with ROCm support. This will allow the package to build against ROCm 7.2 from science:GPU:ROCm. ++++ opam: - Update to version 2.5.1 (CVE-2026-41082 bsc#1262281) see included CHANGES file for details ++++ orthanc-wsi: - cassert.diff added to fix build for TW ++++ patterns-base: - add hardware pattern used for SL-Micro equivalent images - extend the immutable base pattern content ++++ python-altcha: - update to 2.0.0 * history got lost ++++ python-orjson: - Update to 3.11.8 * Build and compatibility improvements ++++ python-pandas: - Add upstream pandas-pr63406-meson-types.patch to fix build with meson 1.11 - Refresh test python flavors ++++ python-phonenumbers: - Update to 9.0.28 * Merge metadata changes from upstream 9.0.28 - from version 9.0.27 * Merge metadata changes from upstream 9.0.27 ++++ python-pscript: - Update to 0.8.1 * Update README.md * Support py314 - Drop support-python314.patch, fixed upstream ++++ python-pydantic: - Update to 2.13.1: [#]# Notable changes include * Add a new polymorphic_serialization option, solving issues with serialize_as_any introduced in 2.12. * Latest V1.10.26 release under the pydantic.v1 namespace. This version includes support for Python 3.14. * The pydantic-core repository was merged inside the main pydantic one. [#]# New Features * Allow default factories of private attributes to take validated model data * Add ascii_only option to StringConstraints * Support exclude_if in computed fields * Push down constraints in unions involving MISSING sentinel * Add polymorphic_serialization option * Support Root models with Literal root types as discriminator field types [#]# Changes * Warn when serializing fixed length tuples with too few items * Track extra fields set after init in model_fields_set * Do not include annotations that are not part of named tuple fields * No longer fall back to trying all union members when the variant selected by discriminator fails to serialize * Use the complex() constructor unconditionally when validating complex Python data * Add support for three-tuple input for Decimal * Align @field_serializer logic with @field_validator * Make PydanticUserError a RuntimeError instead of a TypeError * Remove redundant serialization attempts in nested unions * Copy root value when making root model shallow copies * Ensure deterministic JSON schema defaults by sorting sets [#]# Fixes * Change type of Any when synthesizing _build_sources for BaseSettings.__init__() signature in the mypy plugin * Fix model equality when using runtime extra configuration * Support discriminator metadata outside union type alias * Respect extras_schema when only extra_fields_behavior is set on the config in JSON Schema generation for typed dictionaries * Ensure __pydantic_private__ is set in model_construct() with user-defined model_post_init() * Handle all schema generation errors in InstanceOf * Allow dynamic models created with create_model() to be used as annotations in the Mypy plugin * Check for PlaceholderNode in Mypy plugin * Try other branches in smart union in case of omit errors * Patch unset attributes with MISSING during model serialization with exclude_unset * Ensure custom __init__() is called when using model_validate_strings() * Allow any type form to be used in validate_as() * Fix FieldInfo rebuilding when parameterizing generic models with an Annotated type * Fix nested model schema deduplication in JSON schema generation * Fix InitVar being ignored when using with the pydantic.Field() function * Fix support for enums with NamedTuple as values * Do not delete mock validator/serializer in rebuild_dataclass() * Require test suite to pass with free threading, switch back to global generic types cache * Refactor __pydantic_extra__ annotation handling * Do not add claim of UUID "safety" provision * Use Python hash to perform lookup in tagged union serializer * Do not emit serialization warning MISSING sentinel is present in a nested model * Do not eagerly evaluate annotations in signature logic * Fix serialization of typed dict unions when exclude_none is set * Do not reuse prebuilt serializers/validators on rebuilds * Fix type annotation of field_definitions in create_model() * Fix incorrect dataclass constructor signature when overriding class kw_only with Field() * Use typing.Union when replacing types under Python 3.14 * Improve ImportString error when internal imports fail * Fix serializing complex numbers with negative zero imaginary part * Preserve custom docstrings on stdlib dataclasses in JSON schema - Drop patch test.patch, merged upstream. ++++ python-pydantic-core: - Update to 2.46.1: * Upstream changelog has gone missing due to merge into pydantic's repo. - Update URL to new home inside pydantic. ++++ python-pyodbc: - Update to 5.3.0 * Add support for Python 3.14 including wheels, all on PyPI now, by @keitherskine * Drop support for EOL Python 3.8 by @MatthijsKok in (#1445) * Port SQLite tests to pytest by @shramov in (#1440) * Use HOMEBREW_PREFIX to locate Homebrew by @RA80533 in (#1212) * Do not perform type check on NULL pointer by @shramov in (#1439) ++++ python-textual: - Update to 8.2.2 * Reduce lag when resizing window, by moving resize from idle to a timer ++++ python-uv: - update to 0.11.7 * Enhancements * Elevate configuration errors to required-version mismatches * Further improve TLS certificate validation messages * Improve --exclude-newer hints * Preview features * Fix --script handling in uv audit * Fix traversal of extras in uv audit * Bug fixes * De-quote workspace metadata in linehaul data * Avoid installing tool workspace member dependencies as editable * Emit JSON report for uv sync --check failures * Filter and warn on invalid TLS certificates * Fix equality comparisons for version specifiers with ~= operators * Fix stale Python upgrade preview feature check in project environment construction * Improve Windows path normalization ++++ virtualbox: - Tweak the build conditions according to %suse_version=1610 change ++++ python-mistral-vibe: - Update to 2.7.6: - Added - MergeStrategy enum and merge logic for configuration - call_source=vibe_code field in LLM request metadata - "Other" task type for non-code requests in CLI prompt - Changed - Parallelized git subprocess calls during startup - Extracted command registry and refactored skill resolution - 1M context window and thinking budget max for opus - Updated default telemetry URL to api.mistral.ai - Fixed - Markdown fence context loss causing streaming rendering problems - Proxy chain URLs in api_base parsing - Removed - Alt+Left / Alt+Right key bindings from chat input ++++ tupitube: - Update to version 0.2.23 (no changelog supplied) - Drop a couple of sed fixes for ruby modules, fixed now - Configure requires openSUSE-release (checks /etc/os-release) - Add %{rubygem os} dependency: distro determination relies on it - Fake our non-supported distro by cloning ubuntu specs - Drop enforcing ffmpeg-4, bind against current ffmpeg-7 ++++ xviewer: - Add 74d7d4ba2584c658ae6fb87208543671664943cc.patch: build: Add support for GIRepository-2.0 (future). Add explicit pkgconfig(gobject-introspection-1.0) BuildRequires for now, as libpeas1 still builds against that one. ++++ virtualbox-kmp: - Tweak the build conditions according to %suse_version=1610 change ++++ wesnoth: - Drop wesnoth-cmake-fix-find-readline.patch, not needed anymore - Clean-up specfile, Leap 15 is EOL ++++ xiccd: - Update to version 0.4.0: * Compatibility update. * Use standard EDID parser instead of the own one. * Various small cleanups. - Update to version 0.4.1: * Fix sysconfdir name in Makefile. - Add xiccd-0.4.1-no-gamma-option.patch: Add --no-gamma (-G) option (commit 06d3fa42). ++++ xviewer-plugins: - Update to version 3.4.3: * Switch to XApp symbolic icons - Changes from version 3.4.2: * Add a README.md - Changes from version 3.4.1: * Remove postasa plugin. - Drop xviewer-plugin-postasa plugin/subpackage. This is for Google's Picassa photo service, which is discontinued. Following this, drop no longer needed pkgconfig(libgdata) BuildRequires. ------------------------------------------------------------------ ------------------ 2026-4-15 - Apr 15 2026 ------------------- ------------------------------------------------------------------ ++++ ImageMagick: - version update to 7.1.2.19 * Support for 4-bit (indexed 16-color) PCX #8655 * Increase code determinism when when compiling with fuzzing instrumentation #8544 * Fix MNG animation speed for sub-frame animations with offsets #8666 * Fix JXL animated export transparent blending and offset frames #8656 * build(deps): bump ImageMagick/code-signing-action from 1.0.0 to 1.0.1 #8660 * build(deps): bump github/codeql-action from 4.32.6 to 4.35.1 #8661 * Fix AVIF animation export error on sequences with mixed alpha #8657 * build(deps): bump msys2/setup-msys2 from 2.30.0 to 2.31.0 #8645 * build(deps): bump caphyon/advinst-github-action from 2.0.1 to 2.0.2 #8647 * build(deps): bump azure/login from 2.3.0 to 3.0.0 #8643 * Fix APNG output duration/framerate #8639 * Animated AVIF support (libheif 1.20.0+) #8640 * Set BackgroundDispose for animated JXL frames with alpha #8635 * Skip frame duplication for APNG in video coder #8636 - fixes CVE-2026-33905 [bsc#1262097] ++++ acpica: - Enable obs_scm in _service for git based tarball generation - Update to version 20260408: * Update version to 20260408 * Update the copyright year to 2026 * Enhance OEM ID and Table ID validation in AcpiExLoadTableOp to prevent buffer overflows * Fix NULL pointer dereference in AcpiNsCustomPackage * Enhance buffer validation in AcpiUtWalkAmlResources to prevent buffer overflows * Add validation for Node in AcpiNsBuildNormalizedPath to prevent use-after-free vulnerabilities * validate resource template buffer length and check allocation type * validate handler object type in AcpiEvHasDefaultHandler and AcpiEvFindRegionHandler * Fix integer overflow in AcpiExOpcode_3A_1T_1R (MidOp) * Prevent adding references for local, argument, and debug objects in AcpiUtCopySimpleObject ++++ aws-crt-cpp: - Update to version 0.38.5 * Enable missing tests by @sfod in (#843) * MQTT test refactor by @bretambrose in (#818) * Manual Publish Acknowledgement Control by @sbSteveK in (#828) * Skip IoT WS tests when relevant environment variable is not set by @bretambrose in (#845) - Prefer explicit path and filenames over wildcards in %files section ++++ awww: - Add Provides/Obsoletes for the previous swww package names to support upgrades to awww without a separate transition package. ++++ chezmoi: - Update to version 2.70.1: - Features * feat: Add .chezmoi.rawHomeDir template variable * feat: Add build-info check to doctor command * feat: Add globCaseInsensitive template function * feat: Detect unknown fields when parsing config files - Fixes * fix: Fix Debian ARM package names * fix: Don't warn on secrets when re-adding encrypted files - Documentation * docs: Add missing protonpass password manager entry ++++ chromium: - Chromium 147.0.7727.101 (boo#1262174) * CVE-2026-6296: Heap buffer overflow in ANGLE * CVE-2026-6297: Use after free in Proxy * CVE-2026-6298: Heap buffer overflow in Skia * CVE-2026-6299: Use after free in Prerender * CVE-2026-6358: Use after free in XR * CVE-2026-6359: Use after free in Video * CVE-2026-6300: Use after free in CSS * CVE-2026-6301: Type Confusion in Turbofan * CVE-2026-6302: Use after free in Video * CVE-2026-6303: Use after free in Codecs * CVE-2026-6304: Use after free in Graphite * CVE-2026-6305: Heap buffer overflow in PDFium * CVE-2026-6306: Heap buffer overflow in PDFium * CVE-2026-6307: Type Confusion in Turbofan * CVE-2026-6308: Out of bounds read in Media * CVE-2026-6309: Use after free in Viz * CVE-2026-6360: Use after free in FileSystem * CVE-2026-6310: Use after free in Dawn * CVE-2026-6311: Uninitialized Use in Accessibility * CVE-2026-6312: Insufficient policy enforcement in Passwords * CVE-2026-6313: Insufficient policy enforcement in CORS * CVE-2026-6314: Out of bounds write in GPU * CVE-2026-6315: Use after free in Permissions * CVE-2026-6316: Use after free in Forms * CVE-2026-6361: Heap buffer overflow in PDFium * CVE-2026-6362: Use after free in Codecs * CVE-2026-6317: Use after free in Cast * CVE-2026-6363: Type Confusion in V8 * CVE-2026-6318: Use after free in Codecs * CVE-2026-6319: Use after free in Payments * CVE-2026-6364: Out of bounds read in Skia - try sloppiness=gcno_cwd in local ccache config ++++ gcc16: - Update to 16.0.1+git8664 ++++ cross-aarch64-gcc16: - Update to 16.0.1+git8664 ++++ cross-aarch64-gcc16-bootstrap: - Update to 16.0.1+git8664 ++++ cross-amdgcn-gcc16: - Update to 16.0.1+git8664 ++++ cross-arm-gcc16: - Update to 16.0.1+git8664 ++++ cross-arm-none-gcc16: - Update to 16.0.1+git8664 ++++ cross-arm-none-gcc16-bootstrap: - Update to 16.0.1+git8664 ++++ cross-avr-gcc16: - Update to 16.0.1+git8664 ++++ cross-avr-gcc16-bootstrap: - Update to 16.0.1+git8664 ++++ cross-bpf-gcc16: - Update to 16.0.1+git8664 ++++ cross-hppa-gcc16: - Update to 16.0.1+git8664 ++++ cross-hppa-gcc16-bootstrap: - Update to 16.0.1+git8664 ++++ cross-loongarch64-gcc16: - Update to 16.0.1+git8664 ++++ cross-loongarch64-gcc16-bootstrap: - Update to 16.0.1+git8664 ++++ cross-nvptx-gcc16: - Update to 16.0.1+git8664 ++++ cross-ppc64-gcc16: - Update to 16.0.1+git8664 ++++ cross-ppc64le-gcc16: - Update to 16.0.1+git8664 ++++ cross-ppc64le-gcc16-bootstrap: - Update to 16.0.1+git8664 ++++ cross-pru-gcc16-bootstrap: - Update to 16.0.1+git8664 ++++ cross-riscv64-elf-gcc16: - Update to 16.0.1+git8664 ++++ cross-riscv64-elf-gcc16-bootstrap: - Update to 16.0.1+git8664 ++++ cross-riscv64-gcc16: - Update to 16.0.1+git8664 ++++ cross-riscv64-gcc16-bootstrap: - Update to 16.0.1+git8664 ++++ cross-rx-gcc16: - Update to 16.0.1+git8664 ++++ cross-rx-gcc16-bootstrap: - Update to 16.0.1+git8664 ++++ cross-s390x-gcc16: - Update to 16.0.1+git8664 ++++ cross-s390x-gcc16-bootstrap: - Update to 16.0.1+git8664 ++++ xdm: - Explicitly BuildRequire update-alternatives and mark it as being used in post/postun: this was nicely masked by the fact that binutils, installed on every system, already dragged u-a in, which is no longer the case. ++++ domination-data: - Do not run dos2unix in prep: there are no *.map or *.cards files that could possibly be found at that stage of the build, implying that this was never actually used. Old versions of dos2unix were more forgiving and just ignoring this fact. ++++ python-drgn: - Switch to using pyproject macros to build and install the Python module. ++++ faugus-launcher: - Bump to version 1.18.2 - Upstream changes: * Fixed Flatpak X11 app icon - For version 1.18.1: * Improved interface mode switch * Show banner and icon in grayscale if game not installed * Fixed games not running from file manager with Proton-CachyOS (System) * Fixed app icon not showing on X11 * Fixed playtime not counting when using protonfix ++++ flake-pilot: - Update spec file due to new package restrictions On SUSE new package restrictions where added to support the concept of the so called immutable mode. The new guideline says "Any files in the RPM spec %files section that are not in /usr or /etc is likely to break in Immutable Mode". For the flake-pilot packaging this applies to the flake-pilot-firecracker sub package. This commit implements the suggested solution based on systemd-tmpfiles and only applies for SUSE. This Fixes jira#PCT-1054 ++++ gap-semigroups: - Update to release 5.6.2 * Change filters for methods to increase their rank * Resolve incompatibility with Orb v5.1.0 - Delete no-avx.patch (obsolete) ++++ gcc16-testresults: - Update to 16.0.1+git8664 ++++ gemini-cli: - update to 0.38.1: * fix(patch): cherry-pick 050c303 to release/v0.38.0-pr-25317 to patch version v0.38.0 and create version 0.38.1 * **Full Changelog**: https://github.com/google-gemini/gemini- cli/compare/v0.38.0...v0.38.1 - update to 0.38.0: * fix(cli): refresh slash command list after /skills reload * Update README.md for links. * fix(core): ensure complete_task tool calls are recorded in chat history * feat(policy): explicitly allow web_fetch in plan mode with ask_user * fix(core): refactor linux sandbox to fix ARG_MAX crashes * feat(config): add experimental.adk.agentSessionNoninteractiveEnabled setting * Changelog for v0.36.0-preview.8 * feat(cli): change default loadingPhrases to 'off' to hide tips * fix(cli): ensure agent stops when all declinable tools are cancelled * fix(core): enhance sandbox usability and fix build error * Terminal Serializer Optimization * Auto configure memory. * Unused error variables in catch block are not allowed * feat(core): add background memory service for skill extraction * feat: implement high-signal PR regression check for evaluations * Fix shell output display * fix(ui): resolve unwanted vertical spacing around various tool output treatments * revert(cli): bring back input box and footer visibility in copy mode * fix(cli): prevent crash in AnsiOutputText when handling non- array data * feat(cli): support default values for environment variables * Implement background process monitoring and inspection tools * docs(browser-agent): update stale browser agent documentation * fix: enable browser_agent in integration tests and add localhost fixture tests * fix(browser): handle computer-use model detection for analyze_screenshot * feat(core): Land ContextCompressionService * feat(core): scope subagent workspace directories via AsyncLocalStorage * Update ink version to 6.6.7 * fix(acp): handle all InvalidStreamError types gracefully in prompt * Fix crash when vim editor is not found in PATH on Windows * fix(core): move project memory dir under tmp directory * Enable 'Other' option for yesno question type * fix(cli): clear stale retry/loading state after cancellation * Changelog for v0.37.0-preview.0 * feat(core): implement context-aware persistent policy approvals * docs: move agent disabling instructions and update remote agent status * feat(cli): migrate nonInteractiveCli to LegacyAgentSession * fix(core): unsafe type assertions in Core File System #19712 * fix(ui): hide model quota in /stats and refactor quota display * Changelog for v0.36.0 * Changelog for v0.37.0-preview.1 * docs: add missing .md extensions to internal doc links * fix(ui): fixed table styling * fix(core): pass includeDirectories to sandbox configuration * feat(ui): enable "TerminalBuffer" mode to solve flicker * docs: clarify release coordination * fix(core): remove broken PowerShell translation and fix native __write in Windows sandbox * Add instructions for how to start react in prod and force react to prod mode * feat(cli): minimalist sandbox status labels * Feat/browser agent metrics * test: fix Windows CI execution and resolve exposed platform failures * feat(core,cli): prioritize summary for topics * show color * feat(cli): enable compact tool output by default * fix(core): inject skill system instructions into subagent prompts if activated * fix(core): improve windows sandbox reliability and fix integration tests * fix(core): ensure sandbox approvals are correctly persisted and matched for proactive expansions * feat(cli) Scrollbar for input prompt * Do not run pr-eval workflow when no steering changes detected * Fix restoration of topic headers. * feat(core): discourage update topic tool for simple tasks * fix(core): ensure global temp directory is always in sandbox allowed paths * fix(core): detect uninitialized lines * docs: update sandboxing documentation and toolSandboxing settings * feat(cli): enhance tool confirmation UI and selection layout * feat(acp): add support for `/about` command * feat(cli): add role specific metrics to /stats * split context * fix(cli): remove -S from shebang to fix Windows and BSD execution * Fix issue where topic headers can be posted back to back * fix(core): handle partial llm_request in BeforeModel hook override * fix(ui): improve narration suppression and reduce flicker * fix(ui): fixed auth race condition causing logo to flicker * fix(browser): remove premature browser cleanup after subagent invocation * Revert "feat(core,cli): prioritize summary for topics (#24608)" * relax tool sandboxing overrides for plan mode to match defaults. * fix(cli): respect global environment variable allowlist * fix(cli): ensure skills list outputs to stdout in non- interactive environments * Add an eval for and fix unsafe cloning behavior. * fix(policy): allow complete_task in plan mode * feat(telemetry): add browser agent clearcut metrics * feat(cli): support selective topic expansion and click-to- expand * temporarily disable sandbox integration test on windows * Remove flakey test * Alisa/approve button * feat(hooks): display hook system messages in UI * fix(core): propagate BeforeModel hook model override end-to- end * chore: fix formatting for behavioral eval skill reference file * fix: use directory junctions on Windows for skill linking * fix(cli): prevent multiple banner increments on remount * feat(acp): add /help command * fix(core): remove tmux alternate buffer warning * Improve sandbox error matching and caching * feat(core): add agent protocol UI types and experimental flag * feat(core): use experiment flags for default fetch timeouts * Revert "fix(ui): improve narration suppression and reduce flicker (#2… * refactor(cli): remove duplication in interactive shell awaiting input hint * refactor(core): make LegacyAgentSession dependencies optional * Changelog for v0.37.0-preview.2 * fix(cli): always show shell command description or actual command * Added flag for ept size and increased default size * fix(core): dispose Scheduler to prevent McpProgress listener leak * fix(cli): switch default back to terminalBuffer=false and fix regressions introduced for that mode * feat(cli): switch to ctrl+g from ctrl-x * fix: isolate concurrent browser agent instances * docs: update MCP server OAuth redirect port documentation ++++ goreleaser: - Update to version 2.15.3: * chore: auto-update generated files * fix(rust): glibc version stripping for gnueabi/gnueabihf targets * docs(rust): document ability to specify custom glibc version * fix(rust): strip custom glibc version from target for rustup command * ci(deps): bump the actions group with 2 updates * chore(deps): bump the gomod group with 5 updates * chore(deps): bump golang in the docker group across 1 directory * sec: prevent secret leaks in logs and improve redaction * fix(srpm): remove double close of package file * fix(bun): show original target in parse error, not trimmed version * fix(rust): show all workspace members in error message, not just first * fix(docker): remove duplicate WithOutput in error wrapping * fix(docker): fix "did you mean?" suggestion always suggesting the input name itself * fix(winget): use filepath.Join instead of path.Join for local filesystem paths * fix(docker): check evaluated Dockerfile template for emptiness, not raw template * fix(nfpm): show correct value in content mtime parse error * fix(aur,krew,aursources): apply template to SkipUpload before checking its value * fix(blob): evaluate template in provider before checking for S3 ACL support * fix(release): log correct repo name for GitLab and Gitea releases * fix(build): fix broken backtick and missing GOMIPS64 in --single-target help text * fix(sbom): use matched filename for artifact Name instead of glob pattern * fix(changelog): prevent panic on negative abbrev values other than -1 * fix(changelog): use %t instead of %b for bool in debug log format * fix(partial): add missing ppc64le to archExtraEnvs map * fix(partial): use GGOMIPS64/GOMIPS64 instead of GGOMIPS/GOMIPS for mips64/mips64le * fix(gitea): fix misleading 'using master' log when default branch lookup fails * chore: auto-update generated files * chore: go 1.26.2 (#6547) * chore(deps): use ko@main to grab more recent docker (#6545) * chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.42.0 to 1.43.0 * chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.42.0 to 1.43.0 (#6542) * chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp from 0.18.0 to 0.19.0 (#6544) * test(github): use context with timeout * fix: handle io.ReadAll error in bodyOf instead of discarding it * fix: replace recursive rateLimitChecker with single check and context-aware sleep * fix: use typed structs for LinkedIn API responses * fix: guard iterator bounds in gerrors Details * fix: preserve original error details in git config extraction * ci: cleanup node before build * refactor: use io.WriteString * fix(targz): close gzip reader in Copy * fix(redact): return 0 bytes written on underlying write failure * fix(http): remove double-close of response body in executeHTTPRequest * fix(tmpl): return error instead of panicking on invalid filter regex * fix(build): prevent panic when command has single element * fix(checksums): prevent panic in sort when line has no double-space * fix(docker): prevent panic in parsePlatform with missing arch * fix(github): nil-guard resp in updateRelease before accessing Header * docs: ai usage guidelines (#6525) * fix: check buildx for dockers v1 (#6526) * chore: auto-update generated files * fix(dockers/v2): digest log * chore: schema update * fix: add retries everywhere possible (#6528) * refactor(tests): simplify client tests with helpers (#6537) * chore: auto-update generated files * refactor(http): remove global assetOpen mock pattern * chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0 to 3.1.0 (#6535) * test(client): comprehensive coverage for GitHub, GitLab, and Gitea clients (#6536) * fix: use Mattermost.Color instead of Teams.Color in mattermost pipe (#6533) * fix(client): off-by-one in truncateReleaseBody (#6534) * fix: remove duplicate WithField in gitea client push logging (#6532) * fix: better log * docs: regenerate favicons with transparent background (#6521) * chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 (#6522) * chore(deps): bump the gomod group with 2 updates (#6523) * ci(deps): bump the actions group with 5 updates (#6524) * chore: auto-update generated files * docs: fix output * docs: add v2.15 banner * chore: auto-update generated files * ci: check release sign, checksum, attestations (#6517) * fix(opencollective): handle errors, more tests (#6512) * chore: auto-update generated files * docs: Fix signature verification of checksum file (#6513) * chore: auto-update generated files ++++ gromacs: - Update to version 2026.1: * Highlights: - Two protein force fields from AMBER, ff14SB and ff19SB, have been ported to GROMACS as AMBER14SB and AMBER19SB. The ports also include the new OPC and OPC3 water models as well as several others. - Expanded support for running simulations with Neural Network Potential models, now including link atom treatment for NNP/MM, pairlist input, and electrostatic embedding models. - Experimental support for H5MD as a trajectory output format for mdrun. - Full support for using HIP as the GPU backend for AMD devices. * See https://manual.gromacs.org/2026.1/release-notes/index.html - disable tests ++++ gromacs-openmpi: - Update to version 2026.1: * Highlights: - Two protein force fields from AMBER, ff14SB and ff19SB, have been ported to GROMACS as AMBER14SB and AMBER19SB. The ports also include the new OPC and OPC3 water models as well as several others. - Expanded support for running simulations with Neural Network Potential models, now including link atom treatment for NNP/MM, pairlist input, and electrostatic embedding models. - Experimental support for H5MD as a trajectory output format for mdrun. - Full support for using HIP as the GPU backend for AMD devices. * See https://manual.gromacs.org/2026.1/release-notes/index.html - disable tests ++++ gssntlmssp: - Update to version 1.3.1 * Make sending only filled MsvAvFlags field for CHALLENGE message - Update to version 1.3.0 * Fix typo in header guard for src/ntlm.h * Fix crash in target_name decoding. * Mark defined numbers as unsigned. * BF: libiconv does not support undashed unicode encoding aliases * Change the ossl3 context to be allocated once. ++++ kernel-firmware-amdgpu: - Update to version 20260414 (git commit f48f551a902b): * firmware/amdgpu: Update DMCUB fw to Release 0.1.55.0 ++++ kernel-firmware-intel: - Update aliases from 7.0 ++++ kernel-firmware-media: - Update to version 20260414 (git commit f48f551a902b): * mediatek: vpu: drop old sym link ++++ kernel-firmware-qcom: - Update to version 20260414 (git commit f48f551a902b): * qcom: Update ADSP firmware for QCM6490 platform ++++ kernel-firmware-realtek: - Update aliases from 7.0 ++++ kernel-firmware-serial: - Update aliases from 7.0 ++++ libglvnd: - enable installation of GL headers files and move them to %docdir/include to be picked up by Mesa build later, because in libglvnd sources these are still updated but in Mesa sources they are not any longer and are completely outdated (boo#1260932) ++++ texlive: - Add upstream patch source-tl-r78399.dif * Fix report on tlsecurity ++++ lightdm: - Explicitly BuildRequire update-alternatives and mark it as being used in post/postun: this was nicely masked by the fact that binutils, installed on every system, already dragged u-a in, which is no longer the case. ++++ ngtcp2: - enable openssl support on factory only (jsc#PED-15770) ++++ python310-core: - Add CVE-2026-3446-base64-padding.patch preventing ignoring excess Base64 data after the first padded quad (bsc#1261970, CVE-2026-3446, gh#python/cpython#145264). ++++ python315-core: - bsc#1261970 (CVE-2026-3446, gh#python/cpython#145264) has been already fixed by the previous updated. Changelog updated. ++++ python315-nogil-nogil-core: - bsc#1261970 (CVE-2026-3446, gh#python/cpython#145264) has been already fixed by the previous updated. Changelog updated. ++++ qalculate: - Regenerate configure script before build for GCC16 compatibility (boo#1261740) ++++ s2n: - Update to version 1.7.2 * chore(s2n-tls): v0.3.35 release (#5765) * fix: update memory snapshots (#5771) * fix: make get_alert idempotent (#5767) * chore: fix crate name (#5769) * chore: delete unused s2n_stuffer_alloc_ro functions (#5757) * fix: add required metadata for subscriber (#5776) * docs: add comments about sslv3 weaknesses (#5777) * fix(bindings): replace bare as usize casts in Tokio I/O callbacks (#5780) * feat(s2n-metric-subscriber): add supported parameters (#5768) * build(deps): bump jidicula/clang-format-action from 4.16.0 to 4.17.0 in /.github/workflows in the all-gha-updates group (#5784) * refactor(rand): deprecate internal DRBG implementation (#5775) * docs: clarify integrity protection requirements for connection serialization (#5782) * build(deps): bump the all-gha-updates group in /.github/workflows with 2 updates (#5787) * feat: add strict and interop CNSA 2.0 policies (#5760) * ci: add 'style' to PR title check (#5792) * fix(aws-lc): Update test for https://github.com/aws/aws-lc/pull/3101 (#5788) * feat(build): Add option to enforce correct libcrypto feature probing (#5579) * ci: fix install_awslc_fips script (#5790) * fix: Gates rolling hash of all supported hash algorithms to TLS1.2 (#5803) * chore: remove codeowners (#5797) * docs: clean up DRBG references across docs, APIs, and templates (#5789) * fix: reject certs with literal-IP CN and no SAN (#5804) * ci: upgrade nix awslc version (#5805) * fix(ci): update MSRV for extended crates from 1.72 to 1.77 (#5810) - Prefer explicit path and filenames over wildcards in %files section - Update upstream URL in Source field ++++ libstorage-ng: - merge gh#openSUSE/libstorage-ng#1067 - removed unneeded mockups - 4.5.312 - merge gh#openSUSE/libstorage-ng#1066 - handle invalid output from parted - 4.5.311 ++++ linstor-client: - Convert to noarch, this package builds no binaries. - Use pyproject macros to build and install. - Explicitly list files and directories to install under sitelib. ++++ luanti: - Update to version 5.15.2: * Full changes: https://docs.luanti.org/about/changelog/#5151--5152 - Remove obsolete Recommends: entry pointing to luanti-game, which does not exist ++++ mangohud: - Add mangohud-gpu_fdinfo-add-missing-sstream-header-include.patch to fix build with GCC 16. ++++ ollama: - Update to version 0.20.7 * Fix quality of gemma:e2b and gemma:e4b when thinking is disabled * ROCm: Update to ROCm 7.2.1 on Linux by @saman-amd * Gemma 4 tool calling ability is improved and updated to use Google's latest post-launch fixes * Parallel tool calling improved for streaming responses * Hermes agent Ollama integration guide is now available * Ollama app is updated to fix image attachment errors ++++ orthanc: - version 1.12.11 370dir.diff and dcmtk370.patch removed (upstream) * Lots of Bug- and CVE-Fixes. See News for details ++++ orthanc-authorization: - Version 0.11.2 * cassert.diff added * Now recording audit-logs when uploading a zip. * New default permissions for sending emails when sharing studies. * Added support for /tools/bulk-modify and /tools/bulk-anonymize * Fix: in /tools/bulk-delete, a user was able to delete resources he does not have access to. * Fix: in /tools/find, "ParentSeries" and "ParentStudy" fields were ignored. ++++ orthanc-dicomweb: - version 1.23 * framework.diff and framework2.diff removed * If calling "/rendered" route on a Encapsulated PDF, the plugin will now return the PDF file instead of generating a 400 error. * Added metrics: - "orthanc_dicomweb_wadors_average_bandwidth_per_call_mbytes_per_second_5m" is the weighted average bandwidth of each individual call to any WADO-RS route to retrieve instances, series or studies. This metrics is only updated at the end of the call and averages the bandwidth values that are also displayed in the logs if "EnablePerformanceLogs" is set to "true". - "orthanc_dicomweb_wadors_total_bytes_transferred" counts the number of bytes that have been returned by any WADO-RS route to retrieve instances, series, or studies. This is updated while the response is returned. * "DicomWebStowClient" jobs now have their "Content.Resources" and "Content.Server" fields populated as soon as they are created, not only when they start being executed. ++++ orthanc-postgresql: - version 10.1 * 'minor changes' but no changelog ++++ orthanc-python: - version 7.1 * Wrapped "RegisterStorageArea3()" ++++ ovmf: - Add DEBUG_TO_MEM build option for x86_64 and AArch64 - Linux kernel version 6.17 introduces a new boolean config option, OVMF_DEBUG_LOG. When enabled, the kernel exposes the firmware debug log via sysfs. If both the kernel and firmware support this feature, the log will be available under /sys/firmware/efi/ovmf_debug_log. - This option enables compatibility with the kernel feature, allowing firmware debug logs to be retrieved from the OS without relying on traditional debug interfaces. ++++ patterns-base: - add missing pattern-visible() provide to immutable_base pattern (bsc#1262133) ++++ python-openvino-telemetry: - Update to version 2026.1.0: * No release notes. ++++ python310: - Add CVE-2026-3446-base64-padding.patch preventing ignoring excess Base64 data after the first padded quad (bsc#1261970, CVE-2026-3446, gh#python/cpython#145264). ++++ python310-documentation: - Add CVE-2026-3446-base64-padding.patch preventing ignoring excess Base64 data after the first padded quad (bsc#1261970, CVE-2026-3446, gh#python/cpython#145264). ++++ python-CherryPy: - Temporarily mark test_queue_full as xfail with xfail.patch ++++ python-Flask: - Skip test failing with Werkzeug 3.1.8, removed upstream ++++ python-click-repl: - Use pyproject macros to build and install. ++++ python-debugpy: - fix alternatives usage ++++ python-django-health-check: - update to 4.3.0: * Ref #701 -- Add support for a custom executor for synchronous checks ++++ python-git-pw: - update to 2.8.0: * Drop support for click < 8 * typing: Make things stricter (4/4) * typing: Make things stricter (3/4) * typing: Make things stricter (2/4) * typing: Make things stricter (1/4) * tox: Remove CLI overrides * Add mypy configuration to pyproject.toml * Use objects from collections.abc, typing * Enable pyupgrade (U) checks * Move packaging configuration to pyproject.toml * Add support for Python 3.14, drop Python 3.9 * Migrate to ruff * tests: Add test for dependency feature * series: Enable applying series dependencies * api: Add function to get an object from a URL ++++ python-openqa_client: - Switch to pyproject macros to build and install. - List files under python_sitelib explicitly. - Only Require typing_extensions for Python < 3.8 ++++ python-pyroomacoustics: - Update to 0.10.0 * Ray Tracing Directivity * This new release introduces source and receiver directivities for the ray tracing simulation engine. * Support for source directivities in non-shoebox rooms using the images source model. * New pyroomacoustics.random module that provides some primitives for sampling at random from arbitrary distributions on the sphere. This is used for source directivities in the ray tracing simulator. * New octave filter bank with energy conservation and perfect reconstruction described in Antoni, "Orthogonal-like fractional-octave-band filters," 2009. The filter bank is implemented in pyroomacoustics.acoustics.AntoniOctaveFilterBank. * A method sample_rays is added to the Directivity objects to provide a unified interface to sample rays of sources used for ray tracing. * The class directivities.SphericalHistogram allows to collect and display histograms on the sphere which can be useful to visualize and test directivities. [#]# Added * A new random sub-module that contains a Numpy random number generator to use package wide and some methods to set the seeds for this generator and that of the libroom module. * New methods to sample from spherical distributions either analytically, or by rejection sampling are provided in random. [#]# Changed * Bumped the numpy requirement to v1.17.0 to use the numpy.random.Generator objects. * Adds random "bending" of the rays to account for scattering in the ray tracing. * Refactor the way the RIR is weighted with the histogram in simulation/rt.py. * Improves pra.experimental.measure_rt60: Compute the T60 using a fit. Default is log-domain. Adds option to fit in linear domain. * Add Directivity pattern for real spherical harmonics. * Flip the settings to use octave_bands_keep_dc=True by default. There should be minimal change due to the introduction of the high-pass filter in 0.9.0. [#]# Bugfix * Fixes the lowest octave band filter that was malformed when using octave_bands_keep_dc=True. * Fixes the computation of the octave band widths that were not correct for the lowest and high bands. * In doa.py, the ax.xaxis.grid and ax.yaxis.grid parameters were changed from b to visible. * Fixes MicrophoneArray.append(MicrophoneArray) AttributeError: 'MicrophoneArray' * object has no attribute 'shape'. * Fixes issue #421: When generating a highpass filtered room impulse response make sure that the output is a memory contiguous NumPy array. ++++ python-pythran: - Skip two tests failing with xsimd 14.1.0 ++++ python-synr: - Add patch switch-to-poetry-core.patch: * Switch the build backend to poetry-core. - Add patch support-python-3.14.patch: * Support Python 3.14 AST changes. ++++ python315: - bsc#1261970 (CVE-2026-3446, gh#python/cpython#145264) has been already fixed by the previous updated. Changelog updated. ++++ python315-documentation: - bsc#1261970 (CVE-2026-3446, gh#python/cpython#145264) has been already fixed by the previous updated. Changelog updated. ++++ python315-nogil: - bsc#1261970 (CVE-2026-3446, gh#python/cpython#145264) has been already fixed by the previous updated. Changelog updated. ++++ redumper: - Update to version 709 * https://github.com/superg/redumper/compare/build_705...b709 ++++ selinux-policy: - Update to version 20260414: * Allow snapper_sdbootutil_plugin_t linux_immutable (bsc#1261945) * allow unconfined services to read VM state (bsc#1251789) ++++ suse-xsl-stylesheets: - Update 2.95.35 SUVA / AskGeeko integration in #789 ++++ telegram-desktop: - Updated td to git20260414. * No changes provides. - Updated telegram-desktop to 6.7.6 * https://github.com/telegramdesktop/tdesktop/releases/tag/v6.7.6 ++++ valgrind: - remove 32bit for all SLES 16 based products (jsc#PED-15782) ++++ valgrind-client-headers-source: - remove 32bit for all SLES 16 based products (jsc#PED-15782) ------------------------------------------------------------------ ------------------ 2026-4-14 - Apr 14 2026 ------------------- ------------------------------------------------------------------ ++++ Botan: - Update to 3.11.1 * CVE-2026-35580: Resolve certificate verification bypass bug introduced in 3.11.0 (GH #5500) * CVE-2026-35582: Resolve TLS 1.3 client authentication bypass (GH #5599) * Add optimized Argon2 implementation using AVX512 (GH #5471) * Add optimized and constant-time Twofish implementation using AVX512/GFNI (GH #5465) * Add optimized and constant-time SEED implementation using AVX512/GFNI (GH #5472) * Add optimized and constant-time Whirlpool implementations using AVX2 and AVX512 (GH #5453 #5473) * Add SSSE3/NEON and AVX2 optimized codepaths for CTR (GH #5474 #5480) * Add constant time implementations of Camellia, ARIA, SEED and SM4 using AES-NI or ARMv8 AES instructions to implement sbox lookups (GH #5476 #5477 #5479 #5481 #5485 #5492) * Improve performance of the AVX512 implementation of SHA-512 especially for Clang (GH #5490) * Optimizations for the IDEA modular multiplication (GH #5484) * Fix various minor TLS conformance issues flagged by TLS-Anvil (GH #5494 #5498) * Fix bug in Ed25519 where an invalid signature checked with PK_Verifier might cause a later valid signature to be rejected. (GH #5454) * Fix a bug in handling of ECDSA DER-encode signatures where an invalid signature checked with PK_Verifier might cause a later valid signature to be * rejected. (GH #5455) * Fix a problem introduced in 3.11.0 which could cause crashes on processors without SSSE3 support, particularly when compiled by GCC. (GH #5460 #5463 #5469) * Fix various new warnings from clang-tidy 22 (GH #5456) * Fix a compilation error introduced in 3.11.0 which prevented using ffi unless bcrypt was also enabled. (GH #5462) * Avoid a macro collision with Microsoft headers that could cause a compilation problem in amalgamation mode. (GH #5486) * Enable explicit_bzero, getentropy, getrandom on Hurd (GH #5488) ++++ ProtonPlus: - Update to version 0.5.19: + Add fallback directory paths for launcher detection + Translations update ++++ QtPass: - Update to version 1.6.0: * chore: bump version to 1.6.0 and update CHANGELOG * test: address review findings for util tests (#985) * test: fix executor and util review findings (#984) * test: strengthen test assertions per review (#983) * test: add executor edge case tests (#982) * test: add filecontent edge case tests (#981) * test: add more coverage tests (#980) * Localization update * test: add gpgkeystate coverage tests (#979) * test: add UserInfo created/expiry coverage (#978) - Drop QtPass-desktop_version.patch because it's no longer needed. ++++ agama: - Version 20 - jsc#PED-12285 - re-introduced initial implementation for installer state status report via IPMI. Original implementation lost due to transition from Ruby to Rust. ++++ agama-products: - Version 20 ++++ agama-web-ui: - Version 20 - Redesign network connection form with improved user experience (related to gh#agama-project/agama#3386 and bsc#1259067). ++++ agama-yast: - Version 20 ++++ amazon-ssm-agent: - Update to version 3.3.4177.0 * Add EnforceWorkspaceRootOwnership configuration to support disable hardening of agent workspace * Add reboot comment to Windows shutdown command for SSM Agent traceability * Update privilege access check to verify ownership and permissions of document state files ++++ apache-pdfbox: - Added patch: * pdfbox-CVE-2026-33929.patch + upstream fix for bsc#1262046, CVE-2026-3392: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code - Update to 2.0.36 * Bug - XMPBox removes namespaces on serialization - False negative on PDFA-1b validation : missing field type - PlainText.Paragraph.getLines extremely slow on long lines - Valid PDF/A 1B is rejected - Potential StackOverflows in BaseParser - Unknown code in Huffman RLE stream - IllegalArgumentException: Can't add attribute to 0-length text - TTFSubsetter.buildGlyfTable() modifies glyphIds while iterating over its entries possibly causing ConcurrentModificationException to be thrown - IndexOutOfBoundsException in Type1CharStringParser.processCallSubr() - Exception "No type defined for {http://www.aiim.org/pdfa/ns/id/}rev" when trying to determine version of PDF/A-4 document - allow new PDF/A-4 conformance levels - pdfbox-app-X.X.X-sources.jar on maven central are empty (and javadoc jar is missing) - Cmd line docs - IllegalArgumentException: Multiplying two matrices produces illegal values in PDFStreamEngine.processAnnotation() - XmpParsingException: Schema is not set in this document: http://ns.adobe.com/xap/1.0/sType/ResourceEvent# - NullPointerException in FontMapperImpl.getFontMatches() - border style in FDFAnnotation is not initialized if width is 0 - German umlauts are not rendered - Invalid type in Schema not detected when in XML attributes - Serializing produces date "1-01-01T00:00:00+01:00" - Seconds of date "D:2015-02-03T10:11:12" returned as 0 - Confusing naming of "DerivedFrom" property getter in XMPMediaManagementSchema - ClassCastException in XMPMediaManagementSchema.getHistory() - IllegalArgumentException: Input buffer too short in StandardSecurityHandler.computeRC4key() - IllegalArgumentException: Width (0) and height (0) cannot be <= 0 when printing landscape rotated with RASTERIZE_DPI_AUTO - DateConverter fails on valid date - ClassCastException: class org.apache.xmpbox.type.TextType cannot be cast to class org.apache.xmpbox.type.ArrayProperty in DublinCoreSchema.getCreatorsProperty() - tiff:YCbCrSubSampling and tiff:YCbCrPositioning have wrong cardinality - ClassCastException: class org.apache.xmpbox.type.FlashType - Cannot find a definition for the namespace http://www.w3.org/1999/02/22-rdf-syntax-ns#, property: rdf:Description - XmpParsingException: Schema is not set in this document: http://ns.adobe.com/xap/1.0/sType/ResourceEvent#, property: stEvt:action - XmpParsingException: Missing pdfaSchema:property in type definition in lenient mode - XmpParsingException: Unknown property value type : Open Choice of Integer - XmpParsingException: Property 'CountryCode' not defined in http://www.epo.org/patent-bibliographic-data/1.0/ - date "0-00-00T00:00:00-04:00" read as "0002-11-30T00:00:00-40:00" - XmpParsingException: Type 'stRef:documentName' not defined in http://ns.adobe.com/xap/1.0/sType/ResourceRef# in lenient mode - Invalid PDF/A namespace definition, prefix: xmlns, namespace: http://www.aiim.org/pdfa/ns/extension/ - XmpParsingException: Schema is not set in this document: http://www.aiim.org/pdfa/ns/extension/, property: pdfaExtension:schemas - NegativeArraySizeException in PredictorOutputStream() - NullpointerException in PDAcroForm.getField(Line 485) - OutOfMemoryError when trying to extract text from pdf - Outlines circular reference vulnerability - Rendered text missing - Inverted images due to enlarged decode array - PDF displays garbled characters in Adobe Reader but renders correctly in web browsers - NullPointerException while merging PDFs with output intents * Improvement - Valid XMP Extension Schema rejected - Remove dead code from PDFMarkedContentExtractor - Include test file in test class - Get and Add PageTextSchema - Remove / deprecate TypeMapping.getAssociatedSchemaObject() - Support Seq / Bag mixup in lenient mode - Parse xmp files in lenient mode that have no processing instructions - deprecate getPDFIdentificationSchema() in favor of getPDFAIdentificationSchema() - Support TIFF-files with FillOrder=2 conversion to PDF * Task - Remove / deprecate unused parts of PDIndexed - modernize rat exclusions - Run regression tests for 2.0.36 - Update to 2.0.35 * Bug - NegativeArraySizeException with PDF file with huge fonts - Inline image bug with multi-byte newline tokens - fix initial ByteArrayOutputStream size for deflate operation - PDF takes an hour to render - Splitter does not include structure tree in documents past the first split - build fails on jdk11 - Load a TTF font which is from Mac OS throw an exception - Wrong glyphs since PDFBOX-5790 - ClassCastException on broken file in PDEmbeddedFilesNameTreeNode.convertCOSToPD() - invalid XMP generated when Apache Xalan in the classpath - XMP JobType constructor ignores fieldPrefix - NullPointerException in xmpbox serializer if a date is empty - Rendering issue with type 2 shading: vertical expansion - Possible infinite loop in shading code - Potential OOM in XrefStreamParser - Potential StackOverflow in PDFStreamParser - Potential StackOverflow in PDPageTree's getInheritableAttribute - Potential OOM in Type1Lexer - Potential OOM in PfbParser - PDMarkedContentReference.setMCID() should not accept negative numbers - IllegalPathStateException: missing initial moveto in path definition - Fix possible ClassCastException - NullPointerException in COSDictionary - StringIndexOutOfBoundsException in PlainText$Paragraph.getLines() - LZWFilter crashes, probably not handling the KwKwK special case - NullPointerException in PDNumberTreeNode.getNumbers() - UnsupportedOperationException: JPX color spaces don't support drawing - Signing tries to set byteRange of old signature (2) - ClassCastException in PDOptionalContentProperties.getBaseState() * Improvement - Add test for embedded files - set size for ByteArrayOutputStreams - avoid creation of temporary objects when parsing hex values - avoid unnecessary map lokups - remove unnecessary iteration and StringBuilder creation - Support reverse landscape orientation for printing - Add test coverage for orphan annotation - Remove orphan popup parent annotation - Improve XmpSerializer test by verifying its output - Consider rotation of page when applying overlay - Preserve Perms dictionary when signing - Check /ParentTree against /K tree - Add test for 5521 - Refactor RC4Cipher * Task - Regression tests for 2.0.35 - Update to 2.0.34 * Bug - PageDrawer is not rendering unrotatable Annotations on rotated pages - Zero-width non-joiner characters visible in generated PDF - Surrogate pairs with combining diacritics are incorrectly ordered on text extraction - TestCreateSignature.testCreateSignedTimeStamp checkLTV build test fail (2) / Support several issuers - IllegalArgumentException: Width (0) and height (0) must be non-zero - Merge docs with specific characteristics causes stack overflow - InvalidKeyException: Supplied key (sun.security.ec.ECPrivateKeyImpl) is not a RSAPrivateKey - Can't read the embedded Type1 font: Found Token[kind=NAME, text=def] but expected begin - Wrong size entry in trailer after incremental save - FileSystemFontProvider doesn't register failed type1 fonts - Text annotation crosshair symbol too small when using Adobe symbol font - Orphan /OpenAction destination page kept in merge - PDFRenderer causes endless loop - Invalid stream length: 0, stream start position: - Inline image incorrectly parsed (2) - IllegalArgumentException: Not a valid Unicode code point: 0xE28496 - Type 3 font glyphs not displayed - Rendered PDF is missing shading pattern graphics - NPE during merge - Class cast exception in building PDDestinationNameTreeNode - DomXmpParser incorrectly expects namespaces on attribute level - BDC processor mishandles property name - Can't render some Type1C fonts. - PDF to Image conversion results in a blank white page * Improvement - Implement PDFormXObject.setGroup() - CertificateVerifier.isSelfSigned() should not throw an exception - Use Zapf Dingbats code for cross text annotation - Support PushPin, Tag and Graph file attachment annotation icons - Improve PDFMergerUtility memory footprint - Support rare RC4 encryption where R=4, key length < 128 bits - Improve checkWithNumberTree() test - Use SHA256 instead of MD5 for document id * Wish - PrintPDF should not be case sensitive against printer name on Windows * Task - Run regression tests for 2.0.34 - Update to 2.0.33 * Bug - Character positions shifted - Incorrectly extracted text (broken words) - Wrong color of uncolored tiling pattern - OutOfMemoryError - during renderImageWithDPI - BaseParser fails when a number is followed by a string starting with 'e' - Type3 font is not rendered - Flattening removes all annotations when widget annotation has no page - Image lost on page render - extra whitespaces when extracting Arabic text - SMaskInData not supported for JPX images - Kid Widget /DA is ignored in setDefaultAppearance() call - Radio button can't be set - the PDDocument.documentId does not seem to be written into the flat byteStream - PDFBox is unable to remove ID - Fix last step of the build process - StringIndexOutOfBoundsException in AppearanceGeneratorHelper - ClassCastException in SetLineJoinStyle.process() - Unable to load password protected pdf - PDFBox not extracting text of non-latin languages(tamil, bengali) properly but adobe reader's save as text does - Checkstyle - [PATCH] Detect CMYK image without relying on metadata - Regression from PDFBOX-5841: Text extraction with rotation magic fails for PDF with multiple content streams in a page - PDF render blank page: The end of the stream doesn't point to the correct offset, using workaround to read the stream, stream start position: 196, length: 0, expected end position: 196 - CVE for Lucene libraries - The pattern created with PDFBox shows inconsistent colors between Safari and Adobe. - BDC sequence with resource reference instead of with MCID - StackOverflowError in PDFieldFactory.findFieldType - ClassCastException in AnnotationValidator - The CPU usage of a PDF file with a size of 85.6 MB is abnormal - Many ZapfDingbats symbols do not appear when page is rendered. - IOException when reading isolated "+" - IllegalArgumentException: capacity < 0: (-75475220 < 0) in RandomAccessReadBuffer constructor - FontBox spawns a `cmd` subprocess to read an environment variable (on Windows) - Implement PDF 2.0 dash phase clarification (2) - Particular PDF fails on renderImageWithDPI call - PDType0Font return invalid space width - Icons of text annotations sometimes too large - Orphan page check doesn't check annotation destinations - NPE in COSArray.indexOfObject - NPE in PagePane.mouseMoved() - ArrayIndexOutOfBoundsException in CMap.toInt() * New Feature - Show ASN.1 decoded Contents for Signature-Dictionary * Improvement - Exchange hard-coded values for variables and provide command-line options in TextToPDF component - Long rendering time of fonts in a specific PDF - Support imageio-jnr / imageio-openjpeg library for JPEG2000 decoding - Improve ExtractTTFFonts - Change Loglevel from Warn to info when rebuilding font cache - Support OCG visibility expressions - Add page getter/setter to PDObjectReference - Support long values for COSInteger objects - Empty constructor for PDViewerPreferences - Add check of /P to PDFMergerUtilityTest - support Markdown extraction from the command line - Calculate dpi dynamically when printing with raster - Remove orphan annotations in structure tree - Add font name to PrintTextLocations * Wish - Improve detection whether printing or viewing - Hi CPU and memory usage when converting a PDF with type 4 shading * Task - 2.0 builds fail on jenkins because jdk11 no longer supported - Update to 2.0.32 * Bug - preflight-app fails on Java 11+ with NoClassDefFoundError: javax/activation/DataSource - AppearanceGeneratorHelper assumes fontscale 1000 - Remove release subproject - Don't use a predefined CMap if a ToUnicode CMap is present - Regression NPE in Splitter - The content of the specified font is lost, Google Chrome can display it - Crash for Softmask with incorrect backdrop color components - Observable Timing Discrepancy (Timing Attack) - Black rectangle over image - Wrong font substitution for Wingdings - PDDocument#importPage slowed down by factor 1300 - Split aborts with broken destinations - IllegalArgumentException: Parameter must be 1-based, but is 0 when using PDFTextStripperByArea - Files created with PDFMergerExample are not correct PDF/A - Missing /Subtype and /Type in Metadata not detected - Multiple exceptions coming from org.apache.fontbox.ttf for different PDFs - IOException: Error expected floating point numberactual='-12.-1' - NullPointerException: Cannot invoke "String.codePointAt(int)" because "uni" is null - DomXmpParser - IllegalArgumentException: prefix cannot be "null" when creating a QName - ClassCastException: org.apache.pdfbox.cos.COSNull cannot be cast to org.apache.pdfbox.cos.COSDictionary - IllegalArgumentException: Width (26) and height (0) must be non-zero - There is an exception when getting embedded font, is it compatible? - Infinite loop after splitting and saving PDF / giant result files * Improvement - JPEGFactory. Reduce logging severity when no image metadata is present - Add test for surrogate pair character 𩸽 - Update unicode Scripts.txt - Include a PDFA check with VeraPDF for CreatePDFATest - Add center constructor parameter to PDFPageable and to pdfbox-app - When splitting, keep named page destinations that are part of target document(s) - When this PDF is rendered with the "f" Operator, a black screen appears. * Task - Investigate why we get "response contains wrong nonce value" during build tests - Update to 2.0.31 * Bug - [PATCH] Split pdf lose accessibility tags - Allow creating of PDFXObjectImage without accessing to the image stream - PfbParser fails to parse PFB font with multiple binary records. - Lines vanish when printing on MacOS - java.lang.IllegalArgumentException: Provided dictionary is not of type 'COSName{OCG}' - The embedded font DroidSansFallbackFull reports an error when parsing, and finally uses lastResortFont, resulting in garbled fonts. - COSName caches already cached hashCode - Font operation takes a long time with 3.0.1 - NullPointerException in TTFSubsetter.buildPostTable() - Problem converting PDF to image (java.awt.color.CMMException: Can not access specified profile) - Set the default value for PDNonTerminalField - java.lang.ArrayIndexOutOfBoundsException Bug Report - Wrong colors in PDF since PDFBOX-5488 - Java 7 support on 2.0 - Convert to image exception - PDF conversion in this format is very slow. Is there any room for optimization? - IllegalArgumentException: -Infinity is not a finite number - Inconsistent signature page handling when signing in existing signature fields - Add leading "0" for octal values in MacOSRomanEncoding - DataFormatException: invalid distance too far back - Grayscale JPEG rendered multicolor - OutOfMemoryError in FileSystemFontsProvider.scanFonts - NPE in PageDrawer.getPaint() - Issue with embedded Font and descendant Font - LCMS error 13: Mismatched alpha channels * New Feature - Enable Native Markdown Extraction in Apache PDFBox * Improvement - When splitting, keep page destinations that are part of target document(s) - Replace Exception with some repair attempt - Update to 2.0.30 * Bug - Regression unicode mapping in Korean document - Operators "q" and "Q" should also preserve text matrices - Signature Image not Rendered starting with PDFBox 2.0.23 - Fonts are not subsetted when saving incrementally - Bug in PDFMergerUtility#mergeFields - Password protected PDF opens in GUI apps but PDFbox says invalid password - Wrong error message "2.4.1 : Invalid Color space, The operator "rg" can't be used with CMYK Profile" - Make FDF annotations more compliant with the specification - NPE in DomXmpParser.parseLiDescription - Regression: NoSuchElementException in PDFXrefStreamParser - The PageDrawer.strokePath method is blocked, and cpu100% - Avoid NPE when processing CFF2 based fonts - IllegalArgumentException: Dimensions (width=458477041 height=26) are too large - Can not see checkbox check - NPE when converting pdf to image. - NullPointerException in XMPMetadata.getSchema() - PDFToImage might not correctly detect unsupported image formats - Font cache isn't effective on my machine, always rebuilds - PDF to Image conversion results in different converted image - Text in a certain font is lost when converting pdf to image - Incorrect colors in image from PDFs (DCTDecode) * New Feature - Inconsistent/incomplete PDF rendering * Improvement - Improve code quality (4) - Add PDRectangle#TABLOID paper size - Support version 0.5 of MaximumProfileTable - loca-table isn't mandatory for TTF/OTF-fonts using CFF outlines - Implement PDF 2.0 dash phase clarification - Add getter and setter for the CO array under PDAcroForm - Make UTC timezone static - Facilitate migration to PDFBox 3.0 - Consolidate bouncycastle configuration - Consistent scm.url values for pom.xml - use comparison operators for enums ++++ atuin: - Update to version 18.14.1: * Bug Fixes + Ensure we can publish to crates (#3403) + Thread remote and content_length through system for server tool calls (#3404) - Update to version 18.14.0: * Bug Fixes + (ui) Make preview line breaking algorithm aware of CJK double-width characters (#3360) + (ui) When inverted, invert scroll events handling (#3373) + Replace `e>|` with `|` in nushell integration to restore history recording (#3358) + Resolve git worktrees to main repo in workspace filter (#3366) + Ensure daemon is running (#3384) * Features + Opt-in to sharing last command with ai (#3367) + Add 'atuin config' subcommand for reading and setting config values (#3368) + Option to disable mouse support (#3372) + Add support for deleting all matching commands via keybindings (#3375) + Add strip_trailing_whitespace, on by default (#3390) + Client-tool execution + permission system (#3370) + Add history tail for live monitoring view (#3389) + Track coding agent shell usage (#3388) + Remove agent search from tui (#3397) + Add pi hook installer (#3398) + Autoinstall ai shell history hooks (#3399) * Miscellaneous Tasks + Update to eye-declare 0.3.0 (#3365) * Refactor + Rename examples -> contrib (#3400) ++++ aws-efs-utils: - Update to version 3.0.1 * Fix proxy crash on NFS error in READ_BYPASS response - from version 3.0.0 * Add support for s3files - Refresh support-relro-in-delocator.patch - Refresh fix-cargo-checksums.patch ++++ aws-lc: - Update to version 1.72.0: + Reject point at infinity in EC_KEY_set_public_key + Add SSL_use_cert_and_key for per-connection cert/key setting + Add Optimized and HOL Light verified AVX2 Keccak x4 + Fix intermittent WIN32_rename failures in openssl ca CLI tool due to transient file locks + Remove redundant definitions + fipsmodule/ml-kem: Import mlkem-native v1.1.0 + Zeroize sensitive stack buffers in DRBG, X25519, Ed25519, ECDSA, ECDH… + Fix entropy source selection for Apple cross-compilation targets + openssl-tool CLI: CA cleanup + + Remove redundant definitions + fipsmodule/ml-kem: Import mlkem-native v1.1.0 + Zeroize sensitive stack buffers in DRBG, X25519, Ed25519, ECDSA, ECDH… + Fix entropy source selection for Apple cross-compilation targets + openssl-tool CLI: CA cleanup + Fix PostgreSQL integration SSL test failures for upstream error string changes + Hardening fixes for ML-DSA digest mode, XTS key comparison, and urandom + Fix bind9 integration test for upstream build system changes + Consistently set outlen to zero for all error paths + Add -msg and -servername support to openssl s_client + Add NULL pointer validation to ML-KEM EVP encapsulate/decapsulate + Add openssl version -a and -p flag support + Rename __AWS_LC_ENSURE to AWS_LC_ENSURE to avoid reserved identifier + Upgrade custom libc++ to LLVM 19 and add sanitizer support to build_and_test.sh + Update PyOpenSSL patch + Harden OCSP response printing and fix integer overflow in x509v3_bytes_to_hex + Small fixes for RSA_METHOD and EVP_PKEY_derive_set_peer + Add OPENSSL_INIT_ATFORK compatibility stub + Bound ReadConsoleW by stack buffer size + Change ML-KEM PKCS#8 encoding from expanded to seed form + Add missing error return for short metadata keys + Lower default SSL peek test rounds and remove CI workarounds + Check RSA-PSS digest algorithms for X509 + Update target.h to support Loongarch64 ABI1.0 architecture + Make some more half-empty EVP_PKEY states impossible ++++ buildah: - Update to version 1.43.1: * [release-1.43] Bump Buildah to v1.43.1 * [release-1.43] Bump c/common v0.67.1, c/image v5.39.2 * update module github.com/go-jose/go-jose/v4 to v4.1.4 [security] * ignore ErrLayerUnknown in cache lookup * fix setting of gid * fix call to chown ++++ buildkit: - Update to version 0.29.0: * vendor: github.com/docker/cli v29.4.0 * Dockerfile: update docker engine, cli to v29.4 * s3cache: Fix data race in readerAtCloser * client: write CDI specs atomically in integration tests * chore: remove deprecated client.SolveOpts.LocalDirs member * chore: prune unused protobuf files from googleapis * build(deps): bump crazy-max/.github from 1.5.0 to 1.6.0 * build(deps): bump the crazy-max-dot-github group with 2 updates * solver: route gateway dockerfile.v0 source to builtin frontend * Update Test Coverage for Secrets * frontend/dockerfile: fix HEALTHCHECK history formatting * hack: print the README diff when doctoc validation fails * Dockerfiles: pin doctoc to a fixed version * cache: add retry_mode and retry_max_attempts options to s3 cache * build(deps): bump crazy-max/.github from 1.3.0 to 1.5.0 * build(deps): bump docker/github-builder/.github/workflows/bake.yml * build(deps): bump docker/login-action from 4.0.0 to 4.1.0 * test: use separate container ID for exec phase of worker test * gitutil: add opt-in support for host git config * Introduce disable_accept_encoding flag in s3 cache. * gitutil: avoid global git config lookup on Windows * ci: fix Windows ARM64 test compatibility * session(auth): cancel blocked credential callbacks ++++ coturn: - Update to version 4.10.0 * Skip response buffer allocation for STUN indications. * WebRTC Auth optimization path (#1860). * Fix null pointer dereferences in post_parse() (#1859). * Extend seed corpus (#1858). * Add Linux-only `recvmmsg` receive path for DTLS/UDP listener. * Fix Linux build warnings (#1853). * perf: remove mutex from per-thread super_memory allocator. * Keep only NEV_UDP_SOCKET_PER_THREAD network engine. * Fix stack buffer overflow in OAuth token decoding. * Update config and Readme files about deprecated TLSv1/1.1. * perf: eliminate mutex and reduce copies on auth message dispatch (#1843). * perf: replace mutex_bps with lock-free atomics for bandwidth tracking. * Fix uint16_t truncation overflow in stun_get_message_len_str() causes (#1844). * fix: restore RFC 3489 (old STUN) backward compatibility broken since 4.7.0 (#1839). * Change port identifiers to use uint16_t (#1752). * Fixes: run_tests.sh and no db (#1834). * Add session usage reporting callback to TURN database driver. * Initialize variables before use (#1832). * Replace perror with logging (#1831). * CLI interface is disabled by default. * Disable reason string in response messages to reduce amplification factor. * Perf: improve worst case scenario optimization. * Fix compilation warnings (#1822). ++++ cpp-httplib: - Update to 0.42.0: * test: WebSocketIntegrationTest.SocketSettings: do not set AF_INET - 0.41.0: * Replace httplib::any / std::map based res.user_data with a new type-safe UserData class that provides set() / get() API * Add parse_url utility function with UrlComponents struct for parsing URLs into scheme, host, port, path, and query components * [cmake] Allow using pre-existing zstd::libzstd target if it already exists, useful for projects that bundle their own zstd * Add header parser and URL parser fuzzers for OSS-Fuzz coverage improvement - 0.40.0: * Optimize multipart content provider to coalesce small writes and reduce TCP packet fragmentation * Add set_socket_opt function and corresponding test for TCP_NODELAY option * Implement request body consumption and reject invalid Content-Length with Transfer-Encoding to prevent * request smuggling * Fixed warnings - 0.39.0: * Update modules.cmake to fix cmake error * "Building a Desktop LLM App with cpp-httplib" - Removed OpenStreamMalformedContentLength.patch - Upstream release includes fixes for: CVE-2026-33745 (bsc#1260906) CVE-2026-34441 (bsc#1261286) ++++ dealers-choice: - dealers-choice 0.0.12 * Update package description + Add dealers-choice-bot: a headless rules-based CLI bot that connects to a running server like a regular client. Reads DC_PASSWORD from the environment (bot is rejected if the server has no password set). + Text input fields: scrolling with cursor navigation (left/right/home/end), mid-text insertion, Ctrl+V paste; cursor blink resets on each keypress; yellow cursor color for visibility against white text + Handle audio device disconnection: when the audio backend has no default device to reroute to, the device is stopped; register a miniaudio notification callback to detect this and restart the engine when possible (#243). + Stud games: implement bring-in forced partial bet (bringin_amount in server.conf, default 50); subsequent streets open with the player holding the best visible hand + Deuces wild: server now evaluates wild hands automatically using POKEVAL_compare_hands_wild / POKEVAL_evaluate_hand_wild; removed the end-of-hand UI selection for wild card replacement and the associated exchange button, timeout setting (wild_exchange_timeout_ms), network message (MSG_WILD_REPLACEMENT), and server-side exchange logic * bugfix: Three busy-waits, high-cpu server usage * Require libsodium unconditionally; fix authentication bypass where clients could authenticate on password-protected servers without libsodium present * bugfix: Show clear error on protocol version mismatch * Update docker-compose.yml to use DC_PASSWORD and extra arguments when running the server * Fix coin animation: animate from the player who paid, not the next player to act * Bump GAME_PROTOCOL_VERSION from 7 to 8 ++++ easyeffects: - Update to version 8.1.9 * Small performance improvements to our QML code. * Updated translations. * When running inside Flatpak's sandbox we create Qt's lock and server file in the folder QStandardPaths::TempLocation. This seems to avoid the application not being able to start after a unclean exit. ++++ emacs-auctex: - Switch to TeXLive 2026 ++++ etherape: - Update to version 0.9.22: - cleanups of capture code - clear address cache command, thanks to Ronald W. Henderson. - avoid multiple close event, by Ronald W. Henderson. - saving window size in preferences dialog, by Ronald W. Henderson. - F11 to make EtherApe fullscreen, by Ronald W. Henderson. - new georgian translation, thanks to Temuri Doghonadze. - documentation improvments, thanks to Ronald W. Henderson. - IP unknown protocols display now subject to the 'unknown ports' setting. - Smaller improvements and fixes. - One can now export Etherape data to JSON as well as XML. - Export file format is selected in the Preferences dialog. - Export menu entry icon added. - Updated Preferences dialog help and figures. - Man page updates. - XML escaping extended. - Fix for text appearance in these pull downs: Central Node and Capture filter. - Fix for avoiding adding duplicate legend widgets. Now using a hash table. - capture statistics now displayed on one line. - Better nodes and links expiration during low capture rates or for strict capture filters. - Fix for displaying a node prior to its position calculation. ++++ flatpak: - Install flatpak-selinux.if in distributed instead of contrib to avoid clashing with the interfaces from the main selinux-policy package (bsc#1262051) - Add 1262051-selinux-flatpak.if-should-be-installed-in-distribute.patch - Can be dropped when this comes back from upstream: https://github.com/flatpak/flatpak/pull/6622 ++++ freerdp: - Build with SDL3 instead of SDL2 on Tumbleweed ++++ gap-singular: - Update to release 2026.04.09 * Janitorial changes only ++++ gap-twistedconjugacy: - Update to release 3.3.0 * Add a better implementation of `IsFinite` for twisted conjugacy classes, double cosets, orbits of affine actions and group derivation images. * `ReidemeisterNumber` now immediately returns infinity if the source group is finite but the range group is infinite. ++++ gnome-session: - Add gnome-session-fix-double-free-GError.patch: Fix a double-free on GError. (bsc#1261932, glgo#GNOME/gnome-session!176) ++++ gstreamer-plugins-bad: - Fix suse_version check to enable faad codec only in TW since SLE 16 SP1 will use a suse_version value of 1610 ++++ health-checker: - Update to version 1.13+git20260414.bb3e4ad: * Update configure.ac with autoupdate * Remove dependencies on cloud-init [bsc#1244078] and for removed plugins ++++ heroic-gogdl: - Update Requires to use python3- prefix instead of python- to fix "nothing provides" errors during installation, as the modern openSUSE python stack uses the python3 capability. ++++ htop: - enable backtrace and demangling - Update to version 3.5.0: * Implement line editor for Search, Filter and (re)naming Screens * Add digits editing for numeric options * Backtrace screen feature (using libunwind-ptrace) * Add CPU SMT label option * MemoryMeter: rework to allow full platform-specific control * Fix CPU virtualization bar color and help text in non-detailed mode * Add --no-meters option to hide meters * Implement explicit NO_COLOR env support * fix: support *-256color in $TERM key detection * Add COLORSCHEME_NORD: Nordic inspired theme * Add Tctl temperature reading * Add SecondsUptimeMeter * Adjust GPUMeter text display * Make Ctrl-U clear the current Filter or Search string while editing it * Make empty --filter= command line arguments invalid * Make Infoscreen also show uppercase FILTER when filtering (F4) is active * Graph meter dynamic scaling and percent graph drawing * Update "total" value for non-percent bar meters * Fix logic bug while iterating processes * Change NetworkIOMeter "packets per second" display * Add NetworkIOMeter description * Rework DiskIOMeter into a combined display of 2 sub-meters * Introduce DiskIORateMeter and DiskIOTimeMeter * DiskIOMeter: Adjust code indent and formatting * DiskIOMeter: Move cache update code to a new function * Add --no-function-bar option to hide functionbar * Fix function bar labels in Screens panel rename mode * Make Meters function bar consistent with the Screens one * Display a FAILED message in the FunctionBar on host scan failure * Cancel pending renaming action for a screen in dtor of ScreensPanel * Move prevSelected from ScreensPanel to Panel * Only issue KEY_RECLICK when the focussed item has not changed * Track oldFocus correctly in ScreensPanel * Add lost focus event, make mouse actions consistent, handle rename and move explicitly across screens / meters / columns * Make Cancel (F2, Esc) remove a newly added screen tab and not only abort the implicit rename * Use default key list for DisplayOptions "Dec/Inc" function bar * Make first click select option line but not toggle it, toggle with next click, handle right click * Make the Panel items actually match what receives a mouse click * No need for "phantom" CPU threads * Simplify offline CPU marking * Make the physicalID default to 0 because old Intel processors only have that * Don't draw Meter caption if width is not enough (bar & graph) * CPUMeter: Fix negative "x" positions of sub-meters * Add sensors logic for Snapdragon 410 * Add sensors logic for Amlogic S905W support * Add foot terminal to terminalSupportsDefinedKeys * No longer write to htoprc file if it's not owned by EUID * Remove initial enforced delay to reduce startup latency * Improve bootup time by caching all getpwuid result * Fix a small file descriptor leak in Settings_write() * Keep track of the biggest PID and scale the column accordingly * Allocate COMMAND (cmdline) and comm buffers dynamically * Improve "comm" string highlighting in Process_makeCommandStr() * Improve process cmdline basename matching with procExe path * Don't make highlights of zero-length cmdline basename * Shadow path prefixes used by NixOS * Improve Generic_unameRelease() related code * Linux: Check for CPU number on s390 * Linux: Handle special cases for CPU frequency data in /proc/cpuinfo * Linux: Added support for OpenRC init system and metrics * Linux: fix detection of NUL argument separator * Linux: Skip loopback and MD (multi-device) driver entries in /proc/diskstats * Darwin: Add GPUMeter code for macOS * Darwin: Rewrite & improve Platform_getOSRelease() code * Darwin: implement macOS version reporting in SysArchMeter * Darwin: Handle legacy references to kIOMainPortDefault * Darwin: Bring back conversion of process CPU time on macOS (#1638) * PCP: Automatically reconnect PCP metrics contexts on disconnect * PCP: Fixes to use units-based scaling in pcp-htop on macOS * PCP: Fix PCPDynamicColumn parsing after a bad section name * FreeBSD: Update the internal priority reference point * NetBSD: Improve process state retrieval code * OpenBSD: Check on AC power value being nonzero * OpenBSD: Document sysctl indices for ACPI battery & AC code * Solaris: Update memory info on every refresh * Add v1.0 of the AI-Assisted Contributions Policy * Add a Code of Conduct document for the project * README: Add Quick Start section * README: update instructions for those who use Arch * Add Japanese support in htop.desktop * Add Armenian support in htop.desktop * docs: fix COLORS bullet list formatting and capitalization in man page * CI: Add Github Action workflow for Coverity checking * CI: Add libiberty and demangling support to backtrace screen build * CI: Update LLVM/Clang versions to 22 * CI: Update FreeBSD to 15.0 * CI: Update to use OpenBSD 7.7 * build: Add packages for OpenSUSE/SLES * build: Fix Autoconf 2.69 compatibility regressions * build: Simplify curses header checking code * build: remove the --with-os-release configure option * build: Fix redundant newlines in configure help strings * build: Allow custom search path for libnl; try pkg-config when needed * build: Use HTOP_PKG_CHECK_MODULES in hwloc and libnl checking * build: Introduce HTOP_PKG_CHECK_MODULES wrapper macro * build: Introduce 'htop_search_header_dir' configure function * build: Add configure check on whether local unwinding works * build: Automatically detect backtrace(3) return type * build: Use pkg-config to detect libnl3 header path * build: Also check libunwind through pkg-config * build: Simplify configure netlink/*.h detection code * build: Fix netlink/*.h detection logic in configure * build: Fix '-ffinite-math-only' configure warning * build: Fix configure '--enable-delayacct' help text * build: Fix a macOS AC_COMPILE_IFELSE misquoting ++++ impression: - Update to version 3.7.0: + Subscribes to file events instead of polling for changes ++++ libjcat: - Update to version 0.2.6: + New Features: - Allow disabling time checks when not using a trust list + Bugfixes: - Do not allow multiple items with the same ID - Do not try to change the GnuTLS system-wide config - Require at least one successful verification regardless of flags - Return the correct error code using the gnutls rc - Skip the PQ tests if the GnuTLS config is not malleable - Use the correct flag when self-verifying PQC certs ++++ jemalloc: - Update to release 5.3.1 * Implement the `pvalloc` C function. * Add runtime option `prof_bt_max` to control the max stack depth for profiling. * Add runtime option `tcache_ncached_max` to control the number of items in each size bin in the thread cache. * Add runtime option `calloc_madvise_threshold` to determine if kernel or memset is used to zero the allocations for calloc. * Add runtime option `disable_large_size_classes` to guard the new usable size calculation, which minimizes the memory overhead for large allocations, i.e., >= 4 * PAGE. * Enable process_madvise usage, add runtime option `process_madvise_max_batch` to control the max # of regions in each madvise batch. ++++ kora-icon-theme: - New icons for Cinnamon, fixed index, fixed symlinks and fixed cache error. ++++ kubo: - Update to 0.40.1 - 0.40.0 * IPIP-499: UnixFS CID Profiles * Automatic cleanup of interrupted imports * Light clients can now use your node for delegated routing * See total size when pinning * IPIP-523: ?format= takes precedence over Accept header * IPIP-524: Gateway codec conversion disabled by default * More reliable IPNS over PubSub * New ipfs diag datastore commands * New ipfs swarm addrs autonat command * Improved ipfs p2p tunnels with foreground mode * Friendlier ipfs dag stat output * ipfs key improvements * More reliable content providing after startup * No unnecessary DNS lookups for AutoTLS addresses * Configurable gateway request duration limit * Recovery from corrupted MFS root * RPC Content-Type headers for binary responses * New ipfs name get|put commands * Long listing format for ipfs ls * WebUI Improvements * Fixed Prometheus metrics bloat on popular subdomain gateways * libp2p announces all interface addresses * Badger v1 datastore slated for removal this year * Go 1.26 * Dependency updates - github.com/ipld/go-ipld-prime v0.22.0 (boo#1261818, CVE-2026-35480) ++++ lazygit: - Update to version 0.61.1: * Don't default the base repo for pull requests to "origin" * Hide closed pull requests on main branches * Discourage contributions * Add a warning about adding new config options * Make the TOC entries links * Fix heading level * Fix case-insensitive remote URL matching for GitHub PRs * Add a justfile * fix: yaml.github-actions.security.run-shell-injection.run-shell-injection security vulnerability - Update to version 0.61.0: * Update docs and schema for release * Update translations from Crowdin * Add condition field to custom command prompts * Log hashes of local branches when deleting them * Add missing quote * Localize "Dropping stash" log * Bump github.com/sasha-s/go-deadlock from 0.3.6 to 0.3.9 * Bump github.com/sahilm/fuzzy from 0.1.0 to 0.1.1 * Bump github.com/integrii/flaggy from 1.4.0 to 1.8.0 * Bump github.com/spkg/bom from 0.0.0-20160624110644-59b7046e48ad to 1.0.1 * Bump github.com/adrg/xdg from 0.4.0 to 0.5.3 * Add some brief documentation * Don't refresh pull requests when checking out a local branch * Change "Copy pull request URL to clipboard" command to use existing PR if there is one * Add commands for opening a Github PR in the browser * Prompt only once per session for each repo * Add an optional onCancel hook for menus * Call OnMenuPress(nil) when hitting esc in a menu * Show PR information in main view, above the branch log * Cache PRs in AppState so that they appear immediately at startup * Show PR icons in branches list * Add pull requests to lazygit's model and refresh them * Add GitHub commands and model for fetching PR status * Add cli/go-gh/v2 and cli/safeexec vendor dependencies * Refactor hosting service to support repo name extraction * Remove branch icons from Branches list * Add missing entries to scopeNameMap * Allow turning off nerd fonts without restarting * README.md: Update Sponsors * Bump github.com/sanity-io/litter from 1.5.2 to 1.5.8 * Bump github.com/stretchr/testify from 1.10.0 to 1.11.1 * Bump github.com/creack/pty from 1.1.11 to 1.1.24 * Bump github.com/spf13/afero from 1.9.5 to 1.15.0 * Bump github.com/lucasb-eyer/go-colorful from 1.3.0 to 1.4.0 * Bump actions/upload-artifact from 6 to 7 * Bump actions/download-artifact from 7 to 8 * Bump actions/cache from 4 to 5 * Allow customizing the window width/height thresholds for when to use portrait mode * Fix typo * Add label "maintenance" to PRs created by dependabot * Add dependabot config for github actions * Remove the allowed_updates key * Update all actions to their newest versions * fix: pin 7 unpinned action(s) to commit SHAs * fix: extract inline secret from run block in ci.yml * Fix panic when branch.autosetuprebase is set * Make file sort order and case sensitivity configurable * Remove empty directories after discarding files * Extract helper method removeFiles * Change test setup to allow nested directories * Don't stage out-of-date submodules when asking user to auto-stage after resolving conflicts * Add test to demonstrate the problem * Bump github.com/buger/jsonparser from 1.1.1 to 1.1.2 * Fix patch commands when git config has color=always * docs: fix CONTRIBUTING grammar * Update redo keyboard shortcut in README.md * Make Debian/Ubuntu install command architecture-independent * Scroll to top when showing subcommits * Improve performance for discarding range selection of many files * Improve performance of discarding changes in large directories * Add runGitCmdOnPaths utility * Add integration tests for discarding dir changes when filtering by path * Add unit tests for WorkingTreeDiscard{All,Unstaged}DirChanges * Cleanup: better check for which files are removed * Cleanup: simplify by using lo.FilterMap instead of separate calls to Filter and Map * Cleanup: use oscommands.RemoveFile rather than plain os.Remove * Fix searching commits or main view after switching repos * Remove go-git dependency * Remove go-git repo from GitCommon * Remove go-git repo from ConfigCommands * Don't use go-git to parse branches * Don't use go-git to parse remotes * Add support for clicking on arrows in the file list to expand/collapse directories * Add GetOnClick to HasKeybindings * Add GetVisualDepth method to FileTree/CommitFileTree * Document some of the methods of HasKeybindings * Rename GetOnClick (et al) to GetOnDoubleClick * Fix the expanded layout of the branches panel (half and full screen modes) * Add a note about AI to CONTRIBUTING.md * Revert test workaround * Fix selection after staging an added line * Fix staging only some lines of a block of consecutive changes * Add test for how the selection advances after staging lines * Add regression test for staging a single added line * Add test demonstrating problem with staging only some changed lines - Update to version 0.60.0: * Update docs and schema for release * Update translations from Crowdin * Re-render main view when changing screen mode * Cleanup: use CurrentSide() instead of private currentSidePanel * Show worktree name next to branch in branches list * README.md: Update Sponsors * Enable { and } to change diff context size in branches and tags panels in diffing mode * Use new ShouldHandleMouseEvent hook to prevent clicks in views behind panels * Bump gocui * Add comments * Fix off-by-one error when calculating popup panel dimensions * Add backward cycling support for all branches log view * Fix typo: MacOS to macOS * Fix #5302: Create .git/info directory before writing exclude file * Bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 * Show branch name and detached HEAD in worktrees tab * Filter file views rather than search * Only reset selection in ReApplyFilter when search prompt is active * Reset PrevSearchIndex when opening filter prompt * Rename GetFilter to GetStatusFilter on IFileTree * Prevent patch building panel from briefly appearing when discarding change from commit * Allow discarding lines from patch directly * Add DisabledReason for discarding from a multiselection of commits * Turn error checks in discard handler into DisabledReasons * Remove redundant CantPatchWhileRebasingError checks in handlers * Warn more prominently about resetting the patch when discarding changes * Say "discard" instead of "remove" when discard changes from a commit * Hide the "Fetching..." status of the auto-fetch when bottom line is not showing * Rename "Copy commit hash to clipboard" to mention abbreviated hash * Fix matching of lazygit-edit URLs without line numbers * docs: Add Terra install method ++++ legendary: - Update Requires to use python3- prefix instead of python- to fix "nothing provides" errors during installation, as the modern openSUSE python stack uses the python3 capability. ++++ texlive: - Modify patch source-dvipdfmx.dif with the code change from Fabian - Add patch source-dvipdfmx.dif to make test in dvipdfmx tree work even on s390x (boo#1262008) - Correct cflags() shell function usage to catch g++ case as well ... here to use -std=g++17 (boo#1262013) ++++ openhtj2k: - Update to 0.14.0: * See https://github.com/osamu620/OpenHTJ2K/releases/tag/v0.14.0 ++++ openjph: - Update to 0.27.0: * Add initial support for oss-fuzz #249 * Fix OSS-fuzz build #250 * Renamed file to avoid duplicate library names in custom builds. #252 * Validate dimensions in the SIZ marker segment after reading it from a codestream #253 * Fix: Rule of 3/5/7 violation leads to possible use after free in inadvertent use of copy constructor /assignment. #242 * Fix typo in the signature of get_tile_offset() #254 * Fix oss-fuzz build and improve documentation #256 * fix move special functions in mem in and outfile #258 * Add support for CIFuzz #259 * Fix race condition in table initialization with multiple threads #243 * Fix 32-bit ARM SIGBUS: align elastic allocator payload for coded_lists::buf #262 * Add Linux-ARM32 Build #263 * Extend fuzzing harness to add more reachability #264 * Fix ARM64EC builds by excluding ARM64EC from x64(_M_X64) detection on Windows #265 - Drop gh-openjph-262.patch ++++ radare2: - Update to version 6.1.4 (bsc#1262142, CVE-2026-40499): * Analysis: improve autoname scoring, jmptbl detection, and performance * Add callargs modifier, rnum expressions, and typed function context * Refactor autoname into plugin; extend RAnalPlugin hooks * Fix leaks, overflows, and command injection in analysis scripts * Improve string detection, wide strings, and switch/case analysis * Arch: fix v850/nds32 ESIL, optimize to O(1), improve pseudo support * Cache capstone options and improve multi-arch disassembly * ASM: add camel syntax support, unify via RArch API * Bin: major parser fixes (ELF, Mach-O, PE, DEX, PDB, WAD, XCOFF) * Fix leaks, OOB reads/writes, overflows, and improve bounds checks * Improve Swift demangling, ARM hints, relocations, and imports * Add nds32 reloc support and optimize kernelcache parsing * Build: install to lib64, fix illumos and packaging issues * CI: add GitHub Actions and FilC builds * Console: fix multiple overflows, OOB issues, and improve performance * Core: API renames, plugin load order, sandbox/config fixes * Crash: extensive fixes (UAF, OOB, overflows, injections, fuzz bugs) * Harden ELF, PDB, kernelcache, regex, disassemblers, and webserver * Debug: improve ptrace, winkd support, breakpoints, checkpoints * Disasm: cache flag lookups for performance * FS/IO: fix leaks, bounds, sparse IO, and device handling * HTTP/socket: webserver fixes and SSL fallback handling * Print/projects: improve formatting, endian handling, project metadata * Pseudo: add while/switch support and cleaner control flow * Search/shell: improve commands, parsing, and usability * Security: fix widespread command injection and sandbox escapes * Tests/tools: improve r2r, CLI tools, fuzzing, and plugin support * Types/util: parsing improvements, JSON/base64 updates, optimizations * Visual: fix UAF/leaks, improve panels and UX * Full changelog is available at: https://github.com/radareorg/radare2/releases/tag/6.1.4 - Update to version 6.1.2: * Analysis: preserve timeouts, improve bb/jmptbl validation and limits * Optimize string detection and hot-path functions * Add APIs for function signatures, vars limits, and instruction hints * Fix overlapped functions, invalid code checks, and large bb handling * API: remove deprecated librmagic/filetype APIs and name filter * Arch: fix Thumb/endianness issues, add Python pseudo plugin * ASM: unify settings via RArch, fix directives, add bf pseudo plugin * Bin: improve ELF/Mach-O stripped detection and parsing safety * Harden Mach-O bounds, optimize kernelcache and XNU parsing * Fix many leaks (DEX, demangler, parsers) and infinite loops * Improve DWARF handling and symbol/type extraction * Build: improve meson, toolchains, and add ISO/docker support * Console: preserve timeout, fix themes and UTF-8 handling * Core: fix config bugs, improve startup and addressing support * Crash: fix UAF, OOB, race conditions, regex bugs, and overflows * Add safety checks across dotnet, Mach-O, DWARF, and webserver * Debug/ESIL: safer execution and divide-by-zero handling * FS/IO: fix HFS+, dyldcache speedups, safer zip handling * Graph: add bb size limit option * Print: merge commands, improve UTF-8 and formatting * Projects/tools: new configs, plugin support, CLI improvements * Search: faster analysis search and block buffering * Shell: improve grep/macros and file operations * Types: lazy-load, cache, and improve parsing (varargs, structs) * Tests: expand fuzzing and test suites * General cleanup, performance tuning, and safety improvements * Full changelog is available at: https://github.com/radareorg/radare2/releases/tag/6.1.4 - Update to version 6.1.0: * Reimplement RBufRef using RRef; fix RLibDelHandler API * Remove stale JAY code; improve analysis performance and CI speed * Optimize type propagation, jump tables, and plugin integration * Fix infinite loops, antidisasm tricks, and function autonaming * Add new analysis options and trace import plugin (DRCOV) * Improve RCore seek operations and naming APIs * API: add RNum.getErr, enforce safe alloc macros, new helpers * Arch: update ARC disasm, refactor sessions, remove unsafe string ops * ASM: improve x86 validation, add CIL and ARC pseudo plugins * Bin: major fixes for PE, ELF, Java, MDMP, LE, DEX; reduce memory use * Add/import DWARF types, improve relocations and symbol handling * Extensive memory leak fixes and parser hardening across formats * Improve string handling, caching, and zero-copy optimizations * Build: improve meson, remove zip deps, add 3rd-party plugin support * Console: fix UTF-8 graphs and color propagation * Core: improve plugin handling and background task stability * Crash: fix multiple UAF, OOB, overflows, and injection issues * Sanitize inputs (function names, demangler, callconv) * Debug: add source breakpoints, ARM64/XNU support, FPU regs * Disasm: improve string handling, comments, and color logic * ESIL: extend x86 FPU emulation * FS/IO: fixes and plugin reorganizations * HTTP: fix sandbox webserver issues * Hash/tools: minor fixes and output improvements * General cleanup, safety checks, and performance optimizations * Full changelog is available at: https://github.com/radareorg/radare2/releases/tag/6.1.0 - Update to version 6.0.8: * Migrate r_vector to RVec across core components * Refactor and optimize type propagation (now plugin-based) * Remove redundant anal.a2f and related duplication * Improve caching, memoization, and performance in analysis * Fix file corruption, null asserts, and command issues * Enhance x86 (AT&T syntax, enter instruction) and z80 support * Add initial .NET (CIL) disasm/asm support * Improve Java, ELF, Mach-O, APK, and PDB handling * Fix demangling, symbols, and relocation issues * Resolve multiple memory leaks and parser bugs * Fix UAF, OOB, overflows, and command injection vulnerabilities * Improve GDB debugging and breakpoint handling * Enhance disassembly visuals and color options * Update ESIL operators and behavior * Add support for APFS, GPT, BSD, APM partitions * Improve IO handling and add new plugins * Optimize performance (strbuf, memory usage) * Improve console UI, themes, and terminal handling * Refine SDK builds and CI pipelines * Improve CLI tools (rabin2, rasm2, rafs2) * Add JSON support and better help/version info * Expand type parsing (typedef, enum, union) * Improve socket/HTTP handling and downloads * Add and refine tests and reporting * General cleanup, safety checks, and code modernization * Full changelog is available at: https://github.com/radareorg/radare2/releases/tag/6.0.8 - Expand %{bindir}/* ++++ wasmedge: - add gcc16.patch (bsc#1262067) ++++ log4j: - Added patches: * log4j-CVE-2026-34479.patch + backported upstream fix for bsc#1262091 (CVE-2026-34479): log processing denial of service due to improper XML escaping * log4j-CVE-2026-34480.patch + backported upstream fix for bsc#1262092 (CVE-2026-34480): invalid XML output causes denial of service in logging * log4j-CVE-2026-34481.patch + backported upstream fix for bsc#1262093 (CVE-2026-34481): denial of service via invalid JSON output - Added patch: * log4j-CVE-2026-34477.patch + backported upstream fix for bsc#1262050 (CVE-2026-34477): man-in-the-middle attack due to incomplete hostname verification ++++ meson: - Update to version 1.11.0: + BuildTarget(install_dir) length > 1 replaced with keywords + Cython no longer requires explicitly enabling C or C++ + Deduplication of OpenMP linker arguments + `meson dist` now accepts `-j`/`--num-processes` + Deprecate `should_fail` and rename it to `expected_fail`, also introduce `expected_exitcode` + The external_project module uses the cygpath command to convert paths + install_man and install_headers: add support for install_tag kwarg + Added `link_early_args` to targets performing linking + Machine files now expand `~` as the user's home directory + `meson format` file sorting is now disabled by default and uses natural sorting + `-Db_lto` and `-Db_pgo` now supported for MSVC + Last major version supporting Python 3.7, 3.8, and 3.9 + Python extension modules default to C ABI for Rust + Meson now defines `QT_DEBUG` or `QT_NO_DEBUG` depending on build type + `compiler_target()` method in the Rust module + Change to handling of linker arguments for Rust + XC32 support now aware of v5.00 features + windows.compile_resources now detects header changes with rc.exe + Added `implicit_include_directories` argument to `windows.compile_resources` - Rebase 14001.patch and extend-test-timeout-on-qemu-builds.patch - Drop reproducible.patch: fixed upstream. ++++ meson-test: - Update to version 1.11.0: + BuildTarget(install_dir) length > 1 replaced with keywords + Cython no longer requires explicitly enabling C or C++ + Deduplication of OpenMP linker arguments + `meson dist` now accepts `-j`/`--num-processes` + Deprecate `should_fail` and rename it to `expected_fail`, also introduce `expected_exitcode` + The external_project module uses the cygpath command to convert paths + install_man and install_headers: add support for install_tag kwarg + Added `link_early_args` to targets performing linking + Machine files now expand `~` as the user's home directory + `meson format` file sorting is now disabled by default and uses natural sorting + `-Db_lto` and `-Db_pgo` now supported for MSVC + Last major version supporting Python 3.7, 3.8, and 3.9 + Python extension modules default to C ABI for Rust + Meson now defines `QT_DEBUG` or `QT_NO_DEBUG` depending on build type + `compiler_target()` method in the Rust module + Change to handling of linker arguments for Rust + XC32 support now aware of v5.00 features + windows.compile_resources now detects header changes with rc.exe + Added `implicit_include_directories` argument to `windows.compile_resources` - Rebase 14001.patch and extend-test-timeout-on-qemu-builds.patch - Drop reproducible.patch: fixed upstream. ++++ nebula: - add the nebula-service binary ++++ nekobox: Update to 5.10.38 - Fix #120 ++++ nerdctl: - Update to version 2.2.2: * go.mod: github.com/docker/cli v29.2.0+incompatible * go.mod: google.golang.org/grpc v1.79.3 * update CNI plugins (1.9.1) * update BuildKit (0.28.1) ++++ netbird: - Update to 0.68.3: - [management] revert ctx dependency in get account with backpressure by @crn4 in #5878 - [management] add context cancel monitoring by @pascal-fischer in #5879 - [misc] Add CI check for proto version string changes by @lixmal in #5854 ++++ nile: - Update Requires to use python3- prefix instead of python- to fix "nothing provides" errors during installation, as the modern openSUSE python stack uses the python3 capability. ++++ openQA: - Update to version 5.1776202410.3448a30a: * feat(worker): Resolve share directory correctly for relative basedir * fix: SQL ON CONFLICT constraints for Assets registration * feat: allow ignoring job groups on dashboard evaluation - Update to version 5.1776103434.91af0a8b: * feat: expand parallel test execution in t/testrules.yml * feat: set no expiration for "None" auth API keys * fix: Avoid gap between caret and preview container * refactor(upload): Move chunk size constant to constants module * refactor(upload): Define chunk size only once * test: Check for unhandled output by default * git subrepo pull (merge) external/os-autoinst-common * perf(upload): Speed up asset uploads * feat: enable videos for all jobs again * ci: remove redundant perl-critic GHA covered by circleCI * ci: separate compile tests into independent job * test: Move author tests to xt/ and separate compile checks * fix: use Test::Warnings in 02-perlcritic * chore(deps): Remove obsolete Freenode::StrictWarnings policy * chore(ci): bump checkout v4->v6 * feat: implement "None" authentication provider * feat: Prevent job assignments when running out of space by default * fix(results_min_free_storage_space_percentage): Allow disabling with `0` * fix(results_min_free_storage_space_percentage): Add to `Setup.pm` * feat: make compute_build_results faster by passing the query for jobs * feat: optimize comment_data_for_jobs when passed a result set ++++ openSUSE-signkey-cert: - Add trigger-rebuild.timestamp, this dummy file is updated manually to trigger a rebuild when the project certificate (_projectcert.crt) changes, as OBS doesn't track it automatically in some cases. (bsc#1256888) ++++ os-autoinst: - Update to version 5.1776179508.bd2644d: * feat: abort test with incomplete if requested HDD size > threshold * chore: Remove obsolete HashKeyQuotes module * chore(deps): Remove obsolete Freenode::StrictWarnings policy * fix(manpages): Fix the output of pod2man * chore(ci): bump checkout v4->v6 ++++ pika-backup: - Update to version 0.8.2: * Work around an issue with stored encryption passwords not being able to be read or written. ++++ polkit-default-privs: - Update to version 1550+20260414.1647bf2: * profiles: systemd v260 follow-up (bsc#1259318) ++++ pybind11_protobuf: - Update git snapshot to 0~git20250210.f02a2b7 - Rebase 0006-Add-install-target-for-CMake-builds.patch - Drop obsolete 0007-CMake-Use-Python-Module.patch - Add patches: * 0001-Fix-CMake-variable-scope.patch * 0001-Fix-for-PB-DescriptorDataBase-API-breaks.patch ++++ python-agent-client-protocol: - Update to 0.9.0: - fix(docs): correct nested agent server entry in Quickstart uv example - feat(examples): Add PEP 723 metadata to echo_agent for just uv run - chore(deps): bump black from 25.9.0 to 26.3.1 in the uv group across 1 directory - feat(schema): upgrade ACP schema from v0.10.8 to v0.11.2 - fix: complete schema v0.11.2 follow-ups - chore(deps): bump requests from 2.32.5 to 2.33.0 in the uv group across 1 directory - fix(docs): correct nested agent server entry in Quickstart uv example - feat(examples): Add PEP 723 metadata to echo_agent for just uv run - chore(deps): bump black from 25.9.0 to 26.3.1 in the uv group across 1 directory - feat(schema): upgrade ACP schema from v0.10.8 to v0.11.2 ++++ python-griffe: - Restore build for Python 3.14. - Skip failing `test_meson_python_file_handling` test (gh#mkdocstrings/griffe#452). ++++ python-kiwisolver: - Remove setuptools_scm working file from installation ++++ python-kombu: - Skip a test broken by redis 7.4. ++++ python-mcp: - Update to 1.27.0: - fix: remove unused requests dependency from simple-chatbot example - ci: backport conformance tests from main to v1.x - fix: add RFC 8707 resource validation to OAuth client - feat: add idle timeout for StreamableHTTP sessions - [v1.x] fix: prevent command injection in example URL opening - Add VERSIONING.md, ROADMAP.md, and DEPENDENCY_POLICY.md - docs: restructure README into docs/ pages - docs: comprehensive feature documentation for SEP-1730 Tier 1 - docs: fix stub pages and improve docs structure - docs: fix GitHub links to point to v1.x branch - docs: add snippet verification for docs/ pages - docs: add server-side tool error handling documentation - Backport: Add missing TasksCallCapability to v1.x - [v1.x] fix: handle non-UTF-8 bytes in stdio server stdin - [v1.x] fix: handle ClosedResourceError when transport closes mid-request ++++ python-mistralai: - Update to 2.3.2: https://github.com/mistralai/client-python/releases - Skip tests failing on Python 3.14+ (gh#mistralai/client-python#490). ++++ python-mypy: - Skip test failing with CPython CVE fix ++++ python-pdm: - Add patch support-installer-1.0.patch: * Support installer 1.0 changes. - Specify versions for many of the requirements. - Stop skipping so many network tests. ++++ salt: - Fix testsuite failures - Added: * fix-test-failures-754.patch ++++ salt-test: - Fix testsuite failures - Added: * fix-test-failures-754.patch ++++ python-snimpy: - update to 1.1.2: * Fix timeout handling for SNMPv1 and SNMPv2c walk and set operations. * Don't walk too much when iterating on a column. * Fix leaked timeout tasks. * Improve performance on SNMPv1 and SNMPv2c. * Update for PySNMP 7. This version does not work with previous versions of PySNMP. * Modernize build system. ++++ python-specfile: - Update to 0.40.1 * Fixed issues related to introduced sanitization (#523, #524, #525). - from version 0.40.0 * `Specfile()` has a new `sanitize` option that enables best effort sanitization of potentially dangerous constructs such as shell expansions and unsafe Lua macros before they are passed to RPM for parsing. (#519) * Fixed incorrect parsing of nested macros. (#522) - Add openSUSE-release to BuildRequires ++++ virtualbox: - Refresh the Leap 16.1 build fix patch for covering the missing file: leap16.1-kmp-fixes.patch ++++ python-websockify: - Add support-jwcrypto-1-57.patch to fix tests with new jwcrypto ++++ python-zope.configuration: - update to 7.1: * Move package metadata from setup.py to pyproject.toml. * Add support for Python 3.14. * Drop support for Python 3.9. * Remove run-time dependency on setuptools. ++++ python-mistral-vibe: - Upgrade to 2.7.5: - Changed - Display detected files and LLM risks in trust folder dialog - Text-to-speech via the Mistral SDK with telemetry tracking - Deferred MCP and git I/O to background thread for faster CLI startup - Made telemetry URL configurable - Bumped Textual to 8.2.1 - Fixed - Encoding detection fallback in read_safe for non-UTF-8 files - Config saving logic cleanup - Upgrade to 2.7.4: - Added - Console View for enhanced debugging and monitoring - /mcp command to display MCP servers and their status - Manual command output forwarding to agent context - Changed - Improved web_fetch content truncation for better readability - Lazily load heavy dependencies to improve startup time - Optimized folder parsing at startup using scandir - Include file name in search_replace result display - Fixed - Stale configurations from subagent switch - ValueError on OTEL context detach in agent_span - Clipboard toast preview replaced with fixed text - Only agents with type "agent" are loadable with --agent flag - Made chat_url nullable in ChatAssistantPublicData - Normalized OTEL span exporter endpoint - Removed redundant permission prompts for parallel tool calls needing the same permission - Removed bottom margin issue in UI - Never crash before ACP server starts - Use skill in recent commands via the up-arrow navigation - Fixed loading order issues in vibe initialization - Upgrade to 2.7.3: - Added - /data-retention slash command to view Mistral AI's data retention notice and privacy settings - Upgrade to 2.7.2: - Added - Alt+Left / Alt+Right keyboard shortcuts for word-wise cursor movement in chat input - Changed - Refactored narrator into a dedicated narrator manager - Fixed - Broken build on Linux - Errored MCP servers are now excluded from the banner count - Improved bash denylist matching and error messages - Command messages are now skipped during rewind navigation - Upgrade to 2.7.1: - Added - ACP message-id support for reliable message boundary identification - Reasoning effort parameter for supported models - Changed - Updated MistralAI SDK - Updated ACP SDK dependency - Refined system prompt wording and structure - Reduced scroll sensitivity to 1 line per tick for smoother scrolling - Fixed - Non-standard HTTP 529 status codes now handled gracefully in error formatting and retried - Text selection errors when copying from unmounting components - Excluded "injected" field from user messages in generic backend - Upgrade to 2.7.0: - Added - Rewind mode to navigate and fork conversation history - Fixed - Preserve message_id when aggregating streaming LLM chunks - Improved error handling for SDK response errors - Upgrade to 2.6.2: - Changed - Pinned agent-client-protocol dependency back to 0.8.1 - Removed - Context usage updates via ACP - Upgrade to 2.6.1: - Changed - Loosened agent-client-protocol version constraint from pinned to minimum bound - Upgrade to 2.6.0: - Added - OTEL tracing support for observability - Skill tool for managing task lists and workflows - Text-to-speech (TTS) functionality - Standalone --resume command for session picker - BFS for vibe folders to improve startup performance - List-based model picker for /model command - is_user_prompt flag to Mistral metadata header - Correlation ID in user feedback calls - Current date added to system prompt in vibe-work - TypeScript type inference for large tool outputs in vibe-work-harness - Changed - Updated agent-client-protocol to 0.9.0a1 - Changed inline code color from yellow to green - Removed "You have no internet access" from CLI prompt - Fine-grained permission system improvements - Inject system certs into vibe-acp frozen binary via truststore - Fixed - Streaming for currently streamed message when switching agents - Proper UI updates when tools switch current agents - Space key functionality when holding shift - Empty TextChunk not appended when reasoning has no text content - Messages removed from user feedback event - Bash allowlist/denylist activation on Windows - Improved scrolling performance - ACP error handling in webview - Context usage updates sent via ACP - Upgrade to 2.5.0: - Added - Dedicated theorem proving agent powered by leanstral, setup with /leanstall - More advanced AGENTS.md support: - AGENTS.md in ~/.vibe/ folder for user-level agent instructions - AGENTS.md for subfolders and in parent folders - Mistral Code API key info displayed in CLI banner - Voice mode with real-time transcription support - Parallel tool execution for improved performance - Structured ACP error classes for better error handling - Changed - Bash allowlist/denylist now active on Windows - Auto-completion relevance improved with better filename and path matching - History navigation no longer filters by prefix - Updated to Mistral SDK v2 import structure - Removed find from bash default allowlist to prevent -exec abuse - Fixed - Improved scrolling performance - Web search tool now infers server URL from provider config - Upgrade to 2.4.2: - Added - Session ID included in telemetry events for better tracing - Changed - Skills now extract arguments when invoked, improving parameter handling - Auto-compact threshold falls back to global setting when not defined at model level - Update notification toast no longer times out, ensuring the user sees the restart prompt - Removed file_content_before from Vibe Code, reducing payload size ++++ rubygem-agama-yast: - Version 20 ++++ scummvm: - Update to 2026.2.0 * see https://downloads.scummvm.org/frs/scummvm/2026.2.0/ReleaseNotes.html for notes ++++ skopeo: - Update to version 1.22.1: * [release-1.22] Bump Skopeo to v1.22.1 * [release-1.20] CVE-2026-34986 gojose v4.1.4 * [release-1.22] Bump google.golang.org/grpc to v1.79.3 * [release-1.22] Bump c/common to v0.67.1, c/image v5.39.2 ++++ suse-xsl-stylesheets: - Update 2.95.34 * JSON-LD/mentions: Look for nearest info element in #796 * Fix DOCTEAM-2221: Introduce dateCreated in #797 ++++ vermouth: - Initial commit with version 1.2.1 - Upstream changes: * Added spec file * Bump the version * Fix winetricks launch * feat: Added a toggle to prevent sleep * Better runtime picker layout * feat: Run standalone exe * Flatpak changes for better review process * Added a note regarding Flatpak, removed unnecessary home perm * Added pulseaudio to flatpack requirements ++++ virtualbox-kmp: - Refresh the Leap 16.1 build fix patch for covering the missing file: leap16.1-kmp-fixes.patch ++++ virtui-manager: - version 2.5.4: * fix major issue from last update of textual in TW: https://github.com/Textualize/textual/releases/tag/v8.0.0 ++++ xchm: - Update to release 1.39 * Added Georgian translation. * Fixed an HHC parser bug. * Replaced a few obsolete wxWidgets constructs. * Added more basic safety checks in CHM raw buffer parsing. ++++ zapzap: - Update to 6.4.0 * fix: refactor clipboard logic to prevent wayland segfault * Update pt_PT.po * Update pt_PT and pt_BR * Add Arabic Translation * Allow customizations like CSS, JS and Extensions * Add and update Swedish translations * Update information about Fedora Copr and AppImage * Allow to hide App Sidebar * Enable DevTools * Avoid duplicate external URL openings from createWindow redirections * Improve Flatpak permission guidance for file access issues * notifications: make Freedesktop backend resilient to transient DBus service loss * Windows Support, Multi-Account Grid View, and Privacy Enhancements * Add first-run 3-step onboarding dialog and integrate into startup * Add CardUser actions to page button context menu * Add theme switcher to View menu with keyboard shortcuts * Add informational note about notification sound settings in Notifications page * Add Donate button to settings sidebar * Add "Disable pinch to zoom" option to Performance settings * Add Debug Logs management UI and handlers to General settings ------------------------------------------------------------------ ------------------ 2026-4-13 - Apr 13 2026 ------------------- ------------------------------------------------------------------ ++++ GraphicsMagick: - added patches CVE-2026-26284: Heap overflow in pcd decoder leads to out of bounds read. [bsc#1258765] * GraphicsMagick-CVE-2026-26284.patch ++++ ProtonPlus: - Update to version 0.5.18: + fixed typo + Remove Proton-Sarek + Temporary fix for Proton-CachyOS + feat(launch-options): Implement new launch options view + Fix Latest releases for Bottles + Handle symlink preservation for user_settings.py + Improve UI + Update to GNOME 50 + Updated translations ++++ webkitgtk3: - Update to version 2.52.2: + Improve handling of real-time threads. + Fix scrollbar rendering glitches visible in some GPU configurations. + Fix V4L2 hardware accelerated media codecs now working due to overly restrictive sandbox device access rules. + Fix leak of bitmap images in webkit_favicon_database_get_favicon_finish(). + Fix the build with USE_GTK4=OFF. + Fix several crashes and rendering issues. - Drop webkitgtk-gtk3-build-fix.patch: fixed upstream. ++++ webkitgtk4: - Update to version 2.52.2: + Improve handling of real-time threads. + Fix scrollbar rendering glitches visible in some GPU configurations. + Fix V4L2 hardware accelerated media codecs now working due to overly restrictive sandbox device access rules. + Fix leak of bitmap images in webkit_favicon_database_get_favicon_finish(). + Fix the build with USE_GTK4=OFF. + Fix several crashes and rendering issues. - Drop webkitgtk-gtk3-build-fix.patch: fixed upstream. ++++ agama: - Update storage schemas (gh#agama-project/agama#3380). ++++ agama-products: - Fix syntax in the enhanced_base change (gh#agama-project/agama#3378) - Moved sudo-policy-wheel-auth-self from mandatory patterns to mandatory packages for TW MicroOS (bsc#1261991) ++++ agama-web-ui: - Extend storage UI to reuse LVM volume groups (gh#agama-project/agama#3380). ++++ agama-yast: - Adapt storage model to reuse LVM volume groups (gh#agama-project/agama#3380). ++++ apk-tools: - Update to version 3.0.6: * extract_v3: validate link target size. * query: match depends exactly against dependencies. * defines: add and use APKE_BUFFER_SIZE. * db: fix url buffer sizes and names. * pkg: add and use PKG_VER_MAX for PKG_VER_FMT. * db, update: update idb package size from index. * db: set diri->pkg to null to indicate overlay. * fix re-exec writing to original argv instead of copy. * fix off-by-one in fetch_parseuint radix check. ++++ apko: - Update to version 1.2.3: * build(deps): bump google.golang.org/api from 0.274.0 to 0.275.0 (#2169) * build(deps): bump step-security/harden-runner from 2.16.1 to 2.17.0 (#2171) * build(deps): bump step-security/action-actionlint from 1.69.1 to 1.72.0 (#2172) * build(deps): bump golang.org/x/sys from 0.42.0 to 0.43.0 (#2170) * build(deps): bump step-security/harden-runner from 2.16.0 to 2.16.1 (#2167) * build(deps): bump google.golang.org/api from 0.273.1 to 0.274.0 (#2161) * build(deps): bump go.opentelemetry.io/otel from 1.42.0 to 1.43.0 (#2162) * build(deps): bump go.opentelemetry.io/otel/trace from 1.42.0 to 1.43.0 (#2163) * chore(harden-runner): add files.example.com endpoint (#2165) * chore(workflows): add actionlint and zizmor action linters [INC-161] (#2166) * build(deps): bump chainguard-dev/actions from 1.6.11 to 1.6.13 (#2160) ++++ bind: - Update to release 9.20.22 Security Fixes: * Fix crash when reconfiguring zone update policy during active updates. Bug Fixes: * Fix intermittent named crashes during asynchronous zone operations. * Count temporal problems with DNSSEC validation as attempts. * Fix a possible deadlock in RPZ processing. * Fix a crash triggered by rndc modzone on a zone from a configuration file. * Fix the processing of empty catalog zone ACLs. * Fix a crash triggered by rndc modzone on zone that already existed in NZF file. * Fix potential resource leak during resolver error handling. ++++ blog: - Update to version 2.38 * Silent debugging messages in epoll algorithm (boo#1261699) * Make it work on 3215 console of s390 means no tcdrain() for 3215, no blocking writes, not more then 130 characters per line, no \r, finalize lines with \n. Nevertheless use a blocking read for password requests. Make automatic CLEAR an kernel command line option with the parameter blog.timeout=0 (boo#1261697) ++++ libarchive: - Update to 3.8.7: * CAB: fix NULL pointer dereference during skip (#2900) * CAB: Fix Heap OOB Write in CAB LZX decoder (#2919) * cpio: various fixes and improvements (#2899, #2908, #2910, #2939) * contrib/untar: fix out-of-bounds read (#2903) * iso9660: fix undefined behavior (#2897) * iso9660: fix posibble heap buffer overflow on 32-bit systems (#2934) * libarchive: fix handling of option failures (#2871) * libarchive: do not continue with truncated numbers (#2911) * libarchive: lzop and grzip filter support (#2947) * RAR: fix LZSS window size mismatch after PPMd block (#2898) - Added add-missing-tests.patch: the distributed tarball is missing a test file, add it back - Removed libarchive-3.8.6-add-missing-test.patch ++++ cage: - Update to version 0.3.0: * build: bump version to 0.3.0 * Make buffer bigger to prevent wayland disconnection * build: drop cage_heaers * Upgrade wlroots to v0.20 * Fix segfault during cleanup when wlr_scene isn't created * Implement the drm-lease-v1 protocol * xwayland: fix crash when request_fullscreen is called while unmapped * xdg_shell: skip configure in request_fullscreen handler if unmapped * Fix segfault when title or app_id is NULL * xwayland: remove associate/dissociate listeners * Add support for wlr-foreign-toplevel-management ++++ nodejs-common: - Use adapted suse_version for 16.1 (jsc#PED-15772) ++++ desktop-file-utils: - Do not require systemd: either this is installed in a system that uses systemd, then it's present, or the scripts are used withing builds/containers where systemd is not used or wanted. ++++ fleet-cli: - new package fleet-cli: CLI for the Rancher Fleet GitOps tooling ++++ ft2-clone: - Update to version 2.16 * Reverted mixer interpolation phases from 4096 to 8192. ++++ gemini-cli: - update to 0.37.2: * fix(patch): cherry-pick 9d741ab to release/v0.37.1-pr-24565 to patch version v0.37.1 and create version 0.37.2 ++++ gnome-control-center: - Update to version 50.1: + Accessibility: Fix keyboard navigation between cursor sizes + Display: Correct the type of num_scales counter + Privacy: - Fix memory leak in camera page - Fix memory leak in location page + Users: Chain up dispose in crop area widget + Updated translations. - Update libgxdp sub-module. ++++ gnome-tour: - Update to 50.0: * Updated translations. ++++ goshs: - Update to version 2.0.0 Highlights * SMB server with NTLM hash capture and optional quick hash cracking. * DNS server to receive and log incoming DNS queries. * SMTP server to receive emails and attachments. * Redirect endpoint for HTTP 3xx redirects with custom headers. * File-based ACLs for per-directory authentication and access control. * Share links with time and download limits, QR codes, and token-based access WebDAV, SFTP, Basic Auth, Certificate Auth, Let’s Encrypt, and much more Security Fixes * Fix GHSA-7qx6-f23w-3w7f Unauthenticated Open Redirect, Arbitrary HTTP Response Header Injection, Missing CSRF, and Invisible-Mode Bypass in goshs `/?redirect` endpoint * Fix GHSA-7h3j-592v-jcrp Public collaborator feed leaks .goshs ACL credentials and enables unauthorized access. * Fix GHSA-jrq5-hg6x-j6g3 CSRF in state-changing GET routes enables authenticated file deletion and directory creation * Fix GHSA-c29w-qq4m-2gcv Empty-username SFTP password authentication bypass in goshs * Fix GHSA-5h6h-7rc9-3824 SFTP root escape via prefix-based path validation in goshs * Fix CVE-2026-40189 (boo#1261996), GHSA-wvhv-qcqf-f3cx File-based ACL authorization bypass in goshs state-changing routes. * Fix CVE-2026-40188 (boo#1261995), GHSA-2943-crp8-38xx Missing Write Protection for Parametric Data Values * Fix CVE-2026-35393 (boo#1261608), GHSA-jg56-wf8x-qrv5 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs POST multipart upload * Fix CVE-2026-35392 (boo#1261607), GHSA-g8mv-vp7j-qp64 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs PUT Upload * Fix CVE-2026-35471 (boo#1261609), GHSA-6qcc-6q27-whp8 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs deleteFile() * Fix GHSA-jgfx-74g2-9r6g Auth Bypass via Share Token - Add patch: * gosh-fix-test.patch ++++ hfsfuse: - Update to 0.416 * Fixes hfstar's error output on failure to open a volume. Previously the archive name was printed here instead of the path to the volume. * On macOS: ensures the rpath for libfuse is set in the hfsfuse binary if needed (e.g. for FUSE-T). - from version 0.410 * This release features a modest performance improvement for most operations. * Fixes a bug that could cause LZVN HFS+ compressed files to be incorrectly reported as unsupported. - Add missing changelog entry for 0.404 ++++ jenkins-x-cli: - Update to version 3.16.63: * chore(deps): upgrade jenkins-x-plugins/jx-verify to version 0.3.18 - Update to version 3.16.62: * chore(deps): upgrade jenkins-x-plugins/jx-secret to version 0.4.21 - Update to version 3.16.61: * chore(deps): upgrade jenkins-x-plugins/jx-project to version 0.2.85 - Update to version 3.16.60: * chore(deps): upgrade jenkins-x-plugins/jx-promote to version 0.6.35 ++++ jetty-minimal: - Enable the jetty-jaspi module - Added patch: * jetty-CVE-2026-5795.patch + backport of upstream patch fixing bsc#1261997 (CVE-2026-5795): JaspiAuthenticator broken access control ++++ kakoune: - Update to 2026.04.12: * finaleol option to support writing files that do not end with an final end-of-line byte * FocusIn/FocusOut events on suspend * %val{buffile} is now empty for scratch buffers * Reworked Json UI draw_status call to give UI implementation more control, added cursor pos to the draw call and removed the set_cursor call * number-lines -full-relative switch to keep a smaller line number gutter. * and to select nested text objects * kak -C connects to a session or creates it if it does not exist. ++++ kl: - Update to version 0.9.0: * feat: add unicode progress bar to logs view * docs: improve demo * feat: custom filter modes * fix: deselect all with R available anywhere * fix: ensure no ansi escape codes in saved logs ++++ kubecolor: - Update to version 0.6.0: * Features - Colorize kubectl label & kubectl annotate by @applejag in [#300] - Colorize True/False bool status in kubectl get table output by @tenitski in #307 - Improve 'executable not found' error by @applejag in #299 Makes the error easier to understand. Before: $ kubecolor get pods [kubecolor] [ERROR] exec: "kubectl": executable file not found in $PATH After: $ kubecolor get pods [kubecolor] [ERROR] exec: "kubectl": executable file not found in $PATH; kubectl must be installed to use kubecolor * Fixes - Increase max line length from 65 kB to 1.5 MB by @applejag in [#297] Before this fix, kubecolor would freeze when it tried to parse a line that was too long. But with this buffer size increase you should now be able to use kubecolor without it freezing. In short, this fixes: - Running kubecolor get secret -o yaml on a secret with a really big value, such as Helm release secrets - Running kubecolor logs on a pod that had a really big log line In addition, if kubecolor tries to read a line that's still too long (more than 1.5 MB now), it will now error out instead of freezing. The size limit was chosen based on the maximum Secret and ConfigMap value size, rounded up a bit to account for the size increase of base64 encoding and any other formatting like indentation and key names. - Always use the custom version printer by @applejag in #298 This did not work before becase kubecolor runs kubectl behind the scenes, reads its output, parses it, and adds in the coloring. And with the kubectl version subcommand it also injects kubecolor's own version into the output. But when kubecolor's output is not a terminal, such as when piping it through cat, then as an optimization kubecolor just handed its stdout over to kubectl, so kubecolor has no way of seeing or modifying the output. The fix was to still wrap kubectl's output when being piped, if (and only if) the subcommand used is kubectl version. You could always also get the kubecolor version using kubecolor --kubecolor-version. But now it behaves more predictable when piping. * Other - Add cooldown to Dependabot updates by @applejag in #296 * Dependencies - Update to Go 1.26.1 by @applejag in #308 - Bump actions/checkout from 6.0.0 to 6.0.1 in the all group by @dependabot[bot] in #287 - Bump actions/checkout from 6.0.1 to 6.0.2 in the all group by @dependabot[bot] in #293 - Bump actions/download-artifact from 7.0.0 to 8.0.0 in the all group by @dependabot[bot] in #306 - Bump actions/download-artifact from 8.0.0 to 8.0.1 in the all group by @dependabot[bot] in #314 - Bump codecov/codecov-action from 5.5.2 to 6.0.0 in the all group by @dependabot[bot] in #316 - Bump docker/build-push-action from 6.18.0 to 6.19.2 in the all group by @dependabot[bot] in #302 - Bump docker/setup-qemu-action from 3.6.0 to 3.7.0 in the all group by @dependabot[bot] in #284 - Bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0 in the all group by @dependabot[bot] in #303 - Bump k8s.io/apimachinery from 0.34.1 to 0.34.2 in the all group by @dependabot[bot] in #285 - Bump k8s.io/apimachinery from 0.34.2 to 0.34.3 in the all group by @dependabot[bot] in #288 - Bump k8s.io/apimachinery from 0.34.3 to 0.35.0 in the all group by @dependabot[bot] in #290 - Bump k8s.io/apimachinery from 0.35.0 to 0.35.1 in the all group by @dependabot[bot] in #301 - Bump k8s.io/apimachinery from 0.35.1 to 0.35.2 in the all group by @dependabot[bot] in #305 - Bump k8s.io/apimachinery from 0.35.2 to 0.35.3 in the all group by @dependabot[bot] in #313 - Bump the all group with 2 updates by @dependabot[bot] in #291 - Bump the all group with 2 updates by @dependabot[bot] in #292 - Bump the all group with 2 updates by @dependabot[bot] in #294 - Bump the all group with 2 updates by @dependabot[bot] in #315 - Bump the all group with 3 updates by @dependabot[bot] in #286 - Bump the all group with 3 updates by @dependabot[bot] in #289 - Bump the all group with 3 updates by @dependabot[bot] in #311 - Bump the all group with 5 updates by @dependabot[bot] in #312 - Bump zizmorcore/zizmor-action from 0.4.1 to 0.5.0 in the all group by @dependabot[bot] in #295 ++++ ldap-proxy: - Update to version 0.1.4 * Drop OpenSSL for Rustls * Update concread which improves cache performance * Allow DN mapping so that the proxy can impersonate users * Allow un-authenticated searches per rfc4511 ++++ openhtj2k: - Update to 0.13.2: * Closes the 3.9 ms live-vs-offline decode gap on M3 Max, bringing the live RTP receiver from ~50 fps to ~60 fps on 4K 4:2:2 HT at 1.7 bpp with - -threads 2 - Update to 0.13.1: * RTP receiver: Fix -DOPENHTJ2K_RTP=ON build on macOS - Update to 0.13.0: See https://github.com/osamu620/OpenHTJ2K/releases/tag/v0.13.0 - Update to 0.12.0: See https://github.com/osamu620/OpenHTJ2K/releases/tag/v0.12.0 - Update to 0.11.1: * Update the RTP receiver capability claim from "sustains 4K @ 30 fps" to "sustains 4K @ 60 fps on modern x86-64 with --threads 2", to reflect the v4-perf work that shipped in 0.11.0 - Update to 0.11.0: See https://github.com/osamu620/OpenHTJ2K/releases/tag/v0.11.0 - Update to 0.10.0: See https://github.com/osamu620/OpenHTJ2K/releases/tag/v0.10.0 ++++ libpng16: - version update to 1.6.57: * Fixed CVE-2026-34757 (medium severity): Use-after-free in `png_set_PLTE`, `png_set_tRNS` and `png_set_hIST` leading to corrupted chunk data and potential heap information disclosure. Also hardened the append-style setters (`png_set_text`, `png_set_sPLT`, `png_set_unknown_chunks`) against a theoretical variant of the same aliasing pattern. (Reported by Iv4n .) * Fixed integer overflow in rowbytes computation in read transforms. (Contributed by Mohammad Seet.) - fixes [bsc#1261957] ++++ libstorage-ng: - merge gh#openSUSE/libstorage-ng#1065 - moved devicegraph copy function to impl - 4.5.310 ++++ totem-pl-parser: - Update to version 3.26.7: + Fix uninitialized variable error in plparser + Add itunes genre support for podcast RSS feeds + Split podcast tests + Fix deprecation warnings + Fix return value from cancelled plparser calls + Fix TotemPlParserMetadata in plparser bindings + Use gitlab.gnome.org for bug-database in doap + Use apps.gnome.org for homepage in doap + Update podcast test for server changes + Fix guard return type in plparser + Updated translations. ++++ melange: - Update to version 0.49.0: * build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 in the actions group (#2476) * fix(pipelines/autoconf/configure): add libtool (#2472) * build(deps): bump golang.org/x/crypto from 0.49.0 to 0.50.0 in the gomod group (#2473) * build(deps): bump step-security/action-actionlint from 1.69.1 to 1.72.0 in the actions group (#2474) * feat(qemu): apply reasonable CPU/memory defaults (#2470) * build(deps): bump the gomod group with 2 updates (#2468) * build(deps): bump step-security/harden-runner from 2.16.1 to 2.17.0 in the actions group (#2469) * build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.40.0 to 1.43.0 (#2467) * build(deps): bump golang.org/x/sys in the gomod group (#2466) * build(deps): bump the gomod group with 3 updates (#2464) * build(deps): bump step-security/harden-runner from 2.16.0 to 2.16.1 in the actions group (#2465) * chore(workflows): add actionlint and zizmor action linters [SECINT-75] (#2463) * build(deps): bump the gomod group across 1 directory with 4 updates (#2462) ++++ netbird: - Update to 0.68.2: - [management] network map tests by @mlsmaycon in #5795 - [management] use sql null vars by @pascal-fischer in #5844 - [client] Use native firewall for peer ACLs in userspace WireGuard mode by @lixmal in #5668 - [misc] update dashboards by @pascal-fischer in #5840 - [management] update account delete with proper proxy domain and service cleanup by @pascal-fischer in #5817 - [management] allow local routing peer resource by @pascal-fischer in #5814 - [management] Revert "[management] allow local routing peer resource (#5814)" by @pascal-fischer in #5847 - [management] enable access log cleanup by default by @pascal-fischer in #5842 - [client] Update RaceDial to accept context for improved cancellation by @pappz in #5849 - [management] add domain and service cleanup migration by @pascal-fischer in #5850 - [client] Fix Android internet blackhole caused by stale route re-injection on TUN rebuild by @pappz in #5865 - [client] Fix/grpc retry by @pappz in #5750 - [client] Fix DNS resolution with userspace WireGuard and kernel firewall by @lixmal in #5873 ++++ os-autoinst: - Update to version 5.1776074266.6a6c5ee: * fix(manpages): Fix the output of pod2man * fix(t/08-autotest.t): Fix FTBFS for reproducible builds * chore(ci): bump checkout v4->v6 * fix: prevent deprecation warning about "spurt" * style(llm): use indented heredocs for better readability * refactor: consolidate logic in _detect_serial_marker_capability * style: use non-capturing group for BASH version detection * fix(distribution): make PRETTY_SERIAL_MARKER reboot-safe * refactor: early returns in _detect_serial_marker_capability ++++ pika-backup: - Remove disable-gtk-test.patch Fixed appstream. - Update to version 0.8.1: * Fix timestamps not respecting 12h/24h clock format setting. * Fix UI sometimes being unresponsive when starting / stopping backups. * Fix backups failing to get credentials or mount GFvs if two scheduled backups are started at the same time. Now, only one backups is started per minute. * Fix buttons in notifications not working in flatpaked version with workaround. * Add detailed explanation about the risks and benefits of encrypting backups. * Change code to use three different Rust modules. * Change fnmatches to be stored as strings instead of bytes in config. * Change setup dialog start page is split into two pages. * Change history file to be smaller. * Change to error out if archives are mounted for scheduled backup. * Change to error out if backup is already in use for scheduled backup. * Change to use AdwAlertDialog. * Change to use AdwAboutDialog. * Change to use AdwDialog for all dialogs. * Change to use AdwWrapBox instead of our own implementation. * Change to use AdwShortcutsDialog. * Change to use tracing for logging instead of glib. * Change to no longer explicitly support X11. * Change reconnect mechanism to be more robust in detecting if work happened between disconnects. * Add ability to backup files. * Add dialog showing the state of closing archives mounted for browsing when closing main window. * Add propper error messages for more situations like missing filesystem access. * Add info about potential Ubuntu bug when mounting archives fails. * Add pkgconfig(openssl) BuildRequires: New dependency. ++++ python-Authlib: - provide python-authlib for compatebility ++++ python-cattrs: - Add missing BuildRequires/Suggests on tomli-w. ++++ python-click-extra: - update to 7.10.1: * Fix pipe and github table formats to produce mdformat-compatible separator rows, preventing a formatting cycle between tabulate and mdformat. * Replace hardcoded test matrix with repomatic metadata-managed matrix; OS, Python, and stability axes are now computed dynamically, with custom Click/Cloup version axes via [tool.repomatic.test-matrix]. PRs get a reduced matrix to save CI minutes. Drops Python 3.15t (free-threaded), aligning with repomatic v6.10.0 defaults. * Replace {eval-rst}-wrapped automodule and autoclasstree directives with native MyST syntax in all docs. ++++ python-filelock: - Skip flaky tests, bsc#1261360 ++++ python-google-api-core: - Update to 2.30.3 * Avoid repeated scan of entire venv via packages_distributions() at import time (#16579) ++++ python-google-auth: - Update to version 2.49.2 * Use requests transport for GCE MDS (#16480) ++++ python-greenlet: - Update to 3.4.0 * Publish binary wheels for RISC-V 64. * Fix multiple rare crash paths during interpreter shutdown. Note that this now relies on the atexit module, and introduces subtle API changes during interpreter shutdown (for example, getcurrent is no longer available once the atexit callback fires). See PR #499 by Nicolas Bouvrette. * Address the results of an automated code audit performed by Daniel Diniz. This includes several minor correctness changes that theoretically could have been crashing bugs, but typically only in very rare circumstances. See PR 502. * Fix several race conditions that could arise in free-threaded builds when using greenlet objects from multiple threads, some of which could lead to assertion failures or interpreter crashes. See issue 503, with thanks to Nitay Dariel and Daniel Diniz. ++++ python-griffe-inherited-docstrings: - Initial packaging effort for griffe-inherited-docstrings 1.1.3. - Restore build for Python 3.14. ++++ python-jaraco.packaging: - Update to 10.4.0: * Added releases option to sidebar-links directive, generating a link to the GitHub releases page from the Source URL in project metadata. * Complete annotations and add py.typed marker. * Enabled strict type checking. * Inline the definition of StrPath. ++++ python-jaraco.test: - Add missing {Build,}Requires on git-core. - No longer allow the testsuite to fail. ++++ python-mkdocs-autorefs: - Restore build for Python 3.14. ++++ python-mkdocstrings: - Restore build for Python 3.14. ++++ python-pyfuse3: - Do not ship source files in binary packages. ++++ python-pytest-httpx: - Update to 0.36.2: [#]# Changed * pytest required version is now 9. [#]# Added * Explicit support for python 3.14. * match_params parameter is now available on responses and callbacks registration, as well as request(s) retrieval. Allowing to provide query parameters as a dict instead of being part of the matched URL. + This parameter allows to perform partial query params matching. [#]# Fixed * URL with more than one value for the same parameter were not matched properly (matching was performed on the first value). * httpx_mock.add_exception is now properly documented. [#]# Removed * python 3.9 is not supported anymore. ++++ python-python-ipware: - Initial package (3.0.0) ++++ python-rfc3161-client: - Update to 1.0.6 (fixes CVE-2026-33753, bsc#1261804) * Fixed a bug where the verification incorrectly picked the leaf certificate. This allowed an attacker who could modify a timestamp response to make a legitimately-signed timestamp from TSA-A pass verification as if it came fromTSA-B. ++++ python-setuptools: - add testsuite for tests ++++ python-zipp: - fix testsuite failure ++++ python313-setuptools: - add testsuite for tests ++++ qrtool: - Update to version 0.13.2: * Requires Rust 1.88.0 * Allow iterations higher than 255 in --zopfli * update bundled dependencies - fixes build with gcc16 (boo#1261736) ++++ rpmlint: - Update to version 2.9.0+git20260413.9633b0c5: * Update openSUSE's licenses.toml * systemd-tmpfiles: whitelist snapd snap-private-tmp (bsc#1261739) * cli: Allow usage of --strict option ++++ rpmlint-strict: - Update to version 2.9.0+git20260413.9633b0c5: * Update openSUSE's licenses.toml * systemd-tmpfiles: whitelist snapd snap-private-tmp (bsc#1261739) * cli: Allow usage of --strict option ++++ rpmlint-test: - Update to version 2.9.0+git20260413.9633b0c5: * Update openSUSE's licenses.toml * systemd-tmpfiles: whitelist snapd snap-private-tmp (bsc#1261739) * cli: Allow usage of --strict option ++++ rubygem-agama-yast: - Adapt storage model to reuse LVM volume groups (gh#agama-project/agama#3380). ++++ rumdl: - Update to version 0.1.70: * Fixed - MD044: do not flag proper names inside bare-domain link text (56a45df) ++++ safeeyes: - Update to 3.4.0: * Update translations * Short and long break command line argument #849 ++++ sakura: - `convert` from ImageMagick has to be replaced via rsvg-convert since svg conversion became not allowed by the security policy. ++++ semaphore: - Update to version 2.17.36 (no releases between .33 and .36): * 07b5c05 fix(subscr): show correct message * 6b5a4ae Merge pull request #3754 from semaphoreui/fix/ldap_filter_injection ++++ spicetify-cli: - Update to version 2.43.1: * fix(preprocess): use old approach with changing css * feat: patch in old card stylings * fix: handle css classes as objects (#3759) * feat(lyrics-plus): add idling indicator for pauses and UI enhancements (#3726) * feat(css-map): add classes for Spotify `1.2.86` (#3757) * fix: css classes not applying to js (#3758) * fix(fullAppDisplay): use GraphQL to fetch album date (#3733) * fix(devtools): respect `XDG_CACHE_HOME` for offline.bnk lookup * fix: do some changes for Spotify `1.2.86` * ci: do not trigger release when release is not marked as latest * fix(trashbin): context menu label not updating (#3744) * fix(types): add missing types for Player and ReactJSX (#3732) * fix(lyrics-plus): use `spclient` endpoint to fetch tempo (#3734) * fix(types): make `PopupModal` content accept `JSXElement` (#3728) * feat(lyrics-plus): add performer tag for the Musixmatch provider (#3689) * feat(css-map): added newer mappings for progress bar (#3720) * fix: update `loopyLoop` to handle Spotify DOM restructuring (#3724) * fix(types): change types for `SubMenu` and `ButtonProps` (#3723) * fix(preprocess): adapt Platform regex due to URL in the chunk * feat: move to our own implementation of `ScrollableContainer` * fix(wrapper): unmount `_HTMLGenericModal` React content on hide (#3717) * fix(wrapper): find `ScrollableContainer` in `exportedMemos` for spotify `1.2.84` * chore(deps): bump actions/attest-build-provenance from 3 to 4 (#3713) * fix: skip `ExclusiveModeAPI` resolution to prevent Linux segfault (#3705) * fix: apply latest fix to `waitForChunks` as well * fix: adapt wrapper to spotify `1.2.83` * feat: disable getting Cards for now * ci: update URL for AUR package update (#3686) * fix(custom-apps): directly access `ReactDOM` * fix(preprocess): add nullish check * fix: use exact match with pkill to terminate Spotify (#3543) * feat(lyrics-plus): convert musixmatch translation name from iso to language name (#3672) * chore(deps): bump golang.org/x/net from 0.48.0 to 0.49.0 (#3677) * fix(lyrics-plus): use `data-testid` to match the icon * chore(deps): bump golang.org/x/sys from 0.39.0 to 0.40.0 (#3675) * fix: init paths for few unchainable commands * fix: init paths after unchainable commands * chore(coderabbit): disable issue enrichment * fix(shuffle+): use `PlatformAPI` for `Rootlist` * feat(css-map): add entity header with bg img & nav bar class (#3658) * chore(deps): bump actions/upload-artifact from 5 to 6 (#3655) * feat(config/linux): add `lpf-spotify-client` path (#3654) * chore(deps): bump golang.org/x/net from 0.47.0 to 0.48.0 (#3648) * chore(deps): bump golang.org/x/sys from 0.38.0 to 0.39.0 (#3649) * fix(apply): custom apps for `1.2.78` (#3643) * fix(preprocess): apply old snackbar regex for 1.2.77 and below * fix(apply): add support for Spotify `1.2.78`+ (#3629) * fix: check for both dll and exe on windows * fix(lyrics-plus): correctly detect non-standard language from Musixmatch providers (#3596) * feat: add build type detection * feat(css-map): add track list disabled class (#3591) * chore(deps): bump actions/checkout from 5 to 6 (#3586) * feat(lyrics-plus): enhance Musixmatch integration (#3562) * feat: add a workaround around weird spotify condition * feat(css-map): add missing progress bar classes for 1.2.75+ (#3583) * chore(deps): bump golang.org/x/net from 0.46.0 to 0.47.0 (#3576) * chore(deps): bump golang.org/x/sys from 0.37.0 to 0.38.0 (#3574) * feat(css-maps): add missing maps and introduce new maps for watch feed modal (#3560) * chore(deps): bump actions/upload-artifact from 4 to 5 (#3564) * chore(deps): bump signpath/github-action-submit-signing-request from 1 to 2 (#3563) * chore(deps): bump golang.org/x/net from 0.44.0 to 0.46.0 (#3553) * chore(deps): bump github.com/pterm/pterm from 0.12.80 to 0.12.82 (#3556) * feat(css-map): add various missing classes for `1.2.73` (#3541) * feat(css-map): add missing settings classes for `1.2.73` (#3538) * fix(shuffle+): use `PlatformAPI` for getting contents of the playlist * fix(css-map): replace `lyrics-lyricsContent-active` key (#3535) * feat(css-map): add player classes for `1.2.73` (#3529) * feat(css-map): add missing lyrics classes (#3524) * feat(css-map): add `NPV` and `LibraryX` classnames missing in 1.2.72 (#3528) * chore: properly change fetch remote css map spinner (#3522) * feat(wrapper): allow nesting submenus * chore: change log style * fix: some changes for Spotify `1.2.72` * fix(watch): properly handle goroutine for logging * feat: logging improvements and refactoring (#3493) * chore(deps): bump actions/setup-go from 5 to 6 (#3507) * chore(deps): bump golang.org/x/net from 0.43.0 to 0.44.0 (#3514) * chore(types): add `isRight` property to `Topbar.Button` class (#3516) * feat(css-map): update for `1.2.72` (#3511) * fix(uri): hook correct chunk (#3508) * fix: use try catch block * fix(react-component): hook correct `ContextMenu` (#3501) * chore(deps): bump actions/attest-build-provenance from 2 to 3 (#3499) * fix(preprocess/colors): only break regexes on the end * fix(preprocess): use word breaks in regex * fix(loopyLoop): wait for webpack * fix(apply): correctly check for multiple indexes in one case * fix(preprocess): exclude selector RTL rules (#3488) * fix(css-map): use different classname forBdcf5g__Rug3TGqSdbiy` * ci(build): arm64 macOS should also be built * style: disable `useIterableCallbackReturn` * ci(build): do not build `arm64` linux build * chore(deps): bump amannn/action-semantic-pull-request from 5 to 6 (#3487) * ci: attest output after signing * feat(apply): support for `1.2.70` (#3483) * chore(deps): bump actions/checkout from 4 to 5 (#3480) * style: lint (#3484) * feat(css-map): map various classes for 1.2.69 (#3481) * chore(deps): bump golang.org/x/net from 0.42.0 to 0.43.0 (#3476) * chore(deps): bump golang.org/x/sys from 0.34.0 to 0.35.0 (#3475) * fix(autoSkipExplicit): add missing `async` * fix(autoSkipExplicit): wait for webpack to be loaded * chore(deps): bump golang.org/x/net from 0.41.0 to 0.42.0 (#3459) * chore(deps): bump golang.org/x/sys from 0.33.0 to 0.34.0 (#3457) * docs: change readme a bit * revert: only check changed files * ci(linter): only check changed files * feat(keyboardShortcut): change scroll top keybind (#3442) * feat(css-map): map `artistAbout` classes * fix(sidebarConfig): wait for snackbar & new props (#3446) * style(biome): update schema (#3447) ++++ stunnel: - Update to 5.78: * Bugfixes - Fixed a memory leak introduced in version 5.73. - Build fix for systems without timegm() (thanks to Jose A. Diaz and Shubham Gupta). - Fixed a startup crash when both global (default) and service-level lists of values are configured for an option. * Features - Support for zstd and brotli compression with OpenSSL 3.2 and TLS 1.2 or older. - Support for new "options" parameter values. - Less bloated errors on an invalid configuration file. - Documentation updated from Pod to Pandoc Markdown. - Removed support for OpenSSL versions older than 0.9.8. The final update for the OpenSSL 0.9.7 branch (0.9.7m) was issed on 23 Feb 2007. ++++ tenmon: - update to 20260412: * Special handling of COUNT aggregate function * Add table view to database tree * Add support copy to clipboard for table * Add database tree view * Add running script as CLI option ++++ tomcat: - Update to Tomcat 9.0.117 * Fixed CVEs: + CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850) + CVE-2026-25854: Occasionally open redirect (bsc#1261851) + CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852) + CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is disabled (bsc#1261853) + CVE-2026-29146: EncryptInterceptor vulnerable to padding oracle attack by default (bsc#1261854) + CVE-2026-32990: The fix for CVE-2025-66614 was incomplete + CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855) + CVE-2026-34486: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor (bsc#1261854) + CVE-2026-34487: Cloud membership for clustering component exposed the Kubernetes bearer token (bsc#1261856) + CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (bsc#1261857) * Catalina + Fix: Add escaping for URI and query string in the access log. (markt) + Fix: 69967: Fix inconsistencies related to Content-Length and Content-Type headers when accessed using the getHeader method and similar. (remm) + Fix: 69940: Improve redirect handling in the LoadBalancerDrainingValve. (schultz) * Cluster + Fix: Reduce log verbosity of the Kubernetes connection attempts and failure. (remm) + Fix: Better error handling for the EncryptInterceptor. (markt) + Fix: 69970: Support raw IPv6 in Kubernetes membership provider for the service host. (remm) + Add: Add support for new algorithms provided by JPA providers to the EncyptInterceptor. (markt) * Coyote + Update: Align buffer reuse of the OpenSSLEngine for tomcat-native with the FFM code. (remm) + Fix: Fix an HTTP/2 header frame parsing bug that could result in a connection being closed without a GOAWAY frame if an invalid HEADERS frame was received. (markt) + Fix: 69982: Fix a bug in the non-blocking flushing code for NIO+TLS that meant that a response may not be fully written until the connection is closed. Pull request #966 provided by Phil Clay. (markt) + Fix: Ensure the HTTP/2 request header read buffer is reset (including restoration to default size) after a stream reset. (markt) + Add: Provide trailer field filtering equivalent to that provided for non-trailer fields. Control characters (excluding TAB), and characters with code points above 255 will be replaced with a space. (markt) + Fix: Align OpenSSl FFM behaviour with Tomcat Native for various OCSP edge cases. (markt) + Fix: 69938: Avoid changing the closed state of TLS channel when resetting it after close. (remm) + Add: Add an HTTP configuration setting, noCompressionEncodings, that can be used to control which content encodings will not be compressed when compression is enabled. Based on pull request #914 by Long9725. (markt) + Fix: Add size limit for OCSP responses. Based on code submitted by Chenjp. (remm) + Fix: To maintain the documented alignment with the OpenSSL development branch, the use of the aliases SSLv3, EXPORT, EXPORT40, EXPORT56, KRB5, kFZA, aFZA, eFZA and FZA are no longer supported when setting the ciphers attribute of an SSLHostConfig element. (markt) + Fix: To maintain the documented alignment with the OpenSSL development branch, add support for the aliases ARIAGCM and CBCwhen setting the ciphers attribute of an SSLHostConfig element. (markt) + Add: 69870: Add a drainTimeout to the HTTP/2 UpgradeProtocol element to allow configuration of an time between the two final GOAWAY frames sent by Tomcat when closing am HTTP/2 connection. Pull request #917 provided by Kai Burjack. (markt) + Add: Log an information message if an APR Connector is used, recommending that the appropriate NIO Connector is used instead. (markt) + Fix: Respect the value for the jdk.tls.namedGroups system property as the default value for the configured group list on the Connector. (remm) + Fix: 69964: Respect the configured cipher order, which was no longer respected following the addition of TLS 1.3 specific cipher configuration. TLS 1.3 ciphers will always be first in the list. (remm) + Fix: Free the x509 object in the FFM code when getting the peer certificate if getting the bytes from the certificate somehow fails. Pull request #951 provided by Chenjp. (remm) + Fix: Improve HPACK exception use, making sure HpackException is thrown instead of unexpected types. (remm) + Fix: Update the parser for the HTTP Host header and :authority pseudo header to convert the port, if any, to an Integer rather than a Long to be consistent with how port is exposed in the Servlet API. (markt) + Add: To aid the migration from the single ciphers configuration attribute to the use of ciphers and cipherSuites, TLS 1.3 cipher suites listed in the ciphers attribute will be removed from the ciphers attribute and added to the end of the cipherSuites attribute. This behaviour will be removed in Tomcat 12.0.x onwards. (markt) + Code: Replace the external OpenSSL based OCSP responder used during unit tests with a Bouncy Castle based, in-process Java OCSP responder. (markt) + Fix: Relax HTTP/2 header validation and respond to invalid requests with a stream reset or a 400 response as appropriate rather then with a connection reset. (markt) + Fix: Add validation of chunk extensions for chunked transfer encoding. (markt) + Update: Update the recommended version for Tomcat Native to 1.3.7. (markt) + Fix: Align the FFM handling of OCSP TRY_LATER responses with Tomcat Native. (remm) + Fix: Free CA certificate after calling SSL_CTX_add_client_CA in the FFM code. Based on code from PR 44 from tomcat-native. (remm) + Fix: Free certificate chain if an error occurs, in the FFM code. (remm) + Fix: Report handshake issues as SSLException in the FFM code, rather than IllegalStateException. (remm) + Fix: Fix case sensitive handling of the protocol host name. (remm) * Jasper + Fix: 69948: Avoid ArrayOutOfBoundsException instead of PropertyNotFoundException when generating a properties not found exception in AstValue. Based on #950 submitted by Jérôme Besnard. (remm) + Add: Add support for specifying Java 27 (with the value 27) as the compiler source and/or compiler target for JSP compilation. If used with an Eclipse JDT compiler version that does not support these values, a warning will be logged and the default will be used. (markt) * Web applications + Add: 69931: Add