Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version=Tumbleweed&build=20260224 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: krb5 (1.22.1 -> 1.22.2) libgcrypt (1.11.2 -> 1.12.1) libsoup (3.6.5 -> 3.6.6) libsoup2 mdadm (4.5+39.g1aa6e5de -> 4.5+43.gdc69a22f) pipewire poppler (26.01.0 -> 26.02.0) poppler-qt6 (26.01.0 -> 26.02.0) qpdf qt6-webengine vim (9.2.0010 -> 9.2.0045) xdp-tools (1.5.8 -> 1.6.2) yast2-trans (84.87.20260211.efc7b89cd3 -> 84.87.20260222.1fea9d3cc7) === Details === ==== krb5 ==== Version update (1.22.1 -> 1.22.2) Subpackages: krb5-client - Update to 1.22.2 * Fix a SPNEGO packet parsing bug which could cause GSS mechanism negotiation failure. - Fix building with glibc 2.43; (bsc#1257257); Add patch 0010-Fix-strchr-conformance-to-C23.patch ==== libgcrypt ==== Version update (1.11.2 -> 1.12.1) - Update to 1.12.1 * Various fixes - Drop libgcrypt-1.12.0-ec_regression.patch - Update to 1.12.0 * New and extended interfaces: - Allow access to the FIPS service indicator via the new GCRYCTL_FIPS_SERVICE_INDICATOR control code. - Make SHA-1 non-FIPS internally for the 1.12 API - Add Dilithium (ML-DSA) support - Support optional random-override and support byte string data * Bug fixes: - Use secure MPI in _gcry_mpi_assign_limb_space. - Use CSIDL_COMMON_APPDATA instead of /etc on Windows. - Apply a Kyber patch from upstream. - Fix an edge case in Jent initialization. - mceliece6688128f: Fix stack overflow crash on win64/wine * Performance: - Many performance improvements, new AVX512 implementations for modern CPUs. - Add RISC-V Zbb+Zbc implementation of CRC. - Add RISC-V vector cryptography implementation of GHASH, AES, SHA256 and SHA512 - Add AVX2 and AVX512 code paths to improve CRC. For a full changelog, see: https://dev.gnupg.org/source/libgcrypt/history/master/;libgcrypt-1.12.0 * Dropped libgcrypt-1.11.1-public-SLI-API.patch - applied upstream * Rebased libgcrypt-CVE-2024-2236.patch * Rebased libgcrypt-FIPS-SLI-hash-mac.patch * Rebased libgcrypt-FIPS-SLI-kdf-leylength.patch * Rebased libgcrypt-FIPS-SLI-pk.patch * Rebased libgcrypt-FIPS-jitter-standalone.patch * Rebased libgcrypt-FIPS-rndjent_poll.patch * Rebased libgcrypt-nobetasuffix.patch * Rebased libgcrypt-rol64-redefinition.patch * Added libgcrypt-1.12.0-ec_regression.patch * libgcrypt 1.12.0: gcry_mpi_ec_curve_point corrupts point ==== libsoup ==== Version update (3.6.5 -> 3.6.6) Subpackages: libsoup-3_0-0 typelib-1_0-Soup-3_0 - Rebase and re-enable libsoup-CVE-2026-2708.patch. - Update to version 3.6.6: + websocket: Fix out-of-bounds read in process_frame + Check nulls returned by soup_date_time_new_from_http_string() + Numerous fixes to handling of Range headers + server: close the connection after responsing a request containing Content-Length and Transfer-Encoding + Use CRLF as line boundary when parsing chunked enconding data + websocket: do not accept messages frames after closing due to an error + Sanitize filename of content disposition header values + Always validate the headers value when coming from untrusted source + uri-utils: do host validation when checking if a GUri is valid + multipart: check length of bytes read soup_filter_input_stream_read_until() + message-headers: Reject duplicate Host headers + server: null-check soup_date_time_to_string() + auth-digest: fix crash in soup_auth_digest_get_protection_space() + session: fix 'heap-use-after-free' caused by 'finishing' queue item twice + cookies: Avoid expires attribute if date is invalid + http1: Set EOF flag once content-length bytes have been read + date-utils: Add value checks for date/time parsing + multipart: Fix multiple boundry limits + Fixed multiple possible memory leaks + message-headers: Correct merge of ranges + body-input-stream: Correct chunked trailers end detection + server-http2: Correctly validate URIs + multipart: Fix read out of buffer bounds under soup_multipart_new_from_message() + headers: Ensure Request-Line comprises entire first line + tests: Fix MSVC build error + Fix possible deadlock on init from gmodule usage + Updated translations. - Drop upstream merged patches: + libsoup-CVE-2025-11021.patch + libsoup-CVE-2025-12105.patch + libsoup-CVE-2025-14523.patch + libsoup-CVE-2025-32907.patch + libsoup-CVE-2025-32908.patch + libsoup-CVE-2025-32914.patch + libsoup-CVE-2025-4476.patch + libsoup-CVE-2025-4945.patch + libsoup-CVE-2025-4948.patch + libsoup-CVE-2025-4969.patch + libsoup-CVE-2026-0716.patch + libsoup-CVE-2026-1536.patch + libsoup-CVE-2026-1761.patch + libsoup-CVE-2026-2369.patch + libsoup-CVE-2026-2443.patch - libsoup-CVE-2026-2708.patch temporarily disabled while we need to rebase it. - Add libsoup-CVE-2026-2708.patch: do not allow adding multiple content length values to headers (bsc#1258508 CVE-2026-2708 glgo#GNOME/libsoup#500). ==== libsoup2 ==== - Add libsoup2-CVE-2026-2708.patch: do not allow adding multiple content length values to headers (bsc#1258508 CVE-2026-2708 glgo#GNOME/libsoup#500). ==== mdadm ==== Version update (4.5+39.g1aa6e5de -> 4.5+43.gdc69a22f) - Update to version 4.5+43.gdc69a22f: * Fix slowdown probing non-RAID devices (bsc#1258255) * platform-intel: Deal with hot-unplugged devices (bsc#1258265) * imsm: Fix UEFI backward compatibility for RAID10D4 (bsc#1257009) ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Add subpackages config-rates, config-upmix and config-raop to easily enable the example config files, just like in Fedora (fixes boo#1258217) ==== poppler ==== Version update (26.01.0 -> 26.02.0) Subpackages: libpoppler-cpp3 libpoppler-glib8 poppler-tools - Version update to 26.02.0: * core: + Improvements in signature checking + Improve rendering of files using the CalGray color space + Internal code improvements + Fix crashes in malformed documents * utils: + pdftotext: Fix page level bounds calculation in tsv mode * build system: + unmaintained value for some options has been replaced by UnmaintainedWillBeRemovedInJuly2026 - Bump dependencies required versions in spec file to match versions in CMakeLists.txt ==== poppler-qt6 ==== Version update (26.01.0 -> 26.02.0) - Version update to 26.02.0: * core: + Improvements in signature checking + Improve rendering of files using the CalGray color space + Internal code improvements + Fix crashes in malformed documents * utils: + pdftotext: Fix page level bounds calculation in tsv mode * build system: + unmaintained value for some options has been replaced by UnmaintainedWillBeRemovedInJuly2026 - Bump dependencies required versions in spec file to match versions in CMakeLists.txt ==== qpdf ==== - fix build for 15 ==== qt6-webengine ==== Subpackages: libQt6WebEngineCore6 libQt6WebEngineQuick6 libQt6WebEngineWidgets6 qt6-webengine-imports - Add upstream change (boo#1258695): * 0001-sandbox-Fix-build-with-glibc-2.43-and-above.patch ==== vim ==== Version update (9.2.0010 -> 9.2.0045) Subpackages: vim-data vim-data-common xxd - Update to version 9.2.0045: * Patch 9.1.0011: regexp cannot match combining chars in collection. * Patch 9.1.0012: regression with empty inner blocks introduced (after v9.1.0007). * Patch 9.1.0013: Modula2 filetype support lacking. * Patch 9.1.0014: incorrect use of W_WINROW in edit.c. * Patch 9.1.0015: i_CTRL-R- no longer works in replace mode. * Patch 9.1.0016: default diff highlighting is too noisy. * Patch 9.1.0017: use-after-free in eval1_emsg() when an empty line follows a lambda. * Patch 9.1.0018: use of #if instead of #ifdef. * Patch 9.1.0019: cmdline may disappear when changing 'cmdheight' (after Patch 9.0.0190). * Patch 9.1.0020: Vim9: cannot compile all methods in a class. * Patch 9.1.0021: i_CTRL-R- doesn't work for multibyte chars in Replace mode, Coverity complains missing return value for u_save_cursor(). * Patch 9.1.0022: Coverity complains about improper use of negative value. * Patch 9.1.0023: xxd: few problems with EBCDIC for z/OS (MVS). * Patch 9.1.0024: z/OS (MVS) support can be improved. * Patch 9.1.0025: A few typos in tests and justify.vim. * Patch 9.1.0027: Vim is missing a foreach() func. * Patch 9.1.0029: Cannot act on various terminal response codes. * Patch 9.1.0030: Cannot use terminal alternate fonts (PMunch). * Patch 9.1.0033: Insert mode not stopped if an autocommand modifies a hidden buffer while closing a prompt buffer. * Patch 9.1.0034: Window may unexpectedly scroll when 'scrollbind' is set and setting a buffer-local option using setbufvar(). * Patch 9.1.0035: i_CTRL-] triggers InsertCharPre. * Patch 9.1.0037: Calling get_breakindent_win() repeatedly when computing virtual column, and get_breakindent_win() does a STRCMP() on the whole line since Patch 9.0.0016. * Patch 9.1.0038: Unnecessary loop in getvcol(). * Patch 9.1.0039: too vague errors for 'listchars'/'fillchars'. * Patch 9.1.0040: Modifying a hidden buffer still interferes with prompt buffer mode changes. * Patch 9.1.0041: xxd -i may generate incorrect C statements. * Patch 9.1.0042: Missing test for Chuck filetype after. * Patch 9.1.0043: ml_get: invalid lnum when :s replaces visual selection. * Patch 9.1.0044: po Makefiles can be improved. * Patch 9.1.0045: --remote-silent applies the wildignore option to each argument, which may result in "E479: No match" (hebaronson). ==== xdp-tools ==== Version update (1.5.8 -> 1.6.2) - Update to v1.6.2 * Prevented xdpsock from looping forever on RX. * Fixed 32-bit compile errors for xdpsock. * Addressed build failures involving "-Werror=stringop-overread". * Added documentation for XSK commands. - Update to v1.6.1 * Added -lpthread to all userspace builds in lib/common. * Fixed build issues with older versions of libbpf. * Fixed xdp-trafficgen support for mlx5 devices. * Enabled multibuf for the xdp-pass program in xdp-trafficgen. * Fixed builds regarding GCC maybe-uninitialized warnings. * Avoided the use of stddef.h and size_t in BPF headers. - Update to v1.6.0 * Added devmap egress action option and drop mode for egress action in xdp-bench. * Updated linux headers bpf.h to kernel version 6.3. * Added device binding support. * Enhanced params library to support parsing integer values as hex and U64 as option types. * Added 'xsk' command in xdp-bench for running AF_XDP benchmarks. * Imported xdpsock code from bpf_examples into lib/util. * Added xsk-udp mode for xsksock operation in xdp-trafficgen. * Added probing for XSK busy poll support in lib/util. ==== yast2-trans ==== Version update (84.87.20260211.efc7b89cd3 -> 84.87.20260222.1fea9d3cc7) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20260222.1fea9d3cc7: * Translated using Weblate (Slovak) * Translated using Weblate (Catalan) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Catalan) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Catalan) * Translated using Weblate (Slovak) * Translated using Weblate (Georgian) * Translated using Weblate (Slovak) * Translated using Weblate (Japanese)
