Packages changed: MicroOS-release (20260330 -> 20260331) bolt (0.9.10 -> 0.9.11) dracut (110+suse.18.g5a7a17b3 -> 110+suse.23.g5d9502c7) ell (0.81 -> 0.83) expat (2.7.4 -> 2.7.5) lzlib (1.15 -> 1.16) pipewire polkit python-attrs (25.4.0 -> 26.1.0) python-cryptography python-maturin (1.11.5 -> 1.12.6) === Details === ==== MicroOS-release ==== Version update (20260330 -> 20260331) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== bolt ==== Version update (0.9.10 -> 0.9.11) - update to 0.9.11: * Updated NHI PCI IDs: added Maple Ridge, ADL, TGL-H, RPL, MTL, and AMD Strix Point USB4 Routers ==== dracut ==== Version update (110+suse.18.g5a7a17b3 -> 110+suse.23.g5d9502c7) Subpackages: dracut-ima - Update to version 110+suse.23.g5d9502c7: NVMeoF boot: avoid network interface renaming (jsc#PED-14341): * feat(nvmf): set rd.nvmf.nm=1 if NetworkManager 1.54 is detected * feat(nvmf): allow using system interface naming policy * feat(nvmf): add dracut.conf option nvmf_nbft_mode * feat(nvmf): enable adapting to NBFT reconfiguration * fix(dracut.conf.5): move fstab/chroot warning to hostonly_mode section ==== ell ==== Version update (0.81 -> 0.83) - Update to release 0.83 * Fix compilation issues with -std=c23 mode. * Add additional test vectors for AES-CCM. ==== expat ==== Version update (2.7.4 -> 2.7.5) - version update to 2.7.5 (bsc#1259711, bsc#1259729, bsc#1259726) * CVE-2026-32776 -- Fix NULL function pointer dereference for empty external parameter entities; it takes use of both functions XML_ExternalEntityParserCreate and XML_SetParamEntityParsing for an application to be vulnerable. * CVE-2026-32777 -- Protect from XML_TOK_INSTANCE_START infinite loop in function entityValueProcessor; it takes use of both functions XML_ExternalEntityParserCreate and XML_SetParamEntityParsing for an application to be vulnerable. * CVE-2026-32778 -- Fix NULL dereference in function setContext on retry after an earlier ouf-of-memory condition; it takes use of function XML_ParserCreateNS or XML_ParserCreate_MM for an application to be vulnerable. * See full changelog here: https://github.com/libexpat/libexpat/blob/R_2_7_5/expat/Changes ==== lzlib ==== Version update (1.15 -> 1.16) - Update to release 1.16 * An index of functions and constants has been added to the manual. ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Add pipewire-const-correctness-1.patch and pipewire-const-correctness-2.patch picking upstream changes to fix build with glibc 2.43 ==== polkit ==== Subpackages: libpolkit-agent-1-0 libpolkit-gobject-1-0 typelib-1_0-Polkit-1_0 - avoid reading endless amounts of memory (CVE-2026-4897 bsc#1260859) 0001-CVE-2026-4897-getline-string-overflow.patch ==== python-attrs ==== Version update (25.4.0 -> 26.1.0) - update to 26.1.0: * Field aliases are now resolved *before* calling `field_transformer`, so transformers receive fully populated `Attribute` objects with usable `alias` values instead of `None`. * The new `Attribute.alias_is_default` flag indicates whether the alias was auto-generated (`True`) or explicitly set by the user (`False`). * Fix type annotations for `attrs.validators.optional()`, so it no longer rejects tuples with more than one validator. * The `attrs.validators.disabled()` contextmanager can now be nested. * Frozen classes can set `on_setattr=attrs.setters.NO_OP` in addition to `None`. * It's now possible to pass *attrs* **instances** in addition to *attrs* **classes** to `attrs.fields()`. ==== python-cryptography ==== - Add patch support-maturin-1.12.patch: * Correctly deal with maturin bugfix that installs tests and docs under sitearch. ==== python-maturin ==== Version update (1.11.5 -> 1.12.6) - Drop CVE-2026-25727.patch (handled in _service) - Update to 1.12.6 * Sync legacy_py.rs with upstream PyPI warehouse legacy.py gh#PyO3/maturin#3053 * Keep cargo build artifact at original path after staging gh#PyO3/maturin#3054 - Update to 1.12.5 * feat: include debug info files (.pdb, .dSYM, .dwp) in wheels gh#PyO3/maturin#3024 * Fix wrong abi3 tag for conditional cargo features enabled pyo3 abi3 feature gh#PyO3/maturin#3029 * fix: maturin build --sdist wheel name/layout for excluded workspace crates gh#PyO3/maturin#3031 * fix: preserve wheel output dir when building from unpacked sdist gh#PyO3/maturin#3036 * feat: add python-implementation condition to conditional features gh#PyO3/maturin#3038 * Fix non-existent comment tag gh#PyO3/maturin#3044 * Use mmap for faster warn_missing_py_init, to be safe we now move the cargo built artifact to target/maturin so this may cause breakage if you rely on it in standard cargo target/ location gh#PyO3/maturin#2950 - Update to 1.12.4 * Upgrade memmap2 version gh#PyO3/maturin#3021 * fix: platform tag detection for Android targets gh#PyO3/maturin#3023 * fix: only ignore maturin-generated native libraries on all platforms gh#PyO3/maturin#3025 * fix: ignore develop artifacts for all binding types during build gh#PyO3/maturin#3026 * feat: support conditional cargo features based on Python version gh#PyO3/maturin#3027 - Update to 1.12.3 * docs(config): minor fixes gh#PyO3/maturin#3008 * fix: support maturin develop on Windows ARM with x86 Python gh#PyO3/maturin#3011 * fix: exclude external_packages bindings from uniffi wheels gh#PyO3/maturin#3013 * Update cargo-zigbuild to 0.22.1 gh#PyO3/maturin#3015 * feat: build wheels from sdist with --sdist flag gh#PyO3/maturin#3014 * feat: add include-import-lib option to bundle Windows import libraries in wheels gh#PyO3/maturin#3017 * fix: auditwheel external lib check respects musllinux and reports symbol versions gh#PyO3/maturin#3019 - Update to 1.12.2 * fix: allow absolute paths for --sbom-include gh#PyO3/maturin#3004 - Update to 1.12.1 * Add --sbom-include CLI argument for additional SBOM files gh#PyO3/maturin#2999 * fix: resolve include patterns relative to python-source for sdist and wheel gh#PyO3/maturin#3000 * feat: support including OUT_DIR assets in wheel builds gh#PyO3/maturin#3001 * add test case for uniffi with multiple crates gh#PyO3/maturin#2839 - Update to 1.12.0 * Update toml crates for toml 1.1 support gh#PyO3/maturin#2934 * Use a single location for MSRV gh#PyO3/maturin#2936 * Fix editable install for binary projects with Python modules gh#PyO3/maturin#2938 * Filter linked_paths by KIND and linked_libs gh#PyO3/maturin#2949 * Update bytes to 1.11.1 gh#PyO3/maturin#2960 * Normalize wheel distribution names to match the PyPA spec gh#PyO3/maturin#2954 * Allow build loongarch64 and riscv64 for musllinux gh#PyO3/maturin#2963 * Strip excluded cargo targets in sdist gh#PyO3/maturin#2964 * Normalize wheel RECORD paths (on Windows) gh#PyO3/maturin#2965 * Bump MSRV to 1.88.0 gh#PyO3/maturin#2966 * Support MATURIN_STRIP env var and --strip true/false to override pyproject.toml gh#PyO3/maturin#2968 * fix: copy bin artifacts before auditwheel repair to avoid rerun failures gh#PyO3/maturin#2969 ... changelog too long, skipping 53 lines ... gh#PyO3/maturin#2997