Packages changed: MicroOS-release (20260223 -> 20260224) krb5 (1.22.1 -> 1.22.2) libgcrypt (1.11.2 -> 1.12.1) libsoup (3.6.5 -> 3.6.6) mdadm (4.5+39.g1aa6e5de -> 4.5+43.gdc69a22f) patterns-microos pipewire poppler (26.01.0 -> 26.02.0) poppler-qt6 (26.01.0 -> 26.02.0) qpdf qt6-webengine vim (9.2.0010 -> 9.2.0045) === Details === ==== MicroOS-release ==== Version update (20260223 -> 20260224) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== krb5 ==== Version update (1.22.1 -> 1.22.2) - Update to 1.22.2 * Fix a SPNEGO packet parsing bug which could cause GSS mechanism negotiation failure. - Fix building with glibc 2.43; (bsc#1257257); Add patch 0010-Fix-strchr-conformance-to-C23.patch ==== libgcrypt ==== Version update (1.11.2 -> 1.12.1) - Update to 1.12.1 * Various fixes - Drop libgcrypt-1.12.0-ec_regression.patch - Update to 1.12.0 * New and extended interfaces: - Allow access to the FIPS service indicator via the new GCRYCTL_FIPS_SERVICE_INDICATOR control code. - Make SHA-1 non-FIPS internally for the 1.12 API - Add Dilithium (ML-DSA) support - Support optional random-override and support byte string data * Bug fixes: - Use secure MPI in _gcry_mpi_assign_limb_space. - Use CSIDL_COMMON_APPDATA instead of /etc on Windows. - Apply a Kyber patch from upstream. - Fix an edge case in Jent initialization. - mceliece6688128f: Fix stack overflow crash on win64/wine * Performance: - Many performance improvements, new AVX512 implementations for modern CPUs. - Add RISC-V Zbb+Zbc implementation of CRC. - Add RISC-V vector cryptography implementation of GHASH, AES, SHA256 and SHA512 - Add AVX2 and AVX512 code paths to improve CRC. For a full changelog, see: https://dev.gnupg.org/source/libgcrypt/history/master/;libgcrypt-1.12.0 * Dropped libgcrypt-1.11.1-public-SLI-API.patch - applied upstream * Rebased libgcrypt-CVE-2024-2236.patch * Rebased libgcrypt-FIPS-SLI-hash-mac.patch * Rebased libgcrypt-FIPS-SLI-kdf-leylength.patch * Rebased libgcrypt-FIPS-SLI-pk.patch * Rebased libgcrypt-FIPS-jitter-standalone.patch * Rebased libgcrypt-FIPS-rndjent_poll.patch * Rebased libgcrypt-nobetasuffix.patch * Rebased libgcrypt-rol64-redefinition.patch * Added libgcrypt-1.12.0-ec_regression.patch * libgcrypt 1.12.0: gcry_mpi_ec_curve_point corrupts point ==== libsoup ==== Version update (3.6.5 -> 3.6.6) - Rebase and re-enable libsoup-CVE-2026-2708.patch. - Update to version 3.6.6: + websocket: Fix out-of-bounds read in process_frame + Check nulls returned by soup_date_time_new_from_http_string() + Numerous fixes to handling of Range headers + server: close the connection after responsing a request containing Content-Length and Transfer-Encoding + Use CRLF as line boundary when parsing chunked enconding data + websocket: do not accept messages frames after closing due to an error + Sanitize filename of content disposition header values + Always validate the headers value when coming from untrusted source + uri-utils: do host validation when checking if a GUri is valid + multipart: check length of bytes read soup_filter_input_stream_read_until() + message-headers: Reject duplicate Host headers + server: null-check soup_date_time_to_string() + auth-digest: fix crash in soup_auth_digest_get_protection_space() + session: fix 'heap-use-after-free' caused by 'finishing' queue item twice + cookies: Avoid expires attribute if date is invalid + http1: Set EOF flag once content-length bytes have been read + date-utils: Add value checks for date/time parsing + multipart: Fix multiple boundry limits + Fixed multiple possible memory leaks + message-headers: Correct merge of ranges + body-input-stream: Correct chunked trailers end detection + server-http2: Correctly validate URIs + multipart: Fix read out of buffer bounds under soup_multipart_new_from_message() + headers: Ensure Request-Line comprises entire first line + tests: Fix MSVC build error + Fix possible deadlock on init from gmodule usage + Updated translations. - Drop upstream merged patches: + libsoup-CVE-2025-11021.patch + libsoup-CVE-2025-12105.patch + libsoup-CVE-2025-14523.patch + libsoup-CVE-2025-32907.patch + libsoup-CVE-2025-32908.patch + libsoup-CVE-2025-32914.patch + libsoup-CVE-2025-4476.patch + libsoup-CVE-2025-4945.patch + libsoup-CVE-2025-4948.patch + libsoup-CVE-2025-4969.patch + libsoup-CVE-2026-0716.patch + libsoup-CVE-2026-1536.patch + libsoup-CVE-2026-1761.patch + libsoup-CVE-2026-2369.patch + libsoup-CVE-2026-2443.patch - libsoup-CVE-2026-2708.patch temporarily disabled while we need to rebase it. - Add libsoup-CVE-2026-2708.patch: do not allow adding multiple content length values to headers (bsc#1258508 CVE-2026-2708 glgo#GNOME/libsoup#500). ==== mdadm ==== Version update (4.5+39.g1aa6e5de -> 4.5+43.gdc69a22f) - Update to version 4.5+43.gdc69a22f: * Fix slowdown probing non-RAID devices (bsc#1258255) * platform-intel: Deal with hot-unplugged devices (bsc#1258265) * imsm: Fix UEFI backward compatibility for RAID10D4 (bsc#1257009) ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-base patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap - Add base-dnf5 pattern - Add libdnf5-plugin-txnupd to base-packagekit ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Add subpackages config-rates, config-upmix and config-raop to easily enable the example config files, just like in Fedora (fixes boo#1258217) ==== poppler ==== Version update (26.01.0 -> 26.02.0) - Version update to 26.02.0: * core: + Improvements in signature checking + Improve rendering of files using the CalGray color space + Internal code improvements + Fix crashes in malformed documents * utils: + pdftotext: Fix page level bounds calculation in tsv mode * build system: + unmaintained value for some options has been replaced by UnmaintainedWillBeRemovedInJuly2026 - Bump dependencies required versions in spec file to match versions in CMakeLists.txt ==== poppler-qt6 ==== Version update (26.01.0 -> 26.02.0) - Version update to 26.02.0: * core: + Improvements in signature checking + Improve rendering of files using the CalGray color space + Internal code improvements + Fix crashes in malformed documents * utils: + pdftotext: Fix page level bounds calculation in tsv mode * build system: + unmaintained value for some options has been replaced by UnmaintainedWillBeRemovedInJuly2026 - Bump dependencies required versions in spec file to match versions in CMakeLists.txt ==== qpdf ==== - fix build for 15 ==== qt6-webengine ==== Subpackages: libQt6WebEngineCore6 libQt6WebEngineQuick6 libQt6WebEngineWidgets6 qt6-webengine-imports - Add upstream change (boo#1258695): * 0001-sandbox-Fix-build-with-glibc-2.43-and-above.patch ==== vim ==== Version update (9.2.0010 -> 9.2.0045) Subpackages: vim-data-common vim-small - Update to version 9.2.0045: * Patch 9.1.0011: regexp cannot match combining chars in collection. * Patch 9.1.0012: regression with empty inner blocks introduced (after v9.1.0007). * Patch 9.1.0013: Modula2 filetype support lacking. * Patch 9.1.0014: incorrect use of W_WINROW in edit.c. * Patch 9.1.0015: i_CTRL-R- no longer works in replace mode. * Patch 9.1.0016: default diff highlighting is too noisy. * Patch 9.1.0017: use-after-free in eval1_emsg() when an empty line follows a lambda. * Patch 9.1.0018: use of #if instead of #ifdef. * Patch 9.1.0019: cmdline may disappear when changing 'cmdheight' (after Patch 9.0.0190). * Patch 9.1.0020: Vim9: cannot compile all methods in a class. * Patch 9.1.0021: i_CTRL-R- doesn't work for multibyte chars in Replace mode, Coverity complains missing return value for u_save_cursor(). * Patch 9.1.0022: Coverity complains about improper use of negative value. * Patch 9.1.0023: xxd: few problems with EBCDIC for z/OS (MVS). * Patch 9.1.0024: z/OS (MVS) support can be improved. * Patch 9.1.0025: A few typos in tests and justify.vim. * Patch 9.1.0027: Vim is missing a foreach() func. * Patch 9.1.0029: Cannot act on various terminal response codes. * Patch 9.1.0030: Cannot use terminal alternate fonts (PMunch). * Patch 9.1.0033: Insert mode not stopped if an autocommand modifies a hidden buffer while closing a prompt buffer. * Patch 9.1.0034: Window may unexpectedly scroll when 'scrollbind' is set and setting a buffer-local option using setbufvar(). * Patch 9.1.0035: i_CTRL-] triggers InsertCharPre. * Patch 9.1.0037: Calling get_breakindent_win() repeatedly when computing virtual column, and get_breakindent_win() does a STRCMP() on the whole line since Patch 9.0.0016. * Patch 9.1.0038: Unnecessary loop in getvcol(). * Patch 9.1.0039: too vague errors for 'listchars'/'fillchars'. * Patch 9.1.0040: Modifying a hidden buffer still interferes with prompt buffer mode changes. * Patch 9.1.0041: xxd -i may generate incorrect C statements. * Patch 9.1.0042: Missing test for Chuck filetype after. * Patch 9.1.0043: ml_get: invalid lnum when :s replaces visual selection. * Patch 9.1.0044: po Makefiles can be improved. * Patch 9.1.0045: --remote-silent applies the wildignore option to each argument, which may result in "E479: No match" (hebaronson).