Packages changed:
  GraphicsMagick (1.3.46 -> 1.3.47)
  ImageMagick (7.1.2.24 -> 7.1.2.25)
  MozillaFirefox (151.0.1 -> 151.0.4)
  aaa_base (84.87+git20260602.e901e17e -> 84.87+git20260610.3b5a868c)
  akonadi (26.04.1 -> 26.04.2)
  akonadi-calendar (26.04.1 -> 26.04.2)
  akonadi-calendar-tools (26.04.1 -> 26.04.2)
  akonadi-contacts (26.04.1 -> 26.04.2)
  akonadi-import-wizard (26.04.1 -> 26.04.2)
  akonadi-mime (26.04.1 -> 26.04.2)
  akonadi-search (26.04.1 -> 26.04.2)
  akregator (26.04.1 -> 26.04.2)
  analitza (26.04.1 -> 26.04.2)
  ark (26.04.1 -> 26.04.2)
  baloo-widgets (26.04.1 -> 26.04.2)
  binutils
  blinken (26.04.1 -> 26.04.2)
  boost-base
  boost-extra
  calendarsupport (26.04.1 -> 26.04.2)
  container-selinux (2.248.0 -> 2.249.0)
  cups-filters
  cyrus-imapd
  dolphin (26.04.1 -> 26.04.2)
  eventviews (26.04.1 -> 26.04.2)
  ffmpegthumbs (26.04.1 -> 26.04.2)
  file (5.47 -> 5.48)
  flatpak (1.16.6 -> 1.18.0)
  fontconfig (2.18.0 -> 2.18.1)
  freeipmi (1.6.17 -> 1.6.18)
  fwupd (2.1.3 -> 2.1.5)
  gcc15 (15.2.1+git10776 -> 15.3.0+git11272)
  glib-networking
  grantleetheme (26.04.1 -> 26.04.2)
  graphite2 (1.3.14 -> 1.3.15)
  gstreamer (1.28.3 -> 1.28.4)
  gstreamer-devtools (1.28.3 -> 1.28.4)
  gstreamer-plugins-bad (1.28.3 -> 1.28.4)
  gstreamer-plugins-base (1.28.3 -> 1.28.4)
  gstreamer-plugins-good (1.28.3 -> 1.28.4)
  gstreamer-plugins-libav (1.28.2 -> 1.28.4)
  gstreamer-plugins-rs (1.28.3 -> 1.28.4)
  gstreamer-plugins-ugly (1.28.2 -> 1.28.4)
  gwenview (26.04.1 -> 26.04.2)
  hplip
  hyphen (2.8.8 -> 2.8.9)
  iagno (50.0 -> 50.0+8)
  incidenceeditor (26.04.1 -> 26.04.2)
  kaccounts-integration (26.04.1 -> 26.04.2)
  kaccounts-providers (26.04.1 -> 26.04.2)
  kaddressbook (26.04.1 -> 26.04.2)
  kalgebra (26.04.1 -> 26.04.2)
  kamera (26.04.1 -> 26.04.2)
  kanagram (26.04.1 -> 26.04.2)
  kapptemplate (26.04.1 -> 26.04.2)
  kate (26.04.1 -> 26.04.2)
  kbruch (26.04.1 -> 26.04.2)
  kcachegrind (26.04.1 -> 26.04.2)
  kcalc (26.04.1 -> 26.04.2)
  kcalutils (26.04.1 -> 26.04.2)
  kcharselect (26.04.1 -> 26.04.2)
  kcolorchooser (26.04.1 -> 26.04.2)
  kde-dev-utils (26.04.1 -> 26.04.2)
  kdeedu-data (26.04.1 -> 26.04.2)
  kdegraphics-mobipocket (26.04.1 -> 26.04.2)
  kdegraphics-thumbnailers (26.04.1 -> 26.04.2)
  kdenetwork-filesharing (26.04.1 -> 26.04.2)
  kdepim-addons (26.04.1 -> 26.04.2)
  kdepim-runtime (26.04.1 -> 26.04.2)
  kdialog (26.04.1 -> 26.04.2)
  kernel-source (7.0.11 -> 7.0.12)
  kgeography (26.04.1 -> 26.04.2)
  khangman (26.04.1 -> 26.04.2)
  khelpcenter (26.04.1 -> 26.04.2)
  kidentitymanagement (26.04.1 -> 26.04.2)
  kig (26.04.1 -> 26.04.2)
  kimap (26.04.1 -> 26.04.2)
  kio-extras (26.04.1 -> 26.04.2)
  kio_audiocd (26.04.1 -> 26.04.2)
  kiten (26.04.1 -> 26.04.2)
  kitinerary (26.04.1 -> 26.04.2)
  kldap (26.04.1 -> 26.04.2)
  kleopatra (26.04.1 -> 26.04.2)
  kmag (26.04.1 -> 26.04.2)
  kmahjongg (26.04.1 -> 26.04.2)
  kmail (26.04.1 -> 26.04.2)
  kmail-account-wizard (26.04.1 -> 26.04.2)
  kmailtransport (26.04.1 -> 26.04.2)
  kmbox (26.04.1 -> 26.04.2)
  kmime (26.04.1 -> 26.04.2)
  kmines (26.04.1 -> 26.04.2)
  kmousetool (26.04.1 -> 26.04.2)
  kmplot (26.04.1 -> 26.04.2)
  kompare (26.04.1 -> 26.04.2)
  konsole (26.04.1 -> 26.04.2)
  kontact (26.04.1 -> 26.04.2)
  kontactinterface (26.04.1 -> 26.04.2)
  konversation (26.04.1 -> 26.04.2)
  korganizer (26.04.1 -> 26.04.2)
  kpat (26.04.1 -> 26.04.2)
  kpimtextedit (26.04.1 -> 26.04.2)
  kpkpass (26.04.1 -> 26.04.2)
  kqtquickcharts (26.04.1 -> 26.04.2)
  kreversi (26.04.1 -> 26.04.2)
  ksanecore (26.04.1 -> 26.04.2)
  ksmtp (26.04.1 -> 26.04.2)
  ksudoku (26.04.1 -> 26.04.2)
  ktnef (26.04.1 -> 26.04.2)
  ktouch (26.04.1 -> 26.04.2)
  kwalletmanager (26.04.1 -> 26.04.2)
  kwordquiz (26.04.1 -> 26.04.2)
  ldns (1.9.0 -> 1.9.2)
  less (702 -> 704)
  lftp
  libabw (0.1.3 -> 0.1.4)
  libcacard (2.8.1 -> 2.8.2)
  libcdr (0.1.8 -> 0.1.9)
  libdmapsharing (3.9.13 -> 3.9.14)
  libdv
  libetonyek
  libgravatar (26.04.1 -> 26.04.2)
  libkcddb-qt6 (26.04.1 -> 26.04.2)
  libkdcraw (26.04.1 -> 26.04.2)
  libkdegames (26.04.1 -> 26.04.2)
  libkdepim (26.04.1 -> 26.04.2)
  libkeduvocdocument (26.04.1 -> 26.04.2)
  libkexiv2-qt6 (26.04.1 -> 26.04.2)
  libkgapi6 (26.04.1 -> 26.04.2)
  libkleo (26.04.1 -> 26.04.2)
  libkmahjongg (26.04.1 -> 26.04.2)
  libkomparediff2 (26.04.1 -> 26.04.2)
  libksane (26.04.1 -> 26.04.2)
  libksieve (26.04.1 -> 26.04.2)
  liblangtag (0.6.7 -> 0.6.8)
  libmspub (0.1.4 -> 0.1.5)
  libqxp (0.0.2 -> 0.0.3)
  libstorage-ng (4.5.328 -> 4.5.330)
  libvisio (0.1.9 -> 0.1.11)
  libzypp (17.38.11 -> 17.38.13)
  lokalize (26.04.1 -> 26.04.2)
  mailcommon (26.04.1 -> 26.04.2)
  mailimporter (26.04.1 -> 26.04.2)
  mariadb (11.8.8 -> 12.3.2)
  markdownpart (26.04.1 -> 26.04.2)
  mbox-importer (26.04.1 -> 26.04.2)
  messagelib (26.04.1 -> 26.04.2)
  mimetreeparser (26.04.1 -> 26.04.2)
  mpg123 (1.33.5 -> 1.33.6)
  ncurses (6.6.20260530 -> 6.6.20260608)
  netcfg
  netpbm (11.12.0 -> 11.14.0)
  okular (26.04.1 -> 26.04.2)
  openSUSE-release (20260605 -> 20260613)
  openexr (3.4.11 -> 3.4.12)
  opensc
  openssl-3
  parley (26.04.1 -> 26.04.2)
  patterns-base
  perl-Cpanel-JSON-XS (4.410.0 -> 4.420.0)
  perl-GD (2.830.0 -> 2.860.0)
  perl-HTTP-Message (7.10.0 -> 7.20.0)
  perl-IO-Tty (1.290.0 -> 1.310.0)
  perl-WWW-RobotRules (6.02 -> 6.30.0)
  perl-XML-LibXML (2.0212 -> 2.0213)
  perl-XML-NamespaceSupport (1.12 -> 1.120.0)
  pim-data-exporter (26.04.1 -> 26.04.2)
  pim-sieve-editor (26.04.1 -> 26.04.2)
  pimcommon (26.04.1 -> 26.04.2)
  pinentry
  pinentry-gui
  policycoreutils
  python-M2Crypto (0.46.2 -> 0.48.0)
  python-rich (14.3.3 -> 15.0.0)
  qrca (26.04.1 -> 26.04.2)
  rav1e
  rsync
  ruby-common
  salt
  sdl2-compat (2.32.68 -> 2.32.70)
  selinux-policy (20260526 -> 20260605)
  sendmail
  shotwell (0.32.16 -> 0.32.17)
  signon-kwallet-extension (26.04.1 -> 26.04.2)
  skanlite (26.04.1 -> 26.04.2)
  snapper
  sqlite3 (3.53.1 -> 3.53.2)
  sssd (2.13.0 -> 2.13.1)
  step (26.04.1 -> 26.04.2)
  sudo
  svgpart (26.04.1 -> 26.04.2)
  systemd (260.1 -> 260.2)
  tcl (8.6.16 -> 8.6.18)
  texlive
  tk (8.6.15 -> 8.6.18)
  transmission (4.1.1 -> 4.1.2)
  umbrello (26.04.1 -> 26.04.2)
  webkitgtk3 (2.52.3 -> 2.52.4)
  webkitgtk4 (2.52.3 -> 2.52.4)
  wicked (0.6.78 -> 0.6.79)
  xdg-desktop-portal (1.20.4 -> 1.22.0)
  xorg-x11-server
  zypper (1.14.97 -> 1.14.98)

=== Details ===

==== GraphicsMagick ====
Version update (1.3.46 -> 1.3.47)
Subpackages: libGraphicsMagick++-Q16-12 libGraphicsMagick-Q16-3 libGraphicsMagick3-config

- fixed off by one [bsc#1265048]
- modified patches
  * GraphicsMagick-CVE-2026-42050.patch
- version update to 1.3.47
  * DPX: Fix subsampling validation logic which was failing due to
    incorrect logic. This avoids a divide by zero possibility.
  * JNG writer: Properly handle and report the case where
    ImageToBlob()returns NULL.
  * MNG writer: Enforce that MNG only supports a color palette up to 256
    colors (ImageMagick CVE-2026-28690).
  * MagickXImageWindowCommand(): Assure that static buffer does not
    overflow if the user keeps a numeric key depressed (ImageMagick
    CVE-2026-33535).
  * PCD: Prevent an out of bounds read (ImageMagick security advisory
    GHSA-wrhr-rf8j-r842).
  * PNG writer: Detect and report an excessively large profile, an other
    unexpected conditions (ImageMagick CVE-2026-30883).
  * RenderFreetype(): Use MagickConfirmAccess() to verify that font file
    name is allowed to be read.
  * TIFF EXIF IFD writer: Detect and prevent infinite looping (EXIF IFD
    writer code may be excluded by the -DEXPERIMENTAL_EXIF_TAGS=0
    define).
  * TIFF EXIF IFD writer: Only transfer tags from EXIF and GPS IFDs. Do
    not transfer tags from the main IFDs.
  * YUV: Fix validation of 'sampling-factor' argument. (ImageMagick
    CVE-2026-25799). Given that the argument normally comes from a user
    (rather than an input file) this seems to be a minor security issue
    at most.
  * PS, PS2, PS3: Enforce that width and height dimensions, and total
    pixels, to/from Ghostscript are within the same limits as specified
    for GraphicsMagick.  This helps avoid Ghostscript-based denial of
    service opportunities.
  * SVG: Add validations for element id syntax.  Reject invalid
    attribute values which contain single quotes.
  * XCF: Report an error if there are no layers. Fix two unsigned
    integer overflow cases.
  * DescribeImage(): Avoid heap write overflow while parsing the image
    directory.
  * and so on, see NEWS.txt
- modified patches
  * GraphicsMagick-CVE-2026-42050.patch (refreshed)
  * GraphicsMagick-disable-insecure-coders.patch (refreshed)
  * GraphicsMagick-perl-linkage.patch (refreshed)
- deleted patches
  * GraphicsMagick-CVE-2026-25799.patch (upstreamed)
  * GraphicsMagick-CVE-2026-26284.patch (upstreamed)
  * GraphicsMagick-CVE-2026-28690.patch (upstreamed)
  * GraphicsMagick-CVE-2026-30883.patch (upstreamed)
  * GraphicsMagick-CVE-2026-33535.patch (upstreamed)
- modified patches
  * GraphicsMagick-perl-linkage.patch (refreshed)

==== ImageMagick ====
Version update (7.1.2.24 -> 7.1.2.25)
Subpackages: ImageMagick-config-7-SUSE libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10

- version update to 7.1.2.25
  * validate argument count for polynomial distortion #8780
  * fix oob read of gps rationals in GetEXIFProperty #8782
  * reject hdr files with a negative width or height #8765
  * reject pgx files with invalid dimensions or precision #8764
  * reject rla files with an inverted active window #8770
  * build(deps): bump github/codeql-action from 4.35.5 to 4.36.0 #8775
  * reject fits files with an invalid bits per pixel #8760
  * reject sgi files with zero columns or rows #8761
  * reject dds files with zero columns or rows #8762
- fixes following GH security advisories:
  * GHSA-q62c-h75r-2xhc
  * GHSA-g22q-f7gc-5jhr
  * GHSA-px7q-ggqj-hcf2
  * GHSA-p9rq-q46c-g4x6
  * GHSA-j989-f892-2335
  * GHSA-44cp-c3ww-9rv5

==== MozillaFirefox ====
Version update (151.0.1 -> 151.0.4)
Subpackages: MozillaFirefox-branding-upstream

- Mozilla Firefox 151.0.4:
  * Fixed an issue where Firefox could fall back to software
    rendering on some older GPUs, reducing graphics performance
    (bmo#2043249)
  * Fixed an issue where some text input fields could incorrectly
    show a resize handle (bmo#2044051)
- Mozilla Firefox 151.0.3:
  MFSA 2026-54 (boo#1267841)
  * CVE-2026-10701 (bmo#2038537)
    Incorrect boundary conditions in the Graphics: Text component
  * CVE-2026-10702 (bmo#2040903)
    JIT miscompilation in the JavaScript Engine: JIT component
  * Fixed an issue where selecting or pasting text in a text field
    inside a table cell could disrupt the page layout.
    (bmo#2041235)
  * Fixed an issue where the VPN toolbar button icon could appear
    larger than intended. (bmo#2042454)
- includes changes from 151.0.2:
  * Fixed an issue where adding another tab to an existing Split
    View could unexpectedly close it. (bmo#2039795)
  * Fixed an issue where Split View would close instead of
    switching tabs when using the "Switch to Tab" option from the
    address bar. (bmo#2039787)
  * Fixed an issue where Firefox stopped caching new content once
    the disk cache was full, causing pages and resources to be
    re-downloaded from the network on every visit. (bmo#2031577)
  * Fixed an issue where some websites could render incorrectly or
    fail to load when they used JavaScript to insert WebKit-
    specific style rules. (bmo#2040693)
  * Fixed an issue where clicking and selecting text in some input
    fields and text areas did not work on pages that styled them
    with certain CSS rules. (bmo#2039504)
  * Fixed an issue where the up and down buttons on number input
    fields could overlap and hide the value when sites sized the
    field to fit its contents. (bmo#2039315)
  * Fixed an issue where sorting strings that include numbers could
    produce an incorrect order on some websites and web
    applications. (bmo#2027078)
  * Fixed an issue where dropdown menus would not open for
    `<select>` elements created inside an iframe and then moved
    into the parent page. (bmo#2041720)

==== aaa_base ====
Version update (84.87+git20260602.e901e17e -> 84.87+git20260610.3b5a868c)
Subpackages: aaa_base-extras

- Update to version 84.87+git20260610.3b5a868c:
  * Add missing "=" in alljava.csh (boo#1267423)

==== akonadi ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libKPim6AkonadiAgentBase6 libKPim6AkonadiAgentWidgetBase6 libKPim6AkonadiCore6 libKPim6AkonadiPrivate6 libKPim6AkonadiWidgets6 libKPim6AkonadiXml6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== akonadi-calendar ====
Version update (26.04.1 -> 26.04.2)
Subpackages: akonadi-plugin-calendar kalendarac libKPim6AkonadiCalendar6 libKPim6AkonadiCalendarCore6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== akonadi-calendar-tools ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * konsolekalendar.cpp - fix viewing a date range (kde#520686)
  * konsolekalendar/main.cpp - fix the --create command line parsing (kde#450299)

==== akonadi-contacts ====
Version update (26.04.1 -> 26.04.2)
Subpackages: akonadi-plugin-contacts libKPim6AkonadiContactCore6 libKPim6AkonadiContactWidgets6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * Adapt to KMime having moved to Frameworks

==== akonadi-import-wizard ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libKPim6ImportWizard6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== akonadi-mime ====
Version update (26.04.1 -> 26.04.2)
Subpackages: akonadi-plugin-mime libKPim6AkonadiMime6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * Adapt to KMime having moved to Frameworks

==== akonadi-search ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libKPim6AkonadiSearch6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * Skip tests that got broken with the recent FreeBSD CI image update
  * Adapt to KMime having moved to Frameworks

==== akregator ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * Backport to 26.04: metakit: define q4_LONG64 on arm64 (fixes hang on launch)

==== analitza ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libAnalitza9

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== ark ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libkerfuffle26

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== baloo-widgets ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== binutils ====
Subpackages: libctf-nobfd0 libctf0 libsframe2

- Add pr33427-fix-loongarch64-glibc-build-with-gcc16.patch to
  backport a fix for assertion failures when building glibc for
  loongarch64 with GCC 16.

==== blinken ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== boost-base ====
Subpackages: boost-license1_91_0 libboost_filesystem1_91_0 libboost_iostreams1_91_0 libboost_locale1_91_0 libboost_log1_91_0 libboost_thread1_91_0

- Force remove boost_atomic directory to fix the failing build
  with GCC 16

==== boost-extra ====

- Force remove boost_atomic directory to fix the failing build
  with GCC 16

==== calendarsupport ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libKPim6CalendarSupport6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * Adapt to KMime having moved to Frameworks

==== container-selinux ====
Version update (2.248.0 -> 2.249.0)

- Update to version 2.249.0:
  * bump to v2.249.0
  * Allow rpmdb to manage files on mounted container filesystems

==== cups-filters ====

- Provide cups-browsed as separated cups-filters-cups-browsed
  sub-package so users can uninstall this sub-package
  to completely avoid the generic security risk of cups-browsed.
  cups-browsed auto-creates local print queues for printers which
  are announced via DNS-SD. It is a generic security risk when a
  service (cups-browsed.service) accepts any (possibly malicious)
  incoming information from any host in the local network
  (i.e. any DNS-SD announcements) and from that information
  it auto-creates print queue configurations for CUPS
  (where its server program cupsd runs as root).
  For more information see the openSUSE support database article
  https://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings

==== cyrus-imapd ====
Subpackages: cyradm libcyrus0 perl-Cyrus-Annotator perl-Cyrus-IMAP perl-Cyrus-SIEVE-managesieve

- Adapt license

==== dolphin ====
Version update (26.04.1 -> 26.04.2)
Subpackages: dolphin-part libdolphinvcs6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * KItemListWidget: Add pressedChanged (kde#508329)
  * tests: kfileitemmodeltest avoid scheme-less url
  * dolphintabpage: drop swapActiveView in RightView close path (kde#520002)
  * userfeedback: prevent dangling pointer access in SettingsDataSource (kde#519876)

==== eventviews ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libKPim6EventViews6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * monthview.cpp - MonthView::holiday() - dedupe the holidays list
  * Adapt to KMime having moved to Frameworks

==== ffmpegthumbs ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== file ====
Version update (5.47 -> 5.48)
Subpackages: file-magic libmagic1

- Update to 5.48:
  * add landlock support (valoq)
  * add BE/LE GUID
  * multiple fixes to prevent integer overflow in 32 bits (kerwin)
  * PR/745: bitstreamout: Don't flush when trying to set negative offsets
    on pipes, just continue, fixes 'cat file.zip | file -'
  * PR/753: vmihalko: Fix race is magic_getpath()
  * PR/728: Anton Monroe: Reinstate regex/c
- Port patch file-5.47.dif and rename it to file-5.48.dif
- Port patches
  * file-4.21-xcursor.dif
  * file-5.19-biorad.dif
  * file-5.19-printf.dif
  * file-5.22-elf.dif
  * file-5.28-btrfs-image.dif
  * file-secure_getenv.patch
- Remove patches now upstream
  * file-5.47-regression.dif
  * file-5.47-s390x.patch
  * file-5.47-stanza.patch

==== flatpak ====
Version update (1.16.6 -> 1.18.0)
Subpackages: flatpak-remote-flathub flatpak-selinux libflatpak0 system-user-flatpak

- Update to version 1.18.0:
  + Enhancements:
  - Improve error handling and printed output of
    flatpak-coredumpctl
  - Support the AMD vendor specific compute interface (/dev/kfd)
    via the DRI device permission
  - Improve the output of flatpak update with failure causes
  - Improve startup time for fish shell integration
  + Bug fixes:
  - Fix building when HAVE_LIBSYSTEMD but not USE_SYSTEM_HELPER
    is defined
  - Ignore system bus failures in parental controls check
  - Fix some return values and replace deprecated GTimeVal with
    g_get_real_time()
  - Suppress an unused-result warning in the tests
  + Updated translations.
- Stop passing http_backend=curl to meson setup, no longer needed,
  nor recognized.
- Drop patch fixed upstream:
  + 1262051-selinux-flatpak.if-should-be-installed-in-distribute.patch

==== fontconfig ====
Version update (2.18.0 -> 2.18.1)
Subpackages: libfontconfig1

- Update to 2.18.1
  * Workaround :-prefixed filename used in Qt
  * meson: force enabling HAVE_C99_VSNPRINTF
  * Do not set 'sans-serif' for default genericfamily
  * Fix another font matching issue
  * Fix not matching with a font family name
  * Disable invalid attribute warning by default
  * boo#1267844

==== freeipmi ====
Version update (1.6.17 -> 1.6.18)

- Update to version 1.6.18:
  * Fix bsc#1267605 - CVE-2026-50031:
    + ipmi-oem/ipmi-oem-dell.c
    (ipmi_oem_dell_get_active_directory_config): Fix potential stack
    corruption.
    + ipmi-oem/ipmi-oem-fujitsu.c
    (ipmi_oem_fujitsu_get_sel_entry_long_text): Fix potential buffer
    overflow.

==== fwupd ====
Version update (2.1.3 -> 2.1.5)
Subpackages: fwupd-bash-completion libfwupd3 typelib-1_0-Fwupd-2_0

- Update to version 2.1.5:
  + This release adds the following features:
  - Allow overriding the detected CPU vendor to allow more self tests
  - Allow updating the Windows-specific UEFI CA on dual boot machines
  - Install the db updates on broken hardware with new firmware
  + This release fixes the following bugs:
  - Add tests for the vbe, upower, uefi-sbat, pci-bcr, mtd, gpio and msr plugins
  - Check the array index in some runtime-generated code
  - Claim the udev netlink backend before old libusb versions
  - Expand the netlink socket buffer to prevent packet loss during event floods
  - Fix a msgpack regression when updating some Huddly cameras
  - Fix HID feature read buffer size in goodix-tp device probe
  - Fix reproducible builds
  - Fix the check-reboot-needed command
  - Increase the i2c-hid re-bind delay for synaptics-rmi PID 0x96e7
  - Parse the dell-dock marketing name in a more safe way
  - Set a firmware size limit on intel-gsc aux and oprom firmware types
  - Simplify the engine by only loading the config object once
  - Use a cryptographically secure RNG when building the idle and inhibit IDs
  - Use a more appropriate firmware maximum size for Huddly cameras
  + This release adds support for the following hardware:
  - Elan touchscreens
- Update to version 2.1.4:
  + This release adds the following features:
  - Add a libcrypto-based JCat implementation for Android
  - Add support for NixOS to the quickstart script
  - Add support for the Compal BIOS version format
  - Allow a remote to specify that a username or password is required
  - Allow storing a per-user password in XDG_CONFIG_HOME
  - Detect encrypted swap devices below device-mapper
  - Ensure that all firmware subclasses set the maximum size
  - Remove the flashrom plugin
  - Save the SMBIOS BiosReleaseDate string to uploaded reports
  - Tell Star Labs coreboot users to manually update when required
  + This release fixes the following bugs:
  - Add a retry limit when updating failing Goodix MoC devices
  - Add several bounds checks for when updating Dell docks
  - Add vendor name and name for the various Framework UEFI certificates
  - Allow recovery if the Lenovo dock internal state is invalid
  - Avoid truncation when calculating the AMD GPU atombios size
  - Check firmware size against Novatek flash start address
  - Check for config offset overflow when updating Synaptics RMI devices
  - Check for multiplication overflow in BCM57xx stage1 size calculation
  - Check for overflow when writing to CCGX DMC devices
  - Check stream size before calculating Legion HID ID offset
  - Check stream size before subtracting Ilitek ITS CRC length
  - Clear Sunplus camera download state if the previous flash failed
  - Do not show plugin warnings when using --version
  - Filter the install flags provided by the D-Bus client
  - Fix a potential heap buffer overflow in FDT strlist parsing
  - Fix a potential heap buffer overflow in Nordic HID peer validation
  - Fix a potential OOB read in DFOTA modem response parsing
  - Fix a potential path traversal vulnerability in firmware backup
  - Fix a regression when searching for file magic
  - Fix a regression when using report-export --sign
  - Fix fwupd domain check bypass when using Qubes
  - Ignore efivar free space requirement on Microsoft Hyper-V hosts
  - Limit the number of hints a D-Bus client can set
  - Limit the size of parsed USB descriptors to ~64KiB
  - Make it easy to enable an authenticated remote
  - Make the Novatek boot update more reliable
  - Only read BCR from Intel SPI controllers
  - Prevent a possible division by zero error in the progressbar code
  - Prevent decompression bomb attacks in uSWID zlib payload parsing
  - Prevent NVRAM-seeded ptential path traversal when loading ESP files
  - Redact the username and password of remotes when using a non-active console
  - Require authorization for firmware installation on emulated devices
  - Require authorization for more D-Bus methods from non-local users
  - Restrict Curl protocols to prevent potential SSRF attacks
  - Restrict ModifyRemote to prevent a supply-chain redirection
  - Show a short easy-to-read string as the Pixart touchpad name
  - Tolerate post-quantum CA PKCS#7 failures when using Qubes
  - Validate ACPI PHAT specific data offset before parsing
  - Validate Corsair write size before subtracting header size
  - Validate DFU address offset before parsing the header
  - Validate Elan touchpad IAP address is within firmware bounds
  - Validate Logitech TAP AP region bounds before calculating size
  - Validate payload length is large enough for FPC sec-link
  - Validate sector range before writing pixart-tp firmware
  - Validate VBE area start does not exceed area size
  - Validate write offset does not exceed TI TPS6598x stream size
  + This release adds support for the following hardware:
  - Egis MoC devices with PID 9201
  - Intel Arc Pro B65 and Arc Pro B70 (#10389)
  - Lenovo dock devices in 'provisioned' mode
  - Pixart TP devices with PID 1343
  - Several GigaDevice and Puya SPI chips
- Drop no longer needed BuildRequires: pkgconfig(jcat),
  pkgconfig(flashrom)

==== gcc15 ====
Version update (15.2.1+git10776 -> 15.3.0+git11272)

- Update to GCC 15.3 release
- Update to GCC 15 branch head, 15.2.1+git11263, GCC 15.3 RC1
- Drop -fhardened from RPM_OPT_FLAGS
- Avoid conflicts between %gcc_libc_bootstrap packages of different
  versions if update-alternatives are still in use (SLE 15 and older)

==== glib-networking ====

- Add CVE-2026-10028.patch:
  tls: detect cycles when setting issuer property
  (CVE-2026-10028, bsc#1267979, glgo#GNOME/glib-networking!279)

==== grantleetheme ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libKPim6GrantleeTheme6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== graphite2 ====
Version update (1.3.14 -> 1.3.15)

- version update to 1.3.15:
  . Bug fixes.
  . Update graphite website documentation.
  . Use SPDX lines, and improve license declarations.
  . Fix incorrectly generated graphite2.pc pkgconf file.
- modified patches
  * graphite2-1.2.0-cmakepath.patch (refreshed)
  * link-gcc-shared.diff (refreshed)
- deleted patches
  * graphite2-1.3.14-gcc15.patch (upstreamed)
- fixes CVE-2026-50593 [bsc#1267734]

==== gstreamer ====
Version update (1.28.3 -> 1.28.4)
Subpackages: gstreamer-utils libgstreamer-1_0-0 typelib-1_0-Gst-1_0

- Update to version 1.28.4:
  + Highlighted bugfixes:
  - Various security fixes and playback fixes
  - audioaggregator: fixes for conversion of in-progress buffers
    when input caps change
  - audioresample: more armv7 fixes
  - camerabin: Fix caps negotiation failure when starting video
    capture
  - Debug logging performance improvements
  - fmp4mux: Fix draining in chunk mode after partial GOPs were
    drained
  - gldownload: fix handling of directly imported dmabufs from
    glupload
  - matroskamux: Write ReferenceBlock for non-keyframe video in
    BlockGroups
  - rtp2: session: add "stats" property
  - rtspsrc2: handle parse errors with TCP interleaved more
    gracefully where the server just drops data
  - rtspsrc2: implement support for SRTP, authentication, HTTP
    tunnelling, keep alive, stream selection, TLS validation,
    latency configuration
  - st2038combiner: only forward video pad segment, fixing issues
    for cases where the ST2038 segment differs
  - Wavpack audio: Various channel and channel-mask related fixes
  - webrtc, sdp: set level in negotiated caps only if level
    asymmetry not allowed, fixing an H.264 negotiation regression
    with higher resolutions
  - androidmedia: add various new codec mime / profile mappings
    (WMV, VC1, AC3/EAC3/AC4, AAC, H265) and support decoding FLAC
  - d3d12decoder: Fix decoding on Qualcomm GPUs on ARM64 Windows
  - wasapi2src: fix hang when using loopback-target-pid
    (regression from 1.26)
  - cerbero: update to Rust 1.96, plus glib-networking OpenSSL
    backend fixes
  - Various bug fixes, build fixes, memory leak fixes, and other
    stability and reliability improvements
  + gstreamer:
  - bufferpool: avoid leaking partially preallocated buffers
  - caps: fix multiple caps leaks
  - datetime: Improve correctness of ISO-8601 string parsing
  - info: Don't use fwrite() on Windows for debug logging
  - info: Use stack allocation for messages smaller than 1kB
  - task: Fix racy tests by making unref deterministic
  - value: fix crash when converting NULL G_TYPE_VALUE_ARRAY to
    G_TYPE_STRING
  - registry: detect libgstreamer load from Android container
    and skip canonicalization
  - tests: Fix build with glib <= 2.67.2

==== gstreamer-devtools ====
Version update (1.28.3 -> 1.28.4)

- Update to version 1.28.4:
  + Update Rust dependencies

==== gstreamer-plugins-bad ====
Version update (1.28.3 -> 1.28.4)
Subpackages: libgstadaptivedemux-1_0-0 libgstanalytics-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgsthip-1_0-0 libgstinsertbin-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstmse-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstsctp-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0

- Update to version 1.28.4:
  + ahcsrc: Register exposure-mode property for GstPhotography
    interface
  + amc: Don't try printing NULL caps
  + amcvideodec: Don't keep crop-rectangle uninitialized if not
    specified
  + androidmedia: Add various new codec mime / profile mappings
  + androidmedia: Don't print error logs if downstream returns
    flushing / EOS
  + androidmedia: Fix typo in error message
  + androidmedia: support decoding flac
  + av1parser: Fix bytes/bits confusion when parsing tile data size
  + camerabin: Fix caps negotiation when starting video capture
  + d3d12decoder: Fix decoding on Qualcomm GPUs
  + mpegtspacketizer: Do not seek before the first PCR
  + mxfdemux: Use unsigned integers in more places and don't
    truncate 64 bit integers
  + svtav1enc: Scale MDCV and CLL to SVT-AV1's expected units
  + va: drm: Fix fd leak and return type in create_va_display
  + vajpegdecoder: Validate that enough data is available for the
    current JPEG segment
  + vulkanupload: Don't reallocate the pool when the framerate
    changes
  + wasapi2: Don't reset process loopback capture client
  + wasapi2src hangs when using loopback-target-pid in
    GStreamer 1.28 (regression from 1.26)
  + tests: Fix build with glib <= 2.67.2
  + meson: fix building -bad tests with disabled mse

==== gstreamer-plugins-base ====
Version update (1.28.3 -> 1.28.4)
Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0

- Update to version 1.28.4:
  + audio-resampler-neon: fix accumulated stride
  + audio-resampler-neon: re-increment address
  + audioaggregator: Remove brittle conversion of in-progress
    buffers
  + discoverer: Lock the DISCO_LOCK whenever accessing the streams
    list
  + gl: egl: Set TRANSFER_NEED_DOWNLOAD flag
  + gldownload: Can't handle directly imported dmabufs from
    glupload
  + glupload: fix memleak on failure path
  + glwindow: Allow setting a NULL window handle
  + id3v2: Don't modify const data and check for enough data when
    reading RVA2 tags
  + id3v2: Don't unnecessarily assert on size==0 when unsyncing
    data
  + pbutils: Add NULL check for tmpcaps parsing
  + pbutils: Fix possible null dereference when empty string is
    provided
  + rtcpbuffer: Add some missing bounds checks when parsing SDES
  + sdp: keep level-asymmetry-allowed in the caps
  + subparse: Avoid zero and extreme fps when parsing mdvdsub
    subtitles
  + uridecodebin3: Use PLAY_ITEMS_LOCK for URI-related getter
  + uridecodebin: Protect missing_plugin_errors list from
    concurrent access
  + videodmabufpool: Fix debug category
  + xmptag: Correctly initialize pointer to the end of the input
    array

==== gstreamer-plugins-good ====
Version update (1.28.3 -> 1.28.4)
Subpackages: gstreamer-plugins-good-gtk

- Update to version 1.28.4:
  + matroska-mux: Write ReferenceBlock for non-keyframe video in
    BlockGroups
  + osxaudio: Fix stack overflow with >64ch audio devices
  + qtdemux: parse mastering luminance as u32 instead of u16
  + qt6: remove an unneeded QOpenGLContext->makeCurrent()
  + rtph265depay: fix memory leak
  + sbcparse: Add bounds checking to header parsing
  + tests: mpegaudioparse: Fix raciness in the state change
    handling
  + v4l2: Fix buffer leak on qbuf failure
  + wavpack: Various channel / channel-mask related fixes
  + wavpackdec: Avoid integer overflow when calculating output
    buffer size and related fixes
  + wavpackenc fails for channels > 2

==== gstreamer-plugins-libav ====
Version update (1.28.2 -> 1.28.4)

- Update to version 1.28.4:
  + avdemux: Always free AVIOContext and open failure and don't
    dereference NULL AVFormatContext
  + avprotocol: Don't free GstFFMpegPipe when closing the
    AVIOContext
- Update to version 1.28.3:
  + No changes, stable bump only

==== gstreamer-plugins-rs ====
Version update (1.28.3 -> 1.28.4)

- Update to version 1.28.4:
  + fmp4mux: Fix draining in chunk mode after partial GOPs were
    drained
  + Rtp2Session: add ParamSpec for property stats
  + rtspsrc2: Add support for SET_PARAMETER and GET_PARAMETER
    using signals
  + rtspsrc2: Add support for SRTP
  + rtspsrc2: Add TLS support
  + rtspsrc2: handle parse errors with tcp interleaved rtsp
    more gracefully
  + rtspsrc2: Implement authentication support
  + rtspsrc2: Implement support for HTTP tunnelling
  + rtspsrc2: Implement support for keep alive
  + rtspsrc2: Implement support for streams
  + rtspsrc2: Include user-agent property in HTTP tunnel requests
  + rtspsrc2: Support TLS validation flags for server certificate
  + rtspsrc2: Support latency configuration property
  + rtspsrc2: Update README with implemented features
  + st2038combiner: only forward video pad segment
  + webrtc: set level in negotiated caps only if level asymmetry
    not allowed
  + webrtcsink: handle payloader timestamp-offset prop type
    variants
  + webrtcsrc, webrtcsink: Fix SDP renegotiation bugs
  + Added script to convert git sourced dependencies to crates.io
    packages
  + gst-plugin-version-helper: Relax version requirements and
    update to 0.8.4

==== gstreamer-plugins-ugly ====
Version update (1.28.2 -> 1.28.4)

- Update to version 1.28.4:
  + realmedia: Fixes for various out-of-bounds reads
- Update to version 1.28.3:
  + No changes, stable version bump only.

==== gwenview ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== hplip ====
Subpackages: hplip-base hplip-common hplip-cups hplip-driver-hpcups hplip-sane libhplip0

- hp-plugin: fix plugin installation from local file (lp#2154206)
  * add pluginhandler-fix-plugin-installation-from-local-fil.patch

==== hyphen ====
Version update (2.8.8 -> 2.8.9)

- Update to version 2.8.9
  - new public API: hnj_hyphen_load_data, loads a dictionary from a
    raw memory buffer (Resolves #4, contributed by Roman "SBKarr"
    Katuntsev). Useful for Android, embedded systems, and any caller
    holding dict bytes in memory.
  - Windows long-path support via _wfopen (fdo#48017, originally from
    LibreOffice)
  - many memory-safety fixes for malformed dictionaries and adversarial
    word input, found via libFuzzer + ASan + LSan: crashes
    in the rep-application loop, lhmin/rhmin loops, hyphword/norm
    compaction; infinite-recursion guards in the compound hyphenation
    path; leak fixes in the dict parser and in every site that writes
    into the (*rep)/(*pos)/(*cut) arrays
  - fuzz harness (fuzz/) shipping with the source

==== iagno ====
Version update (50.0 -> 50.0+8)

- Update to version 50.0+8:
  + Updated translations.

==== incidenceeditor ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libKPim6IncidenceEditor6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * incidencedatetime.cpp - consider allday setting when validating
  * Adapt to KMime having moved to Frameworks

==== kaccounts-integration ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libkaccounts6-2

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kaccounts-providers ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kaddressbook ====
Version update (26.04.1 -> 26.04.2)
Subpackages: kaddressbook-doc libKPim6AddressbookImportExport6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kalgebra ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kamera ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kanagram ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kapptemplate ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kate ====
Version update (26.04.1 -> 26.04.2)
Subpackages: kate-plugins

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * fix comment
  * fix urlinfo for relative files with line
  * diffwidget.cpp - include QDir to fix compile
  * ensure we hide the buttons in the view space if no tabs & nav bar there (alternative implementation) (kde#515133)
  * Use proper working directory when invoking git (kde#519685)

==== kbruch ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kcachegrind ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kcalc ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kcalutils ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libKPim6CalendarUtils6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * incidenceformatter.cpp - fix start-end times for recurring events(again)
  * Revert "incidenceformatter.cpp - fix start-end times for recurring events"
  * incidenceformatter.cpp - html clean descs for displayview and tooltips
  * incidenceformatter.cpp - cleanHtml - use QTextDocumentFragment::fromHtml
  * incidenceformatter.cpp - fix start-end times for recurring events

==== kcharselect ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kcolorchooser ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kde-dev-utils ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kdeedu-data ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kdegraphics-mobipocket ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kdegraphics-thumbnailers ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kdenetwork-filesharing ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kdepim-addons ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kdepim-runtime ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * Adapt to KMime having moved to Frameworks

==== kdialog ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kernel-source ====
Version update (7.0.11 -> 7.0.12)
Subpackages: kernel-64kb kernel-default

- Linux 7.0.12 (bsc#1012628).
- Input: usbtouchscreen - clamp NEXIO data_len/x_len to URB
  buffer size (bsc#1012628).
- ACPI: button: Fix ACPI GPE handler leak during removal
  (bsc#1012628).
- ACPI: button: Enable wakeup GPEs for ACPI buttons at probe time
  (bsc#1012628).
- xfrm: move policy_bydst RCU sync from per-netns .exit to
  .pre_exit (bsc#1012628).
- net/sched: sch_sfb: Replace direct dequeue call with peek and
  qdisc_dequeue_peeked (bsc#1012628).
- nfc: llcp: Fix use-after-free in llcp_sock_release()
  (bsc#1012628).
- nfc: llcp: Fix use-after-free race in nfc_llcp_recv_cc()
  (bsc#1012628).
- xfrm: Check for underflow in xfrm_state_mtu (bsc#1012628).
- nfc: nxp-nci: i2c: use rising-edge IRQ on ACPI systems
  (bsc#1012628).
- tools/bootconfig: Fix buf leaks in apply_xbc (bsc#1012628).
- HID: remove duplicate hid_warn_ratelimited definition
  (bsc#1012628).
- kunit: fix use-after-free in debugfs when using kunit.filter
  (bsc#1012628).
- accel/rocket: fix UAF via dangling GEM handle in create_bo
  (bsc#1012628).
- netfilter: synproxy: refresh tcphdr after skb_ensure_writable
  (bsc#1012628).
- netfilter: xt_cpu: prefer raw_smp_processor_id (bsc#1012628).
- netfilter: ebtables: fix OOB read in compat_mtw_from_user
  (bsc#1012628).
- netfilter: nf_tables: fix dst corruption in same register
  operation (bsc#1012628).
- tun: free page on short-frame rejection in tun_xdp_one()
  (bsc#1012628).
- tap: free page on error paths in tap_get_user_xdp()
  (bsc#1012628).
- tun: free page on build_skb failure in tun_xdp_one()
  (bsc#1012628).
- vsock: keep poll shutdown state consistent (bsc#1012628).
- net: netlink: fix sending unassigned nsid after assigned one
  (bsc#1012628).
- net: netlink: don't set nsid on local notifications
  (bsc#1012628).
- net/smc: Do not re-initialize smc hashtables (bsc#1012628).
- net/iucv: fix locking in .getsockopt (bsc#1012628).
- scsi: core: Run queues for all non-SDEV_DEL devices from
  scsi_run_host_queues (bsc#1012628).
- scsi: scsi_debug: Add missing newline in
  scsi_debug_device_reset() (bsc#1012628).
- ipv4: free net->ipv4.sysctl_local_reserved_ports after
  unregister_net_sysctl_table() (bsc#1012628).
- ALSA: hda: cs35l56: Fix system name string leaks (bsc#1012628).
- ALSA: pcm: oss: Fix setup list UAF on proc write error
  (bsc#1012628).
- ASoC: Intel: bytcht_es8316: Fix MCLK leak on init errors
  (bsc#1012628).
- net/mlx5: HWS: Reject unsupported remove-header action
  (bsc#1012628).
- net: hsr: fix potential OOB access in supervision frame handling
  (bsc#1012628).
- accel/ivpu: prevent uninitialized data bug in debugfs
  (bsc#1012628).
- gpio: mxc: fix irq_high handling (bsc#1012628).
- drm/i915/aux: use polling when irqs are unavailable
  (bsc#1012628).
- net: Avoid checksumming unreadable skb tail on trim
  (bsc#1012628).
- ethtool: rss: avoid modifying the RSS context response
  (bsc#1012628).
- ethtool: rss: add missing errno on RSS context delete
  (bsc#1012628).
- ethtool: rss: fix falsely ignoring indir table updates
  (bsc#1012628).
- ethtool: rss: fix indir_table and hkey leak on get_rxfh failure
  (bsc#1012628).
- ethtool: rss: fix hkey leak when indir_size is 0 (bsc#1012628).
- ethtool: rss: avoid device context leak on reply-build failure
  (bsc#1012628).
- ethtool: module: call ethnl_ops_complete() on module flash
  errors (bsc#1012628).
- ethtool: module: avoid leaking a netdev ref on module flash
  errors (bsc#1012628).
- ethtool: module: avoid racy updates to dev->ethtool bitfield
  (bsc#1012628).
- ethtool: module: check fw_flash_in_progress under rtnl_lock
  (bsc#1012628).
- ethtool: module: fix cleanup if socket used for flashing
  multiple devices (bsc#1012628).
- ethtool: cmis: require exact CDB reply length (bsc#1012628).
- ethtool: cmis: fix u16-to-u8 truncation of msleep_pre_rpl
  (bsc#1012628).
- ethtool: cmis: validate start_cmd_payload_size from module
  (bsc#1012628).
- ethtool: cmis: validate fw->size against start_cmd_payload_size
  (bsc#1012628).
- cxl/test: Update mock dev array before calling
  platform_device_add() (bsc#1012628).
- tunnels: load network headers after skb_cow() in
  iptunnel_pmtud_build_icmp[v6]() (bsc#1012628).
    ... changelog too long, skipping 1174 lines ...
- commit c8ca8cf

==== kgeography ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== khangman ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== khelpcenter ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kidentitymanagement ====
Version update (26.04.1 -> 26.04.2)
Subpackages: kidentitymanagement-lang libKPim6IdentityManagementCore6 libKPim6IdentityManagementWidgets6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kig ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kimap ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libKPim6IMAP6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * Adapt to KMime having moved to Frameworks

==== kio-extras ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libkioarchive6-6 trash_kcm

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kio_audiocd ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kiten ====
Version update (26.04.1 -> 26.04.2)
Subpackages: fonts-KanjiStrokeOrders

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kitinerary ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libKPim6Itinerary6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * Add extractor script for BDŽ (Bulgarian State Railways) PDF tickets
  * Adapt to Poppler 26.06 API changes
  * Fix required Qt version
  * Reflect the move of KMime to Frameworks in the dependency data
  * Add Condor PKPass extractor

==== kldap ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libKPim6LdapCore6 libKPim6LdapWidgets6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kleopatra ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * Make it build with GpgME 1.24.2
  * Require GpgME 1.24.2 instead of GpgME 2.0
  * Adapt to KMime having moved to Frameworks
  * Fix required Qt version

==== kmag ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kmahjongg ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kmail ====
Version update (26.04.1 -> 26.04.2)
Subpackages: kmail-application-icons ktnef

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * Adapt to KMime having moved to Frameworks

==== kmail-account-wizard ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * Adapt to KMime having moved to Frameworks

==== kmailtransport ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libKPim6MailTransport6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kmbox ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libKPim6Mbox6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * Don't run benchmarks as part of autotests on the CI
  * Adapt to KMime having moved to Frameworks

==== kmime ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libKPim6Mime6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * Don't accept headers without a name

==== kmines ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kmousetool ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kmplot ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kompare ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== konsole ====
Version update (26.04.1 -> 26.04.2)
Subpackages: konsole-part konsole-part-lang

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * Fix copy command causing scroll to bottom

==== kontact ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kontactinterface ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libKPim6KontactInterface6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== konversation ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== korganizer ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * Adapt to KMime having moved to Frameworks

==== kpat ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kpimtextedit ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libKPim6TextEdit6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kpkpass ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libKPim6PkPass6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kqtquickcharts ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kreversi ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== ksanecore ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * Fix crash on skanlite startup (kde#517465)

==== ksmtp ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libKPim6SMTP6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== ksudoku ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== ktnef ====
Version update (26.04.1 -> 26.04.2)
Subpackages: ktnef-debug-categories libKPim6Tnef6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== ktouch ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kwalletmanager ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== kwordquiz ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== ldns ====
Version update (1.9.0 -> 1.9.2)
Subpackages: libldns3

- Update to version 1.9.2
  Insufficient verification that responses belong to a query
  (CVE-2026-10846, bsc#1267670)
- ldns.keyring: updated from https://nlnetlabs.nl/signing-keys/

==== less ====
Version update (702 -> 704)

- Update to 704:
  * Fix possibly passing unsafe options to man when opening an OSC
    8 link
  * Fix possibly sending unsafe OSC sequence to terminal when file
    contains an unterminated OSC sequence
  * In Examine and Shell commands, expand % and # to shell-escaped
    filenames

==== lftp ====

- Revert changes to "lftp-4.9.2-cdefs.patch" from 2025-08-06. The
  updated patch does not apply to our code and breaks the build on
  ppc64le. We'll stick to our local copy for the time being instead
  of following src.fedoraproject.org.

==== libabw ====
Version update (0.1.3 -> 0.1.4)

- Update to 0.1.4:
  - Fix a memory access error found by oss-fuzz.
  - Configure with --disable-werror by default.
  - Disable expanding entities by XML parser as a vulnerability
    prevention measure. Abiword-saved documents do not contain entities,
    so there is no difference in behavior.

==== libcacard ====
Version update (2.8.1 -> 2.8.2)

- Update to version 2.8.2
  * Sort certificates by underlying objects CKA_ID to provide deterministic
    object order
  * Avoid using uninitialized memory
  * Improve test coverage and build scripts
  * Improve compatibility with modern compilers (avoid strict warnings)

==== libcdr ====
Version update (0.1.8 -> 0.1.9)

- version update to 0.1.9
  * Upgrade m4 macros.
  * Fix crash appear with format CDR 14 and Gradients (tdf#130914, tdf#158268)
  * Fixes parsing CDR7 files with no bbox surrounding text objects (tdf#98994)

==== libdmapsharing ====
Version update (3.9.13 -> 3.9.14)

- Update to version 3.9.14:
  + Always install dmap-transcode-stream.h
  + Account for type mismatch
  + Print warning if filter string contains bad parenthesis or
    quote
  + Eliminate unnecessary variables

==== libdv ====

- Add libdv-gcc16.patch to fix the build with GCC 16

==== libetonyek ====

- Force -std=gnu++17 when building with GCC >= 16

==== libgravatar ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libKPim6Gravatar6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== libkcddb-qt6 ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libKCddb5

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== libkdcraw ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libKDcrawQt6-5 libkdcraw-qt6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== libkdegames ====
Version update (26.04.1 -> 26.04.2)
Subpackages: kdegames-carddecks-default libKDEGames6 libkdegames-imports

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== libkdepim ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libKPim6Libkdepim6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== libkeduvocdocument ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== libkexiv2-qt6 ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libKExiv2Qt6-0

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== libkgapi6 ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libKPim6GAPICalendar6 libKPim6GAPICore6 libKPim6GAPIPeople6 libKPim6GAPITasks6 libkgapi6-lang libkgapi6-sasl2-kdexoauth2

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== libkleo ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libKPim6libkleo6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * Require GpgME 1.24.2 instead of GpgME 2.0

==== libkmahjongg ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libKMahjongg6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== libkomparediff2 ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== libksane ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libKSaneWidgets6 libksane-icons libksane-lang

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== libksieve ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libksieve6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * Adapt to KMime having moved to Frameworks

==== liblangtag ====
Version update (0.6.7 -> 0.6.8)

- version update to 0.6.8
  * Update configure.ac for obsolete function
  * Fix build fail when srcdir != builddir
  * Add --disable-locale-alias build option
  * Bump the libtool revision.
  * Do not include merge commits in NEWS
  * const up __lt_localealias_tables
  * configure.ac: check for dlfcn.h
  * configure.ac: support slibtool
  * configure.ac: fix typo
  * build: don't overwrite LIBS
  * update ax_pthread.m4
  * Fix building on MinGW-w64

==== libmspub ====
Version update (0.1.4 -> 0.1.5)

- Version update to 0.1.5:
  * Fix several problems found by oss-fuzz.
  * Fix regression in closing shape groups that caused missing shapes on
    second and subsequent pages. (tdf#116018)
- deleted patches
  * fix-missing-include.patch (upstreamed)
  * libmspub-0.1.4-gcc15.patch (upstreamed)

==== libqxp ====
Version update (0.0.2 -> 0.0.3)

- update to 0.0.3:
  * Memory safety fixes

==== libstorage-ng ====
Version update (4.5.328 -> 4.5.330)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1

- Translated using Weblate (Danish) (bsc#1149754)
- 4.5.330
- Translated using Weblate (Danish) (bsc#1149754)
- 4.5.329

==== libvisio ====
Version update (0.1.9 -> 0.1.11)

- version update to 0.1.11
  * Memory safety fixes
  * More work on better handling of theme colors (tdf#168475)

==== libzypp ====
Version update (17.38.11 -> 17.38.13)

- A .repo files "path=" entry must not refer to a location
  outside the repo (bsc#1267874, CVE-2026-44942)
  A "path=" entry may solely denote a sub-directory of the baseurl
  where the metadata are located. A relative path trying to access
  data outside the baseurl is reported and sanitized.
- version 17.38.13 (35)
- Repo "keyhint" must denote a filename, no path (bsc#1267426,
  CVE-2026-44941)
- version 17.38.12 (35)

==== lokalize ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * flatpak: Fix socket permissions

==== mailcommon ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libKPim6MailCommon6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * Adapt to KMime having moved to Frameworks

==== mailimporter ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libKPim6MailImporter6 libKPim6MailImporterAkonadi6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * Adapt to KMime having moved to Frameworks

==== mariadb ====
Version update (11.8.8 -> 12.3.2)
Subpackages: libmariadbd19 mariadb-client mariadb-errormessages

- Update to 12.3.2:
    https://mariadb.com/docs/release-notes/community-server/12.3/12.3.2
    https://mariadb.com/docs/release-notes/community-server/changelogs/12.3/12.3.2
    https://mariadb.com/docs/release-notes/community-server/12.3/mariadb-12.3-changes-and-improvements
- Refresh fix-pamdir.patch
- Update list of skipped tests
- Remove --ssl option when running the test suite as it was causing some failures
- Remove INFO_SRC (dropped upstream)
- Adjust file list and removal of systemd unit files for upstream changes in the galera config

==== markdownpart ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== mbox-importer ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== messagelib ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * Fix logic, we need to execute code if we find photo
  * Adapt to KMime having moved to Frameworks

==== mimetreeparser ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libKPim6MimeTreeParserCore6 libKPim6MimeTreeParserWidgets6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * Fix required Qt version
  * Adapt to KMime having moved to Frameworks

==== mpg123 ====
Version update (1.33.5 -> 1.33.6)
Subpackages: libmpg123-0 mpg123-openal

- Update to version 1.33.6
  * mpg123
    + Prepare for const-returning strchr().
    + Hide seq_len debugging counter in non-debug mode.
  + Fix memory leak with --network internal due to inverted NULL
    check in net123_close_internal() (handle never NULL in
    practice, though).
  * mpg123, out123: Fix strrchr() usage to be more const and
    correct under C99 as well as C23.
  * mpg123-strip: Also use largefile API properly using
    mpg123config.h, but without actual effect at least on
    Linux/x86. It is cleaner that way, though.
  * libmpg123: Remove unused loop variable in layer2 left over
    from runtime table elimination (32 bit mmx/sse code).

==== ncurses ====
Version update (6.6.20260530 -> 6.6.20260608)
Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen

- Pre work for ABI 7
- Add ncurses patch 20260608
  + amend *.map to put recent cookie-related functions in a new tinfo
    ".current" section (report by Sven Joachim).
  + add npc to kmscon, fixing flash -TD
- Add ncurses patch 20260607
  + actually add kmscon (report by Branden Robinson)
- Add ncurses patch 20260606
  + add kmscon (report by Jocelyn Falempe) -TD
  + fix a minor regression in infocmp -g option.
  + fixes for compiler warnings/cppcheck.

==== netcfg ====

- Patch services file in %prep instead of in %install
- Spec cleanup
- Add missing %verify(not mode) (boo#1263098)
- services: remove invalid SIEVE entry, again (was fixed and
  broken again in 2013 already) boo#1243708, boo#822653

==== netpbm ====
Version update (11.12.0 -> 11.14.0)
Subpackages: libnetpbm11

- disable test/pnmhisteq.test
- version update to 11.14.0
  * pcxtoppm: fix determination that palette in image is all one
    color (so probably in error) based on random memory access.
    Always broken (all-one-color feature was added in July 1995).
  * pbmtext: fix crash when input text contains a character with
    code >127.  Broken in Netpbm 10.82 (March 2018).
  * pnmhisteq: fix incorrect output with -gray: color pixels
    changed, gray pixels left alone.  Broken in Netpbm 10.30
    (October 2005).
  * asciitopgm: fix crash with missing height or width argument.
    Always broken (asciitopgm was new in the 1994 Netpbm release).
  * asciitopgm: fix crash with zero divisor.
    Always broken (asciitopgm was new in the 1994 Netpbm release).
  * libnetpbm: fix crash when caller of pm_selector_mark attempts to
    mark or test mark of out-of-bounds code point.  Abort program
    with error message instead.  Broken since Netpbm 10.91 (June
    2020).
  * build: remove ancient non-prototype function declarations; C23
    doesn't have them, so compilation fails with modern compilers.
  * build: fix compile failure of libjasper with -DDEBUG .  Broken
    some time in Netpbm 10.27 (March 2005) through 10.35 (August
    2006)).
  * pnmmargin: improve error messages.
- modified patches
  * netpbm-gcc-warnings.patch (refreshed)

==== okular ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== openSUSE-release ====
Version update (20260605 -> 20260613)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd

- automatically generated by openSUSE-release-tools/pkglistgen

==== openexr ====
Version update (3.4.11 -> 3.4.12)
Subpackages: libIex-3_4-33 libIlmThread-3_4-33 libOpenEXR-3_4-33 libOpenEXRCore-3_4-33

- version update to 3.4.12
  * Fix several minor memory leaks recovering from reading invalid
    files.
  * The compressor API incorrectly identfied `HTJ2K` and `HTJ2K256` as
    lossy; they are lossles.
  * Fix CMake AVX feature detection that caused DWA SIMD code to fail on
    certain architectures.
  * The `WidenFilename` utility function is marked as deprecated, to be
    removed in a future release.
  * `exrmetrics` now print the on-disk size of the data portion of each
    part. Useful for determining compression impact on part data
  * Reject files where the dataWindows does not match the
    pixel array dimensions.
  * Support NumPy float vector attributes
  * Reading now skips over invalid parts, returns the valid parts only.
  * Doc strings have proper indentation
  * [CVE-2026-45696](https://www.cve.org/CVERecord?id=CVE-2026-45696)
  OpenEXR `ht_undo_impl` heap-buffer-overflow READ via
  codestream/channel width mismatch in HTJ2K decode
  * [CVE-2026-44663](https://www.cve.org/CVERecord?id=CVE-2026-44663)
  Integer overflow in HTJ2K decoder ( `ht_undo_impl` ) leading to
  heap-buffer-overflow
  * [OSS-Fuzz 512895184](https://issues.oss-fuzz.com/issues/512895184)
  * [OSS-Fuzz 512314697](https://issues.oss-fuzz.com/issues/512314697)
  * [OSS-Fuzz 508362159](https://issues.oss-fuzz.com/issues/508362159)
  * [OSS-Fuzz 507413960](https://issues.oss-fuzz.com/issues/507413960)

==== opensc ====
Subpackages: opensc-bash-completion

- added patches
  CVE-2026-10275: global buffer overflow during key pair generation tests due to missing input validation [bsc#1267246]
  * opensc-CVE-2026-10275.patch

==== openssl-3 ====
Subpackages: libopenssl3

- Security fixes:
  * CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7_verify() (bsc#1266357)
  * CVE-2026-45446: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes (bsc#1266356)
  * CVE-2026-42770: FFC-DH Peer Validation Uses Attacker-Supplied q (bsc#1266353)
  * CVE-2026-45445: AES-OCB IV Ignored on EVP_Cipher() Path (bsc#1266355)
  * CVE-2026-42767: NULL Pointer Dereference in CRMF EncryptedValue Decryption (bsc#1266350)
  * CVE-2026-42768: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt() (bsc#1266351)
  * CVE-2026-42769: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate (bsc#1266352)
  * CVE-2026-42766: Possible NULL Dereference in Password-Based CMS Decryption (bsc#1266349)
  * CVE-2026-34183: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler (bsc#1266345)
  * CVE-2026-42764: NULL pointer dereference in QUIC server initial packet handling (bsc#1266347)
  * CVE-2026-34182: CMS AuthEnvelopedData Processing May Accept Forged Messages (bsc#1266344)
  * CVE-2026-9076:  Out-of-Bounds Read in CMS Password-Based Decryption (bsc#1266341)
  * CVE-2026-7383:  Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion (bsc#1266340)
  * CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing (bsc#1266342)
  * Add patches:
    openssl-CVE-2026-45447.patch
    openssl-CVE-2026-45446.patch
    openssl-CVE-2026-42770.patch
    openssl-CVE-2026-45445.patch
    openssl-CVE-2026-42767.patch
    openssl-CVE-2026-42768.patch
    openssl-CVE-2026-42769.patch
    openssl-CVE-2026-42766.patch
    openssl-CVE-2026-34183.patch
    openssl-CVE-2026-42764.patch
    openssl-CVE-2026-34182.patch
    openssl-CVE-2026-9076.patch
    openssl-CVE-2026-7383.patch
    openssl-CVE-2026-34180.patch

==== parley ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== patterns-base ====
Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-x11 patterns-base-x11_enhanced

- only do Requires: libyui-ncurses-pkg and libyui-qt-pkg if
  Tumbleweed since libyui is no longer available in Leap 16.1

==== perl-Cpanel-JSON-XS ====
Version update (4.410.0 -> 4.420.0)

- updated to 4.420.0 (4.42)
  see /usr/share/doc/packages/perl-Cpanel-JSON-XS/Changes
  4.42 2026-06-27 (rurban)
  - Ensure encode with a type spec hashref does not change the hashref argument (GH #240)
  - Fix -e docs: "written" → "read" (GH #239, reported by Ron Savage).
  - Fix Boolean eq overload matching undef (GH #207, reported by fd-t).
    Cpanel::JSON::XS::Boolean overloaded eq would match undef as equal
    to false because undef stringifies to "". Added defined() guard.
  - Fix error messages showing overloaded stringification for blessed
    objects (GH #191, reported by karenetheridge). Error messages now
    use ClassName=TYPE(addr) format, bypassing any "" overload.
  - Fix type_all_string overriding allow_blessed/convert_blessed (GH #175,
    reported by alpha6). With type_all_string + allow_blessed, blessed
    objects are now encoded as null (not stringified as HASH address).
  - Fix infinite recursion when encode is called from a "" overload
    (GH #128, reported by pbrthemaster). The recursion guard temporarily
    clears convert_blessed and allow_stringify flags on the JSON object
    before calling the overload, preventing re-entrant encode loops.
  - Fix $obj->new creating a broken object (GH #93, reported by cpansprout).
    When new() is called on an existing object (e.g. $json->new->new),
    the class name is now extracted from the object's stash rather than
    using the stringified reference.
  - Change allow_nonref default to true (GH #241, matching JSON::PP and
    JSON::XS 4.0+ and the insecure RFC 7159).
    encode and decode now accept non-reference values by default.
    decode_json() with an explicit 0/1 second argument still works.
    allow_nonref(0) to disable scalars-only for secure JSON.
  - Fix minor t/12_blessed.t typo.
  - Fix GH #112: encode large whole-number NV values without .0 on
    32-bit Perl (values exceeding UV_MAX that Perl stores as float).
  - Fix GH #197: prefer IOK over pNOK when encoding values where
    IV is accurate but NV is imprecise (SvNOK not set).

==== perl-GD ====
Version update (2.830.0 -> 2.860.0)

- updated to 2.860.0 (2.86)
  see /usr/share/doc/packages/perl-GD/ChangeLog
  2.86    * Fix CVE-2026-11526, command injection via 2-arg open() in _make_filehandle.
  CWE-78, CWE-73 (Reported and fixed by Paul Johnson)
  2.85    * Tolerate runtime TIFF decode failures in autodetect (GH #62)
  * Replace cpm with cpanm in github actions
  * Fixed a minor precedence bug in t/z_manifest.t
  2.84    * Added Makefile.PL --with and --without options to bypass autodetection
  errors or upstream libgd or subsequent library errors, as
  libtiff 4.5.1+git230720 wrongly packaged on ubuntu/debian (GH #55).
  * Better support MSWin32 without gdlib.pc. Requires manual --options and
  - -lib_gd_path.
  * Workaround broken ExtUtils::PkgConfig->find (GH #61)
  * Fixed snprintf for newer MSVC (>= VS 2015)
  * Added GD::Image::supported() image types method.
  * Added newFromTiffData() method.
  * Fixed t/GD.t for unsupported image types.
  * Add GIFANIM to the default since 2.0.33 (PeterCJ GH #56)
  * Honor PKG_CONFIG_PATH for finding gdlib.pc (PeterCJ GH #57)
  * Add demos/png2jpeg.pl

==== perl-HTTP-Message ====
Version update (7.10.0 -> 7.20.0)

- updated to 7.20.0 (7.02)
  see /usr/share/doc/packages/perl-HTTP-Message/Changes
  7.02      2026-06-05 23:28:36Z
  - now handling HTTP method '0' (GH#211) (Karen Etheridge)

==== perl-IO-Tty ====
Version update (1.290.0 -> 1.310.0)

- updated to 1.310.0 (1.31)
  see /usr/share/doc/packages/perl-IO-Tty/ChangeLog
  1.31 2026-05-24 Todd Rinaldo <toddr@cpan.org>
    Bug Fixes:
  * GH #91, PR #94 - Fix v1.27 regression where _open_tty() always passed
    O_NOCTTY, preventing make_slave_controlling_terminal() from acquiring
    a controlling terminal via the POSIX-standard open-without-O_NOCTTY
    mechanism (it was forced to fall through to an explicit TIOCSCTTY
    ioctl). _open_tty() now takes an optional noctty flag (default 1 for
    backward compatibility); make_slave_controlling_terminal() passes 0.
  * GH #92, PR #93 - Fix openpty() detection on Fedora 33-34 / glibc
    2.32-2.33 where LTO flags (-flto=auto) caused the libc-only compile
    probe to falsely succeed, producing "undefined symbol: openpty" at
    runtime. Try -lutil before libc; harmless on systems where openpty
    lives in libc (glibc 2.34+, musl) and necessary where it doesn't.
    Maintenance:
  * PR #90 - Address CPANTS kwalitee issues: add LICENSE, SECURITY.md,
    and CONTRIBUTING.md; add META `provides` for IO::Tty, IO::Pty, and
    IO::Tty::Constant; use --format=ustar in TARFLAGS to prevent
    PaxHeader entries in distribution tarballs.
  * Clean up MANIFEST.SKIP: add #!include_default so ExtUtils::Manifest's
    built-in skip list is in effect, drop five entries that duplicate
    those defaults, and add a ^\.claude/ rule.

==== perl-WWW-RobotRules ====
Version update (6.02 -> 6.30.0)

- updated to 6.30.0 (6.03)
  see /usr/share/doc/packages/perl-WWW-RobotRules/Changes

==== perl-XML-LibXML ====
Version update (2.0212 -> 2.0213)

- updated to 2.0213
  see /usr/share/doc/packages/perl-XML-LibXML/Changes
  2.0213  2026-05-21
    [SECURITY / BUG FIXES]
  - Revert PR #143 per the libxml2 author's request. PR #143 added a
    URL-scheme filter inside LibXML_load_external_entity and removed
    the EXTERNAL_ENTITY_LOADER_FUNC == NULL guards on the five
    Schema/RelaxNG NONET swap sites, on the premise that
    no_network on one parser should override a user-installed global
    externalEntityLoader. Nick Wellnhofer clarified that this
    contradicts upstream intent: XML_PARSE_NONET only polices
    libxml2's default loader; a user who installs a global loader is
    explicitly opting out of that policy, and the http/https/ftp
    allowlist was never a real security boundary. Reverted in full;
    PR #138's lifecycle/memory-safety fixes are kept.
  - GH #168
    [BUG FIXES]
  - Fix latent SEGV in _externalEntityLoader. The XS code returned
    &PL_sv_undef as RETVAL when no previous global loader existed.
    Because xsubpp auto-mortalizes SV* RETVAL, each call mortalized
    the PL_sv_undef singleton, eventually driving its refcount
    negative and producing "Attempt to free unreferenced scalar"
    followed by SEGV under repeated invocation. Now returns
    newSV(0) so RETVAL is always a fresh refcount-1 SV safe to
    mortalize. The bug shipped in 2.0212 with PR #138's lifecycle
    fixes; this is a single-line correction to that code path.
    [MAINTENANCE]
  - Add t/49global_extent_with_no_network.t, 17 subtests locking in
    the entity-loader contract restored by the GH #168 revert: a
    user-installed global loader takes precedence over no_network
    across plain XML parse, RelaxNG, and XML Schema, while
    no_network without any loader still blocks via libxml2's
    default loader.
  - Document the entity-loader contract in CLAUDE.md
    ("Entity loaders, no_network, and XML_PARSE_NONET") plus a
    "Verifying audit-flagged security findings" checklist to keep
    pattern-matched "security fixes" like PR #143 from shipping
    again.

==== perl-XML-NamespaceSupport ====
Version update (1.12 -> 1.120.0)

- See https://github.com/openSUSE/cpanspec/issues/47 for details

==== pim-data-exporter ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * Adapt to KMime having moved to Frameworks

==== pim-sieve-editor ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * Use dependencies from stable branches

==== pimcommon ====
Version update (26.04.1 -> 26.04.2)
Subpackages: libKPim6PimCommon6 libKPim6PimCommonAkonadi6

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== pinentry ====

- Force -std=gnu++17 when building with GCC 16 to fix the broken
  build

==== pinentry-gui ====
Subpackages: pinentry-gnome3 pinentry-gtk2 pinentry-qt6

- Force -std=gnu++17 when building with GCC 16 to fix the broken
  build

==== policycoreutils ====
Subpackages: policycoreutils-python-utils python313-policycoreutils

- Reintroduce sandbox package (bsc#1266226) and a couple quality of life
  improvements:
    add policycoreutils-sandbox-fix-cleanup.patch
    add sandbox-sandbox-fix-saving-file-changes.patch

==== python-M2Crypto ====
Version update (0.46.2 -> 0.48.0)

- Upgrade to 0.48.0:
  - doc: another move … this time to Codeberg (and communication
    to Matrix)
  - test(smime): parametrize test_write_pkcs7_der
  - test(smime): fix test_signEncryptDecryptVerify
  - fix(util): return bytes from passphrase callbacks
  - fix(SSL.Checker): add IDN Chinese name
  - test(ssl): add IDN certificate fixture coverage
  - test(ssl): cover IDN hostname matching in Checker
  - doc: update expected Name format in migration guide
  - fix(smime): S/MIME signature verification for Outlook and
    Thunderbird
  - fix(provider): handle OSSL_STORE_INFO_PUBKEY compat. for
    OpenSSL < 3.2
  - fix: cast X509_dup in sk_X509_deep_copy to avoid type
    mismatch
  - fix(smime): S/MIME signature verification for Outlook and
    Thunderbird
  - fix(smime): remove obsolete Python pre-3.6 constructs
  - ci: run on Codeberg with forgejo_runner
  - doc: clarify the status of the project
  - fix(provider): adjust the CI run on Gitea for the older
    OpenSSL on Debian
  - fix(evp): narrow digest and BIO pointers for mypy
  - fix(init): acommodate modern packaging API
  - doc: IRC channel is on Libera, Ergo was a wrong idea
  - fix(tests): remove duplicate definition of IS_DEBIAN in
    test_ssl
  - fix(test_bio_ssl): fix TLS 1.3 deadlock and add socket
    timeouts
  - fix(test_bio_ssl): replace sys.exit() with self.fail() to
    prevent test process crash
  - ci: publish to PyPI with Sigstore attestations via Trusted
    Publishing
  - fix(authcookie): handle CookieError from Python 3.13.12+
    (CVE-2026-0672)
  - ci(leap): use setup.py bdist_wheel to bypass old pip PEP 517
    wrapper
  - fix(util): replace is_32bit with struct.calcsize and update
    tests
  - ci: add FreeBSD SourceHut CI build script
  - fix(swig): avoid clang GNUC pragma block before _lib.h
  - fix(provider): don't abuse TemporaryDirectory to be mkdtemp,
    use that directly.
  - fix(provider): gate provider APIs for OpenSSL 1.1.1
  - feat(provider): add key generation and destruction methods
  - docs(provider): add comprehensive documentation to Provider
    module
  - fix(provider): better exception handling
  - doc: add a simple AGENTS.md
  - feat(engine): add availability check, lifecycle helpers, and
    safer cleanup
  - doc(engine): Improve documentation and example of using
    Engine module
- Upgrade to 0.47.0:
  - feat: added full SWIG bindings for the ASN1_UTCTIME
  - refactor(SWIG): adopt Python Buffer Protocol for
    X509_NAME_ENTRY_set_data
  - fix: allow 64-bit time_t on 32-bit systems in test_is32bit
  - feat(provider): add initial OpenSSL providers support
  - feat: stop supporting 32bit packages on Windows
  - fix: improve detection of OpenSSL on Windows
  - ci: run doctest
  - fix: _matchIPAddress is failing
  - feat: Add degenerate PKCS7 (.p7c) support
  - fix(setup): add `packaging` as a requirement
  - feat(asn1): introduce dedicated ASN1_UTCTIME class
  - feat(CRL): add content of m2crypto-0.21.1-x509_crl.patch
  - refactor(x509): CRL handling and testing
  - feat: add function to provide the equivalent of `openssl
    ciphers`.
  - fix(X509): refactor new_extension to prevent memory
    corruption
  - ci: add tests showing the use of M2Crypto for STARTTLS
    protocol
  - doc: convert documentation to MyST
  - doc: various improvements of documentation
  - revert: remove support for Engine
  - fix(engine): make the compilation of Engine conditional on
    OPENSSL_NO_ENGINE
  - fix(https): make HTTPS Connection work with Proxy
  - doc: add an example of using HTTPS with PKCS#11 Engine

==== python-rich ====
Version update (14.3.3 -> 15.0.0)

- update to 15.0.0:
  * Breaking change: Dropped support for Python3.8
  * Fixed empty print ignoring the `end` parameter
  * Fixed `Text.from_ansi` removing newlines
  * Fixed `FileProxy.isatty` not proxying
  * Fixed inline code in Markdown tables cells
  * Improved import time with lazy loading
  * Changed link id generation to avoid random number generation
    at runtime https://github.com/Textualize/rich/pull/3845

==== qrca ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== rav1e ====

- Update cargo dependencies (bsc#1249016 CVE-2025-58160).

==== rsync ====

- Add missing python3-base BR

==== ruby-common ====

- Fix gem_packages template for the alts case. We were always using
  spec.name when it should have been the loop variable executable.

==== salt ====
Subpackages: python311-salt salt-master salt-minion

- Calculate UUID grain for Xen PV guests (bsc#1255418)
- Added:
  * calculate-uuid-grain-for-xen-pv-guests-759.patch

==== sdl2-compat ====
Version update (2.32.68 -> 2.32.70)

- Update to release 2.32.70
  * Fixed showing the on-screen keyboard at application startup.

==== selinux-policy ====
Version update (20260526 -> 20260605)
Subpackages: selinux-policy-targeted

- move %postMigration from %posttrans to %post to finish migration
  and copy user/custom modules to /etc when zypper dup is aborted
  due different package issue or semodu invocation (fixes boo#1264463)
- Update to version 20260605:
  * Update dbus_role_template() with communication over unix dgram socket
  * Allow staff user read nsfs files
  * Allow staff user additional sandboxing permissions
  * Dontaudit sa-update perfmon and sys_admin capabilities
  * packit: Stop notifying martinpitt for Cockpit test failures
  * Allow the kernel to execute also special files
  * Bring back execmem permission for svirt_tcg_t
  * Dontaudit tlp_t requesting dac_read_search (bsc#1265386)
  * Leave content of virtqemud_use_execmem empty
  * Dontaudit libvirt-daemons execmem
  * Allow virtstoraged to setattr fixed disk devices
  * Dontaudit ksmtuned dac_read_search and dac_override capabilities
  * Remove unused hypervkvp_unit_file_t
  * Allow mock create and use its private tmpfs files
  * Allow samba-bgqd send to nmbd over a unix datagram socket
  * Vibecode Gitlab CI smoke test for Leap 16.0+
- Syncing with upstream rawhide selinux-policy up to:
  * 443befa43872b63a5c1d7773fca159fda2abf772
- Update embedded container-selinux version to commit:
  * d3e0ce57e97c38e1403c0eb5a29b10d5d6dd82c6 (v2.249.0)

==== sendmail ====
Subpackages: libmilter1_0

- Skip verification of the mode of sendmail binary (boo#1263098)

==== shotwell ====
Version update (0.32.16 -> 0.32.17)

- Update to version 0.32.17:
  + Fix issue with Flicker and non-latin titles

==== signon-kwallet-extension ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== skanlite ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== snapper ====
Subpackages: libsnapper8 snapper-lang snapper-zypp-plugin

- add dependencies to dbus in service files (see bsc#1265853)
- improved error handling when disconnected by dbus (see
  gh#openSUSE/snapper#223)
- improve error handling if uid of client cannot be detected
  (see bsc#1265853)
- Add snapper-sync to synchronize the highest snapshot number
  (gh#openSUSE/snapper#1128)

==== sqlite3 ====
Version update (3.53.1 -> 3.53.2)
Subpackages: libsqlite3-0 sqlite3-tcl

- Update to version 3.53.2:
  * Fixes for problems in 3.53.0 reported by users.
  * See the check-in timeline for details:
    https://sqlite.org/src/timeline?from=version-3.53.1&to=version-3.53.2

==== sssd ====
Version update (2.13.0 -> 2.13.1)
Subpackages: libnfsidmap-sss libsss_certmap0 libsss_idmap0 sssd-krb5-common sssd-ldap

- Update to release 2.13.1
  * Fixed an issue where SSSD fails to start when DNS is
    unresponsive.
  * SSSD no longer crashes if ``ldap_read_rootdse=never`` and
    ``enumerate=true`` is set.
- Add jwk.patch

==== step ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== sudo ====
Subpackages: sudo-plugin-python

- Fix missing %verify(not mode) %{_bindir}/sudo (bsc#1263098)

==== svgpart ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- No code change since 26.04.1

==== systemd ====
Version update (260.1 -> 260.2)
Subpackages: libsystemd0 libudev1 systemd-boot systemd-container udev

- Temporarily add
  1001-units-drop-Before-sockets.target-from-networkd-resol.patch until upstream
  releases it.
- Import commit a1ca0edbe97b747694600671445c19aa565f7b7e (merge of v260.2)
  For a complete list of changes, visit:
  https://github.com/openSUSE/systemd/compare/1e45daa2fb423eb95ad00dcc389e03cfea8f86dc...a1ca0edbe97b747694600671445c19aa565f7b7e
  This update includes the following fix:
    a2c799878a logind: keep lingering users at startup-time GC (bsc#1262305)

==== tcl ====
Version update (8.6.16 -> 8.6.18)

- Version 8.6.18:
  * Use correct equality => http 2.9.9
  * Unicode version 17
  * re-generate tclDate.c with bison 3.8.2, fixes clang-15
    compiler warnings
  * [77059c] TclPushVarName(): pointer overflow
    dde => 1.4.6
  * Add IWYU export pragma annotations for improved clangd and
    clang-tidy diagnostics
  * Install man-pages and pkg-config on Windows
  * some tests will fail if the system encoding is iso8859-1
  * raise error on empty regexp for unresolved variable
  * tcl_wordchars and tcl_nonwordchars documentation in two places
  * configure --enable-man-compression error
  * Update to zlib 1.3.2
  * String trim generates invalid utf-8 for some codepoints
  * Valgrind reported error in SetScriptLimitCallback
  * (feature) Adapt tcltest to support up to Tcl 9.1.
    => tcltest 2.5.11
  * crash in proc during namespace deletion
  * tzdata updated to Olson's tzdata2026b
- Version 8.6.17:
  * [63449c] [namespace children] doesn't match non-glob patterns
    below the global namespace
  * [fc3509] Better error-message than "interpreter uses an
    incompatible stubs mechanism"
  * [4f0b57] Win: [exec] now works on App Execution Aliases.
  * [4e2c8b] Win: [auto_execok] handles larger set of shell commands.
  * [ba68d1] errorline from [interp eval], interp-26.9
  * [fd8341] Tcl_InitStubs compatibility for 9.1, better
    error-handling
  * [42d14c] Fix scan with long mantissa.
    Ex.: scan "1.[string repeat 1 191]e-321" %g
  * [4f338b] add missing Tcl_CloseEx docs (nadkarni)
  * [ecf35c] Correct nested handling of return option -options
  * [ecafd8] Euro/Tail-sign missing from cp864 encoding
  * [6b0f77] gcc 14 breaks configure test for bigendian leading to
    broken floating point
  * [c9f052] prevent overflow crash in Tcl_SplitList().
  * [61c01e] Flawed ref counts in filesystem implementation for
    Windows led to use-after-free
  * dde => 1.4.5
  * [992f94] avoid misaligned pointers in macOS file attribute
    functions

==== texlive ====

- Skip verification of the mode of the public binary (boo#1263098)

==== tk ====
Version update (8.6.15 -> 8.6.18)

- New version 8.6.18:
  * [d93d96] Pointer arithmetic with NULL in ImgGetPhoto()
  * [6c4795] leak in XCreateBitmapFromData() in ImgGetPhoto()
  * [04e173] Add support for Copy/Cut/Paste keys in X11
  * [95da0f] tkpWinRopModes[GXnoop] is R2_NOT, should be R2_NOP
  * [2c240b] Install pkg-config file
  * [816739] Install man pages
  * [265ff2] Artifacts in a few themed widgets on x11 and aqua
  * [a80e5f] Core dump Tk_GetFontFromObj
  * [c23f79] Xft text is unusable for 32-bit visual when default
    visual is 24-bit
  * [44b34c] Fix crash on exit due to faulty asm code in DllMain
  * [4d2baa] Improve the look of the ttk::spinbox widgets in the
    built-in themes
  * [edd1a6] Lack of bounds checking in argument parsing for some
    widgets
  * [8e4fb0] crash in text sync subcommand
  * [c77b42] X11: crash by wm forget on menu
  * [5d2061] fails to build with glibc 2.43
  * [e2418c] Pointer warp relative to the screen's root window
    fails if the Tk root window is withdrawn
  * [7f67bb] Check recursive menu usage to avoid crash
  * [aca995] Get rid of the ugly Motif-style cascade arrows on X11
  * [556606] Block cursor in text widget may hide the character
    underneath
  * [011533] Flip ttk::notebook tab states "first" and "last" for
    "-tabplacement e*|s*"
- New version 8.6.17:
  * [844c0b] Menu entry underline does not consider
    activeborderwidth
  * [080a28] Aqua: tk_getOpenFile crash
  * [c99266] console menu zh_cn translations
  * [7231bf99] Setting ttk state may change the variable passed
    by value
  * [5d0bc3] block cursor size on a tab is too large
  * [6b0f77] gcc 14 breaks configure test for bigendian leading to
    broken floating point
  * [d25b72] error popup on ttk::scale with invisible trough
  * [3d13f8,e90e8c] Aqua: dark mode improvements
  * [e94c8b] interop with clipboard managers
  * [dc38c9] Aqua: NSHighResolutionCapable should be a Boolean value
  * [4e1e10] Aqua: CGRect/NSRect type mismatch on 32-bit
- New version 8.6.16:
  * [18e984] Assignment of invalid symbolic constant NotifyNormal
  * [398109] Segmentation fault with bogus resource value (X11)
  * Improved the appearance of the Treeitem.indicator element
  * [265d4e] macOS Sequoia: warning: 'setShowsResizeIndicator:'
    is deprecated
  * [eb3328] [grid] and [pack] with half-dead argument can cause
    hangup or even crash
  * [f52986] SIGABRT from Tk_DeleteErrorHandler()
  * [bcbf4c] Tk intialization overwrites thread specific data

==== transmission ====
Version update (4.1.1 -> 4.1.2)
Subpackages: transmission-common transmission-gtk

- Update to 4.1.2:
  + Highlights: Fixed `4.1.0` bug that could cause duplicate HTTP
    announces to be sent to trackers.
  + All Platforms:
  - Reject benc data that has invalid characters.
  - Fixed a bug during the startup sequence where if one torrent
    failed to parse, subsequent torrents would also fail.
  - Fixed a bug that stalled some downloads at 99%.
  - Fixed a `4.1.0` upgrade bug that could overwrite
    `utp_enabled` and `tcp_enabled` settings.
  - Fixed a `4.1.0` crash that could happen when a peer supplied
    `reqq` value smaller than 32 in LTEP handshake.
  - Fixed a `4.1.0` regression that periodically wrote upload &
    download stats to disk even when Transmission had been idle
    since the last write, preventing the stats file's disk from
    hibernating while idle.
  - Fixed a `4.1.0` bug that prevented TCP peer connections on
    some systems.
  - Added safeguards to HTTP responses to prevent clickjacking.
  - Fixed edge case that didn't preserve the order of a batch of
    torrents when moving their queue position up or down.
  - Added sanitization for UTF-8 client names provided by peers
    during handshake.
  - Stopped appending redundant zeros to blocklist files when
    downloaded from a remote URL.
  - Fixed a build failure that occurred when building with
    link-time optimization.
  + Qt Client:
  - Fixed a `4.1.0` crash when parsing some RPC responses from
    older Transmission servers.
  - Fixed a `4.1.0` bug that saved both deprecated and current
    settings names to `settings.json`.
  + GTK Client:
  - Fixed a `4.1.0` bug that did not show translated logging
    level strings.
  - Fixed a `4.1.0` crash when toggling alternative speed limits.
  + Web Client:
  - Fixed a `4.1.0` bug that displayed timestamps in some
    dropdowns as `6.75:45` instead of `6:45`.
  - Fixed a bug that could show incorrect torrent status when
    reconnecting to the server after a lost connection.
  + transmission-remote: Improved `transmission-remote` console
    output for JSON-RPC 2.
- Add ExcludeArch: ix86, stop building for 32bit.

==== umbrello ====
Version update (26.04.1 -> 26.04.2)

- Update to 26.04.2
  * New bugfix release
  * For more details please see:
  * https://kde.org/announcements/gear/26.04.2/
- Changes since 26.04.1:
  * svn2png: Fix bug not checking the correct svg renderer instance
  * Fix clip4 paste of sequence messages across instances (kde#418395)

==== webkitgtk3 ====
Version update (2.52.3 -> 2.52.4)
Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles

- Update to version 2.52.4 (bsc#1267506 bsc#1267507 bsc#1267508
  bsc#1267509 bsc#1267510 bsc#1267511 bsc#1267512 bsc#1267513
  bsc#1267514 bsc#1267515 bsc#1267516 bsc#1267517 bsc#1267518
  bsc#1267519 bsc#1267520 bsc#1267521):
  + Add support for half-width fonts.
  + Improve content filter compilation by avoiding file copies.
  + Improve handling of out of disk space conditions when the
    NetworkProcess tried to write data in caches.
  + Improve how the CMake build system checks whether libatomic is
    required.
  + Fix painting scrollbars when their width changes.
  + Fix playback of certain YouTube videos with low frame rates.
  + Fix webkit://gpu not working in systems where neither
    libGL.so.1 nor libOpenGL.so.0 are available.
  + Fix the build with librice 0.4 or newer when the GStreamer
    WebRTC backend is enabled at build configuration time.
  + Fix the build with USE_GSTREAMER_WEBRTC=OFF.
  + Fix the build with USE_GBM=OFF.
  + Fix several crashes and rendering issues.
  + Security fixes: CVE-2026-28847, CVE-2026-28883, CVE-2026-28901,
    CVE-2026-28902, CVE-2026-28903, CVE-2026-28904, CVE-2026-28905,
    CVE-2026-28907, CVE-2026-28942, CVE-2026-28946, CVE-2026-28947,
    CVE-2026-28953, CVE-2026-28955, CVE-2026-28958, CVE-2026-43658,
    CVe-2026-43660.
- Drop webkit2gtk3-aarch64-build-fix.patch: fixed upstream.
- Add webkitgtk-ppc64le-build-fix.patch: fix the build when system
  malloc is enabled.

==== webkitgtk4 ====
Version update (2.52.3 -> 2.52.4)
Subpackages: libjavascriptcoregtk-6_0-1 libwebkitgtk-6_0-4 typelib-1_0-JavaScriptCore-6_0 typelib-1_0-WebKit-6_0 webkitgtk-6_0-injected-bundles

- Update to version 2.52.4 (bsc#1267506 bsc#1267507 bsc#1267508
  bsc#1267509 bsc#1267510 bsc#1267511 bsc#1267512 bsc#1267513
  bsc#1267514 bsc#1267515 bsc#1267516 bsc#1267517 bsc#1267518
  bsc#1267519 bsc#1267520 bsc#1267521):
  + Add support for half-width fonts.
  + Improve content filter compilation by avoiding file copies.
  + Improve handling of out of disk space conditions when the
    NetworkProcess tried to write data in caches.
  + Improve how the CMake build system checks whether libatomic is
    required.
  + Fix painting scrollbars when their width changes.
  + Fix playback of certain YouTube videos with low frame rates.
  + Fix webkit://gpu not working in systems where neither
    libGL.so.1 nor libOpenGL.so.0 are available.
  + Fix the build with librice 0.4 or newer when the GStreamer
    WebRTC backend is enabled at build configuration time.
  + Fix the build with USE_GSTREAMER_WEBRTC=OFF.
  + Fix the build with USE_GBM=OFF.
  + Fix several crashes and rendering issues.
  + Security fixes: CVE-2026-28847, CVE-2026-28883, CVE-2026-28901,
    CVE-2026-28902, CVE-2026-28903, CVE-2026-28904, CVE-2026-28905,
    CVE-2026-28907, CVE-2026-28942, CVE-2026-28946, CVE-2026-28947,
    CVE-2026-28953, CVE-2026-28955, CVE-2026-28958, CVE-2026-43658,
    CVe-2026-43660.
- Drop webkit2gtk3-aarch64-build-fix.patch: fixed upstream.
- Add webkitgtk-ppc64le-build-fix.patch: fix the build when system
  malloc is enabled.

==== wicked ====
Version update (0.6.78 -> 0.6.79)
Subpackages: wicked-service

- Update to version 0.6.79
  - Fix an indirect remote shell command injection via unsanitized
    dhcp strings and leaseinfo dump (bsc#1265221,CVE-2026-44932):
  - Fix to escape single-quotes in leaseinfo dump output used by the
    `wicked test dhcp4` and `wicked test dhcp6` and written to the
    /run/wicked/leaseinfo.* files, e.g. to pass them to netconfig.
    A netconfig modify filtered for strict key='value' lines without
    any escaped quotes and discarded these lines already before.
  - Fix posix-tz-dbname and tz-string option processing checks to
    permit only valid characters according to RFC4833.
  - Discard string values containing single-quotes in other options.
  - Trigger to regenerate initrd that may contain wicked binaries on
    updates from wicked versions <= 0.6.78.

==== xdg-desktop-portal ====
Version update (1.20.4 -> 1.22.0)

- Update to version 1.22.0:
  + Bug Fixes:
  - Correct passing icon GVariant around in the Dynamic Launcher
    Portal
  - Improve Document Portal document path resolving for the File
    Chooser and OpenURI Portals

==== xorg-x11-server ====
Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra

- Add missing %verify(not mode) (boo#1263098).

==== zypper ====
Version update (1.14.97 -> 1.14.98)
Subpackages: zypper-log zypper-needs-restarting

- Transactional systems: Delegate rw-commands to
  transactional-wrapper if available (jsc#PED-13680, jsc#PED-15607)
  On a transactional system where the root filesystem is mounted
  read-only, zypper commands that modify the system cannot be
  executed directly.
  If the system provides a transactional-wrapper utility, zypper
  will automatically attempt to invoke it. The wrapper
  transparently executes the zypper command within a new, writable
  snapshot and manages the lifecycle of that snapshot based on the
  command's exit status.
  On transactional systems lacking a transactional-wrapper, users
  must manually invoke specialized tools -such as
  transactional-update- to install, update, or remove software.
- version 1.14.98