Packages changed: ImageMagick (7.1.2.16 -> 7.1.2.17) aws-lc (1.68.0 -> 1.70.0) blog (2.35 -> 2.36) brltty (6.8 -> 6.9) container-selinux (2.246.0 -> 2.247.0) elfutils (0.192 -> 0.194) elfutils-debuginfod (0.192 -> 0.194) gimp (3.0.8 -> 3.2.0) gpg2 (2.5.17 -> 2.5.18) grub2 gspell (1.14.2 -> 1.14.3) kbd (2.7.1 -> 2.9.0) kdump (2.1.6 -> 2.1.7) kernel-source (6.19.7 -> 6.19.8) kirigami-addons6 (1.10.0 -> 1.12.0) libgsf (1.14.55 -> 1.14.56) libspelling libupnp (1.18.0 -> 1.18.3) nvidia-open-driver-G06-signed-cuda nvidia-open-driver-G07-signed nvidia-open-driver-G07-signed-cuda openSUSE-build-key openSUSE-release (20260316 -> 20260318) ovmf pipewire (1.6.1 -> 1.6.2) python-cffi python-gssapi (1.10.1 -> 1.11.1) python-markdown-it-py (3.0.0 -> 4.0.0) python-requests python311 python311-core ruby4.0 (4.0.1 -> 4.0.2) salt sendmail zlib-ng-compat (2.3.2 -> 2.3.3) === Details === ==== ImageMagick ==== Version update (7.1.2.16 -> 7.1.2.17) Subpackages: ImageMagick-config-7-SUSE libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - version lupdate to 7.1.2.17 * Add cast to unsigned char helper method to check for out of band data * eliminate compiler warning * https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rwgm-46rq-f86h * ImageMagick/ImageMagick#8609 * ImageMagick/ImageMagick#8608 * https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-354p-2qx7-jg9g * Corrected out of bounds write of a single zero byte (GHSA-gc62-2v5p-qpmp) * https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-354p-2qx7-jg9g * ImageMagick/ImageMagick#8603 * ImageMagick/ImageMagick#5807 * Apply correct patch for GHSA-cqw9-w2m7-r2m2. - modified patches * ImageMagick-library-installable-in-parallel.patch (refreshed) - fixes CVE-2026-32259 [bsc#1259612] ==== aws-lc ==== Version update (1.68.0 -> 1.70.0) Subpackages: libcrypto-awslc0 libssl-awslc0 - Update to version 1.70.0: * Cache peer CA names on client side after handshake * Add NULL checks for MakeUnique in SSL cipher list inheritance * Fix gRPC integration * Latent memory leaks in KEM_KEY setter functions * Fix PKCS8_decrypt to handle all negative pass_len values * Fix PKCS12_verify_mac OOB read with invalid password_len * Cleanup EVP_DH asn1 parsing * Add INT_MAX bounds check before EVP_CipherUpdate in PKCS8/PKCS12 encryption * Fix PKCS8_encrypt crash when pass is NULL with negative pass_len_in * IWYU: guard stdint.h in fips_shared_support.c * Use proper function type for different callback types * Zeroize intermediate values for ed25519 * Fix sizeof-on-pointer bugs in FIPS assertion failure messages * Remove dead declarations in public headers * TLS Transfer Serialization Findings * XOF fixes * Add a test that arbitrary curves can be wrapped in EVP_PKEY * Improve type safety and bounds checking in EVP cipher ctrl handlers * Fix uninitialized EVP_MD_CTX and harden bn_dup_into * Add ACVP Support for KAS-ECC * Add ACVP Support for KTS-IFC * Various Small Additions to ACVP Tool - Update to version 1.69.0: * Fix FIPS delocator handling of floating-point immediates on aarch64 * Fix link in README.md * Various PKCS7 fixups * Fix error reporting and document EC explicit params single-cert behaviour * Fix PKCS7 verify content memleak * Retain flag after custom critical extensions check * Update ACVP documentation * Fix error return values for no-op UI_xxx stub functions * Key state consistency in PQDSA_KEY setter functions * Simplify d2i_PKCS7 by removing redundant BER-to-DER conversion * Ensure all signer certificate chains are verified * Use CRYPTO_memcmp instead of OPENSSL_memcmp for tag verification * Return correct error value when parsing PKCS7 authenticated attributes fails ==== blog ==== Version update (2.35 -> 2.36) Subpackages: libblogger2 - Update to version 2.36 * If SYS_pidfd_open is not defined use a fallback Include to get __NR_pidfd_open for the definition of SYS_pidfd_open. * Changes to let systemd find plymouth replacements which means to add the appropiate Alias in systemd-ask-password-blog.path and also in systemd-ask-password-blog.service with new Install sections. Also change description in systemd-ask-password-blog.path to hint for blogd as replacement. * Rework password asking method to be asynchronous ==== brltty ==== Version update (6.8 -> 6.9) Subpackages: brltty-driver-at-spi2 brltty-driver-brlapi brltty-driver-speech-dispatcher brltty-driver-xwindow libbrlapi0_8 python3-brlapi system-user-brltty xbrlapi - Update to version 6.9: + Too many changes; please read ChangeLog - API version is now 0.8.8. - Add brltty-handytech-crash-fix.patch: fix crash with some HandyTech displays via USB. ==== container-selinux ==== Version update (2.246.0 -> 2.247.0) - Update to version 2.247.0: * Allow user_u users to run podman containers * Allow staff_t and user_t to start podman.socket via systemd * Add missing type transitions for overlay-containers directories * container_t: allow listen on smc_socket * Condition ptrace permission on deny_ptrace boolean ==== elfutils ==== Version update (0.192 -> 0.194) Subpackages: libasm1 libdw1 libelf1 - Add elfutils-fix-const-correctness.patch to fix build with new glibc - update to 0.194 elfclassify: New options --has-debug-sections and --any-ar-member. elflint: Presence of vendor- and application-specific ELF note types no longer triggers compliance errors. libdwfl_stacktrace: New function dwflst_sample_getframes. The libdwfl_stacktrace library interface is experimental and may be subject to API/ABI changes. Experimental new library interface for unwinding stack samples into call chains, and tracking and caching Elf data for multiple processes, building on libdwfl. Initially supports perf_events stack sample data. libelf: Manual pages have been added for many libelf library functions. Additional manual pages are planned for future releases. elf_scnshndx has been rewritten to be more robust, particularily for ELF files with more than 64K sections. readelf: Up to 13% faster when using the -N option. Improved handling of corrupt ELF data. - -section-headers output now includes a "Key to Flags" explaining section flag meanings. libdw: Add dwarf_language and dwarf_language_lower_bound functions. Improved support for DWARF6 language metadata as well as DWARF language constants for Nim, Dylan, Algol68, V and Mojo. dwarf_srclang is now forward-compatible with DWARF6 language constants. - Drop no longer necessary fix-static-linking.patch ==== elfutils-debuginfod ==== Version update (0.192 -> 0.194) Subpackages: debuginfod-client debuginfod-profile libdebuginfod1 - Add elfutils-fix-const-correctness.patch to fix build with new glibc - update to 0.194 debuginfod: Add CORS (webapp access) support to webapi and --cors option. Add --listen-address option for binding the HTTP listen socket to a specific IPv4 or IPv6 address. debuginfod client now caches x-debuginfod-* HTTP headers alongside downloaded files. debuginfod-find: Fixed caching bug preventing user-cancelled downloads from being re-downloaded at a later time. ==== gimp ==== Version update (3.0.8 -> 3.2.0) Subpackages: gimp-plugin-aa gimp-plugin-python3 libgimp-3_0-0 libgimpui-3_0-0 - Update to 3.2.0 https://www.gimp.org/news/2026/03/14/gimp-3-2-released/ - drop gimp-CVE-2026-2239.patch: included in update ==== gpg2 ==== Version update (2.5.17 -> 2.5.18) Subpackages: dirmngr - Update to 2.5.18: * gpg: Support deleting a composite secret key in gpg-agent * gpg: Fix armor parsing when no CRC is found * gpgsm: New option --assert-validsig * agent: Fix the recent regression in pkdecrypt with TPM RSA * scdaemon: Add support for D-Trust Card 6.1/6.4 * dirmngr: Let KS_SEARCH print all uid records for a key Fixes regression since 2015 * gpg-authcode-sign.sh: Keep the log file even on success * Remove patch upstream: - gnupg-gpgscm-New-operator-long-time-t-to-detect-proper-tim.patch ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-arm64-efi-bls grub2-common grub2-snapper-plugin grub2-systemd-sleep-plugin - Fix RAID scenarios stopped being able to boot in Power (bsc#1259631) * 0001-mdraid1x-fix-raid_disks-decoding-on-big-endian-syste.patch ==== gspell ==== Version update (1.14.2 -> 1.14.3) - Update to version 1.14.3: + Updated translations. ==== kbd ==== Version update (2.7.1 -> 2.9.0) Subpackages: libkbdfile1 libkeymap1 libkfont0 - Fix conversion of h and H fr-afnor xkb keymap (boo#1259269). - Replace setfont --quiet (kbd-setfont-quiet.patch) by upstream solution: add setfont --check that checks for setfont availability without logging errors (boo#1212970, kbd-setfont-check.patch). - Update to version 2.9.0: * keymaps: + Add Georgian font (LatCyrHebKa-16_GIA.psfu) and keymap (i386/qwerty/ge). + Add new i386 azerty afnor keymap (i386/azerty/fr-afnor). + Disable characters >=U+F000 in qwertz/de_alt_UTF-8 (drop kbd-unicode-fxxx.patch). + Add console keymap for Mac swiss german keyboards. * libkeymap: + Support KT_DEAD2 diacritics. + Fix memory leaks. * libkbdfile: + Detect archive type based on content. + Add support for decompressing files without using utilities. Use ELF_DLOPEN_METADATA if possible. * utils: + kbd_mode: support Disabled mode (K_OFF). + loadkeys: Add --tkeymap to dump the keymap as text. - Drop kbd-2.7.1-reproducible-gzip.patch, now handled by the upstream. ==== kdump ==== Version update (2.1.6 -> 2.1.7) - upgrade to version 2.1.7 * fix VLAN interface naming (bsc#1255300) * fix bonding options for VLAN slaves * fix return value of kdumptool commandline -d (bsc#1257471) * use primary IP address (bsc#1259058) * dracut: avoid error message if /etc/sysctl.conf does not exist * dracut: update dracut hooks path from /lib/dracut to /var/lib/dracut ==== kernel-source ==== Version update (6.19.7 -> 6.19.8) Subpackages: kernel-64kb kernel-default - Linux 6.19.8 (bsc#1012628). - apparmor: fix race between freeing data and fs accessing it (bsc#1012628). - apparmor: fix race on rawdata dereference (bsc#1012628). - apparmor: fix differential encoding verification (bsc#1012628). - apparmor: fix unprivileged local user can do privileged policy management (bsc#1012628). - apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1012628). - apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1012628). - apparmor: fix side-effect bug in match_char() macro usage (bsc#1012628). - apparmor: fix: limit the number of levels of policy namespaces (bsc#1012628). - apparmor: replace recursive profile removal with iterative approach (bsc#1012628). - apparmor: fix memory leak in verify_header (bsc#1012628). - apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1012628). - net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1012628). - net/sched: act_gate: snapshot parameters with RCU on replace (bsc#1012628). - commit 5a5a4f4 - Update patches.kernel.org/6.19.1-003-smb-client-split-cached_fid-bitfields-to-avoid.patch (bsc#1012628 CVE-2026-23230 bsc#1258430). - Update patches.kernel.org/6.19.1-004-ksmbd-fix-infinite-loop-caused-by-next_smb2_rc.patch (bsc#1012628 CVE-2026-23220 bsc#1258432). - Update patches.kernel.org/6.19.1-005-ksmbd-add-chann_lock-to-protect-ksmbd_chann_li.patch (bsc#1012628 CVE-2026-23226 bsc#1258820). - Update patches.kernel.org/6.19.1-006-smb-server-fix-leak-of-active_num_conn-in-ksmb.patch (bsc#1012628 CVE-2026-23228 bsc#1258431). - Update patches.kernel.org/6.19.1-030-crypto-iaa-Fix-out-of-bounds-index-in-find_emp.patch (bsc#1012628 CVE-2025-71231 bsc#1258424). - Update patches.kernel.org/6.19.1-032-crypto-omap-Allocate-OMAP_CRYPTO_FORCE_COPY-sc.patch (bsc#1012628 CVE-2026-23222 bsc#1258484). - Update patches.kernel.org/6.19.1-033-crypto-virtio-Add-spinlock-protection-with-vir.patch (bsc#1012628 CVE-2026-23229 bsc#1258429). - Update patches.kernel.org/6.19.1-035-nilfs2-Fix-potential-block-overflow-that-cause.patch (bsc#1012628 CVE-2025-71237 bsc#1258467). - Update patches.kernel.org/6.19.1-036-hfs-ensure-sb-s_fs_info-is-always-cleaned-up.patch (bsc#1012628 CVE-2025-71230 bsc#1258413). - Update patches.kernel.org/6.19.1-037-wifi-rtw88-Fix-alignment-fault-in-rtw_core_ena.patch (bsc#1012628 CVE-2025-71229 bsc#1258415). - Update patches.kernel.org/6.19.1-038-scsi-qla2xxx-Validate-sp-before-freeing-associ.patch (bsc#1012628 CVE-2025-71236 bsc#1258442). - Update patches.kernel.org/6.19.1-040-scsi-qla2xxx-Delay-module-unload-while-fabric-.patch (bsc#1012628 CVE-2025-71235 bsc#1258469). - Update patches.kernel.org/6.19.1-041-scsi-qla2xxx-Free-sp-in-error-path-to-fix-syst.patch (bsc#1012628 CVE-2025-71232 bsc#1258422). - Update patches.kernel.org/6.19.1-043-sched-mmcid-Don-t-assume-CID-is-CPU-owned-on-m.patch (bsc#1012628 CVE-2026-23225 bsc#1258474). - Update patches.kernel.org/6.19.1-044-bus-fsl-mc-fix-use-after-free-in-driver_overri.patch (bsc#1012628 CVE-2026-23221 bsc#1258660). - Update patches.kernel.org/6.19.1-045-erofs-fix-UAF-issue-for-file-backed-mounts-w-d.patch (bsc#1012628 CVE-2026-23224 bsc#1258461). - Update patches.kernel.org/6.19.1-046-xfs-fix-UAF-in-xchk_btree_check_block_owner.patch (bsc#1012628 CVE-2026-23223 bsc#1258483). - Update patches.kernel.org/6.19.1-047-drm-exynos-vidi-use-ctx-lock-to-protect-struct.patch (bsc#1012628 CVE-2026-23227 bsc#1258472). - Update patches.kernel.org/6.19.1-048-PCI-endpoint-Avoid-creating-sub-groups-asynchr.patch (bsc#1012628 CVE-2025-71233 bsc#1258421). - Update patches.kernel.org/6.19.1-049-wifi-rtl8xxxu-fix-slab-out-of-bounds-in-rtl8xx.patch (bsc#1012628 CVE-2025-71234 bsc#1258419). - Update patches.kernel.org/6.19.3-001-scsi-qla2xxx-Fix-bsg_done-causing-double-free.patch (bsc#1012628 CVE-2025-71238 bsc#1259186). - Update patches.kernel.org/6.19.3-005-fbdev-smscufx-properly-copy-ioctl-memory-to-ke.patch (bsc#1012628 CVE-2026-23236 bsc#1259199). - Update patches.kernel.org/6.19.3-009-f2fs-fix-out-of-bounds-access-in-sysfs-attribu.patch (bsc#1012628 CVE-2026-23235 bsc#1259195). - Update patches.kernel.org/6.19.3-010-f2fs-fix-to-avoid-UAF-in-f2fs_write_end_io.patch (bsc#1012628 CVE-2026-23234 bsc#1259194). - Update patches.kernel.org/6.19.3-012-f2fs-fix-to-avoid-mapping-wrong-physical-block.patch ... changelog too long, skipping 14 lines ... - commit b7e70c1 ==== kirigami-addons6 ==== Version update (1.10.0 -> 1.12.0) Subpackages: libKirigamiAddonsStatefulApp6 libKirigamiApp6 - Update to 1.12.0. No changelog ==== libgsf ==== Version update (1.14.55 -> 1.14.56) Subpackages: gsf-office-thumbnailer libgsf-1-114 - Update to version 1.14.56: + Fix problems with ole files using codepage 1200 (unicode). + Restore check for ole cycles accidentally removed. ==== libspelling ==== - Update URL to current home. ==== libupnp ==== Version update (1.18.0 -> 1.18.3) Subpackages: libixml11 libupnp20 - Update to release 1.18.3 * Fix crash when mixing ns and non-ns attributes during freeing ==== nvidia-open-driver-G06-signed-cuda ==== - add 'Provides: open-driver-non-cuda-variant = %version' for non-CUDA variant to be able to distinguish between both variants; to be used by nvidia-open-driver-G06-signed-kmp-meta for TW ... (boo#1259740) ==== nvidia-open-driver-G07-signed ==== Subpackages: nvidia-open-driver-G07-signed-kmp-64kb nvidia-open-driver-G07-signed-kmp-default - add 'Provides: open-driver-non-cuda-variant = %version' for non-CUDA variant to be able to distinguish between both variants; to be used by nvidia-open-driver-G07-signed-kmp-meta for TW ... ==== nvidia-open-driver-G07-signed-cuda ==== Subpackages: nvidia-open-driver-G07-signed-cuda-kmp-64kb nvidia-open-driver-G07-signed-cuda-kmp-default - add 'Provides: open-driver-non-cuda-variant = %version' for non-CUDA variant to be able to distinguish between both variants; to be used by nvidia-open-driver-G07-signed-kmp-meta for TW ... ==== openSUSE-build-key ==== - move the pqkeys out of gnupg, its not gpg style. ==== openSUSE-release ==== Version update (20260316 -> 20260318) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== ovmf ==== Subpackages: qemu-uefi-aarch64 - Update mbedtls to 3.6.5 to fix CVE-2025-59438 (bsc#1252441) - Requires Mbed TLS 3.6.5 or higher to mitigate vulnerability. ==== pipewire ==== Version update (1.6.1 -> 1.6.2) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 1.6.2: * This is a bugfix release that is API and ABI compatible with the previous 1.6.x releases. * Highlights - Fix a potential crash when the wrong memory was freed. - Fix a optimization with shared memory over some links that could cause errors later on. - Fix SOFA filter and default control input in LADSPA and LV2. - Some other small fixes and improvements. * PipeWire - Remove an optimization to skip share mem in links, it causes problems later on. (#5159 (closed)) * Modules - Don't try to free invalid memory or close invalid fds when the client aborted before allocating buffer memory. (#5162 (closed)) * SPA - support ACP_IGNORE_DB in udev. - Use 0x as a prefix for hex values. - Mark Props as write-only in libcamera. - Small optimization in the audio mixer. - Fix initialization of control properties for SOFA and biquads in the filter-graph. (#5152 (closed)) - Fix min/max default values for LADSPA and LV2. * JACK - Fix jack_port_type_id(). Return values that are compatible with JACK1/2. ==== python-cffi ==== Subpackages: python311-cffi python313-cffi - Add patch support-pycparser-3.patch: * Support pycparser 3 exception message changes. ==== python-gssapi ==== Version update (1.10.1 -> 1.11.1) - update to 1.11.1: * Add Free-Threading and Limited API/Stable ABI * Fix up classifier from typo - update to 1.11.0: * Add Free-Threading and Limited API/Stable ABI * Bug: This was never pushed to PyPI due to a bug in the `setup.py` classifiers. The `v1.11.1` release contains the same changes here. ==== python-markdown-it-py ==== Version update (3.0.0 -> 4.0.0) - update to 4.0.0: * This primarily drops support for Python 3.9, adds support for Python 3.13, * and updates the parser to comply with Commonmark 0.31.2 and Markdown-It v14.1.0. * Improve performance of "text" inline rule in #347 * Use `str.removesuffix` in #348 * limit the number of autocompleted cells in a table in #364 * fix quadratic complexity in reference parser in #367 * Fix emphasis inside raw links bugs in #320 ==== python-requests ==== Subpackages: python311-requests python313-requests - Add fix-chardet-RequestsDependencyWarning.patch * Fix RequestsDependencyWarning with chardet (6.0.0dev0) on Factory/TW (gh#psf/requests#7219) (gh#psf/requests#7220) (gh#psf/requests#7239) ==== python311 ==== Subpackages: python311-curses python311-dbm - Add CVE-2026-2297-SourcelessFileLoader-io_open_code.patch ensuring that `SourcelessFileLoader` uses `io.open_code` when opening `.pyc` files (bsc#1259240, CVE-2026-2297). ==== python311-core ==== Subpackages: libpython3_11-1_0 python311-base - Add CVE-2026-2297-SourcelessFileLoader-io_open_code.patch ensuring that `SourcelessFileLoader` uses `io.open_code` when opening `.pyc` files (bsc#1259240, CVE-2026-2297). ==== ruby4.0 ==== Version update (4.0.1 -> 4.0.2) Subpackages: libruby4_0-4_0 - Update to 4.0.2 This is a routine update that includes a bugfix in YJIT for NoMethodError on Puma. - Bug #21941: Local variable becomes nil when YJIT enabled mid-method with fork/signal/ensure - Ruby - Ruby Issue Tracking System - Bug #21832: segfault with argument forwarding, when combined with splat & positional arg - Ruby - Ruby Issue Tracking System - Bug #21723: binding.irb raises a LoadError under bundle exec when Gemfile contains path: or git: - Ruby - Ruby Issue Tracking System - Bug #21847: Backport syntax_suggest 2.0.3 to supported branches - Ruby - Ruby Issue Tracking System - Bug #21866: Backport Fix for integer overflow checks in enumerator - Ruby - Ruby Issue Tracking System - Bug #21865: Crash on signal raise - Ruby - Ruby Issue Tracking System - Bug #21842: Encoding of rb_interned_str - Ruby - Ruby Issue Tracking System - Bug #21838: Rails seeing degradation (20% slowdown) related to Revision 079ef92b "Implement global allocatable slots and empty pages" (from Sep 5 2024) - Ruby - Ruby Issue Tracking System - Bug #21873: UnboundMethod#== returns false for methods from included/extended modules - Ruby - Ruby Issue Tracking System - ZJIT: Avoid runtime exceptions from RubyVM::ZJIT.stats_string by k0kubun ยท Pull Request #16139 - Bug #21931: GC Crash in String#% (backport 726205b354d1068147719fb42e1de743f1838ef1) - Ruby - Ruby Issue Tracking System - Bug #21944: "Cannot allocate memory" with M:N threads or Ractors on a low RAM Linux machine - Ruby - Ruby Issue Tracking System - Bug #21946: and? predicate confused for leading and keyword - Ruby - Ruby Issue Tracking System - Bug #21927: Prism: misleading error message for forwarding in lambda argument - Ruby - Ruby Issue Tracking System - Bug #21925: Prism misparses standalone "in" pattern matching in "case/in" - Ruby - Ruby Issue Tracking System - Bug #21828: An incorrect warning message related to benchmark is shown when using benchmark-ips - Ruby - Ruby Issue Tracking System - Bug #21917: Unable to build 4.0.1 on AIX 7.2 - Ruby - Ruby Issue Tracking System - Bug #21945: Ripper lexes newline between identifier and and? as ignored newline - Ruby - Ruby Issue Tracking System - Bug #21947: Timeout.timeout doesn't use Timeout::ExitException when Fiber scheduler is in use. - Ruby - Ruby Issue Tracking System - Bug #21926: Thread#value on popen3 wait thread hangs in finalizer - Ruby - Ruby Issue Tracking System - Bug #21880: The ultra_safe mode of pstore bundled with Ruby 4.0 is broken. - Ruby - Ruby Issue Tracking System - Bug #21097: x = a rescue b in c and def f = a rescue b in c parsed differently between parse.y and prism - Ruby - Ruby Issue Tracking System ==== salt ==== Subpackages: python311-salt salt-master salt-minion - Backport security patch for Salt vendored tornado (bsc#1259554): * CVE-2026-31958: Add limits on multipart form data parsing - Added: * backport-of-the-cve-2026-31958-fix-bsc-1259554.patch - Add x86_64_v2 as a possible rpm package architecture - Make users with backslash working for salt-ssh (bsc#1254629) - Fix ansible.playbooks extra-vars quoting (bsc#1257831) - Fix virtualenv call in test helper to use proper python version - Added: * add-x86_64_v2-as-a-possible-rpm-package-architecture.patch * make-users-with-backslash-working-for-salt-ssh-bsc-1.patch * fix-ansible.playbooks-extra-vars-quoting-bsc-1257831.patch * fix-virtualenv-call-in-test-helper-to-use-proper-pyt.patch ==== sendmail ==== Subpackages: libmilter1_0 - Avoid permission checks below /var ==== zlib-ng-compat ==== Version update (2.3.2 -> 2.3.3) - update to 2.3.3: * Make deflate output deterministic if stream is reused after deflateReset #2102 * minigzip: Fix integer overflow in gz_compress_mmap #2110 * Use GCC's may_alias attribute for access to buffers in crc32_chorba #2078 * Fix false-positive infinite loop warning detected by GCC-14 static analyzer #2101 * Fix warning for potentially uninitialized local variable ft used. #2043