Packages changed: MicroOS-release (20260331 -> 20260402) SDL3 (3.4.0 -> 3.4.2) ding-libs file (5.46 -> 5.47) libqmi (1.36.0 -> 1.38.0) python-requests (2.33.0 -> 2.33.1) python313 python313-core setools sssd === Details === ==== MicroOS-release ==== Version update (20260331 -> 20260402) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== SDL3 ==== Version update (3.4.0 -> 3.4.2) - Update to release 3.4.2 * Added SDL_HINT_OPENGL_FORCE_SRGB_FRAMEBUFFER to force specific sRGB behavior for OpenGL and OpenGL ES * Fixed long startup time on Windows when some non-compliant input devices are present * Added support for the Razer Raiju V5 Pro * Fixed a divide by zero when using Nintendo Switch 2 controllers * Fixed handling GameCube adapters in PC mode ==== ding-libs ==== - Update to release 0.7.0 * INI: make 'ini_*_serialize' API private * INI: don't expose "ini_valueobj.h" API ==== file ==== Version update (5.46 -> 5.47) Subpackages: file-magic libmagic1 - Add patch file-5.47-regression.dif (boo#1261199) * Fix regression in detection of magics in a buffer - Add patch file-5.47-fdf.dif * Use tabs instead of normal white spaces in description of %FDF - Port patches * file-4.20-ssd.dif * file-4.21-xcursor.dif * file-5.19-clicfs.dif * file-5.19-solv.dif * file-5.19-zip2.0.dif * file-5.28-btrfs-image.dif - Remove patches now upstream or solved by upstream * file-4.20-xen.dif * file-4.21-scribus.dif * file-5.14-tex.dif * file-5.19-cromfs.dif - Update to 5.47: * Better multi-compound document identification by following the order of the directories entries. (Thomas Ledoux) * if stat fails, don't attempt to restore times (Steven Grubb) * PR/622: Odd_Bloke: Handle negative offsets in file_buffer(), when fd is not available. * PR/655: jsummers: Obey str_flags in strings like we do for search and regex * PR/659: Pitzl: Apply MAGIC_CONTINUE to annotations; i.e. print only the first, unless -k is specified. * PR/592: allow + in format strings * PR/592: signed operations should be done in signed context * PR/578: jsummers: Don't crash on cygwin when tm_mon == -1 * PR/579: net147: Fix stack overrun. - Remove patches now upstream * file-zipdata.patch * boo1237209.patch * file-seccomp.patch * file-seccomp-ppc.patch * file-5.46-tcgets2.patch - Port and rename patch file-5.46.dif which becomes now file-5.47.dif ==== libqmi ==== Version update (1.36.0 -> 1.38.0) - Update to version 1.38.0 New services: * New 'IMSDCM' service to support baseband requests for packet data connections initiated by the host. New request/response/indications: * wms: added "Network Registration Status" request and indication "Set Broadcast Activation" request, "Set Broadcast Config" request, "Get Broadcast Config" request, "Indication Register" request, "Get Transport Network Registration Status" request, and "Transport Network Registration Status" indication. * ims: added "Set IMS Services Enabled Setting" request and "Services Enabled Setting" indication. * uim: added "Write Record" request. * qos: added "Bind Mux Data Port", "Bind Subscription", and "Get Bind Subscription" requests. * wds: added "Bind Subscription" and "Get Bind Subscription" requests. * loc: added "Inject Position" request, "Inject Time Request" indication, "Inject Predicted Orbits Request" indication, "Inject Position Request" indication, "Inject UTC Time" request, and "Get Predicted Orbits Data Validity" request. * pbm: added "Get Emergency List" request. * nas: added "Get ENDC Config" and "Incremental Network Scan". New TLVs supported in existing messages: * wms: added the "Call Mode Preference" TLV in the "Set IMS Services Enabled Setting" request. libqmi-glib: * Allow to decode IMS/IMSA/IMSP messages. * nas: added QMI_NAS_RADIO_INTERFACE_NO_CHANGE value to QmiNasRadioInterface. * loc: use QmiLocReliability instead of guint32 for Vertical Reliability value in position report. * Device open timeout increased to 10 seconds. * Fixed an issue preventing QMI message parsing on big-endian (BE) arches. qmi-proxy: * Don't mistakenly delete qmi-proxy binary when run from same directory. qmicli: * Added capability to inject positions and time into the GNSS engine to speed up initial fix. * Added "--loc-get-predicted-orbits-data-validity", "--loc-inject-position-latitude", "--loc-inject-position-longitude", "--fox-set-fcc-authentication", "--loc-inject-time", "--loc-get-predicted-orbits-data-source", "--pbm-get-emergency-list", "--nas-incremental-network-scan", "--wms-set-cbs-channels", "--wms-get-cbs-channels" * Added support for "--initial-mux-id=" to the "link-add" command. ==== python-requests ==== Version update (2.33.0 -> 2.33.1) - update to 2.33.1: * Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. * Fixed Content-Type header parsing for malformed values. * Improved error consistency for malformed header values. ==== python313 ==== - Add CVE-2026-4519-webbrowser-open-dashes.patch to reject leading dashes in webbrowser URLs (bsc#1260026, CVE-2026-4519, gh#python/cpython#143930). - Add CVE-2025-13462-tarinfo-header-parse.patch which skips TarInfo DIRTYPE normalization during GNU long name handling (bsc#1259611, CVE-2025-13462). - Add CVE-2026-4224-expat-unbound-C-recursion.patch avoiding unbound C recursion in conv_content_model in pyexpat.c (bsc#1259735, CVE-2026-4224). - Add CVE-2026-3644-cookies-Morsel-update-II.patch to reject control characters in http.cookies.Morsel.update() and http.cookies.BaseCookie.js_output (bsc#1259734, CVE-2026-3644). ==== python313-core ==== Subpackages: libpython3_13-1_0 python313-base - Add CVE-2026-4519-webbrowser-open-dashes.patch to reject leading dashes in webbrowser URLs (bsc#1260026, CVE-2026-4519, gh#python/cpython#143930). - Add CVE-2025-13462-tarinfo-header-parse.patch which skips TarInfo DIRTYPE normalization during GNU long name handling (bsc#1259611, CVE-2025-13462). - Add CVE-2026-4224-expat-unbound-C-recursion.patch avoiding unbound C recursion in conv_content_model in pyexpat.c (bsc#1259735, CVE-2026-4224). - Add CVE-2026-3644-cookies-Morsel-update-II.patch to reject control characters in http.cookies.Morsel.update() and http.cookies.BaseCookie.js_output (bsc#1259734, CVE-2026-3644). ==== setools ==== - Adjust %suse_version to ne scheme (jsc#PED-15790) ==== sssd ==== Subpackages: libsss_certmap0 libsss_idmap0 sssd-krb5-common sssd-ldap - Add 0001-Fix-libini_config-related-includes.patch, 0001-INI-get-rid-of-useless-macros.patch, 0001-INI-use-proper-deallocators.patch to allow build with newer ding-libs >= 0.7.0.