Packages changed: ImageMagick (7.1.2.19 -> 7.1.2.21) distribution-logos-openSUSE dos2unix (7.5.4 -> 7.5.5) editorconfig-core-c (0.12.10 -> 0.12.11) glibc (2.42 -> 2.43) grub2 kernel-source (7.0.1 -> 7.0.2) libyui libyui-ncurses libyui-ncurses-pkg libyui-qt libyui-qt-graph libyui-qt-pkg linux-glibc-devel (6.19 -> 7.0) nghttp2 (1.68.1 -> 1.69.0) openSUSE-release (20260429 -> 20260430) openblas_openmp (0.3.29 -> 0.3.30) openblas_pthreads (0.3.29 -> 0.3.30) python313 python313-core srt (1.5.4 -> 1.5.5) === Details === ==== ImageMagick ==== Version update (7.1.2.19 -> 7.1.2.21) Subpackages: ImageMagick-config-7-SUSE libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - version update to 7.1.2.21 * Fix JXL orientation when writing. #8673 * Corrected the patch that was made earlier to fix reading JPEG compressed TIFF images * eliminate deprecated omp_set_nested() * support MSYS2 * allow namespace::pattern when checking policy rights * mentioned symlink system policy * https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7mxf-ff4f-jj7p 2598004 ==== distribution-logos-openSUSE ==== Subpackages: distribution-logos-openSUSE-Tumbleweed distribution-logos-openSUSE-icons - Fix suse_version condition since the value of suse_version is now 1610 in SLE/Leap 16.1 ==== dos2unix ==== Version update (7.5.4 -> 7.5.5) - update to 7.5.5: * New option --error-binary: Return an error if a binary file is skipped * Fix: dos2unix error on empty input ==== editorconfig-core-c ==== Version update (0.12.10 -> 0.12.11) - update to 0.12.11: * CVE-2026-40489: l_pattern buffer overflow (boo#1262131) * Fixes for compiler errors/warnings - drop editorconfig-core-c-const-correctness.patch ==== glibc ==== Version update (2.42 -> 2.43) Subpackages: glibc-32bit glibc-devel glibc-extra glibc-gconv-modules-extra glibc-gconv-modules-extra-32bit glibc-lang glibc-locale glibc-locale-base - sys-mount-cloexec-flag.patch: include: isolate __O_CLOEXEC flag for sys/mount.h and fcntl.h - sys-mount-open-tree-macros.patch: Linux: Only define OPEN_TREE_* macros in if undefined (BZ #33921) - resolv-count-resource-records.patch: resolv: Count records correctly (CVE-2026-4437, bsc#1260078, BZ #34014) - resolv-check-hostname.patch: resolv: Check hostname for validity (CVE-2026-4438, bsc#1260082, BZ #34015) - ldbl-128ibm-ceill-floorl-roundl-truncl.patch: Fix ldbl-128ibm ceill, floorl, roundl and truncl zero-sign handling (BZ #33623) - getlogin-utmp-fallback.patch: Linux: In getlogin_r, use utmp fallback only for specific errors - nss-malloc-failure-checks.patch: nss: Missing checks in __nss_configure_lookup, __nss_database_get (BZ #28940) - nss-database-for-fork.patch: nss: Introduce dedicated struct nss_database_for_fork type - malloc-sys-kernel-mm.patch: malloc: Avoid accessing /sys/kernel/mm files - tests-aarch64-makefile-deps-bti.patch: tests: aarch64: fix makefile dependencies for dlopen tests for BTI - aarch64-lock-gcs-startup.patch: aarch64: Lock GCS status at startup - elf-strlen-redir-ifunc.patch: elf: Use dl-symbol-redir-ifunc.h instead _dl_strlen - riscv-redir-memcpy-generic.patch: riscv: Resolve calls to memcpy using memcpy-generic in early startup - tst-rseq-linux-7.patch: tests: fix tst-rseq with Linux 7.0 - remove -fcf-protection from optflags on non-x86_64 cross compilers. - Update to glibc 2.43 * The ISO C23 free_sized, free_aligned_sized, memset_explicit, and memalignment functions have been added * As specified in ISO C23, the assert macro is defined to take variable arguments to support expressions with a comma inside a compound literal initializer not surrounded by parentheses * For ISO C23, the functions bsearch, memchr, strchr, strpbrk, strrchr, strstr, wcschr, wcspbrk, wcsrchr, wcsstr and wmemchr that return pointers into their input arrays now have definitions as macros that return a pointer to a const-qualified type when the input argument is a pointer to a const-qualified type * The ISO C23 typedef names long_double_t, _Float32_t, _Float64_t, and (on platforms supporting _Float128) _Float128_t, introduced in TS 18661-3:2015, have been added to * The ISO C23 optional time bases TIME_MONOTONIC, TIME_ACTIVE, and TIME_THREAD_ACTIVE have been added * On Linux, the mseal function has been added * Additional optimized and correctly rounded mathematical functions have been imported from the CORE-MATH project, in particular acosh, asinh, atanh, erf, erfc, lgamma, and tgamma. * Optimized implementations for fma, fmaf, remainder, remaindef, frexpf, frexp, frexpl (binary128), and frexpl (intel96) have been added. * The SVID handling for acosf, acoshf, asinhf, atan2f, atanhf, coshf, fmodf, lgammaf/lgammaf_r, log10f, remainderf, sinhf, sqrtf, tgammaf, y0/j0, y1/j1, and yn/jn was moved to compat symbols, allowing improvements in performance * On Linux, the openat2 function has been added * On AArch64, support for 2MB transparent huge pages has been enabled by default in malloc (similar to setting glibc.malloc.hugetlb=1 tunable) * On AArch64 Linux targets supporting the Scalable Matrix Extension (SME), the clone() system call wrapper will disable the ZA state of the SME * On AArch64 targets supporting the Branch Target Identification (BTI) extension, it is possible to enforce that all binaries in the process support BTI using the glibc.cpu.aarch64_bti tunable * On AArch64 Linux targets supporting at least one of the branch protection extensions (e.g. Branch Target Identification or Guarded Control Stack), it is possible to use LD_DEBUG=security to make the dynamic linker show warning messages about loaded binaries that do not support the corresponding security feature * On AArch64, vector variants of the new C23 exp2m1, exp10m1, log10p1, log2p1, and rsqrt routines have been added * On RISC-V, an RVV-optimized implementation of memset has been added * On x86, support for the Intel Nova Lake and Wildcat Lake processors has been added * Unicode support has been updated to Unicode 17.0.0 * The manual has been updated and modernized, in particular also regarding many of its code examples * Support for dumped heaps has been removed * The aforementioned change in ISO C23 of the declaration of bsearch, memchr, strchr, strpbrk, strrchr, strstr, wcschr, wcspbrk, wcsrchr, wcsstr, and wmemchr as const-preserving macros can lead to compilation issues in code not set up for it * The uimaxabs function has been renamed to umaxabs, following a change to the name of that function in ISO C2Y * The fromfp, fromfpx, ufromfp and ufromfpx functions, and the corresponding functions for other floating-point types, now return their result in the same type as their floating-point argument, rather than intmax_t or uintmax_t, in accordance with a change to the definition of these functions in ISO C23 * The support for TX lock elision of pthread mutexes has been removed on all architectures (powerpc, s390x, x86_64) * The next linux 6.19 release will remove support for compat syscalls on s390x * The LD_PROFILE functionality no longer has a default directory for the profile data it writes * GLIBC-SA-2026-0001: Integer overflow in memalign leads to heap corruption (CVE-2026-0861) * GLIBC-SA-2026-0002: getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler (CVE-2026-0915) * GLIBC-SA-2026-0003: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory (CVE-2025-15281) - inet-fortified-namespace.patch, abort-fork-lock-init.patch, ld.so-load-segment-gaps.patch, cancelable-syscall-return-value.patch, ctype-tls-IE.patch, i386-gnu-tls-abi-tag.patch, x86-64-gnu2-tls-abi-tag.patch, x86-64-dt-x86-64-plt-abi-tag.patch, i386-gnu2-tls-abi-tag.patch, aarch64-sve-powf.patch: Removed ==== grub2 ==== Subpackages: grub2-common grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-efi-bls - Fix incorrect default entry and bump counter for BLS boot counter files (bsc#1262580) * 0001-bls-fix-default-entry-and-bumpcounter-for-BLS-boot-c.patch - VUL-0: grub: potentially problematic utf8 conversion in bli patches (bsc#1262129) * 0001-Fix-problematic-utf8-conversion-in-bli-patches.patch - Fix build for glibc 2.43 by taking upstream changes (bsc#1257256) * 0001-osdep-linux-ofpath-Update-strstr-calls.patch * 0001-util-probe-Save-strrchr-ret-val-to-const-data-ptr.patch * 0002-util-resolve-Save-str-r-chr-ret-val-to-const-data-pt.patch - Fix string to integer conversion for LoaderConfigTimeout * 0004-bli-Add-support-for-LoaderConfigTimeout-and-LoaderCo.patch - grub2.spec: When building the grubbls image, do not hardcode the timeout value in the early config because it is set by bli.mod when it is loaded - grub2.spec: Remove hardcoded terminal and theme settings from the early config as they are now applied at runtime - Fix missing install device check in grub2-install on PowerPC which could lead to bootlist corruption (bsc#1221126) * 0001-Mandatory-install-device-check-for-PowerPC.patch - Fix double free in xen booting if root filesystem is Btrfs (bsc#1259543) * grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch * grub2-btrfs-09-get-default-subvolume.patch - Rewrite BLI patches: * 0001-blsuki-Add-support-for-LoaderEntries.patch * 0002-menu-Allow-default-entry-to-have-.conf-suffix.patch * 0003-bli-Add-support-for-LoaderEntryDefault-and-LoaderEnt.patch * 0004-bli-Add-support-for-LoaderConfigTimeout-and-LoaderCo.patch * 0005-bls_bumpcounter-Add-command-to-bump-boot-counter-for.patch * 0006-bli-Add-support-for-LoaderFeatures.patch * 0007-blsuki-Fix-sorting-for-entries-with-boot-counting-en.patch * 0008-blsuki-append-leftover-LoaderEntries.patch * 0009-blsuki-conservative-UTF-8-buffer-size.patch - Remove patches: * 0001-bls-Accept-.conf-suffix-in-setting-default-entry.patch * grub2-bls-boot-counting.patch * grub2-bls-boot-assessment.patch * grub2-blscfg-set-efivars.patch * grub2-bls-loader-entry-oneshot.patch * grub2-blsbumpcounter-menu.patch * grub2-bls-loader-entry-default.patch * grub2-bls-loader-entries-boot-counting.patch * grub2-bls-loader-features.patch * grub2-bls-loader-config-timeout.patch * grub2-bls-loader-config-timeout-fix.patch ==== kernel-source ==== Version update (7.0.1 -> 7.0.2) - Linux 7.0.2 (bsc#1012628). - crypto: authencesn - Fix src offset when decrypting in-place (bsc#1012628). - pwm: th1520: fix `CLIPPY=1` warning (bsc#1012628). - drm/amdgpu: replace PASID IDR with XArray (bsc#1012628). - crypto: krb5enc - fix sleepable flag handling in encrypt dispatch (bsc#1012628). - crypto: krb5enc - fix async decrypt skipping hash verification (bsc#1012628). - ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger (bsc#1012628). - ksmbd: validate owner of durable handle on reconnect (bsc#1012628). - scripts: generate_rust_analyzer.py: define scripts (bsc#1012628). - scripts/dtc: Remove unused dts_version in dtc-lexer.l (bsc#1012628). - fs/ntfs3: validate rec->used in journal-replay file record check (bsc#1012628). - f2fs: fix to do sanity check on dcc->discard_cmd_cnt conditionally (bsc#1012628). - f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io() (bsc#1012628). - f2fs: fix to avoid memory leak in f2fs_rename() (bsc#1012628). - f2fs: fix to avoid uninit-value access in f2fs_sanity_check_node_footer (bsc#1012628). - fuse: reject oversized dirents in page cache (bsc#1012628). - fuse: abort on fatal signal during sync init (bsc#1012628). - fuse: Check for large folio with SPLICE_F_MOVE (bsc#1012628). - fuse: quiet down complaints in fuse_conn_limit_write (bsc#1012628). - fuse: fuse_dev_ioctl_clone() should wait for device file to be initialized (bsc#1012628). - ksmbd: require minimum ACE size in smb_check_perm_dacl() (bsc#1012628). - smb: server: fix active_num_conn leak on transport allocation failure (bsc#1012628). - smb: client: fix dir separator in SMB1 UNIX mounts (bsc#1012628). - smb: server: fix max_connections off-by-one in tcp accept path (bsc#1012628). - smb: client: require a full NFS mode SID before reading mode bits (bsc#1012628). - smb: client: validate the whole DACL before rewriting it in cifsacl (bsc#1012628). - smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path (bsc#1012628). - ksmbd: validate response sizes in ipc_validate_msg() (bsc#1012628). - ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl() (bsc#1012628). - ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignment (bsc#1012628). - ksmbd: use check_add_overflow() to prevent u16 DACL size overflow (bsc#1012628). - ksmbd: reset rcount per connection in ksmbd_conn_wait_idle_sess_id() (bsc#1012628). - f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io() (bsc#1012628). - ALSA: usb-audio: apply quirk for MOONDROP JU Jiu (bsc#1012628). - ALSA: hda/realtek: Add quirk for Legion S7 15IMH (bsc#1012628). - ALSA: caiaq: take a reference on the USB device in create_card() (bsc#1012628). - net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd() (bsc#1012628). - crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed (bsc#1012628). - crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed (bsc#1012628). - crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed (bsc#1012628). - rxrpc: Fix missing validation of ticket length in non-XDR key preparsing (bsc#1012628). - mshv_vtl: Fix vmemmap_shift exceeding MAX_FOLIO_ORDER (bsc#1012628). - Rename to patches.kernel.org/7.0.2-032-writeback-Fix-use-after-free-in-inode_switch_wb.patch. - commit 46da294 - Refresh patches.suse/mfd-bcm2835-pm-Add-BCM2712-PM-device-support.patch. - Refresh patches.suse/mfd-bcm2835-pm-Introduce-SoC-specific-type-identifier.patch. - Refresh patches.suse/writeback-Fix-use-after-free-in-inode_switch_wbs_wor.patch. Update upstream status. - commit 8e3001e ==== libyui ==== - Force -std=gnu++17 to avoid build breakage with the default of - std=gnu++20 in GCC 16 ==== libyui-ncurses ==== - Force -std=gnu++17 to avoid build breakage with the default of - std=gnu++20 in GCC 16 ==== libyui-ncurses-pkg ==== - Force -std=gnu++17 to avoid build breakage with the default of - std=gnu++20 in GCC 16 ==== libyui-qt ==== - Force -std=gnu++17 to avoid build breakage with the default of - std=gnu++20 in GCC 16 ==== libyui-qt-graph ==== - Force -std=gnu++17 to avoid build breakage with the default of - std=gnu++20 in GCC 16 ==== libyui-qt-pkg ==== - Force -std=gnu++17 to avoid build breakage with the default of - std=gnu++20 in GCC 16 ==== linux-glibc-devel ==== Version update (6.19 -> 7.0) - Update to kernel headers 7.0 - Do not exclude drm headers, libdrm no longer conflicts ==== nghttp2 ==== Version update (1.68.1 -> 1.69.0) - update to 1.69.0: * nghttpx: Avoid separate allocation for QUIC tx buffer * lib/CMakeLists.txt: Fix NGHTTP2_CONFIG_INSTALL_DIR path * nghttpx: Ensure resetting downstream h2 stream * Fix union usage in nghttp2_data_provider_wrap * nghttpx: Remove stream_closed_ from Http2DownstreamConnection * Introduce nghttp2_strlen_lit * Check nghttp2_is_fatal first * nghttpd, nghttpx: Accept at most 10 connections per loop * nghttpx: Accept pending connections until it returns error * nghttpx: Rework close-wait packet generation for h3 * nghttpx: Add extra validation for non-regular path for * nghttpx: More strict validation for h1 host * nghttpd: Refactor with std::span * nghttp: Refactor with std::span * nghttp: Move span creation out of loop * nghttpx: Use std::span for upstream interface * nghttpx: Modernize downstream connection with std::span * nghttpx: Deal with partial write in API downstream connection * nghttpx: Adopt std::span for LiveCheck read path * Nghttpx connection write span * Nghttpx connection read span * nghttpx: Refactor QUIC utils with std::span * nghttpx: Choose the sensible value for TCP_DEFER_ACCEPT * nghttpx: Simplify HTTP/2 writer * nghttpx: Format doc * nghttpx: Deal with ECONNRESET for IPC socket on worker * nghttpx: Rewrite LOG macros with std::source_location * nghttpx: Amend #2671 to fix double logging * nghttpx: Call Log ctor directly * nghttpx: Rename LOG_ENABLED to log_enabled * src: Add static constexpr to ngtcp2 and nghttp3 callbacks * Nghttpx ech * nghttpx: Log the number of loaded ECH configuration in NOTICE ==== openSUSE-release ==== Version update (20260429 -> 20260430) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== openblas_openmp ==== Version update (0.3.29 -> 0.3.30) - moved the testing to the build itself - Update to version 0.3.30: general: * fixed an installation problem with the thread safety test in gmake builds * fixed spurious overwriting of an input array in complex GEMMT/GEMMTR * fixed naming of GEMMTR in error messages from XERBLA * fixed compilation of SBGEMMT/SBGEMMTR in CMake builds * fixed the implementation of ?NRM2 to handle INCX=0 correctly * removed tests for CSROT and ZDROT that relied on unspecified behavior * fixed a performance regression in multithreaded GEMM that was particularly serious on POWER targets * fixed linking issues when using LLVM's flang-new with gmake * fixed a potential thread safety problem with C11 atomic operations * further improved the workload partitioning in parallel GEMM * fixed omission of LAPACKE interfaces for CGESVDQ,CTRSYL3 and ?GEQPF in CMake builds * fixed mishandling of setting NO_LAPACK to FALSE, and incorrect dependencies for LAPACK function SPMV in CMake builds * added explicit CMake options for building LAPACKE and shared libraries * simplified and improved handling of OpenMP options in CMake builds * renaming (pre/postfixing) and optional generation of PDB files for debugging * Fixed building with (Mingw) gmake on Windows to ensure completeness of the LAPACK included in the static library (potential race condition due to the Windows version of the "ln" utility creating snapshot copies rather than links) * fixed unwanted deletion of the lapacke_mangling.h file by "make clean" * fixed potential duplication of a _64 suffix on library names in CMake builds * fixed compilation of the C fallback copies of the LAPACK code with GCC 15 * included fixed from the Reference-LAPACK project: fixed a truncated error message in the EIG part of the testsuite (Reference-LAPACK PR 1119) fixed too strict check in LAPACKE_?gesdd_work (PR #1126) fixed memory corruption when calling ?GEEV with non-finite data (PR #1128) fixed missing initialization of a variable in C/GEQP3RK (PR #1131) fixed 2nd dimension chosen in C/ZUNMLQ transposition operation (PR #1135) x86_64: * fixed an error in the SBGEMV kernel for Cooper Lake/Sapphire Rapids * fixed corner cases of NAN and INF input handling in CSCAL and ZSCAL * improved the compiler identification code for flang-new * fixed a potential build issue in the ZSUM kernel * fixed "argument list too long" errors when building on MacOS * added cpu autodetection support for several new Arrow Lake models * fixed conditional inclusion of the fast path SGEMM kernel in DYNAMIC_ARCH * fixed compilation with the MinGW build of GCC 15 x86: * fixed corner cases of NAN and INF input handling in CSCAL and ZSCAL * worked around potential miscompilation of CDOT with very old binutils arm64: * fixed cpu type detection of A64FX and some ThunderX models (broken in 0.3.29) * added support for the AmpereOne/1A cpus in DYNAMIC_ ARCH builds * added an optimized SBGEMM kernel for NEOVERSEV1 * improved 1xN SBGEMM performance by forwarding to SBGEMV * introduced a stepwise increase of the thread count used for SGEMM and SGEMV on NEOVERSEV1/V2 in relation to problem size * introduced a stepwise increase of the thread count used for DGEMV on NEOVERSEV1 in relation to problem size * introduced a stepwise increase of the thread count used for SDOT and DDOT on NEOVERSEV1 in relation to problem size * fixed corner cases of NAN and INF input handling in CSCAL and ZSCAL * added a fast path SGEMM kernel for small workloads on SME capable targets * improved performance of SGEMM and DGEMM kernels for small workloads * improved performance of SGEMV and DGEMV on SVE-capable targets * improved performance of SGEMV on NEOVERSEN1 and Apple M added optimized SSYMV and DSYMV kernels for NEOVERSEN1, Apple M and all SVE capable targets * added optimized SBGEMV kernels for NEOVERSEV1/V2/N2 * improved performance of SGEMM through faster NCOPY kernels * added compiler options for the NVIDIA HPC Compiler Suite * fixed cpu core type and cache size detection on Apple M4 * updated GEMM parameter settings for Neoverse cpus in cross-builds with CMake * fixed default compiler options for NEOVERSEN1 and CORTEXX2 in CMake builds * fixed conditional inclusion of the fast path SGEMM kernel in DYNAMIC_ARCH * fixed potential miscompilation of the non-SVE SDOT kernel arm: * fixed corner cases of NAN and INF input handling in CSCAL and ZSCAL * fixed unwanted generation of object files with a writable stack riscv64: * added optimized SROTM and DROTM kernels for x280 * fixed corner cases of NAN and INF input handling in CSCAL and ZSCAL * improved performance of GEMM_TCOPY on RVV1.0 targets with VLEN of 128 or 256 * improved performance of OMATCOPY on targets with VLEN 256 * greatly improved performance of SGEMV/DGEMV * improved performance of CGEMV and ZGEMV on C910V and all RVV targets with VLEN 256 * improved performance of SAXPBY and DAXPBY on C910V and all RVV targets with VLEN 256 * improved performance of AXPY and DOT on C910V and ZVL256B targets by * falling back to non-vectorized code for very small N. (Thereby fixing poor performance of CHBMV/ZHBMV for very small K) * fixed CMake build failures of the TRMM kernels power: * fixed building for PPCG4 with CMake * fixed SSCAL/DSCAL on PPC970 running FreeBSD * fixed a potential alignment issue in the POWER8 SGEMV kernel * fixed corner cases of NAN and INF input handling in CSCAL and ZSCAL zarch: * fixed corner cases of NAN and INF input handling in CSCAL and ZSCAL * fixed unwanted generation of object files with a writable stack - Removed Restore-the-non-vectorized-code-from-before-PR4880-for-POWER8.patch as incorporated upstream - Added testrun package which runs the tests separately, the package itself is empty, but build fails if any test fails ==== openblas_pthreads ==== Version update (0.3.29 -> 0.3.30) - moved the testing to the build itself - Update to version 0.3.30: general: * fixed an installation problem with the thread safety test in gmake builds * fixed spurious overwriting of an input array in complex GEMMT/GEMMTR * fixed naming of GEMMTR in error messages from XERBLA * fixed compilation of SBGEMMT/SBGEMMTR in CMake builds * fixed the implementation of ?NRM2 to handle INCX=0 correctly * removed tests for CSROT and ZDROT that relied on unspecified behavior * fixed a performance regression in multithreaded GEMM that was particularly serious on POWER targets * fixed linking issues when using LLVM's flang-new with gmake * fixed a potential thread safety problem with C11 atomic operations * further improved the workload partitioning in parallel GEMM * fixed omission of LAPACKE interfaces for CGESVDQ,CTRSYL3 and ?GEQPF in CMake builds * fixed mishandling of setting NO_LAPACK to FALSE, and incorrect dependencies for LAPACK function SPMV in CMake builds * added explicit CMake options for building LAPACKE and shared libraries * simplified and improved handling of OpenMP options in CMake builds * renaming (pre/postfixing) and optional generation of PDB files for debugging * Fixed building with (Mingw) gmake on Windows to ensure completeness of the LAPACK included in the static library (potential race condition due to the Windows version of the "ln" utility creating snapshot copies rather than links) * fixed unwanted deletion of the lapacke_mangling.h file by "make clean" * fixed potential duplication of a _64 suffix on library names in CMake builds * fixed compilation of the C fallback copies of the LAPACK code with GCC 15 * included fixed from the Reference-LAPACK project: fixed a truncated error message in the EIG part of the testsuite (Reference-LAPACK PR 1119) fixed too strict check in LAPACKE_?gesdd_work (PR #1126) fixed memory corruption when calling ?GEEV with non-finite data (PR #1128) fixed missing initialization of a variable in C/GEQP3RK (PR #1131) fixed 2nd dimension chosen in C/ZUNMLQ transposition operation (PR #1135) x86_64: * fixed an error in the SBGEMV kernel for Cooper Lake/Sapphire Rapids * fixed corner cases of NAN and INF input handling in CSCAL and ZSCAL * improved the compiler identification code for flang-new * fixed a potential build issue in the ZSUM kernel * fixed "argument list too long" errors when building on MacOS * added cpu autodetection support for several new Arrow Lake models * fixed conditional inclusion of the fast path SGEMM kernel in DYNAMIC_ARCH * fixed compilation with the MinGW build of GCC 15 x86: * fixed corner cases of NAN and INF input handling in CSCAL and ZSCAL * worked around potential miscompilation of CDOT with very old binutils arm64: * fixed cpu type detection of A64FX and some ThunderX models (broken in 0.3.29) * added support for the AmpereOne/1A cpus in DYNAMIC_ ARCH builds * added an optimized SBGEMM kernel for NEOVERSEV1 * improved 1xN SBGEMM performance by forwarding to SBGEMV * introduced a stepwise increase of the thread count used for SGEMM and SGEMV on NEOVERSEV1/V2 in relation to problem size * introduced a stepwise increase of the thread count used for DGEMV on NEOVERSEV1 in relation to problem size * introduced a stepwise increase of the thread count used for SDOT and DDOT on NEOVERSEV1 in relation to problem size * fixed corner cases of NAN and INF input handling in CSCAL and ZSCAL * added a fast path SGEMM kernel for small workloads on SME capable targets * improved performance of SGEMM and DGEMM kernels for small workloads * improved performance of SGEMV and DGEMV on SVE-capable targets * improved performance of SGEMV on NEOVERSEN1 and Apple M added optimized SSYMV and DSYMV kernels for NEOVERSEN1, Apple M and all SVE capable targets * added optimized SBGEMV kernels for NEOVERSEV1/V2/N2 * improved performance of SGEMM through faster NCOPY kernels * added compiler options for the NVIDIA HPC Compiler Suite * fixed cpu core type and cache size detection on Apple M4 * updated GEMM parameter settings for Neoverse cpus in cross-builds with CMake * fixed default compiler options for NEOVERSEN1 and CORTEXX2 in CMake builds * fixed conditional inclusion of the fast path SGEMM kernel in DYNAMIC_ARCH * fixed potential miscompilation of the non-SVE SDOT kernel arm: * fixed corner cases of NAN and INF input handling in CSCAL and ZSCAL * fixed unwanted generation of object files with a writable stack riscv64: * added optimized SROTM and DROTM kernels for x280 * fixed corner cases of NAN and INF input handling in CSCAL and ZSCAL * improved performance of GEMM_TCOPY on RVV1.0 targets with VLEN of 128 or 256 * improved performance of OMATCOPY on targets with VLEN 256 * greatly improved performance of SGEMV/DGEMV * improved performance of CGEMV and ZGEMV on C910V and all RVV targets with VLEN 256 * improved performance of SAXPBY and DAXPBY on C910V and all RVV targets with VLEN 256 * improved performance of AXPY and DOT on C910V and ZVL256B targets by * falling back to non-vectorized code for very small N. (Thereby fixing poor performance of CHBMV/ZHBMV for very small K) * fixed CMake build failures of the TRMM kernels power: * fixed building for PPCG4 with CMake * fixed SSCAL/DSCAL on PPC970 running FreeBSD * fixed a potential alignment issue in the POWER8 SGEMV kernel * fixed corner cases of NAN and INF input handling in CSCAL and ZSCAL zarch: * fixed corner cases of NAN and INF input handling in CSCAL and ZSCAL * fixed unwanted generation of object files with a writable stack - Removed Restore-the-non-vectorized-code-from-before-PR4880-for-POWER8.patch as incorporated upstream - Added testrun package which runs the tests separately, the package itself is empty, but build fails if any test fails ==== python313 ==== Subpackages: python313-curses python313-dbm python313-tk python313-x86-64-v3 - Add CVE-2026-6019-Morsel-js_output.patch protects against HTML injection by Base64-encoding cookie values embedded in JS (bsc#1262654, CVE-2026-6019, gh#python/cpython#90309). - Add CVE-2026-1502-reject-CRLF-HTTP-tunnel.patch which rejects CR/LF in HTTP tunnel request headers (bsc#1261969, CVE-2026-1502, gh#python/cpython#146211). - Add CVE-2026-4786-webbrowser-open-action.patch, which fixes webbrowser %action substitution bypass of dash-prefix check (bsc#1262319, CVE-2026-4786, gh#python/cpython#148169). - Add CVE-2026-6100-use-after-free-decompression.patch preventing dangling pointer which can end in the use-after-free error (CVE-2026-6100, bsc#1262098, gh#python/cpython#148395). ==== python313-core ==== Subpackages: libpython3_13-1_0 libpython3_13-1_0-x86-64-v3 python313-base python313-base-x86-64-v3 python313-devel - Add CVE-2026-6019-Morsel-js_output.patch protects against HTML injection by Base64-encoding cookie values embedded in JS (bsc#1262654, CVE-2026-6019, gh#python/cpython#90309). - Add CVE-2026-1502-reject-CRLF-HTTP-tunnel.patch which rejects CR/LF in HTTP tunnel request headers (bsc#1261969, CVE-2026-1502, gh#python/cpython#146211). - Add CVE-2026-4786-webbrowser-open-action.patch, which fixes webbrowser %action substitution bypass of dash-prefix check (bsc#1262319, CVE-2026-4786, gh#python/cpython#148169). - Add CVE-2026-6100-use-after-free-decompression.patch preventing dangling pointer which can end in the use-after-free error (CVE-2026-6100, bsc#1262098, gh#python/cpython#148395). ==== srt ==== Version update (1.5.4 -> 1.5.5) - Update to version 1.5.5: + Connection State Accuracy: Fixed an issue where srt_connect reported incorrect error codes when attempted on a socket in a broken state. The function now correctly identifies these sockets as closed rather than reporting connection-specific failures. + Listen Operation Refinement: - Corrected the error code returned when calling srt_listen on a closed or non-existent socket to ensure status reports reflect the socket state accurately. - Backlog updates: Updated the logic for srt_listen to allow updates to the backlog parameter on sockets already in the LISTENING state. In such cases, the function now successfully updates the backlog and returns 0 (success). + Fixed a bug where a blocking srt_close call could be interrupted by a connection attempt. + Resolved Issue #3289 regarding srt_connect in blocking mode. These fixes ensure that interrupting a blocking connection loop or closing the socket from another thread is correctly recognized. Previously, these scenarios could cause the function to incorrectly return success (0) or a misleading SRT_ECONNSOCK error; it now correctly returns SRT_ESCLOSED or SRT_EINVSOCK. + Fixed a potential buffer overflow in handshake processing by ensuring that incoming group data length does not exceed internal buffer capacity. + Fixed and then restored the cookie contest method from version 1.4.5 as a lower-risk stability measure. It also introduces a mechanism to enforce specific cookie values for testing and development purposes. + Fixed reentrancy of srt_strerror() + Fixed crash when adding a string-typed option to a group configuration object + Fixed incorrect number of sockets returned by srt_epoll_uwait + Fixed inconsistent thread-related objects' state after fork() + Fixed issues found by thread and memory sanitizers + Fixed unexpected blocking behavior in sendmsg call + Fixed stalled connection that should break on rogue NAK/ACK reception + Fixed some misleading error messages + Fixed wrong 'connection lost' error when sending to group in non-blocking pending state + Fixed bug where tsbpd might miss m_bClosing flag set in the meantime + Fixed caller-accepting connection without packetfilter while requested by a caller (now: late-rejection)