Packages changed: 389-ds (3.1.4+64845ffd9 -> 3.1.4+e2562f589) bluez cryptsetup (2.8.4 -> 2.8.6) gstreamer-plugins-ugly man openSUSE-release (20260407 -> 20260408) openexr (3.4.6 -> 3.4.9) python-charset-normalizer (3.4.6 -> 3.4.7) python-click (8.3.1 -> 8.3.2) python-tzdata (2025.3 -> 2026.1) sudo === Details === ==== 389-ds ==== Version update (3.1.4+64845ffd9 -> 3.1.4+e2562f589) Subpackages: lib389 libsvrcore0 - bsc#1258727 - CVE-2025-14905 - heap buffer overflow due to improper size calculation in `schema_attr_enum_callback` callback. - Update to version 3.1.4+e2562f589: * Security fix for CVE-2025-14905 * Issue 7277 - UI - Fix Japanese translation for "Successfully updated group" in Cockpit UI (#7278) * Issue 7275 - UI - Improve password policy field validation in Cockpit UI (#7276) * Issue 7279 - UI - Fix typo in export certificate dialog (#7280) * Issue 7273 - In a chaining environment binding as remote user causes an invalid error in the logs * Issue 7271 - plugins that create threads need to update active thread count * Issue 5853 - Update concread to 0.5.10 * Issue 7223 - Remove integerOrderingMatch requirement for parentid (#7264) * Issue 7243 - UI - fix certificate table and modal * Issue 7066/7052 - allow password history to be set to zero and remove history * Issue 7223 - Use lexicographical order for ancestorid (#7256) * Issue 7213 - (2nd) MDB_BAD_VALSIZE error while handling VLV (#7258) * Issue 7184 - (2nd) argparse.HelpFormatter _format_actions_usage() is deprecated (#7257) * Issue - CLI - dsctl db2index needs some hardening with MBD * Issue 7248 - CLI - attribute uniqueness - fix usage for exclude subtree option * Issue 7231 - Sync repl tests fail in FIPS mode due to non FIPS compliant crypto (#7232) * Issue 7121 - (2nd) LeakSanitizer: various leaks during replication (#7212) * Issue 6947 - Fix health_system_indexes_test.py * Issue 7221 - CI tests - fix some flaky tests * Issue 7076 - Fix revert_cache() never called in modrdn (#7220) * Issue 7096 - (2nd) During replication online total init the function idl_id_is_in_idlist is not scaling with large database (#7205) * Issue 3555 - UI - Fix audit issue with npm - @isaacs/brace-expansion (#7228) * Issue 7223 - Add dsctl index-check command for offline index repair * Issue 7223 - Detect and log index ordering mismatch during backend startup * Issue 7223 - Add upgrade function to remove ancestorid index config entry * Issue 7223 - Add upgrade function to remove nsIndexIDListScanLimit from parentid * Issue 7223 - Revert index scan limits for system indexes * Issue 7224 - CI Test - Simplify test_reserve_descriptor_validation (#7225) ==== bluez ==== Subpackages: bluez-auto-enable-devices bluez-cups bluez-obexd libbluetooth3 - Add bluez-mainloop-Only-connect-to-NOTIFY_SOCKET-if-STATUS-Sta.patch to fix that systemd 259.3 causes timeout in starting home-assistant using podman systemd unit / quadlet. (bsc#1259656) ==== cryptsetup ==== Version update (2.8.4 -> 2.8.6) Subpackages: cryptsetup-doc cryptsetup-lang libcryptsetup12 - Update to 2.8.6. - Release notes for 2.8.6: * Fixes an autotools regression in 2.8.5 in the locking tmpfiles.d directory configuration. - Release notes for 2.8.5: * Add a specific error for failed detached header allocation. * Check the UUID of the resumed device to match the UUID stored in metadata. * Fix FileVault (fvault2) metadata parsing. * Fix LUKS2 reencryption lock name. * Fix OpenSSL crypto backend if built with LibreSSL. * Fix reading FileVault image metadata from incorrect image offset. * Fix tests not to use aes-generic kernel cipher name. * OpenSSL backend: Increase the number of allowed threads to 64. * Several compatibility fixes to the alternative Meson configuration system. * Various code fixes based on AI-assisted reviews. ==== gstreamer-plugins-ugly ==== Subpackages: gstreamer-plugins-ugly-lang - Drop mpeg2dec plugin, deprecated upstream, lets just remove this now ahead of time, gstreamer-libav provides a prefered software decoder plugin. Drop pkgconfig(libmpeg2) and pass mpeg2dec=disabled to meson setup. ==== man ==== - Make choice for transfiletriggerin or filetriggerin rpm version depend (boo#1261544) ==== openSUSE-release ==== Version update (20260407 -> 20260408) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== openexr ==== Version update (3.4.6 -> 3.4.9) Subpackages: libIex-3_4-33 libIex-3_4-33-x86-64-v3 libIlmThread-3_4-33 libIlmThread-3_4-33-x86-64-v3 libOpenEXR-3_4-33 libOpenEXR-3_4-33-x86-64-v3 libOpenEXRCore-3_4-33 libOpenEXRCore-3_4-33-x86-64-v3 - version update to 3.4.9 * [CVE-2026-34589](https://www.cve.org/CVERecord?id=CVE-2026-34589) DWA Lossy Decoder Heap Out-of-Bounds Write * [CVE-2026-34588](https://www.cve.org/CVERecord?id=CVE-2026-34588) Signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write * [CVE-2026-34380](https://www.cve.org/CVERecord?id=CVE-2026-34380) Signed integer overflow (undefined behavior) in undo_pxr24_impl may allow bounds-check bypass in PXR24 decompression * [CVE-2026-34379](https://www.cve.org/CVERecord?id=CVE-2026-34379) Misaligned write in LossyDctDecoder_execute leading to undefined behavior (DWA/DWAB decompression) * [CVE-2026-34378](https://www.cve.org/CVERecord?id=CVE-2026-34378) Signed integer overflow in generic_unpack() when parsing EXR files with crafted negative dataWindow.min.x * Fix signed integer overflow in `LossyDctDecoder_execute()` pointer arithmatic * fix integer overflow in PIZ wavelet buffer arithmetic * Add a message about image size limits and OOM errors to SECURITY.md and website * Fix shared lib symlink installation path * Fix misaligned memory access in `LossyDctDecoder_execute` HALF→FLOAT expansion * fix signed integer overflow in `undo_pxr24_impl()` * Fix integer overflow in `srcbuffer` pointer arithmetic in `unpack_*` * Add "cherry" and "changes" options to release.py * Fix an integer-overflow bug reading malformed files compressed with * B44A/B44B * Fix a buffer-overrun bug reading malformed files compressed with PXR24 * Fix a bug compressing half data with ZIPS/ZIP data when the * compressed size equals packed size * Single part files no longer get assigned a part name when writing * via the python module * Fix a build failure on FreeBSD involving `threads.h` * Fix an integer overflow decoding very wide htj2k images * Fix build failure with glibc 2.43 * Fix Windows symbol visibility warnings - fixes CVE-2026-34545 [bsc#1261344] CVE-2026-34543 [bsc#1261339] CVE-2026-34544 [bsc#1261342] - deleted patches * openexr-glibc-2.43.patch (upstreamed) ==== python-charset-normalizer ==== Version update (3.4.6 -> 3.4.7) Subpackages: python311-charset-normalizer python313-charset-normalizer - update to 3.4.7: * Pre-built optimized version using mypy[c] v1.20. * Relax `setuptools` constraint to `setuptools>=68,<82.1`. * Correctly remove SIG remnant in utf-7 decoded string. (#718) ==== python-click ==== Version update (8.3.1 -> 8.3.2) - update to 8.3.2: * Fix handling of flag_value when is_flag=False to allow such options to be used without an explicit value. :issue:`3084` :pr:`3152` * Hide Sentinel.UNSET values as None when using lookup_default(). :issue:`3136` :pr:`3199` :pr:`3202` :pr:`3209` :pr:`3212` :pr:`3224` * Prevent _NamedTextIOWrapper from closing streams owned by StreamMixer. :issue:`824` :issue:`2991` :issue:`2993` :issue:`3110` :pr:`3139` :pr:`3140` * Add comprehensive tests for CliRunner stream lifecycle, covering logging interaction, multi-threaded safety, and sequential invocation isolation. Add high-iteration stress tests behind a stress marker with a dedicated CI job. :pr:`3139` * Fix callable flag_value being instantiated when used as a default via default=True. :issue:`3121` :pr:`3201` :pr:`3213` :pr:`3225` ==== python-tzdata ==== Version update (2025.3 -> 2026.1) - Update to 2026.1: - Upstream version 2026a released 2026-03-02T06:59:49+00:00 - Since 2022 Moldova has observed EU transition times, that is, it has sprung forward at 03:00, not 02:00, and has fallen back at 04:00, not 03:00. - Remove Europe/Chisinau from zonenow.tab, as it now agrees with Europe/Athens for future timestamps. ==== sudo ==== Subpackages: sudo-plugin-python - CVE-2026-35535: potential privilege escalation when running the mailer (bsc#1261420) * fix-CVE-2026-35535.patch - Move tests under /usr/share for transactional system support (jsc#PED-14830)