Packages changed:
  MicroOS-release (20260422 -> 20260423)
  libXpm
  libgcrypt (1.12.1 -> 1.12.2)
  libgme (0.6.4 -> 0.6.5)
  mozilla-nss (3.121 -> 3.122.1)
  mpc (1.3.1 -> 1.4.1)
  openssh
  patterns-base
  pipewire (1.6.2 -> 1.6.4)
  poppler
  poppler-qt6
  python-rpds-py (0.27.1 -> 0.30.0)
  sdbootutil (1+git20260409.83d5678 -> 1+git20260421.88e40c4)

=== Details ===

==== MicroOS-release ====
Version update (20260422 -> 20260423)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd

- automatically generated by openSUSE-release-tools/pkglistgen

==== libXpm ====

- updated 0001-Fix-CVE-2026-4367-Out-of-bounds-read-in-xpmNextWord.patch
  to the final version, which has been submitted to gitlab
  (CVE-2026-4367, bsc#1260928, comment#22)
- 0001-Fix-CVE-2026-4367-Out-of-bounds-read-in-xpmNextWord.patch
  * fix Out of bounds read (CVE-2026-4367, bsc#1260928)

==== libgcrypt ====
Version update (1.12.1 -> 1.12.2)

- Update to 1.12.2
  * Various fixes on gcry_kem_*  apis

==== libgme ====
Version update (0.6.4 -> 0.6.5)

- Update to version 0.6.5
  * Removed CPP demo as it uses private API.
  * Reworked demos so they no longer use private API.
  * Implemented some undocumented OPcodes for NES CPU.
  * Fixed several compile warnings..
  * The fade length is now passed to the track info for SPC files.
  * The C++ runtime library is now properly exported.
  * Fixed several crashes and security vulnerabilities reported
    by people.
  * The YM2413 chip emulator has been updated to the version v1.5.9
  * Added ADPCM support for the HES emulator, backported from
    Kode54's fork.

==== mozilla-nss ====
Version update (3.121 -> 3.122.1)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs

- update to NSS 3.122.1
  * bmo#2030135 - improve error handling in PK11_ImportPrivateKeyInfoAndReturnKey.
  * bmo#2029752 - Improving the allocation of S/MIME DecryptSymKey.
  * bmo#2029462 - store email on subject cache_entry in NSS trust domain.
  * bmo#2029425 - Heap use-after-free in cert_VerifyCertChainOld via dangling certsList[] entry on NameConstraints violation.
  * bmo#2029323 - Improve size calculations in CMS content buffering.
  * bmo#2028001 - avoid integer overflow while escaping RFC822 Names.
  * bmo#2027378 - Reject excessively large ASN.1 SEQUENCE OF in quickder.
  * bmo#2027365 - Deep copy profile data in CERT_FindSMimeProfile.
  * bmo#2027345 - Improve input validation in DSAU signature decoding.
  * bmo#2026311 - avoid integer overflow in RSA_EMSAEncodePSS.
  * bmo#2026156 - Add a maximum cert uncompressed len and tests.
  * bmo#2026089 - Clarify extension negotiation mechanism for TLS Handshakes.
  * bmo#1935995 - make ss->ssl3.hs.cookie an owned-copy of the cookie.
- update to NSS 3.122
  * bmo#2023209 - ensure permittedSubtrees don't match wildcards that could be outside the permitted tree.
  * bmo#2023664 - run mach doc-lint from generate_release_doc.py.
  * bmo#2023207 - Fix integer underflow in tls13_AEAD when ciphertext is shorter than tag.
  * bmo#2020614 - tls13_CopyEchConfigs uses PR_LIST_TAIL instead of loop variable.
  * bmo#2021911 - fix cipher spec count intermittent CI failures.
  * bmo#2021913 - fix Mlkem768x25519ShareDamager intermittent CI failures.
  * bmo#2023437 - lint the legacy documentation.
  * bmo#2023437 - lint the NSS 3.112.3 release notes.
  * bmo#2023437 - add a doc-lint CI job.
  * bmo#2020224 - Add more useful coverage reports to CI and fail if new commit isn't tested.
  * bmo#1472747 - wrong alert for malformed TLS 1.3 Finished.
  * bmo#1916429 - Swap order of asserts and state check.
  * bmo#2022149 - set correct value of unused curve parameters in tls13_HandleKeyShare.
  * bmo#2017929 - GCM needs to check for various limits in FIPS mode.
  * bmo#2017938 - Get Key Length not working from ED and Montgomery keys.
  * bmo#2017927 - Not all ike modes are FIPS approved. Adjust the indicators when they aren't.
  * bmo#2020721 - fix intermittent ssl.sh test failures on windows runners.
  * bmo#2017918 - FIPS indicators on HKDF needs to be restricted to TLS usage.
  * bmo#2017920 - Generate keys not getting indicators.
  * bmo#2020612 - improve error handling in smime_init_once.
  * bmo#1987288 - Detect CPU features on OpenBSD using elf_aux_info.
  * bmo#2019357 - RSA_EMSAEncodePSS should validate the length of mHash.
  * bmo#2020442 - more robustly distinguish SFTKSessionObject and SFTKTokenObjects.
  * bmo#2019194 - fix missing .S file error in Solaris Makefile builds.
  * bmo#2020486 - fix memory leak in NSC_GenerateKey error path.
  * bmo#2020615 - Missing SECFailure return after FATAL_ERROR in tls13_HandleEncryptedExtensions.
  * bmo#2020613 - release xmit buf lock on dtls13_MaybeSendKeyUpdate error paths.
  * bmo#2020849 - release 1stHandshakeLock on SSL_ResetHandshake error path.
  * bmo#2020188 - avoid null deref in mp_div_d sign normalization.
  * bmo#2017945 - Temp private key lifecycle is broken.
  * bmo#1851073 - protect rwSessionCount with slotLock.
  * bmo#2019224 - Remove invalid PORT_Free().
  * bmo#1828713 - Fix intermittent ClientGreaseKeyShare test failure.
  * bmo#2018200 - Fix kCtxStr len passed to tls_SignOrVerifyUpdate.
  * bmo#2019760 - patch upstream acvp-rust during checkout to avoid build failures.
  * bmo#2019760 - update acvp Dockerfile.
  * bmo#2017997 - CKA_PARAM_SET missing from the CK_ULONG list in softoken.
  * bmo#2018000 - CKA_SEED missing from isPrivate in the database.
  * bmo#2019717 - update abicheck expectation for __nss_InitLock.
  * bmo#2019327 - taskcluster: set NSS_DISABLE_LIBPKIX=1 in test env for static builds.
  * bmo#2019327 - tests: fix setup_policy to use ROOTCERTSFILE for root cert module path.
  * bmo#2019327 - tests: fix selfserv/httpserv PID handling and wait exit code for MSYS_NT.
  * bmo#2019327 - tests: add native_path helper for cross-platform path conversion.
  * bmo#2019327 - tstclnt, strsclnt: avoid DNS lookup for loopback addresses on Windows.
  * bmo#2019090 - avoid platform GCM for x64 iOS emulator builds.
  * bmo#2012002 - remove lock instrumentation feature.
  * bmo#2017923 - Move FIPS indicator structures out of fips_algorithms.h.
  * bmo#2018064 - all.sh is failing in FIPS SSL test in main tree.
  * bmo#1975973 - fix memory leaks in crmf tests.
  * bmo#2012547 - fix unsatisfiable condition in lg_getTrust.
  * bmo#2006218 - allow selfserv makefile build to use system zlib.
  * bmo#2002247 - Add allocation limit to pkcs12 decoding.
  * bmo#2012406 - Add text/html single-line example emails to NSS S/SMIME CMS tests.
- Rebase patches nss-fips-aes-gcm-restrict.patch and nss-fips-approved-crypto-non-ec.patch
  due to upstreamed FIPS patches

==== mpc ====
Version update (1.3.1 -> 1.4.1)

- update to 1.4.1:
  * mpc_fr_div: Fix memory leak introduced in release 1.4.0
- Fixup pkg-config install location
- Update to 1.4.0:
  * New functions: mpc_exp10, mpc_exp2, mpc_log2
  * mpc_tan and mpc_tanh: Fix wrong values and slowness for large
    imaginary part.
  * mpc_pow: Agree on and implement the sign of the imaginary part
    when both inputs are real.
  * mpc_fr_div and mpc_ui_div: Treat the imaginary part of the
    dividend as an exact zero and not as +0, following the C2Y
    draft of the C standard. This changes the signs of zeroes in
    some results.
  * Generate the pkg-config file mpc.pc

==== openssh ====
Subpackages: openssh-clients openssh-common openssh-server

- Update openssh-8.1p1-audit.patch (bsc#1252890). This prevents the
  connection from dropping due to message mismatches in the monitor
  protocol when concurrency is high.
- Add missing patch tags.

==== patterns-base ====
Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11

- immutable_base: Pull in systemd-presets-branding-SLE_immutable
  rather than systemd-presets-branding-SLE_transactional (package
  has been renamed)

==== pipewire ====
Version update (1.6.2 -> 1.6.4)
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools

- Update to version 1.6.4:
  * This is a bugfix release that is API and ABI compatible with
    the previous 1.6.x releases.
  * Highlights
  - Small improvements and seqfault fixes.
  - Try to not emit ports that JACK doesn't understand. Fixes
    glitches in ardour and other JACK apps.
  * PipeWire
  - Refuse to load plugins and crash when pw_init() was not
    called. (!2784 (closed))
  * SPA
  - Fix LADSPA plugin loading, support LADSPA_PATH ending with /
  - Fix segfault in alsa-seq when removing devices in some cases.
    (#5221 (closed))
  - Allow negative gain in mixer. (#5228 (closed))
  - Improve alsa-seq port names, add : between client and port.
    (#5229 (closed))
  - ACP: don’t override user-selected port on availability
    changes.
  * Bluetooth
  - Backport some important fixes and minor improvements.
  * JACK
  - Ignore non DSP ports to avoid emitting extra callbacks.
  * GStreamer
  - Fix crop metadata.
  * Tools
  - Fix WAVEX saving in pw-cat. (#5233 (closed))
- Update to version 1.6.3:
  * Highlights
  - Fix some RAOP compatibility regressions.
  - Fix segfault in the mixer in some cases.
  - Most nodes now produce and consume MIDI1 again and avoid
    conversions to and from UMP.
  - Various small fixes and improvements.
  * PipeWire
  - Fix regression with sample rate changes. (#5207 (closed))
  - Fix a potential integer overflow in the memory mapping.
  * Modules
  - Align RTP timestamps to make RAOP work on more devices.
    (#5167 (closed))
  - Avoid crashes in RTP streams because of concurrent event
    emission.
  - Avoid invalid fd usage in native-protocol with special
    crafted messages.
  - Fix properties and params enumeration in filter-chain
    (#5202 (closed)).
  * SPA
  - Fix compilation with -Werror=discarded-qualifiers
  - Avoid OOB read in mix matrix. (#5176 (closed))
  - Avoid loading plugins from absolute paths that are not in
    the search path.
  - Avoid MIDI conversions to and from UMP. (#5183 (closed))
  * Bluetooth
  - Backport some fixes and avoid some crashes.
  * JACK
  - Make sure timebase callback is never called with 0 frames.
  - Increase the notify queue to avoid losing notifications.
- Drop patch which is already included upstream:
  * pipewire-const-correctness-1.patch
- Modify the service to use a tar.xz file for the sources
  instead of obscpio.

==== poppler ====
Subpackages: libpoppler-cpp3 libpoppler157

- %suse_version value will be bumped for each service pack (e. g.
  1610 for 16sp1), thus using >= 1600 for SLE16
- SLE16 does not have extra-cmake-modules

==== poppler-qt6 ====

- %suse_version value will be bumped for each service pack (e. g.
  1610 for 16sp1), thus using >= 1600 for SLE16
- SLE16 does not have extra-cmake-modules

==== python-rpds-py ====
Version update (0.27.1 -> 0.30.0)

- Update to 0.30.0:
  * Update to PyO3 0.27.2
  * Bump actions/download-artifact from 5 to 6
  * Bump github/codeql-action from 4.30.9 to 4.31.0
  * Bump actions/upload-artifact from 4 to 5
  * Bump astral-sh/setup-uv from 7.1.1 to 7.1.2
  * Bump github/codeql-action from 4.31.0 to 4.31.2
  * Bump softprops/action-gh-release from 2.4.1 to 2.4.2
  * Bump rpds from 1.1.2 to 1.2.0
  * Bump PyO3 to 0.27
- Drop tar_scm use and switch to the PyPi sdist.
- Ship the LICENSE and the README in the built packages.
- Run the testsuite.

==== sdbootutil ====
Version update (1+git20260409.83d5678 -> 1+git20260421.88e40c4)
Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper sdbootutil-tukit

- Update to version 1+git20260421.88e40c4:
  * Allow multiple lines and comment lines in cmdline files