Packages changed:
  Mesa (26.0.6 -> 26.1.0)
  Mesa-drivers (26.0.6 -> 26.1.0)
  MozillaFirefox (150.0.1 -> 150.0.2)
  busybox
  coreutils
  coreutils-systemd
  gawk (5.3.2 -> 5.4.0)
  gcc16 (16.0.1+git8812 -> 16.1.1+git8886)
  leancrypto
  openSUSE-release (20260509 -> 20260510)
  openssh
  qt6-base
  qt6-svg
  tar

=== Details ===

==== Mesa ====
Version update (26.0.6 -> 26.1.0)
Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1

- Update to 26.1.0
  * This release marks the first major feature update in the Mesa
    26 series.
  * Highlights:
  - Implementation of Vulkan 1.4 API (support varies by driver).
  - VirtIO-GPU Native-Context for Intel Iris, Crocus, and ANV drivers
    providing faster GPU paravirtualization.
  - VirGL is now considered unmaintained.
  - Zink now supports OpenGL ES 2.0 on PowerVR GPUs.
  - RADV (AMD) added support for low-latency video encode/decode
    and VK_KHR_internally_synchronized_queues.
  - Experimental support for Intel Nova Lake P hardware.
  - Rusticl (OpenCL) now requires a static C++ standard library.
  - New extensions supported across various drivers:
    VK_EXT_present_timing, GL_NV_timeline_semaphore (radeonsi),
    VK_QCOM_image_processing (turnip), VK_KHR_present_id,
    VK_KHR_present_wait, and various cl_khr_subgroup extensions.
- Dropped support for Python 3.6. Removed related patches:
  * u_0001-intel-genxml-Drop-from-__future__-import-annotations.patch
  * u_0002-intel-genxml-Add-a-untyped-OrderedDict-fallback-for-.patch
  * python36-buildfix1.patch
  * u_meson-lower-python-version-requirement.patch
- Removed obsolete u_dep_xcb.patch.
- Adjusted patches for new source context:
  * n_drirc-disable-rgb10-for-chromium-on-amd.patch

==== Mesa-drivers ====
Version update (26.0.6 -> 26.1.0)
Subpackages: Mesa-dri Mesa-libva Mesa-vulkan-device-select libvulkan_lvp

- Update to 26.1.0
  * This release marks the first major feature update in the Mesa
    26 series.
  * Highlights:
  - Implementation of Vulkan 1.4 API (support varies by driver).
  - VirtIO-GPU Native-Context for Intel Iris, Crocus, and ANV drivers
    providing faster GPU paravirtualization.
  - VirGL is now considered unmaintained.
  - Zink now supports OpenGL ES 2.0 on PowerVR GPUs.
  - RADV (AMD) added support for low-latency video encode/decode
    and VK_KHR_internally_synchronized_queues.
  - Experimental support for Intel Nova Lake P hardware.
  - Rusticl (OpenCL) now requires a static C++ standard library.
  - New extensions supported across various drivers:
    VK_EXT_present_timing, GL_NV_timeline_semaphore (radeonsi),
    VK_QCOM_image_processing (turnip), VK_KHR_present_id,
    VK_KHR_present_wait, and various cl_khr_subgroup extensions.
- Dropped support for Python 3.6. Removed related patches:
  * u_0001-intel-genxml-Drop-from-__future__-import-annotations.patch
  * u_0002-intel-genxml-Add-a-untyped-OrderedDict-fallback-for-.patch
  * python36-buildfix1.patch
  * u_meson-lower-python-version-requirement.patch
- Removed obsolete u_dep_xcb.patch.
- Adjusted patches for new source context:
  * n_drirc-disable-rgb10-for-chromium-on-amd.patch

==== MozillaFirefox ====
Version update (150.0.1 -> 150.0.2)
Subpackages: MozillaFirefox-branding-upstream MozillaFirefox-translations-common

- Mozilla Firefox 150.0.2
  MFSA 2026-40 (bsc#1264378)
  * CVE-2026-8090 (bmo#2034352)
    Use-after-free in the DOM: Networking component
  * CVE-2026-8092 (bmo#1806249, bmo#2021977, bmo#2022576, bmo#2022722,
    bmo#2024439, bmo#2027883, bmo#2029463, bmo#2030323, bmo#2032042,
    bmo#2032043, bmo#2033270, bmo#2033637, bmo#2034422, bmo#2034496,
    bmo#2035879, bmo#2036516)
    Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR
    140.10.2 and Firefox 150.0.2
  * CVE-2026-8093 (bmo#1981270, bmo#2027154, bmo#2028332, bmo#2029327,
    bmo#2029428, bmo#2029894, bmo#2032189, bmo#2034837, bmo#2035968,
    bmo#2036256)
    Memory safety bugs fixed in Firefox 150.0.2
  * Fixed an issue where websites on internal or corporate
    networks that require a login prompt would show a blank page.
    (bmo#2034752)
  * Fixed an issue that prevented highlighting from
    working on scanned images in the built-in PDF viewer. (bmo#2034980)
  * Fixed an issue where the "New" badge persisted on
    Split View menu items. (bmo#2027793)
  * Fixed an issue that prevented some webcams from working
    correctly in video calls. (bmo#2034722)
  * Fixed an issue where a tab would crash when dragging and
    dropping nested folders onto a webpage. (bmo#2030461)
  * Improved how Firefox displays websites with advanced 3D
    effects, fixing cases where parts of the page could
    disappear or appear incorrectly. (bmo#2034283)
  * Fixed an issue that could prevent Firefox’s local backup
    feature from completing successfully. (bmo#2029240)
  * Fixed an issue where the status and navigation bars would
    flicker or show mismatched colors when editing a page’s
    address. (bmo#2021596)
  * Improved the appearance of search suggestions in the address
    bar by preventing icons from appearing stretched or distorted.
    (bmo#2035353)

==== busybox ====
Subpackages: busybox-static

- Fix heap buffer overflow vulnerability in the DHCPv6 client
  (CVE-2026-29004, bsc#1263989)
  * 0001-udhcpc6-fix-buffer-overflow.patch
  * 0002-udhcpc6-check-the-size-of-D6_OPT_IAPREFIX-option.patch

==== coreutils ====
Subpackages: coreutils-lang

- coreutils-tests-misc-tty-eof-avoid-false-failure.patch: Add upstream patch:
  tests: avoid false failure with perl-IO-Tty >= 1.24 (bsc#1264052)

==== coreutils-systemd ====

- coreutils-tests-misc-tty-eof-avoid-false-failure.patch: Add upstream patch:
  tests: avoid false failure with perl-IO-Tty >= 1.24 (bsc#1264052)

==== gawk ====
Version update (5.3.2 -> 5.4.0)

- update to 5.4.0:
  * 1. This release now uses Mike Haertel's MinRX regular
    expression matcher as the default regexp engine. The old regex
    and dfa engines are still available. More detail is available
    in the manual, and in the file README_d/README.matchers.
    At the very least, read that file!
  * 2. The manual, in the Bugs section, now makes it explicit
    that (a) Ad hominem attacks on the lists will not be tolerated,
    and (b) Discussion of proprietary software is strongly
    discouraged. Repeated offenses are grounds for being banned
    from the lists.
  * 3. There is now a new directive, @nsinclude, which works like
    @include but does not reset the namespace for the included file
    to "awk". See the manual for details.
  * 4. When using lshift() or rshift() and attempting to shift by
    as many or more bits than in a uintmax_t, gawk returns zero,
    instead of whatever the C compiler and hardware might have done.
  * 5. Gawk's use of persistent memory has changed somewhat:
  * A. Gawk now stores additional meta-information in the backing
    file.
  * This means that if you have a backing file with important
    data in it, you should dump the data to a text file using the
    old version, create a new backing file, and then read your data
    back in with the new version, to a *brand new* backing file.
  * 6. The ordchr extension now supports multibyte / wide
    characters.
  * 7. Per the 2024 POSIX standard, `length(array)' is no longer
    an extension, but a regular feature.  Thus --posix no longer
    rejects it and --lint no longer warns about it.
  * 8. The --traditional option has been rationalized to bring
    gawk into sync with BWK awk. It no longer affects the return
    code from system(), and it no longer prevents using a regexp
    for RS. Internally, the code was cleaned up some as well.
  * 9. Assertions in the C code are now enabled.  To disable
    them, manually edit the various Makefiles after running
    configure and before running make. You will need to add
  - DNDEBUG to the CFLAGS variable.

==== gcc16 ====
Version update (16.0.1+git8812 -> 16.1.1+git8886)
Subpackages: cpp16 gcc16-locale libasan8 libatomic1 libgcc_s1 libgcc_s1-32bit libgccjit0 libgfortran5 libgomp1 libhwasan0 libitm1 liblsan0 libobjc4 libquadmath0 libstdc++6 libstdc++6-32bit libstdc++6-locale libstdc++6-pp libstdc++6-pp-32bit libtsan2 libubsan1

- Update to 16.1.1+git8886, includes GCC 16.1 release.

==== leancrypto ====
Subpackages: libleancrypto1 libleancrypto1-32bit

- Calculate the FIPS HMAC for the leancrypto and the leancrypto-fips
  libraries. (bsc#1262399)

==== openSUSE-release ====
Version update (20260509 -> 20260510)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd

- automatically generated by openSUSE-release-tools/pkglistgen

==== openssh ====
Subpackages: openssh-clients openssh-common openssh-server

- Update openssh-7.7p1-fips.patch (bsc#1262555): Don't bail out on
  startup if a non-FIPS algorithm is requested. Filter it out and
  warn instead.
- Update openssh-8.0p1-gssapi-keyex.patch: Apply to GSS too.

==== qt6-base ====
Subpackages: libQt6Concurrent6 libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6OpenGLWidgets6 libQt6PrintSupport6 libQt6Sql6 libQt6Test6 libQt6WaylandClient6 libQt6Widgets6 libQt6WlShellIntegration6 libQt6Xml6 qt6-network-tls qt6-networkinformation-connman qt6-networkinformation-glib qt6-networkinformation-nm qt6-platformtheme-gtk3 qt6-printsupport-cups qt6-sql-mysql qt6-sql-sqlite qt6-wayland

- Add upstream fix (QTBUG-145310, kde#518105):
  * 0001-freetype-Handle-failing-glyph-rendering.patch
- Also use GCC 15 on Leap 16.1

==== qt6-svg ====
Subpackages: libQt6Svg6 libQt6SvgWidgets6

- Add upstream fix (CVE-2026-6210, boo#1264301)
  * 0001-Test-types-of-nodes-before-downcasting-them.patch

==== tar ====
Subpackages: tar-lang tar-rmt

- remove the userspace fallback implementation for openat2
- Fix bsc#1246399 / CVE-2025-45582.
- Add patch:
  * CVE-2025-45582.patch
- Refresh patch:
  * tar-fix-extract-unlink.patch