Packages changed:
  ImageMagick (7.1.2.24 -> 7.1.2.25)
  MozillaFirefox (151.0.1 -> 151.0.3)
  cups-filters
  fontconfig (2.18.0 -> 2.18.1)
  graphite2 (1.3.14 -> 1.3.15)
  hyphen (2.8.8 -> 2.8.9)
  libabw (0.1.3 -> 0.1.4)
  libcdr (0.1.8 -> 0.1.9)
  libdmapsharing (3.9.13 -> 3.9.14)
  libdv
  libetonyek
  liblangtag (0.6.7 -> 0.6.8)
  libmspub (0.1.4 -> 0.1.5)
  libqxp (0.0.2 -> 0.0.3)
  libstorage-ng (4.5.328 -> 4.5.329)
  libvisio (0.1.9 -> 0.1.11)
  libzypp (17.38.11 -> 17.38.13)
  mpg123 (1.33.5 -> 1.33.6)
  netpbm (11.12.0 -> 11.14.0)
  openSUSE-release (20260608 -> 20260609)
  openexr (3.4.11 -> 3.4.12)
  openjph (0.27.3 -> 0.27.4)
  perl-HTTP-Message (7.10.0 -> 7.20.0)
  perl-WWW-RobotRules (6.02 -> 6.30.0)
  perl-XML-LibXML (2.0212 -> 2.0213)
  perl-XML-NamespaceSupport (1.12 -> 1.120.0)
  pinentry
  pinentry-gui
  python-M2Crypto (0.46.2 -> 0.48.0)
  salt
  sqlite3 (3.53.1 -> 3.53.2)
  webkitgtk3 (2.52.3 -> 2.52.4)
  webkitgtk4 (2.52.3 -> 2.52.4)

=== Details ===

==== ImageMagick ====
Version update (7.1.2.24 -> 7.1.2.25)
Subpackages: ImageMagick-config-7-SUSE libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10

- version update to 7.1.2.25
  * validate argument count for polynomial distortion #8780
  * fix oob read of gps rationals in GetEXIFProperty #8782
  * reject hdr files with a negative width or height #8765
  * reject pgx files with invalid dimensions or precision #8764
  * reject rla files with an inverted active window #8770
  * build(deps): bump github/codeql-action from 4.35.5 to 4.36.0 #8775
  * reject fits files with an invalid bits per pixel #8760
  * reject sgi files with zero columns or rows #8761
  * reject dds files with zero columns or rows #8762
- fixes following GH security advisories:
  * GHSA-q62c-h75r-2xhc
  * GHSA-g22q-f7gc-5jhr
  * GHSA-px7q-ggqj-hcf2
  * GHSA-p9rq-q46c-g4x6
  * GHSA-j989-f892-2335
  * GHSA-44cp-c3ww-9rv5

==== MozillaFirefox ====
Version update (151.0.1 -> 151.0.3)
Subpackages: MozillaFirefox-branding-upstream MozillaFirefox-translations-common

- Mozilla Firefox 151.0.3:
  MFSA 2026-54 (boo#1267841)
  * CVE-2026-10701 (bmo#2038537)
    Incorrect boundary conditions in the Graphics: Text component
  * CVE-2026-10702 (bmo#2040903)
    JIT miscompilation in the JavaScript Engine: JIT component
  * Fixed an issue where selecting or pasting text in a text field
    inside a table cell could disrupt the page layout.
    (bmo#2041235)
  * Fixed an issue where the VPN toolbar button icon could appear
    larger than intended. (bmo#2042454)
- includes changes from 151.0.2:
  * Fixed an issue where adding another tab to an existing Split
    View could unexpectedly close it. (bmo#2039795)
  * Fixed an issue where Split View would close instead of
    switching tabs when using the "Switch to Tab" option from the
    address bar. (bmo#2039787)
  * Fixed an issue where Firefox stopped caching new content once
    the disk cache was full, causing pages and resources to be
    re-downloaded from the network on every visit. (bmo#2031577)
  * Fixed an issue where some websites could render incorrectly or
    fail to load when they used JavaScript to insert WebKit-
    specific style rules. (bmo#2040693)
  * Fixed an issue where clicking and selecting text in some input
    fields and text areas did not work on pages that styled them
    with certain CSS rules. (bmo#2039504)
  * Fixed an issue where the up and down buttons on number input
    fields could overlap and hide the value when sites sized the
    field to fit its contents. (bmo#2039315)
  * Fixed an issue where sorting strings that include numbers could
    produce an incorrect order on some websites and web
    applications. (bmo#2027078)
  * Fixed an issue where dropdown menus would not open for
    `<select>` elements created inside an iframe and then moved
    into the parent page. (bmo#2041720)

==== cups-filters ====

- Provide cups-browsed as separated cups-filters-cups-browsed
  sub-package so users can uninstall this sub-package
  to completely avoid the generic security risk of cups-browsed.
  cups-browsed auto-creates local print queues for printers which
  are announced via DNS-SD. It is a generic security risk when a
  service (cups-browsed.service) accepts any (possibly malicious)
  incoming information from any host in the local network
  (i.e. any DNS-SD announcements) and from that information
  it auto-creates print queue configurations for CUPS
  (where its server program cupsd runs as root).
  For more information see the openSUSE support database article
  https://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings

==== fontconfig ====
Version update (2.18.0 -> 2.18.1)
Subpackages: fontconfig-lang libfontconfig1

- Update to 2.18.1
  * Workaround :-prefixed filename used in Qt
  * meson: force enabling HAVE_C99_VSNPRINTF
  * Do not set 'sans-serif' for default genericfamily
  * Fix another font matching issue
  * Fix not matching with a font family name
  * Disable invalid attribute warning by default
  * boo#1267844

==== graphite2 ====
Version update (1.3.14 -> 1.3.15)

- version update to 1.3.15:
  . Bug fixes.
  . Update graphite website documentation.
  . Use SPDX lines, and improve license declarations.
  . Fix incorrectly generated graphite2.pc pkgconf file.
- modified patches
  * graphite2-1.2.0-cmakepath.patch (refreshed)
  * link-gcc-shared.diff (refreshed)
- deleted patches
  * graphite2-1.3.14-gcc15.patch (upstreamed)
- fixes CVE-2026-50593 [bsc#1267734]

==== hyphen ====
Version update (2.8.8 -> 2.8.9)

- Update to version 2.8.9
  - new public API: hnj_hyphen_load_data, loads a dictionary from a
    raw memory buffer (Resolves #4, contributed by Roman "SBKarr"
    Katuntsev). Useful for Android, embedded systems, and any caller
    holding dict bytes in memory.
  - Windows long-path support via _wfopen (fdo#48017, originally from
    LibreOffice)
  - many memory-safety fixes for malformed dictionaries and adversarial
    word input, found via libFuzzer + ASan + LSan: crashes
    in the rep-application loop, lhmin/rhmin loops, hyphword/norm
    compaction; infinite-recursion guards in the compound hyphenation
    path; leak fixes in the dict parser and in every site that writes
    into the (*rep)/(*pos)/(*cut) arrays
  - fuzz harness (fuzz/) shipping with the source

==== libabw ====
Version update (0.1.3 -> 0.1.4)

- Update to 0.1.4:
  - Fix a memory access error found by oss-fuzz.
  - Configure with --disable-werror by default.
  - Disable expanding entities by XML parser as a vulnerability
    prevention measure. Abiword-saved documents do not contain entities,
    so there is no difference in behavior.

==== libcdr ====
Version update (0.1.8 -> 0.1.9)

- version update to 0.1.9
  * Upgrade m4 macros.
  * Fix crash appear with format CDR 14 and Gradients (tdf#130914, tdf#158268)
  * Fixes parsing CDR7 files with no bbox surrounding text objects (tdf#98994)

==== libdmapsharing ====
Version update (3.9.13 -> 3.9.14)

- Update to version 3.9.14:
  + Always install dmap-transcode-stream.h
  + Account for type mismatch
  + Print warning if filter string contains bad parenthesis or
    quote
  + Eliminate unnecessary variables

==== libdv ====

- Add libdv-gcc16.patch to fix the build with GCC 16

==== libetonyek ====

- Force -std=gnu++17 when building with GCC >= 16

==== liblangtag ====
Version update (0.6.7 -> 0.6.8)

- version update to 0.6.8
  * Update configure.ac for obsolete function
  * Fix build fail when srcdir != builddir
  * Add --disable-locale-alias build option
  * Bump the libtool revision.
  * Do not include merge commits in NEWS
  * const up __lt_localealias_tables
  * configure.ac: check for dlfcn.h
  * configure.ac: support slibtool
  * configure.ac: fix typo
  * build: don't overwrite LIBS
  * update ax_pthread.m4
  * Fix building on MinGW-w64

==== libmspub ====
Version update (0.1.4 -> 0.1.5)

- Version update to 0.1.5:
  * Fix several problems found by oss-fuzz.
  * Fix regression in closing shape groups that caused missing shapes on
    second and subsequent pages. (tdf#116018)
- deleted patches
  * fix-missing-include.patch (upstreamed)
  * libmspub-0.1.4-gcc15.patch (upstreamed)

==== libqxp ====
Version update (0.0.2 -> 0.0.3)

- update to 0.0.3:
  * Memory safety fixes

==== libstorage-ng ====
Version update (4.5.328 -> 4.5.329)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1

- Translated using Weblate (Danish) (bsc#1149754)
- 4.5.329

==== libvisio ====
Version update (0.1.9 -> 0.1.11)

- version update to 0.1.11
  * Memory safety fixes
  * More work on better handling of theme colors (tdf#168475)

==== libzypp ====
Version update (17.38.11 -> 17.38.13)

- A .repo files "path=" entry must not refer to a location
  outside the repo (bsc#1267874, CVE-2026-44942)
  A "path=" entry may solely denote a sub-directory of the baseurl
  where the metadata are located. A relative path trying to access
  data outside the baseurl is reported and sanitized.
- version 17.38.13 (35)
- Repo "keyhint" must denote a filename, no path (bsc#1267426,
  CVE-2026-44941)
- version 17.38.12 (35)

==== mpg123 ====
Version update (1.33.5 -> 1.33.6)
Subpackages: libmpg123-0 mpg123-openal

- Update to version 1.33.6
  * mpg123
    + Prepare for const-returning strchr().
    + Hide seq_len debugging counter in non-debug mode.
  + Fix memory leak with --network internal due to inverted NULL
    check in net123_close_internal() (handle never NULL in
    practice, though).
  * mpg123, out123: Fix strrchr() usage to be more const and
    correct under C99 as well as C23.
  * mpg123-strip: Also use largefile API properly using
    mpg123config.h, but without actual effect at least on
    Linux/x86. It is cleaner that way, though.
  * libmpg123: Remove unused loop variable in layer2 left over
    from runtime table elimination (32 bit mmx/sse code).

==== netpbm ====
Version update (11.12.0 -> 11.14.0)
Subpackages: libnetpbm11

- disable test/pnmhisteq.test
- version update to 11.14.0
  * pcxtoppm: fix determination that palette in image is all one
    color (so probably in error) based on random memory access.
    Always broken (all-one-color feature was added in July 1995).
  * pbmtext: fix crash when input text contains a character with
    code >127.  Broken in Netpbm 10.82 (March 2018).
  * pnmhisteq: fix incorrect output with -gray: color pixels
    changed, gray pixels left alone.  Broken in Netpbm 10.30
    (October 2005).
  * asciitopgm: fix crash with missing height or width argument.
    Always broken (asciitopgm was new in the 1994 Netpbm release).
  * asciitopgm: fix crash with zero divisor.
    Always broken (asciitopgm was new in the 1994 Netpbm release).
  * libnetpbm: fix crash when caller of pm_selector_mark attempts to
    mark or test mark of out-of-bounds code point.  Abort program
    with error message instead.  Broken since Netpbm 10.91 (June
    2020).
  * build: remove ancient non-prototype function declarations; C23
    doesn't have them, so compilation fails with modern compilers.
  * build: fix compile failure of libjasper with -DDEBUG .  Broken
    some time in Netpbm 10.27 (March 2005) through 10.35 (August
    2006)).
  * pnmmargin: improve error messages.
- modified patches
  * netpbm-gcc-warnings.patch (refreshed)

==== openSUSE-release ====
Version update (20260608 -> 20260609)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd

- automatically generated by openSUSE-release-tools/pkglistgen

==== openexr ====
Version update (3.4.11 -> 3.4.12)
Subpackages: libIex-3_4-33 libIex-3_4-33-x86-64-v3 libIlmThread-3_4-33 libIlmThread-3_4-33-x86-64-v3 libOpenEXR-3_4-33 libOpenEXR-3_4-33-x86-64-v3 libOpenEXRCore-3_4-33 libOpenEXRCore-3_4-33-x86-64-v3

- version update to 3.4.12
  * Fix several minor memory leaks recovering from reading invalid
    files.
  * The compressor API incorrectly identfied `HTJ2K` and `HTJ2K256` as
    lossy; they are lossles.
  * Fix CMake AVX feature detection that caused DWA SIMD code to fail on
    certain architectures.
  * The `WidenFilename` utility function is marked as deprecated, to be
    removed in a future release.
  * `exrmetrics` now print the on-disk size of the data portion of each
    part. Useful for determining compression impact on part data
  * Reject files where the dataWindows does not match the
    pixel array dimensions.
  * Support NumPy float vector attributes
  * Reading now skips over invalid parts, returns the valid parts only.
  * Doc strings have proper indentation
  * [CVE-2026-45696](https://www.cve.org/CVERecord?id=CVE-2026-45696)
  OpenEXR `ht_undo_impl` heap-buffer-overflow READ via
  codestream/channel width mismatch in HTJ2K decode
  * [CVE-2026-44663](https://www.cve.org/CVERecord?id=CVE-2026-44663)
  Integer overflow in HTJ2K decoder ( `ht_undo_impl` ) leading to
  heap-buffer-overflow
  * [OSS-Fuzz 512895184](https://issues.oss-fuzz.com/issues/512895184)
  * [OSS-Fuzz 512314697](https://issues.oss-fuzz.com/issues/512314697)
  * [OSS-Fuzz 508362159](https://issues.oss-fuzz.com/issues/508362159)
  * [OSS-Fuzz 507413960](https://issues.oss-fuzz.com/issues/507413960)

==== openjph ====
Version update (0.27.3 -> 0.27.4)

- Update to 0.27.4:
  * Add documentation for ASAN build type #274
  * Bug fix #277

==== perl-HTTP-Message ====
Version update (7.10.0 -> 7.20.0)

- updated to 7.20.0 (7.02)
  see /usr/share/doc/packages/perl-HTTP-Message/Changes
  7.02      2026-06-05 23:28:36Z
  - now handling HTTP method '0' (GH#211) (Karen Etheridge)

==== perl-WWW-RobotRules ====
Version update (6.02 -> 6.30.0)

- updated to 6.30.0 (6.03)
  see /usr/share/doc/packages/perl-WWW-RobotRules/Changes

==== perl-XML-LibXML ====
Version update (2.0212 -> 2.0213)

- updated to 2.0213
  see /usr/share/doc/packages/perl-XML-LibXML/Changes
  2.0213  2026-05-21
    [SECURITY / BUG FIXES]
  - Revert PR #143 per the libxml2 author's request. PR #143 added a
    URL-scheme filter inside LibXML_load_external_entity and removed
    the EXTERNAL_ENTITY_LOADER_FUNC == NULL guards on the five
    Schema/RelaxNG NONET swap sites, on the premise that
    no_network on one parser should override a user-installed global
    externalEntityLoader. Nick Wellnhofer clarified that this
    contradicts upstream intent: XML_PARSE_NONET only polices
    libxml2's default loader; a user who installs a global loader is
    explicitly opting out of that policy, and the http/https/ftp
    allowlist was never a real security boundary. Reverted in full;
    PR #138's lifecycle/memory-safety fixes are kept.
  - GH #168
    [BUG FIXES]
  - Fix latent SEGV in _externalEntityLoader. The XS code returned
    &PL_sv_undef as RETVAL when no previous global loader existed.
    Because xsubpp auto-mortalizes SV* RETVAL, each call mortalized
    the PL_sv_undef singleton, eventually driving its refcount
    negative and producing "Attempt to free unreferenced scalar"
    followed by SEGV under repeated invocation. Now returns
    newSV(0) so RETVAL is always a fresh refcount-1 SV safe to
    mortalize. The bug shipped in 2.0212 with PR #138's lifecycle
    fixes; this is a single-line correction to that code path.
    [MAINTENANCE]
  - Add t/49global_extent_with_no_network.t, 17 subtests locking in
    the entity-loader contract restored by the GH #168 revert: a
    user-installed global loader takes precedence over no_network
    across plain XML parse, RelaxNG, and XML Schema, while
    no_network without any loader still blocks via libxml2's
    default loader.
  - Document the entity-loader contract in CLAUDE.md
    ("Entity loaders, no_network, and XML_PARSE_NONET") plus a
    "Verifying audit-flagged security findings" checklist to keep
    pattern-matched "security fixes" like PR #143 from shipping
    again.

==== perl-XML-NamespaceSupport ====
Version update (1.12 -> 1.120.0)

- See https://github.com/openSUSE/cpanspec/issues/47 for details

==== pinentry ====

- Force -std=gnu++17 when building with GCC 16 to fix the broken
  build

==== pinentry-gui ====
Subpackages: pinentry-gnome3 pinentry-gtk2 pinentry-qt6

- Force -std=gnu++17 when building with GCC 16 to fix the broken
  build

==== python-M2Crypto ====
Version update (0.46.2 -> 0.48.0)

- Upgrade to 0.48.0:
  - doc: another move … this time to Codeberg (and communication
    to Matrix)
  - test(smime): parametrize test_write_pkcs7_der
  - test(smime): fix test_signEncryptDecryptVerify
  - fix(util): return bytes from passphrase callbacks
  - fix(SSL.Checker): add IDN Chinese name
  - test(ssl): add IDN certificate fixture coverage
  - test(ssl): cover IDN hostname matching in Checker
  - doc: update expected Name format in migration guide
  - fix(smime): S/MIME signature verification for Outlook and
    Thunderbird
  - fix(provider): handle OSSL_STORE_INFO_PUBKEY compat. for
    OpenSSL < 3.2
  - fix: cast X509_dup in sk_X509_deep_copy to avoid type
    mismatch
  - fix(smime): S/MIME signature verification for Outlook and
    Thunderbird
  - fix(smime): remove obsolete Python pre-3.6 constructs
  - ci: run on Codeberg with forgejo_runner
  - doc: clarify the status of the project
  - fix(provider): adjust the CI run on Gitea for the older
    OpenSSL on Debian
  - fix(evp): narrow digest and BIO pointers for mypy
  - fix(init): acommodate modern packaging API
  - doc: IRC channel is on Libera, Ergo was a wrong idea
  - fix(tests): remove duplicate definition of IS_DEBIAN in
    test_ssl
  - fix(test_bio_ssl): fix TLS 1.3 deadlock and add socket
    timeouts
  - fix(test_bio_ssl): replace sys.exit() with self.fail() to
    prevent test process crash
  - ci: publish to PyPI with Sigstore attestations via Trusted
    Publishing
  - fix(authcookie): handle CookieError from Python 3.13.12+
    (CVE-2026-0672)
  - ci(leap): use setup.py bdist_wheel to bypass old pip PEP 517
    wrapper
  - fix(util): replace is_32bit with struct.calcsize and update
    tests
  - ci: add FreeBSD SourceHut CI build script
  - fix(swig): avoid clang GNUC pragma block before _lib.h
  - fix(provider): don't abuse TemporaryDirectory to be mkdtemp,
    use that directly.
  - fix(provider): gate provider APIs for OpenSSL 1.1.1
  - feat(provider): add key generation and destruction methods
  - docs(provider): add comprehensive documentation to Provider
    module
  - fix(provider): better exception handling
  - doc: add a simple AGENTS.md
  - feat(engine): add availability check, lifecycle helpers, and
    safer cleanup
  - doc(engine): Improve documentation and example of using
    Engine module
- Upgrade to 0.47.0:
  - feat: added full SWIG bindings for the ASN1_UTCTIME
  - refactor(SWIG): adopt Python Buffer Protocol for
    X509_NAME_ENTRY_set_data
  - fix: allow 64-bit time_t on 32-bit systems in test_is32bit
  - feat(provider): add initial OpenSSL providers support
  - feat: stop supporting 32bit packages on Windows
  - fix: improve detection of OpenSSL on Windows
  - ci: run doctest
  - fix: _matchIPAddress is failing
  - feat: Add degenerate PKCS7 (.p7c) support
  - fix(setup): add `packaging` as a requirement
  - feat(asn1): introduce dedicated ASN1_UTCTIME class
  - feat(CRL): add content of m2crypto-0.21.1-x509_crl.patch
  - refactor(x509): CRL handling and testing
  - feat: add function to provide the equivalent of `openssl
    ciphers`.
  - fix(X509): refactor new_extension to prevent memory
    corruption
  - ci: add tests showing the use of M2Crypto for STARTTLS
    protocol
  - doc: convert documentation to MyST
  - doc: various improvements of documentation
  - revert: remove support for Engine
  - fix(engine): make the compilation of Engine conditional on
    OPENSSL_NO_ENGINE
  - fix(https): make HTTPS Connection work with Proxy
  - doc: add an example of using HTTPS with PKCS#11 Engine

==== salt ====
Subpackages: python311-salt salt-master salt-minion

- Calculate UUID grain for Xen PV guests (bsc#1255418)
- Added:
  * calculate-uuid-grain-for-xen-pv-guests-759.patch

==== sqlite3 ====
Version update (3.53.1 -> 3.53.2)
Subpackages: libsqlite3-0 libsqlite3-0-x86-64-v3 sqlite3-tcl

- Update to version 3.53.2:
  * Fixes for problems in 3.53.0 reported by users.
  * See the check-in timeline for details:
    https://sqlite.org/src/timeline?from=version-3.53.1&to=version-3.53.2

==== webkitgtk3 ====
Version update (2.52.3 -> 2.52.4)
Subpackages: WebKitGTK-4.1-lang libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles

- Update to version 2.52.4 (bsc#1267506 bsc#1267507 bsc#1267508
  bsc#1267509 bsc#1267510 bsc#1267511 bsc#1267512 bsc#1267513
  bsc#1267514 bsc#1267515 bsc#1267516 bsc#1267517 bsc#1267518
  bsc#1267519 bsc#1267520 bsc#1267521):
  + Add support for half-width fonts.
  + Improve content filter compilation by avoiding file copies.
  + Improve handling of out of disk space conditions when the
    NetworkProcess tried to write data in caches.
  + Improve how the CMake build system checks whether libatomic is
    required.
  + Fix painting scrollbars when their width changes.
  + Fix playback of certain YouTube videos with low frame rates.
  + Fix webkit://gpu not working in systems where neither
    libGL.so.1 nor libOpenGL.so.0 are available.
  + Fix the build with librice 0.4 or newer when the GStreamer
    WebRTC backend is enabled at build configuration time.
  + Fix the build with USE_GSTREAMER_WEBRTC=OFF.
  + Fix the build with USE_GBM=OFF.
  + Fix several crashes and rendering issues.
  + Security fixes: CVE-2026-28847, CVE-2026-28883, CVE-2026-28901,
    CVE-2026-28902, CVE-2026-28903, CVE-2026-28904, CVE-2026-28905,
    CVE-2026-28907, CVE-2026-28942, CVE-2026-28946, CVE-2026-28947,
    CVE-2026-28953, CVE-2026-28955, CVE-2026-28958, CVE-2026-43658,
    CVe-2026-43660.
- Drop webkit2gtk3-aarch64-build-fix.patch: fixed upstream.
- Add webkitgtk-ppc64le-build-fix.patch: fix the build when system
  malloc is enabled.

==== webkitgtk4 ====
Version update (2.52.3 -> 2.52.4)
Subpackages: WebKitGTK-6.0-lang libjavascriptcoregtk-6_0-1 libwebkitgtk-6_0-4 typelib-1_0-JavaScriptCore-6_0 typelib-1_0-WebKit-6_0 webkitgtk-6_0-injected-bundles

- Update to version 2.52.4 (bsc#1267506 bsc#1267507 bsc#1267508
  bsc#1267509 bsc#1267510 bsc#1267511 bsc#1267512 bsc#1267513
  bsc#1267514 bsc#1267515 bsc#1267516 bsc#1267517 bsc#1267518
  bsc#1267519 bsc#1267520 bsc#1267521):
  + Add support for half-width fonts.
  + Improve content filter compilation by avoiding file copies.
  + Improve handling of out of disk space conditions when the
    NetworkProcess tried to write data in caches.
  + Improve how the CMake build system checks whether libatomic is
    required.
  + Fix painting scrollbars when their width changes.
  + Fix playback of certain YouTube videos with low frame rates.
  + Fix webkit://gpu not working in systems where neither
    libGL.so.1 nor libOpenGL.so.0 are available.
  + Fix the build with librice 0.4 or newer when the GStreamer
    WebRTC backend is enabled at build configuration time.
  + Fix the build with USE_GSTREAMER_WEBRTC=OFF.
  + Fix the build with USE_GBM=OFF.
  + Fix several crashes and rendering issues.
  + Security fixes: CVE-2026-28847, CVE-2026-28883, CVE-2026-28901,
    CVE-2026-28902, CVE-2026-28903, CVE-2026-28904, CVE-2026-28905,
    CVE-2026-28907, CVE-2026-28942, CVE-2026-28946, CVE-2026-28947,
    CVE-2026-28953, CVE-2026-28955, CVE-2026-28958, CVE-2026-43658,
    CVe-2026-43660.
- Drop webkit2gtk3-aarch64-build-fix.patch: fixed upstream.
- Add webkitgtk-ppc64le-build-fix.patch: fix the build when system
  malloc is enabled.