Packages changed:
  gnutls (3.8.9 -> 3.8.10)
  ncurses (6.5.20250720 -> 6.5.20250726)
  nghttp2
  nghttp3 (1.10.1 -> 1.11.0)
  openSUSE-release (20250804 -> 20250805)
  tpm2-0-tss (4.1.0 -> 4.1.3)

=== Details ===

==== gnutls ====
Version update (3.8.9 -> 3.8.10)
Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-32bit

- Build with leancrypto. The liboqs support for post-quantum
  cryptography (PQC) has been removed and is only provided through
  leancrypto.
- Update to 3.8.10:
  * libgnutls: Fix NULL pointer dereference when 2nd Client Hello omits PSK
    Reported by Stefan Bühler. [GNUTLS-SA-2025-07-07-4, CVSS: medium]
    [bsc#1246299, CVE-2025-6395]
  * libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS timestamps
    Spotted by oss-fuzz and reported by OpenAI Security Research Team,
    and fix developed by Andrew Hamilton. [GNUTLS-SA-2025-07-07-1,
    CVSS: medium] [bsc#1246233, CVE-2025-32989]
  * libgnutls: Fix double-free upon error when exporting otherName in SAN
    Reported by OpenAI Security Research Team. [GNUTLS-SA-2025-07-07-2,
    CVSS: low] [bsc#1246232, CVE-2025-32988]
  * certtool: Fix 1-byte write buffer overrun when parsing template
    Reported by David Aitel. [GNUTLS-SA-2025-07-07-3,
    CVSS: low] [bsc#1246267, CVE-2025-32990]
  * libgnutls: PKCS#11 modules can now be used to override the default
    cryptographic backend. Use the [provider] section in the system-wide config
    to specify path and pin to the module (see system-wide config Documentation).
  * libgnutls: Linux kernel version 6.14 brings a Kernel TLS (kTLS) key update
    support. The library running on the aforementioned version now utilizes the
    kernel’s key update mechanism when kTLS is enabled, allowing uninterrupted
    TLS session. The --enable-ktls configure option as well as the system-wide
    kTLS configuration(see GnuTLS Documentation) are still required to enable
    this feature.
  * libgnutls: liboqs support for PQC has been removed
    For maintenance purposes, support for post-quantum cryptography
    (PQC) is now only provided through leancrypto. The experimental key
    exchange algorithm, X25519Kyber768Draft00, which is based on the
    round 3 candidate of Kyber and only supported through liboqs has
    also been removed altogether.
  * libgnutls: TLS certificate compression methods can now be set with
    cert-compression-alg configuration option in the gnutls priority file.
  * libgnutls: All variants of ML-DSA private key formats are supported
    While the previous implementation of ML-DSA was based on
    draft-ietf-lamps-dilithium-certificates-04, this updates it to
    draft-ietf-lamps-dilithium-certificates-12 with support for all 3
    variants of private key formats: "seed", "expandedKey", and "both".
  * libgnutls: ML-DSA signatures can now be used in TLS
    The ML-DSA signature algorithms, ML-DSA-44, ML-DSA-65, and
    ML-DSA-87, can now be used to digitally sign TLS handshake
    messages.
  * API and ABI modifications:
  - GNUTLS_PKCS_MLDSA_SEED: New enum member of gnutls_pkcs_encrypt_flags_t
  - GNUTLS_PKCS_MLDSA_EXPANDED: New enum member of gnutls_pkcs_encrypt_flags_t
- Add patch gnutls-3.8.10-disable-ktls_test.patch
- Rebased patches:
  * gnutls-FIPS-140-3-references.patch
  * gnutls-FIPS-disable-mac-sha1.patch
  * gnutls-disable-flaky-test-dtls-resume.patch
  * gnutls-skip-pqx-test.patch
- enable ktls support
- enable brotli and zstd compression support

==== ncurses ====
Version update (6.5.20250720 -> 6.5.20250726)
Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen

- Add ncurses patch 20250726
  + modify configure script cases for $host_os, to accommodate 64-bit
    big-endian POWER linux with glibc (patch by Cosima Neidahl).
  + add warning to configure script to address conflict between the
  - -enable-lp64 option and the options for overriding the types used
    for chtype and mmask_t.
- Port patch ncurses-6.4.dif

==== nghttp2 ====

- Account for the libngtcp2 devel split for openssl and gnutls.

==== nghttp3 ====
Version update (1.10.1 -> 1.11.0)

- Update to 1.11.0:
  * Revert "Tighten up :path validation"
  * Implement RFC 9412 ORIGIN frame
  * Clarify the life time of the object pointed
  * Update doc
  * Port ngtcp2 map changes
  * Treat malformed HTTP message as a connection error
  * Map seed
  * Add nghttp3_qpack_encoder_new2
  * Make nghttp3_rand accept uint8_t buffer
  * Origin changes
  * No need to zero-clear frent
  * Use compound literals instead of filling with zeros
  * Make macros static inline functions
  * Remove length from nghttp3_frame

==== openSUSE-release ====
Version update (20250804 -> 20250805)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd

- automatically generated by openSUSE-release-tools/pkglistgen

==== tpm2-0-tss ====
Version update (4.1.0 -> 4.1.3)
Subpackages: libtss2-esys0 libtss2-fapi-common libtss2-fapi1 libtss2-mu0 libtss2-rc0 libtss2-sys1 libtss2-tcti-device0 libtss2-tctildr0

- Update to 4.1.3:
  * Fix name collisions during dlopen() on some linkers
- Update to 4.1.2:
  * configure.ac: Fix test of == to = to be POSIX comliant
  * Remove use of which in favor of command -v
- Update to 4.1.1:
  * Fixed inclusion of .map and .def files in release tar balls