Packages changed: SDL3 cryptsetup exempi ffmpeg-7 glibc glslang (15.1.0 -> 15.2.0) grub2 gstreamer-plugins-bad kernel-firmware-realtek (20250224 -> 20250313) kmod libxslt (1.1.42 -> 1.1.43) openblas_openmp podman (5.4.0 -> 5.4.1) shaderc spirv-tools systemd (257.3 -> 257.4) vulkan-loader (1.4.304 -> 1.4.309) vulkan-tools (1.4.304 -> 1.4.309) webkit2gtk3 webkit2gtk4 zypper (1.14.87 -> 1.14.88) === Details === ==== SDL3 ==== - Trim extraneous X11 dependencies from SDL3-devel [boo#1239635] ==== cryptsetup ==== Subpackages: libcryptsetup12 - Set pbkdf2 as the default PBKDF algorithm in LUKS2 format. [bsc#1236375, bsc#1236164] * The default PBKDF algorithm in the LUKS2 format is now Argon2id but its not FIPS compliant. A system would be unbootable if using Argon2id or Argon2i for disk encryption and then switching to kernel FIPS mode. This can be avoided by setting pbkdf2 as default. * Build using the configure option --with-luks2-pbkdf=pbkdf2. * Remove the dependency on libargon2 as is now provided by openssl. ==== exempi ==== - Ignore testcore test failure on s390x. It is known to fail on big endian architectures. ==== ffmpeg-7 ==== Subpackages: libavcodec61 libavfilter10 libavformat61 libavutil59 libpostproc58 libswresample5 libswscale8 - Add 0001-avcodec-libsvtav1-unbreak-build-with-latest-svtav1.patch to build with SVT-AV1 3.0.0. ==== glibc ==== Subpackages: glibc-locale glibc-locale-base - Do not build libnsl1 (bsc#1239459) ==== glslang ==== Version update (15.1.0 -> 15.2.0) - Update to release 15.2 * Emit error if using in/out with struct pointer * Emit SPV_EXT_opacity_micromap if GL extension is present * Support GL_NV_linear_swept_spheres, GLSL_EXT_nontemporal_keyword, GL_NV_cluster_acceleration_structure, GL_NV_cooperative_vector, GL_EXT_texture_offset_non_const, EXT_integer_dot_product * Check SparseTextureOffset non-const parameters * Revert cross-stage check for missing outputs * Add support for OpTypeRayQueryKHR and OpTypeAccelerationStructureKHR to SPVRemapper - Make build recipe POSIX sh compatible - Switch Leap compiler to gcc 13 following the rest of the Vulkan stack ==== grub2 ==== Subpackages: grub2-common grub2-i386-efi grub2-i386-efi-bls grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi grub2-x86_64-efi-bls - Update the patch to fix "SRK not matched" errors when unsealing the key (bsc#1232411) * 0001-tpm2-Add-extra-RSA-SRK-types.patch ==== gstreamer-plugins-bad ==== Subpackages: libgstadaptivedemux-1_0-0 libgstanalytics-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstinsertbin-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstmse-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0 - Disable nvcodec/cuda on aarch64 and %arm as it fails to build ==== kernel-firmware-realtek ==== Version update (20250224 -> 20250313) - Update to version 20250313 (git commit 1d4c88ee96ec): * rtw88: Add firmware v33.6.0 for RTL8814AE/RTL8814AU * rtw89: 8922a: update fw to v0.35.64.0 * rtw89: 8922a: update fw to v0.35.63.0 * rtw89: 8852c: update fw to v0.27.125.0 ==== kmod ==== Subpackages: libkmod2 - tests: drop ppc64 workaround, print failed test results if any ==== libxslt ==== Version update (1.1.42 -> 1.1.43) Subpackages: libexslt0 libxslt-tools libxslt1 - Update to 1.1.43: * Major changes: - The non-standard EXSLT crypto extensions and support for dynamically loaded plugins are now disabled by default. These features can be enabled by passing --with-crypto or --with-plugins to configure. In a future release, these features will be removed. - Debug output and the debugger are disabled by default and can be enabled by passing --with-debug or --with-debugger. * Security: - [bsc#1239625, CVE-2025-24855] Fix use-after-free of XPath context node - [bsc#1239637, CVE-2024-55549] Fix UAF related to excluded namespaces * Bug fixes: - variables: Fix non-deterministic generated IDs * libxml2 related cleanup: - python: Don't use removed libxml2 macro - tests: Skip test_bad.xsl with libxml2 before 2.13 - python: Don't include nanoftp.h and nanohttp.h - tests: Avoid namespace warning on Windows - numbers: Stop using libxml2 XPath axis API - numbers: Use private copy of xmlCopyCharMultiByte - documents: Use xmlCtxtParseDocument if available - tests: Make runtest compile with older libxml2 versions - utils: Account for libxml2 change - tests: Make bug-219.xsl compatible with older libxml2 - extensions: always include stdlib.h (Hugo Beauzée-Luyssen) - extensions: Don't use libxml2's "modules" feature * Code cleanup: - numbers: Make static variables const - variables: Remove debug code * Portability: - python: Declare init func with PyMODINIT_FUNC - exslt: Use C99 NAN macro * Build: - cmake: Always build Python module as shared library - cmake: Fix compatibility in package version file - configure.ac: Find libgcrypt via pkg-config (Alessandro Astone) * Remove patches fixed in the update: - libxslt-reproducible.patch - libxslt-test-compile-with-older-libxml2-versions.patch ==== openblas_openmp ==== - Use upstream patch for bsc#1239134 which is more friendly to the non-affected power9 and power10 sub-architectures: Replace: Revert-ba47c7f4f301aad100ed166de338b86e01da8465.patch by: Restore-the-non-vectorized-code-from-before-PR4880-for-POWER8.patch ==== podman ==== Version update (5.4.0 -> 5.4.1) - Update to version 5.4.1: * Bugfixes - Fixed a bug where volume quotas were not being applied (#25368). - Fixed a bug where the --pid-limit=-1 option did not function properly with containers using the runc OCI runtime. - Fixed a bug where the podman artifact pull command did not respect the --retry-delay option. - Fixed a bug where Podman would leak a file and directory for every container created. - Fixed a bug where the podman wait command would sometimes error when waiting for a container set to auto-remove. - Fixed a bug where Quadlet .kube units would not report an error (and stay running) even when a pod failed to start (#20667). * API - Fixed a bug where the Compat DF endpoint did not correctly report total size of all images. * Misc - Updated Buildah to v1.39.2 - Updated the containers/common library to v0.62.1 - Updated the containers/image library to v5.34.1 - drop patch 0001-CVE-2025-27144-vendor-don-t-allow-unbounded-amounts-.patch ==== shaderc ==== - Switch Leap build to newer gcc 13 ==== spirv-tools ==== - Bump BuildRequires to match spirv-headers ==== systemd ==== Version update (257.3 -> 257.4) Subpackages: libsystemd0 libudev1 systemd-boot systemd-experimental udev - triggers.systemd: more posix.fork() conversion (bsc#1238566) - Import commit f133e5974e69708d7491d4823780690c913f7bda (merge v257.4) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/e03ffd74c4a30c1c75e05874ce18d31e503437b7...f133e5974e69708d7491d4823780690c913f7bda ==== vulkan-loader ==== Version update (1.4.304 -> 1.4.309) - Update to tag SDK-1.4.309.0 * Make Xrandr not implicitly required when x11 is used * Make emulate_VK_EXT_surface_maintenance1 comply better with Vulkan spec * Support VK_GOOGLE_surfaceless_query ==== vulkan-tools ==== Version update (1.4.304 -> 1.4.309) - Update to tag SDK-1.4.309.0 * vulkaninfo: Add video profiles support * cube: Correctly apply sRGB OETF/EOTF * icd: Add VkPhysicalDeviceMaintenance3Properties ==== webkit2gtk3 ==== Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 webkit2gtk-4_1-injected-bundles - Add 7d784721.patch: WebGL context primitive restart can be toggled from WebContent process (boo#1239547 CVE-2025-24201). ==== webkit2gtk4 ==== Subpackages: libjavascriptcoregtk-6_0-1 libwebkitgtk-6_0-4 webkitgtk-6_0-injected-bundles - Add 7d784721.patch: WebGL context primitive restart can be toggled from WebContent process (boo#1239547 CVE-2025-24201). ==== zypper ==== Version update (1.14.87 -> 1.14.88) Subpackages: zypper-needs-restarting - Do not double encode URL strings passed on the commandline (bsc#1237587) URLs passed on the commandline must have their special chars encoded already. We just want to check and encode forgotten unsafe chars like a blank. A '%' however must not be encoded again. - version 1.14.88