Packages changed:
SDL3
cryptsetup
exempi
ffmpeg-7
glibc
glslang (15.1.0 -> 15.2.0)
grub2
gstreamer-plugins-bad
kernel-firmware-realtek (20250224 -> 20250313)
kmod
libxslt (1.1.42 -> 1.1.43)
openblas_openmp
podman (5.4.0 -> 5.4.1)
shaderc
spirv-tools
systemd (257.3 -> 257.4)
vulkan-loader (1.4.304 -> 1.4.309)
vulkan-tools (1.4.304 -> 1.4.309)
webkit2gtk3
webkit2gtk4
zypper (1.14.87 -> 1.14.88)
=== Details ===
==== SDL3 ====
- Trim extraneous X11 dependencies from SDL3-devel [boo#1239635]
==== cryptsetup ====
Subpackages: libcryptsetup12
- Set pbkdf2 as the default PBKDF algorithm in LUKS2 format.
[bsc#1236375, bsc#1236164]
* The default PBKDF algorithm in the LUKS2 format is now Argon2id
but its not FIPS compliant. A system would be unbootable if using
Argon2id or Argon2i for disk encryption and then switching to
kernel FIPS mode. This can be avoided by setting pbkdf2 as default.
* Build using the configure option --with-luks2-pbkdf=pbkdf2.
* Remove the dependency on libargon2 as is now provided by openssl.
==== exempi ====
- Ignore testcore test failure on s390x. It is known to fail on
big endian architectures.
==== ffmpeg-7 ====
Subpackages: libavcodec61 libavfilter10 libavformat61 libavutil59 libpostproc58 libswresample5 libswscale8
- Add 0001-avcodec-libsvtav1-unbreak-build-with-latest-svtav1.patch
to build with SVT-AV1 3.0.0.
==== glibc ====
Subpackages: glibc-locale glibc-locale-base
- Do not build libnsl1 (bsc#1239459)
==== glslang ====
Version update (15.1.0 -> 15.2.0)
- Update to release 15.2
* Emit error if using in/out with struct pointer
* Emit SPV_EXT_opacity_micromap if GL extension is present
* Support GL_NV_linear_swept_spheres, GLSL_EXT_nontemporal_keyword,
GL_NV_cluster_acceleration_structure, GL_NV_cooperative_vector,
GL_EXT_texture_offset_non_const, EXT_integer_dot_product
* Check SparseTextureOffset non-const parameters
* Revert cross-stage check for missing outputs
* Add support for OpTypeRayQueryKHR and
OpTypeAccelerationStructureKHR to SPVRemapper
- Make build recipe POSIX sh compatible
- Switch Leap compiler to gcc 13 following the rest of the
Vulkan stack
==== grub2 ====
Subpackages: grub2-common grub2-i386-efi grub2-i386-efi-bls grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi grub2-x86_64-efi-bls
- Update the patch to fix "SRK not matched" errors when unsealing
the key (bsc#1232411)
* 0001-tpm2-Add-extra-RSA-SRK-types.patch
==== gstreamer-plugins-bad ====
Subpackages: libgstadaptivedemux-1_0-0 libgstanalytics-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstinsertbin-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstmse-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0
- Disable nvcodec/cuda on aarch64 and %arm as it fails to build
==== kernel-firmware-realtek ====
Version update (20250224 -> 20250313)
- Update to version 20250313 (git commit 1d4c88ee96ec):
* rtw88: Add firmware v33.6.0 for RTL8814AE/RTL8814AU
* rtw89: 8922a: update fw to v0.35.64.0
* rtw89: 8922a: update fw to v0.35.63.0
* rtw89: 8852c: update fw to v0.27.125.0
==== kmod ====
Subpackages: libkmod2
- tests: drop ppc64 workaround, print failed test results if any
==== libxslt ====
Version update (1.1.42 -> 1.1.43)
Subpackages: libexslt0 libxslt-tools libxslt1
- Update to 1.1.43:
* Major changes:
- The non-standard EXSLT crypto extensions and support for dynamically
loaded plugins are now disabled by default. These features can be
enabled by passing --with-crypto or --with-plugins to configure.
In a future release, these features will be removed.
- Debug output and the debugger are disabled by default and can be
enabled by passing --with-debug or --with-debugger.
* Security:
- [bsc#1239625, CVE-2025-24855] Fix use-after-free of XPath context node
- [bsc#1239637, CVE-2024-55549] Fix UAF related to excluded namespaces
* Bug fixes:
- variables: Fix non-deterministic generated IDs
* libxml2 related cleanup:
- python: Don't use removed libxml2 macro
- tests: Skip test_bad.xsl with libxml2 before 2.13
- python: Don't include nanoftp.h and nanohttp.h
- tests: Avoid namespace warning on Windows
- numbers: Stop using libxml2 XPath axis API
- numbers: Use private copy of xmlCopyCharMultiByte
- documents: Use xmlCtxtParseDocument if available
- tests: Make runtest compile with older libxml2 versions
- utils: Account for libxml2 change
- tests: Make bug-219.xsl compatible with older libxml2
- extensions: always include stdlib.h (Hugo Beauzée-Luyssen)
- extensions: Don't use libxml2's "modules" feature
* Code cleanup:
- numbers: Make static variables const
- variables: Remove debug code
* Portability:
- python: Declare init func with PyMODINIT_FUNC
- exslt: Use C99 NAN macro
* Build:
- cmake: Always build Python module as shared library
- cmake: Fix compatibility in package version file
- configure.ac: Find libgcrypt via pkg-config (Alessandro Astone)
* Remove patches fixed in the update:
- libxslt-reproducible.patch
- libxslt-test-compile-with-older-libxml2-versions.patch
==== openblas_openmp ====
- Use upstream patch for bsc#1239134 which is more friendly to the
non-affected power9 and power10 sub-architectures:
Replace:
Revert-ba47c7f4f301aad100ed166de338b86e01da8465.patch
by:
Restore-the-non-vectorized-code-from-before-PR4880-for-POWER8.patch
==== podman ====
Version update (5.4.0 -> 5.4.1)
- Update to version 5.4.1:
* Bugfixes
- Fixed a bug where volume quotas were not being applied
(#25368).
- Fixed a bug where the --pid-limit=-1 option did not function
properly with containers using the runc OCI runtime.
- Fixed a bug where the podman artifact pull command did not
respect the --retry-delay option.
- Fixed a bug where Podman would leak a file and directory for
every container created.
- Fixed a bug where the podman wait command would sometimes
error when waiting for a container set to auto-remove.
- Fixed a bug where Quadlet .kube units would not report an
error (and stay running) even when a pod failed to start
(#20667).
* API
- Fixed a bug where the Compat DF endpoint did not correctly
report total size of all images.
* Misc
- Updated Buildah to v1.39.2
- Updated the containers/common library to v0.62.1
- Updated the containers/image library to v5.34.1
- drop patch
0001-CVE-2025-27144-vendor-don-t-allow-unbounded-amounts-.patch
==== shaderc ====
- Switch Leap build to newer gcc 13
==== spirv-tools ====
- Bump BuildRequires to match spirv-headers
==== systemd ====
Version update (257.3 -> 257.4)
Subpackages: libsystemd0 libudev1 systemd-boot systemd-experimental udev
- triggers.systemd: more posix.fork() conversion (bsc#1238566)
- Import commit f133e5974e69708d7491d4823780690c913f7bda (merge v257.4)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/e03ffd74c4a30c1c75e05874ce18d31e503437b7...f133e5974e69708d7491d4823780690c913f7bda
==== vulkan-loader ====
Version update (1.4.304 -> 1.4.309)
- Update to tag SDK-1.4.309.0
* Make Xrandr not implicitly required when x11 is used
* Make emulate_VK_EXT_surface_maintenance1 comply better with
Vulkan spec
* Support VK_GOOGLE_surfaceless_query
==== vulkan-tools ====
Version update (1.4.304 -> 1.4.309)
- Update to tag SDK-1.4.309.0
* vulkaninfo: Add video profiles support
* cube: Correctly apply sRGB OETF/EOTF
* icd: Add VkPhysicalDeviceMaintenance3Properties
==== webkit2gtk3 ====
Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 webkit2gtk-4_1-injected-bundles
- Add 7d784721.patch: WebGL context primitive restart can be
toggled from WebContent process (boo#1239547 CVE-2025-24201).
==== webkit2gtk4 ====
Subpackages: libjavascriptcoregtk-6_0-1 libwebkitgtk-6_0-4 webkitgtk-6_0-injected-bundles
- Add 7d784721.patch: WebGL context primitive restart can be
toggled from WebContent process (boo#1239547 CVE-2025-24201).
==== zypper ====
Version update (1.14.87 -> 1.14.88)
Subpackages: zypper-needs-restarting
- Do not double encode URL strings passed on the commandline
(bsc#1237587)
URLs passed on the commandline must have their special chars
encoded already. We just want to check and encode forgotten
unsafe chars like a blank. A '%' however must not be encoded
again.
- version 1.14.88