Packages changed: SDL3 apache2-mod_php8 (8.3.17 -> 8.3.19) cryptsetup exempi ffmpeg-7 glibc glslang (15.1.0 -> 15.2.0) grub2 gstreamer-plugins-bad kernel-firmware-realtek (20250224 -> 20250313) kmod libqt5-qtwebengine libxslt (1.1.42 -> 1.1.43) openblas_openmp openblas_pthreads php8 (8.3.17 -> 8.3.19) re2c (4.0.2 -> 4.1) shaderc spirv-tools systemd (257.3 -> 257.4) vulkan-loader (1.4.304 -> 1.4.309) vulkan-tools (1.4.304 -> 1.4.309) webkit2gtk3 zypper (1.14.87 -> 1.14.88) === Details === ==== SDL3 ==== - Trim extraneous X11 dependencies from SDL3-devel [boo#1239635] ==== apache2-mod_php8 ==== Version update (8.3.17 -> 8.3.19) - version update to 8.3.19 BCMath: Fixed bug GH-17398 (bcmul memory leak). Core: Fixed bug GH-17623 (Broken stack overflow detection for variable compilation). Fixed bug GH-17618 (UnhandledMatchError does not take zend.exception_ignore_args=1 into account). Fix fallback paths in fast_long_{add,sub}_function. Fixed bug GH-17718 (Calling static methods on an interface that has `__callStatic` is allowed). Fixed bug GH-17797 (zend_test_compile_string crash on invalid script path). Fixed GHSA-rwp7-7vc6-8477 (Reference counting in php_request_shutdown causes Use-After-Free). (CVE-2024-11235) DOM: Fixed bug GH-17847 (xinclude destroys live node). FFI: Fix FFI Parsing of Pointer Declaration Lists. FPM: Fixed bug GH-17643 (FPM with httpd ProxyPass encoded PATH_INFO env). GD: Fixed bug GH-17772 (imagepalettetotruecolor crash with memory_limit=2M). LDAP: Fixed bug GH-17704 (ldap_search fails when $attributes contains a non-packed array with numerical keys). LibXML: Fixed GHSA-wg4p-4hqh-c3g9 (Reocurrence of #72714). Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header when requesting a redirected resource). (CVE-2025-1219) MBString: Fixed bug GH-17503 (Undefined float conversion in mb_convert_variables). Opcache: Fixed bug GH-17654 (Multiple classes using same trait causes function JIT crash). Fixed bug GH-17577 (JIT packed type guard crash). Fixed bug GH-17899 (zend_test_compile_string with invalid path when opcache is enabled). Fixed bug GH-17868 (Cannot allocate memory with tracing JIT). PDO_SQLite: Fixed GH-17837 ()::getColumnMeta() on unexecuted statement segfaults). Fix cycle leak in sqlite3 setAuthorizer(). Phar: Fixed bug GH-17808: PharFileInfo refcount bug. PHPDBG: Partially fixed bug GH-17387 (Trivial crash in phpdbg lexer). Fix memory leak in phpdbg calling registered function. Reflection: Fixed bug GH-15902 (Core dumped in ext/reflection/php_reflection.c). Standard: Fixed bug #72666 (stat cache clearing inconsistent between file:// paths and plain paths). Streams: Fixed bug GH-17650 (realloc with size 0 in user_filters.c). Fix memory leak on overflow in _php_stream_scandir(). Fixed GHSA-hgf5-96fm-v528 (Stream HTTP wrapper header check might omit basic auth header). (CVE-2025-1736) Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location to 1024 bytes). (CVE-2025-1861) Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers without colon). (CVE-2025-1734) Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not handle folded headers). (CVE-2025-1217) Windows: Fixed phpize for Windows 11 (24H2). Fixed GH-17855 (CURL_STATICLIB flag set even if linked with shared lib). Zlib: Fixed bug GH-17745 (zlib extension incorrectly handles object arguments). Fix memory leak when encoding check fails. Fix zlib support for large files. ==== cryptsetup ==== Subpackages: cryptsetup-doc cryptsetup-lang libcryptsetup12 - Set pbkdf2 as the default PBKDF algorithm in LUKS2 format. [bsc#1236375, bsc#1236164] * The default PBKDF algorithm in the LUKS2 format is now Argon2id but its not FIPS compliant. A system would be unbootable if using Argon2id or Argon2i for disk encryption and then switching to kernel FIPS mode. This can be avoided by setting pbkdf2 as default. * Build using the configure option --with-luks2-pbkdf=pbkdf2. * Remove the dependency on libargon2 as is now provided by openssl. ==== exempi ==== - Ignore testcore test failure on s390x. It is known to fail on big endian architectures. ==== ffmpeg-7 ==== Subpackages: libavcodec61 libavfilter10 libavformat61 libavutil59 libpostproc58 libswresample5 libswscale8 - Add 0001-avcodec-libsvtav1-unbreak-build-with-latest-svtav1.patch to build with SVT-AV1 3.0.0. ==== glibc ==== Subpackages: glibc-32bit glibc-devel glibc-extra glibc-gconv-modules-extra glibc-gconv-modules-extra-32bit glibc-lang glibc-locale glibc-locale-base - Do not build libnsl1 (bsc#1239459) ==== glslang ==== Version update (15.1.0 -> 15.2.0) - Update to release 15.2 * Emit error if using in/out with struct pointer * Emit SPV_EXT_opacity_micromap if GL extension is present * Support GL_NV_linear_swept_spheres, GLSL_EXT_nontemporal_keyword, GL_NV_cluster_acceleration_structure, GL_NV_cooperative_vector, GL_EXT_texture_offset_non_const, EXT_integer_dot_product * Check SparseTextureOffset non-const parameters * Revert cross-stage check for missing outputs * Add support for OpTypeRayQueryKHR and OpTypeAccelerationStructureKHR to SPVRemapper - Make build recipe POSIX sh compatible - Switch Leap compiler to gcc 13 following the rest of the Vulkan stack ==== grub2 ==== Subpackages: grub2-common grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-efi-bls grub2-x86_64-xen - Update the patch to fix "SRK not matched" errors when unsealing the key (bsc#1232411) * 0001-tpm2-Add-extra-RSA-SRK-types.patch ==== gstreamer-plugins-bad ==== Subpackages: gstreamer-plugins-bad-lang libgstadaptivedemux-1_0-0 libgstanalytics-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstinsertbin-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstmse-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0 - Disable nvcodec/cuda on aarch64 and %arm as it fails to build ==== kernel-firmware-realtek ==== Version update (20250224 -> 20250313) - Update to version 20250313 (git commit 1d4c88ee96ec): * rtw88: Add firmware v33.6.0 for RTL8814AE/RTL8814AU * rtw89: 8922a: update fw to v0.35.64.0 * rtw89: 8922a: update fw to v0.35.63.0 * rtw89: 8852c: update fw to v0.27.125.0 ==== kmod ==== Subpackages: libkmod2 - tests: drop ppc64 workaround, print failed test results if any ==== libqt5-qtwebengine ==== - Add patch to fix the sandbox on 32-bit x86: * sandbox_recvmsg.patch ==== libxslt ==== Version update (1.1.42 -> 1.1.43) Subpackages: libexslt0 libxslt-tools libxslt1 - Update to 1.1.43: * Major changes: - The non-standard EXSLT crypto extensions and support for dynamically loaded plugins are now disabled by default. These features can be enabled by passing --with-crypto or --with-plugins to configure. In a future release, these features will be removed. - Debug output and the debugger are disabled by default and can be enabled by passing --with-debug or --with-debugger. * Security: - [bsc#1239625, CVE-2025-24855] Fix use-after-free of XPath context node - [bsc#1239637, CVE-2024-55549] Fix UAF related to excluded namespaces * Bug fixes: - variables: Fix non-deterministic generated IDs * libxml2 related cleanup: - python: Don't use removed libxml2 macro - tests: Skip test_bad.xsl with libxml2 before 2.13 - python: Don't include nanoftp.h and nanohttp.h - tests: Avoid namespace warning on Windows - numbers: Stop using libxml2 XPath axis API - numbers: Use private copy of xmlCopyCharMultiByte - documents: Use xmlCtxtParseDocument if available - tests: Make runtest compile with older libxml2 versions - utils: Account for libxml2 change - tests: Make bug-219.xsl compatible with older libxml2 - extensions: always include stdlib.h (Hugo Beauzée-Luyssen) - extensions: Don't use libxml2's "modules" feature * Code cleanup: - numbers: Make static variables const - variables: Remove debug code * Portability: - python: Declare init func with PyMODINIT_FUNC - exslt: Use C99 NAN macro * Build: - cmake: Always build Python module as shared library - cmake: Fix compatibility in package version file - configure.ac: Find libgcrypt via pkg-config (Alessandro Astone) * Remove patches fixed in the update: - libxslt-reproducible.patch - libxslt-test-compile-with-older-libxml2-versions.patch ==== openblas_openmp ==== - Use upstream patch for bsc#1239134 which is more friendly to the non-affected power9 and power10 sub-architectures: Replace: Revert-ba47c7f4f301aad100ed166de338b86e01da8465.patch by: Restore-the-non-vectorized-code-from-before-PR4880-for-POWER8.patch ==== openblas_pthreads ==== - Use upstream patch for bsc#1239134 which is more friendly to the non-affected power9 and power10 sub-architectures: Replace: Revert-ba47c7f4f301aad100ed166de338b86e01da8465.patch by: Restore-the-non-vectorized-code-from-before-PR4880-for-POWER8.patch ==== php8 ==== Version update (8.3.17 -> 8.3.19) Subpackages: php8-ctype php8-dom php8-iconv php8-openssl php8-pdo php8-sqlite php8-tokenizer php8-xmlreader php8-xmlwriter - version update to 8.3.19 BCMath: Fixed bug GH-17398 (bcmul memory leak). Core: Fixed bug GH-17623 (Broken stack overflow detection for variable compilation). Fixed bug GH-17618 (UnhandledMatchError does not take zend.exception_ignore_args=1 into account). Fix fallback paths in fast_long_{add,sub}_function. Fixed bug GH-17718 (Calling static methods on an interface that has `__callStatic` is allowed). Fixed bug GH-17797 (zend_test_compile_string crash on invalid script path). Fixed GHSA-rwp7-7vc6-8477 (Reference counting in php_request_shutdown causes Use-After-Free). (CVE-2024-11235) DOM: Fixed bug GH-17847 (xinclude destroys live node). FFI: Fix FFI Parsing of Pointer Declaration Lists. FPM: Fixed bug GH-17643 (FPM with httpd ProxyPass encoded PATH_INFO env). GD: Fixed bug GH-17772 (imagepalettetotruecolor crash with memory_limit=2M). LDAP: Fixed bug GH-17704 (ldap_search fails when $attributes contains a non-packed array with numerical keys). LibXML: Fixed GHSA-wg4p-4hqh-c3g9 (Reocurrence of #72714). Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header when requesting a redirected resource). (CVE-2025-1219) MBString: Fixed bug GH-17503 (Undefined float conversion in mb_convert_variables). Opcache: Fixed bug GH-17654 (Multiple classes using same trait causes function JIT crash). Fixed bug GH-17577 (JIT packed type guard crash). Fixed bug GH-17899 (zend_test_compile_string with invalid path when opcache is enabled). Fixed bug GH-17868 (Cannot allocate memory with tracing JIT). PDO_SQLite: Fixed GH-17837 ()::getColumnMeta() on unexecuted statement segfaults). Fix cycle leak in sqlite3 setAuthorizer(). Phar: Fixed bug GH-17808: PharFileInfo refcount bug. PHPDBG: Partially fixed bug GH-17387 (Trivial crash in phpdbg lexer). Fix memory leak in phpdbg calling registered function. Reflection: Fixed bug GH-15902 (Core dumped in ext/reflection/php_reflection.c). Standard: Fixed bug #72666 (stat cache clearing inconsistent between file:// paths and plain paths). Streams: Fixed bug GH-17650 (realloc with size 0 in user_filters.c). Fix memory leak on overflow in _php_stream_scandir(). Fixed GHSA-hgf5-96fm-v528 (Stream HTTP wrapper header check might omit basic auth header). (CVE-2025-1736) Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location to 1024 bytes). (CVE-2025-1861) Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers without colon). (CVE-2025-1734) Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not handle folded headers). (CVE-2025-1217) Windows: Fixed phpize for Windows 11 (24H2). Fixed GH-17855 (CURL_STATICLIB flag set even if linked with shared lib). Zlib: Fixed bug GH-17745 (zlib extension incorrectly handles object arguments). Fix memory leak when encoding check fails. Fix zlib support for large files. ==== re2c ==== Version update (4.0.2 -> 4.1) - Update to version 4.1: * This release adds actions, a few backend-specific improvements in code generation and a bunch of bug fixes. * Benchmark code has been reworked in preparation to add multi-language benchmarks in the future. ==== shaderc ==== - Switch Leap build to newer gcc 13 ==== spirv-tools ==== - Bump BuildRequires to match spirv-headers ==== systemd ==== Version update (257.3 -> 257.4) Subpackages: libsystemd0 libsystemd0-32bit libudev1 systemd-32bit systemd-boot systemd-container systemd-experimental systemd-lang udev - triggers.systemd: more posix.fork() conversion (bsc#1238566) - Import commit f133e5974e69708d7491d4823780690c913f7bda (merge v257.4) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/e03ffd74c4a30c1c75e05874ce18d31e503437b7...f133e5974e69708d7491d4823780690c913f7bda ==== vulkan-loader ==== Version update (1.4.304 -> 1.4.309) - Update to tag SDK-1.4.309.0 * Make Xrandr not implicitly required when x11 is used * Make emulate_VK_EXT_surface_maintenance1 comply better with Vulkan spec * Support VK_GOOGLE_surfaceless_query ==== vulkan-tools ==== Version update (1.4.304 -> 1.4.309) - Update to tag SDK-1.4.309.0 * vulkaninfo: Add video profiles support * cube: Correctly apply sRGB OETF/EOTF * icd: Add VkPhysicalDeviceMaintenance3Properties ==== webkit2gtk3 ==== Subpackages: WebKitGTK-4.1-lang libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Add 7d784721.patch: WebGL context primitive restart can be toggled from WebContent process (boo#1239547 CVE-2025-24201). ==== zypper ==== Version update (1.14.87 -> 1.14.88) Subpackages: zypper-log zypper-needs-restarting - Do not double encode URL strings passed on the commandline (bsc#1237587) URLs passed on the commandline must have their special chars encoded already. We just want to check and encode forgotten unsafe chars like a blank. A '%' however must not be encoded again. - version 1.14.88