Packages changed:
  SDL3
  apache2-mod_php8 (8.3.17 -> 8.3.19)
  cryptsetup
  exempi
  ffmpeg-7
  glibc
  glslang (15.1.0 -> 15.2.0)
  grub2
  gstreamer-plugins-bad
  kernel-firmware-realtek (20250224 -> 20250313)
  kmod
  libqt5-qtwebengine
  libxslt (1.1.42 -> 1.1.43)
  openblas_openmp
  openblas_pthreads
  php8 (8.3.17 -> 8.3.19)
  re2c (4.0.2 -> 4.1)
  shaderc
  spirv-tools
  systemd (257.3 -> 257.4)
  vulkan-loader (1.4.304 -> 1.4.309)
  vulkan-tools (1.4.304 -> 1.4.309)
  webkit2gtk3
  zypper (1.14.87 -> 1.14.88)

=== Details ===

==== SDL3 ====

- Trim extraneous X11 dependencies from SDL3-devel [boo#1239635]

==== apache2-mod_php8 ====
Version update (8.3.17 -> 8.3.19)

- version update to 8.3.19
    BCMath:
    Fixed bug GH-17398 (bcmul memory leak).
    Core:
    Fixed bug GH-17623 (Broken stack overflow detection for variable compilation).
    Fixed bug GH-17618 (UnhandledMatchError does not take zend.exception_ignore_args=1 into account).
    Fix fallback paths in fast_long_{add,sub}_function.
    Fixed bug GH-17718 (Calling static methods on an interface that has `__callStatic` is allowed).
    Fixed bug GH-17797 (zend_test_compile_string crash on invalid script path).
    Fixed GHSA-rwp7-7vc6-8477 (Reference counting in php_request_shutdown causes Use-After-Free). (CVE-2024-11235)
    DOM:
    Fixed bug GH-17847 (xinclude destroys live node).
    FFI:
    Fix FFI Parsing of Pointer Declaration Lists.
    FPM:
    Fixed bug GH-17643 (FPM with httpd ProxyPass encoded PATH_INFO env).
    GD:
    Fixed bug GH-17772 (imagepalettetotruecolor crash with memory_limit=2M).
    LDAP:
    Fixed bug GH-17704 (ldap_search fails when $attributes contains a non-packed array with numerical keys).
    LibXML:
    Fixed GHSA-wg4p-4hqh-c3g9 (Reocurrence of #72714).
    Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header when requesting a redirected resource). (CVE-2025-1219)
    MBString:
    Fixed bug GH-17503 (Undefined float conversion in mb_convert_variables).
    Opcache:
    Fixed bug GH-17654 (Multiple classes using same trait causes function JIT crash).
    Fixed bug GH-17577 (JIT packed type guard crash).
    Fixed bug GH-17899 (zend_test_compile_string with invalid path when opcache is enabled).
    Fixed bug GH-17868 (Cannot allocate memory with tracing JIT).
    PDO_SQLite:
    Fixed GH-17837 ()::getColumnMeta() on unexecuted statement segfaults).
    Fix cycle leak in sqlite3 setAuthorizer().
    Phar:
    Fixed bug GH-17808: PharFileInfo refcount bug.
    PHPDBG:
    Partially fixed bug GH-17387 (Trivial crash in phpdbg lexer).
    Fix memory leak in phpdbg calling registered function.
    Reflection:
    Fixed bug GH-15902 (Core dumped in ext/reflection/php_reflection.c).
    Standard:
    Fixed bug #72666 (stat cache clearing inconsistent between file:// paths and plain paths).
    Streams:
    Fixed bug GH-17650 (realloc with size 0 in user_filters.c).
    Fix memory leak on overflow in _php_stream_scandir().
    Fixed GHSA-hgf5-96fm-v528 (Stream HTTP wrapper header check might omit basic auth header). (CVE-2025-1736)
    Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location to 1024 bytes). (CVE-2025-1861)
    Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers without colon). (CVE-2025-1734)
    Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not handle folded headers). (CVE-2025-1217)
    Windows:
    Fixed phpize for Windows 11 (24H2).
    Fixed GH-17855 (CURL_STATICLIB flag set even if linked with shared lib).
    Zlib:
    Fixed bug GH-17745 (zlib extension incorrectly handles object arguments).
    Fix memory leak when encoding check fails.
    Fix zlib support for large files.

==== cryptsetup ====
Subpackages: cryptsetup-doc cryptsetup-lang libcryptsetup12

- Set pbkdf2 as the default PBKDF algorithm in LUKS2 format.
  [bsc#1236375, bsc#1236164]
  * The default PBKDF algorithm in the LUKS2 format is now Argon2id
    but its not FIPS compliant. A system would be unbootable if using
    Argon2id or Argon2i for disk encryption and then switching to
    kernel FIPS mode. This can be avoided by setting pbkdf2 as default.
  * Build using the configure option --with-luks2-pbkdf=pbkdf2.
  * Remove the dependency on libargon2 as is now provided by openssl.

==== exempi ====

- Ignore testcore test failure on s390x. It is known to fail on
  big endian architectures.

==== ffmpeg-7 ====
Subpackages: libavcodec61 libavfilter10 libavformat61 libavutil59 libpostproc58 libswresample5 libswscale8

- Add 0001-avcodec-libsvtav1-unbreak-build-with-latest-svtav1.patch
  to build with SVT-AV1 3.0.0.

==== glibc ====
Subpackages: glibc-32bit glibc-devel glibc-extra glibc-gconv-modules-extra glibc-gconv-modules-extra-32bit glibc-lang glibc-locale glibc-locale-base

- Do not build libnsl1 (bsc#1239459)

==== glslang ====
Version update (15.1.0 -> 15.2.0)

- Update to release 15.2
  * Emit error if using in/out with struct pointer
  * Emit SPV_EXT_opacity_micromap if GL extension is present
  * Support GL_NV_linear_swept_spheres, GLSL_EXT_nontemporal_keyword,
    GL_NV_cluster_acceleration_structure, GL_NV_cooperative_vector,
    GL_EXT_texture_offset_non_const, EXT_integer_dot_product
  * Check SparseTextureOffset non-const parameters
  * Revert cross-stage check for missing outputs
  * Add support for OpTypeRayQueryKHR and
    OpTypeAccelerationStructureKHR to SPVRemapper
- Make build recipe POSIX sh compatible
- Switch Leap compiler to gcc 13 following the rest of the
  Vulkan stack

==== grub2 ====
Subpackages: grub2-common grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-efi-bls grub2-x86_64-xen

- Update the patch to fix "SRK not matched" errors when unsealing
  the key (bsc#1232411)
  * 0001-tpm2-Add-extra-RSA-SRK-types.patch

==== gstreamer-plugins-bad ====
Subpackages: gstreamer-plugins-bad-lang libgstadaptivedemux-1_0-0 libgstanalytics-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstinsertbin-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstmse-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0

- Disable nvcodec/cuda on aarch64 and %arm as it fails to build

==== kernel-firmware-realtek ====
Version update (20250224 -> 20250313)

- Update to version 20250313 (git commit 1d4c88ee96ec):
  * rtw88: Add firmware v33.6.0 for RTL8814AE/RTL8814AU
  * rtw89: 8922a: update fw to v0.35.64.0
  * rtw89: 8922a: update fw to v0.35.63.0
  * rtw89: 8852c: update fw to v0.27.125.0

==== kmod ====
Subpackages: libkmod2

- tests: drop ppc64 workaround, print failed test results if any

==== libqt5-qtwebengine ====

- Add patch to fix the sandbox on 32-bit x86:
  * sandbox_recvmsg.patch

==== libxslt ====
Version update (1.1.42 -> 1.1.43)
Subpackages: libexslt0 libxslt-tools libxslt1

- Update to 1.1.43:
  * Major changes:
  - The non-standard EXSLT crypto extensions and support for dynamically
    loaded plugins are now disabled by default. These features can be
    enabled by passing --with-crypto or --with-plugins to configure.
    In a future release, these features will be removed.
  - Debug output and the debugger are disabled by default and can be
    enabled by passing --with-debug or --with-debugger.
  * Security:
  - [bsc#1239625, CVE-2025-24855] Fix use-after-free of XPath context node
  - [bsc#1239637, CVE-2024-55549] Fix UAF related to excluded namespaces
  * Bug fixes:
  - variables: Fix non-deterministic generated IDs
  * libxml2 related cleanup:
  - python: Don't use removed libxml2 macro
  - tests: Skip test_bad.xsl with libxml2 before 2.13
  - python: Don't include nanoftp.h and nanohttp.h
  - tests: Avoid namespace warning on Windows
  - numbers: Stop using libxml2 XPath axis API
  - numbers: Use private copy of xmlCopyCharMultiByte
  - documents: Use xmlCtxtParseDocument if available
  - tests: Make runtest compile with older libxml2 versions
  - utils: Account for libxml2 change
  - tests: Make bug-219.xsl compatible with older libxml2
  - extensions: always include stdlib.h (Hugo Beauzée-Luyssen)
  - extensions: Don't use libxml2's "modules" feature
  * Code cleanup:
  - numbers: Make static variables const
  - variables: Remove debug code
  * Portability:
  - python: Declare init func with PyMODINIT_FUNC
  - exslt: Use C99 NAN macro
  * Build:
  - cmake: Always build Python module as shared library
  - cmake: Fix compatibility in package version file
  - configure.ac: Find libgcrypt via pkg-config (Alessandro Astone)
  * Remove patches fixed in the update:
  - libxslt-reproducible.patch
  - libxslt-test-compile-with-older-libxml2-versions.patch

==== openblas_openmp ====

- Use upstream patch for bsc#1239134 which is more friendly to the
  non-affected power9 and power10 sub-architectures:
  Replace:
  Revert-ba47c7f4f301aad100ed166de338b86e01da8465.patch
  by:
  Restore-the-non-vectorized-code-from-before-PR4880-for-POWER8.patch

==== openblas_pthreads ====

- Use upstream patch for bsc#1239134 which is more friendly to the
  non-affected power9 and power10 sub-architectures:
  Replace:
  Revert-ba47c7f4f301aad100ed166de338b86e01da8465.patch
  by:
  Restore-the-non-vectorized-code-from-before-PR4880-for-POWER8.patch

==== php8 ====
Version update (8.3.17 -> 8.3.19)
Subpackages: php8-ctype php8-dom php8-iconv php8-openssl php8-pdo php8-sqlite php8-tokenizer php8-xmlreader php8-xmlwriter

- version update to 8.3.19
    BCMath:
    Fixed bug GH-17398 (bcmul memory leak).
    Core:
    Fixed bug GH-17623 (Broken stack overflow detection for variable compilation).
    Fixed bug GH-17618 (UnhandledMatchError does not take zend.exception_ignore_args=1 into account).
    Fix fallback paths in fast_long_{add,sub}_function.
    Fixed bug GH-17718 (Calling static methods on an interface that has `__callStatic` is allowed).
    Fixed bug GH-17797 (zend_test_compile_string crash on invalid script path).
    Fixed GHSA-rwp7-7vc6-8477 (Reference counting in php_request_shutdown causes Use-After-Free). (CVE-2024-11235)
    DOM:
    Fixed bug GH-17847 (xinclude destroys live node).
    FFI:
    Fix FFI Parsing of Pointer Declaration Lists.
    FPM:
    Fixed bug GH-17643 (FPM with httpd ProxyPass encoded PATH_INFO env).
    GD:
    Fixed bug GH-17772 (imagepalettetotruecolor crash with memory_limit=2M).
    LDAP:
    Fixed bug GH-17704 (ldap_search fails when $attributes contains a non-packed array with numerical keys).
    LibXML:
    Fixed GHSA-wg4p-4hqh-c3g9 (Reocurrence of #72714).
    Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header when requesting a redirected resource). (CVE-2025-1219)
    MBString:
    Fixed bug GH-17503 (Undefined float conversion in mb_convert_variables).
    Opcache:
    Fixed bug GH-17654 (Multiple classes using same trait causes function JIT crash).
    Fixed bug GH-17577 (JIT packed type guard crash).
    Fixed bug GH-17899 (zend_test_compile_string with invalid path when opcache is enabled).
    Fixed bug GH-17868 (Cannot allocate memory with tracing JIT).
    PDO_SQLite:
    Fixed GH-17837 ()::getColumnMeta() on unexecuted statement segfaults).
    Fix cycle leak in sqlite3 setAuthorizer().
    Phar:
    Fixed bug GH-17808: PharFileInfo refcount bug.
    PHPDBG:
    Partially fixed bug GH-17387 (Trivial crash in phpdbg lexer).
    Fix memory leak in phpdbg calling registered function.
    Reflection:
    Fixed bug GH-15902 (Core dumped in ext/reflection/php_reflection.c).
    Standard:
    Fixed bug #72666 (stat cache clearing inconsistent between file:// paths and plain paths).
    Streams:
    Fixed bug GH-17650 (realloc with size 0 in user_filters.c).
    Fix memory leak on overflow in _php_stream_scandir().
    Fixed GHSA-hgf5-96fm-v528 (Stream HTTP wrapper header check might omit basic auth header). (CVE-2025-1736)
    Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location to 1024 bytes). (CVE-2025-1861)
    Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers without colon). (CVE-2025-1734)
    Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not handle folded headers). (CVE-2025-1217)
    Windows:
    Fixed phpize for Windows 11 (24H2).
    Fixed GH-17855 (CURL_STATICLIB flag set even if linked with shared lib).
    Zlib:
    Fixed bug GH-17745 (zlib extension incorrectly handles object arguments).
    Fix memory leak when encoding check fails.
    Fix zlib support for large files.

==== re2c ====
Version update (4.0.2 -> 4.1)

- Update to version 4.1:
  * This release adds actions, a few backend-specific improvements
    in code generation and a bunch of bug fixes.
  * Benchmark code has been reworked in preparation to add
    multi-language benchmarks in the future.

==== shaderc ====

- Switch Leap build to newer gcc 13

==== spirv-tools ====

- Bump BuildRequires to match spirv-headers

==== systemd ====
Version update (257.3 -> 257.4)
Subpackages: libsystemd0 libsystemd0-32bit libudev1 systemd-32bit systemd-boot systemd-container systemd-experimental systemd-lang udev

- triggers.systemd: more posix.fork() conversion (bsc#1238566)
- Import commit f133e5974e69708d7491d4823780690c913f7bda (merge v257.4)
  For a complete list of changes, visit:
  https://github.com/openSUSE/systemd/compare/e03ffd74c4a30c1c75e05874ce18d31e503437b7...f133e5974e69708d7491d4823780690c913f7bda

==== vulkan-loader ====
Version update (1.4.304 -> 1.4.309)

- Update to tag SDK-1.4.309.0
  * Make Xrandr not implicitly required when x11 is used
  * Make emulate_VK_EXT_surface_maintenance1 comply better with
    Vulkan spec
  * Support VK_GOOGLE_surfaceless_query

==== vulkan-tools ====
Version update (1.4.304 -> 1.4.309)

- Update to tag SDK-1.4.309.0
  * vulkaninfo: Add video profiles support
  * cube: Correctly apply sRGB OETF/EOTF
  * icd: Add VkPhysicalDeviceMaintenance3Properties

==== webkit2gtk3 ====
Subpackages: WebKitGTK-4.1-lang libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles

- Add 7d784721.patch: WebGL context primitive restart can be
  toggled from WebContent process (boo#1239547 CVE-2025-24201).

==== zypper ====
Version update (1.14.87 -> 1.14.88)
Subpackages: zypper-log zypper-needs-restarting

- Do not double encode URL strings passed on the commandline
  (bsc#1237587)
  URLs passed on the commandline must have their special chars
  encoded already. We just want to check and encode forgotten
  unsafe chars like a blank. A '%' however must not be encoded
  again.
- version 1.14.88