Packages changed:
  cryptsetup (2.8.3 -> 2.8.4)
  expat (2.7.3 -> 2.7.4)
  krb5
  multipath-tools (0.14.1+208+suse.d08f5475 -> 0.14.2+211+suse.66f8a5ec)
  qemu

=== Details ===

==== cryptsetup ====
Version update (2.8.3 -> 2.8.4)
Subpackages: libcryptsetup12

- Update to 2.8.4:
  * Fix integritysetup resize (grow) of the device if integrity bitmap
    mode is used. Increasing the integrity device in bitmap mode did
    not work as integritysetup incorrectly used journal settings that
    were not applicable.
  * Fix device size status reports in cryptsetup and integritysetup.
    If the device uses a sector size larger than 512 bytes, the newly
    reported byte sizes (introduced in 2.8.0) in the status report
    were incorrectly displayed.
  * BITLK: Fix unlocking BitLocker device with recovery passphrase.
    If the recovery passphrase was present in the first keyslot, the
    device failed to unlock. This bug was introduced in 2.8.2 with
    Clear Key support.

==== expat ====
Version update (2.7.3 -> 2.7.4)

- version update to 2.7.4
  * CVE-2026-24515 -- Function XML_ExternalEntityParserCreate
    failed to copy the encoding handler data passed to
    XML_SetUnknownEncodingHandler from the parent to the new
    subparser. This can cause a NULL dereference (CWE-476) from
    external entities that declare use of an unknown encoding.
    The expected impact is denial of service. It takes use of
    both functions XML_ExternalEntityParserCreate and
    XML_SetUnknownEncodingHandler for an application to be
    vulnerable.
  * CVE-2026-25210 -- Add missing check for integer overflow
    related to buffer size determination in function doContent
  * lib: Fix missing undoing of group size expansion in doProlog
    failure cases
  * xmlwf: Fix a memory leak
  * WASI: Fix format specifiers for 32bit WASI SDK
- fixes [bsc#1257144] and [bsc#1257496]

==== krb5 ====

- Immutable mode support, create /var/log/krb5 dir via
  systemd.tmpfiles; (PED-14767).
- Add krb5-log.tmpfiles

==== multipath-tools ====
Version update (0.14.1+208+suse.d08f5475 -> 0.14.2+211+suse.66f8a5ec)
Subpackages: kpartx libmpath0

- Update to version 0.14.2+211+suse.66f8a5ec:
  * multipathd: fix possible null deference in purge_disconnected code
  (bsc#1257590)
  * CI enhancements

==== qemu ====

- Fix bsc#1257314, bsc#1256980, bsc#1256484 (CVE-2026-0665) and
  some issues with userspace emulation:
  * tests: add tcg coverage for fixed mremap bugs
  * linux-user: fix reserved_va page leak in do_munmap
  * linux-user: fix mremap errors for invalid ranges
  * linux-user: fix mremap unmapping adjacent region
  * linux-user/elfload.c: Correction to HWCAP2 accessor
  * linux-user: allow null `pathname` for statx()/fstatat()
  * [openSUSE] roms/efi: Fix build error with glibc 2.43 (bsc#1257314)
  * roms/edk2: fix building with GCC 16 (bsc#1256980)
  * hw/i386/kvm: fix PIRQ bounds check in xen_physdev_map_pirq() (bsc#1256484, CVE-2026-0665)
  * [openSUSE][RPM]: add enable-sdl and enable-sdl-image flags