Packages changed:
MicroOS-release (20250314 -> 20250316)
SDL3
cryptsetup
exempi
ffmpeg-7
glibc
glslang (15.1.0 -> 15.2.0)
grub2
gstreamer-plugins-bad (1.24.12 -> 1.26.0)
kernel-firmware-iwlwifi (20250206 -> 20250312)
kernel-firmware-realtek (20250224 -> 20250313)
kmod
libbacktrace (1.0+git20241025 -> 1.0+git20250210)
libxslt (1.1.42 -> 1.1.43)
ncurses
openblas_openmp
patterns-base
pciutils
pipewire (1.4.0 -> 1.4.1)
podman (5.4.0 -> 5.4.1)
psmisc
python-SQLAlchemy (2.0.36 -> 2.0.39)
rootlesskit (2.3.2 -> 2.3.4)
shaderc
spirv-tools
suse-module-tools (16.0.57 -> 16.0.59)
systemd (257.3 -> 257.4)
vulkan-loader (1.4.304 -> 1.4.309)
vulkan-tools (1.4.304 -> 1.4.309)
webkit2gtk3
webkit2gtk4
wpa_supplicant
xfsprogs
yast2 (5.0.12 -> 5.0.13)
zypper (1.14.87 -> 1.14.88)
=== Details ===
==== MicroOS-release ====
Version update (20250314 -> 20250316)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== SDL3 ====
- Trim extraneous X11 dependencies from SDL3-devel [boo#1239635]
==== cryptsetup ====
Subpackages: libcryptsetup12
- Set pbkdf2 as the default PBKDF algorithm in LUKS2 format.
[bsc#1236375, bsc#1236164]
* The default PBKDF algorithm in the LUKS2 format is now Argon2id
but its not FIPS compliant. A system would be unbootable if using
Argon2id or Argon2i for disk encryption and then switching to
kernel FIPS mode. This can be avoided by setting pbkdf2 as default.
* Build using the configure option --with-luks2-pbkdf=pbkdf2.
* Remove the dependency on libargon2 as is now provided by openssl.
==== exempi ====
- Ignore testcore test failure on s390x. It is known to fail on
big endian architectures.
==== ffmpeg-7 ====
Subpackages: libavcodec61 libavfilter10 libavformat61 libavutil59 libpostproc58 libswresample5 libswscale8
- Add 0001-avcodec-libsvtav1-unbreak-build-with-latest-svtav1.patch
to build with SVT-AV1 3.0.0.
==== glibc ====
Subpackages: glibc-locale glibc-locale-base
- Do not build libnsl1 (bsc#1239459)
==== glslang ====
Version update (15.1.0 -> 15.2.0)
- Update to release 15.2
* Emit error if using in/out with struct pointer
* Emit SPV_EXT_opacity_micromap if GL extension is present
* Support GL_NV_linear_swept_spheres, GLSL_EXT_nontemporal_keyword,
GL_NV_cluster_acceleration_structure, GL_NV_cooperative_vector,
GL_EXT_texture_offset_non_const, EXT_integer_dot_product
* Check SparseTextureOffset non-const parameters
* Revert cross-stage check for missing outputs
* Add support for OpTypeRayQueryKHR and
OpTypeAccelerationStructureKHR to SPVRemapper
- Make build recipe POSIX sh compatible
- Switch Leap compiler to gcc 13 following the rest of the
Vulkan stack
==== grub2 ====
Subpackages: grub2-arm64-efi grub2-common grub2-snapper-plugin
- Update the patch to fix "SRK not matched" errors when unsealing
the key (bsc#1232411)
* 0001-tpm2-Add-extra-RSA-SRK-types.patch
==== gstreamer-plugins-bad ====
Version update (1.24.12 -> 1.26.0)
Subpackages: libgstadaptivedemux-1_0-0 libgstanalytics-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstinsertbin-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstmse-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0
- Disable nvcodec/cuda on aarch64 and %arm as it fails to build
- Update to version 1.26.0:
+ Highlights
- H.266 Versatile Video Coding (VVC) codec support
- Low Complexity Enhancement Video Coding (LCEVC) support
- Closed captions: H.264/H.265 extractor/inserter,
cea708overlay, cea708mux, tttocea708 and more
- New hlscmafsink, hlssink3, and hlsmultivariantsink; HLS/DASH
client and dashsink improvements
- New AWS and Speechmatics transcription, translation and TTS
services elements, plus translationbin
- Splitmux lazy loading and dynamic fragment addition support
- Matroska: H.266 video and rotation tag support, defined
latency muxing
- MPEG-TS: support for H.266, JPEG XS, AV1, VP9 codecs and
SMPTE ST-2038 and ID3 meta; mpegtslivesrc
- ISO MP4: support for H.266, Hap, Lagarith lossless codecs;
raw video support; rotation tags
- SMPTE 2038 ancillary data streams support
- JPEG XS image codec support
- Analytics: New TensorMeta; N-to-N relationships; Mtd to carry
segmentation masks
- ONVIF metadata extractor and conversion to/from relation
metas
- New originalbuffer element that can restore buffers again
after transformation steps for analytics
- Improved Python bindings for analytics API
- Lots of Vulkan integration and Vulkan Video decoder/encoder
improvements
- OpenGL integration improvements, esp. in glcolorconvert,
gldownload, glupload
- Qt5/Qt6 QML GL sinks now support direct DMABuf import from
hardware decoders
- CUDA: New compositor, Jetson NVMM memory support,
stream-ordered allocator
- NVCODEC AV1 video encoder element, and nvdsdewarp
- New Direct3D12 integration support library
- New d3d12swapchainsink and d3d12deinterlace elements and
D3D12 sink/source for zero-copy IPC
- Decklink HDR support (PQ + HLG) and frame scheduling
enhancements
- AJA capture source clock handling and signal loss recovery
improvements
- RTP and RTSP: New rtpbin sync modes, client-side MIKEY
support in rtspsrc
- New Rust rtpbin2, rtprecv, rtpsend, and many new Rust RTP
payloaders and depayloaders
- webrtcbin support for basic rollbacks and other improvements
- webrtcsink: support for more encoders, SDP munging, and a
built-in web/signalling server
- webrtcsrc/sink: support for uncompressed audio/video and NTP
& PTP clock signalling and synchronization
- rtmp2: server authentication improvements incl. Limelight
CDN (llnw) authentication
- New Microsoft WebView2 based web browser source element
- The GTK3 plugin has gained support for OpenGL/WGL on Windows
- Many GTK4 paintable sink improvements
- GstPlay: id-based stream selection and message API
improvements
- Real-time pipeline visualization in a browser using a new
dots tracer and viewer
- New tracers for tracking memory usage, pad push timings, and
buffer flow as pcap files
- VA hardware-acclerated H.266/VVC decoder, VP8 and JPEG
encoders, VP9/VP8 alpha decodebins
- Video4Linux2 elements support DMA_DRM caps negotiation now
- V4L2 stateless decoders implement inter-frame resolution
changes for AV1 and VP9
- Editing services: support for reverse playback and audio
channel reordering
- New QUIC-based elements for working with raw QUIC streams,
RTP-over-QUIC (RoQ) and WebTransport
- Apple AAC audio encoder and multi-channel support for the
Apple audio decoders
- cerbero: Python bindings and introspection support; improved
Windows installer based on WiX5
- Lots of new plugins, features, performance improvements and
bug fixes
+ VA plugin
- New VA elements:
* H.266 / VVC video decoder
* VP8 video encoder
* JPEG encoder
* VP9 + VP8 alpha decodebin
Remember that the availability of these elements depends on
your platform and driver.
- There are a lot of improvements and bug fixes, to hightlight
some of them:
* Improved B pyramid mode for both H264 and HEVC encoding
when reference frame count exceeds 2, optimizing pyramid
level handling.
* Enabled ICQ and QVBR modes for several encoders, including
H264, H265, VP9 and AV1.
* Updated rate control features by setting the quality factor
parameter, while improving bitrate change handling.
* Improved VP9 encoder’s ability to avoid reopening or
renegotiating encoder settings when parameters remain
stable.
* Added functionality to adjust the trellis parameter in
... changelog too long, skipping 14 lines ...
- Use noun phrase for descriptions (not two noun phrases)
==== kernel-firmware-iwlwifi ====
Version update (20250206 -> 20250312)
- Update to version 20250312 (git commit 89ba9b7ce05c):
* iwlwifi: add Bz/gl FW for core94-91 release
* iwlwifi: update ty/So/Ma firmwares for core94-91 release
* iwlwifi: update cc/Qu/QuZ firmwares for core94-91 release
==== kernel-firmware-realtek ====
Version update (20250224 -> 20250313)
- Update to version 20250313 (git commit 1d4c88ee96ec):
* rtw88: Add firmware v33.6.0 for RTL8814AE/RTL8814AU
* rtw89: 8922a: update fw to v0.35.64.0
* rtw89: 8922a: update fw to v0.35.63.0
* rtw89: 8852c: update fw to v0.27.125.0
==== kmod ====
Subpackages: libkmod2
- tests: drop ppc64 workaround, print failed test results if any
==== libbacktrace ====
Version update (1.0+git20241025 -> 1.0+git20250210)
- Update to version 1.0+git20250210:
* libbacktrace: add cast to avoid undefined shift
* libbacktrace: add casts to avoid undefined shifts
* arm: libbacktrace: Check if the compiler supports __sync atomics
- Update to version 1.0+git20241129:
* libbacktrace: use WIN32_LEAN_AND_MEAN, not WIN32_MEAN_AND_LEAN
==== libxslt ====
Version update (1.1.42 -> 1.1.43)
Subpackages: libexslt0 libxslt-tools libxslt1
- Update to 1.1.43:
* Major changes:
- The non-standard EXSLT crypto extensions and support for dynamically
loaded plugins are now disabled by default. These features can be
enabled by passing --with-crypto or --with-plugins to configure.
In a future release, these features will be removed.
- Debug output and the debugger are disabled by default and can be
enabled by passing --with-debug or --with-debugger.
* Security:
- [bsc#1239625, CVE-2025-24855] Fix use-after-free of XPath context node
- [bsc#1239637, CVE-2024-55549] Fix UAF related to excluded namespaces
* Bug fixes:
- variables: Fix non-deterministic generated IDs
* libxml2 related cleanup:
- python: Don't use removed libxml2 macro
- tests: Skip test_bad.xsl with libxml2 before 2.13
- python: Don't include nanoftp.h and nanohttp.h
- tests: Avoid namespace warning on Windows
- numbers: Stop using libxml2 XPath axis API
- numbers: Use private copy of xmlCopyCharMultiByte
- documents: Use xmlCtxtParseDocument if available
- tests: Make runtest compile with older libxml2 versions
- utils: Account for libxml2 change
- tests: Make bug-219.xsl compatible with older libxml2
- extensions: always include stdlib.h (Hugo Beauzée-Luyssen)
- extensions: Don't use libxml2's "modules" feature
* Code cleanup:
- numbers: Make static variables const
- variables: Remove debug code
* Portability:
- python: Declare init func with PyMODINIT_FUNC
- exslt: Use C99 NAN macro
* Build:
- cmake: Always build Python module as shared library
- cmake: Fix compatibility in package version file
- configure.ac: Find libgcrypt via pkg-config (Alessandro Astone)
* Remove patches fixed in the update:
- libxslt-reproducible.patch
- libxslt-test-compile-with-older-libxml2-versions.patch
==== ncurses ====
Subpackages: libncurses6 ncurses-utils terminfo-base
- Add _c++ library subpackages to libncurses5, libncurses6 & libncurses6-compat
This removes libstdc++ from the ncurses dependency chain unless a binary or
librarly explicitly depends on libncurses++ or libncurses++w
==== openblas_openmp ====
- Use upstream patch for bsc#1239134 which is more friendly to the
non-affected power9 and power10 sub-architectures:
Replace:
Revert-ba47c7f4f301aad100ed166de338b86e01da8465.patch
by:
Restore-the-non-vectorized-code-from-before-PR4880-for-POWER8.patch
==== patterns-base ====
Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11
- Remove setserial, stty is the tool for this since a long time
==== pciutils ====
Subpackages: libpci3
- Synchronize SLE-12 and openSUSE:Factory [jsc#PED-4587].
The following patches are now obsolete in version 3.13.0:
* add-decoding-of-vendor-specific-vpd-fields.patch
* pciutils-3.1.7-fix-memory-leak-in-get_cache_name.patch
* pciutils-3.2.0_update-dist.patch
* pciutils-3.5.1-add-support-for-32-bit-pci-domains.patch
* pciutils-lspci-Correct-Root-Capabilities-CRS-Software-Visibil.patch
* show-gen4-speed-properly.patch
==== pipewire ====
Version update (1.4.0 -> 1.4.1)
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools
- Update to version 1.4.1:
* Highlights
- Handle SplitPCM wrong channels specifications. This fixes
some problems with disappearing devices.
- Add backwards compatibility support for when the kernel does
not support UMP. Also fix UMP output. This restores MIDI
support for older kernels/ALSA.
- Fix a crash in audioconvert because the resampler was not
using the right number of channels.
- Some compilation fixes and small improvements.
* PipeWire
- Don't emit events when disconnecting a stream. (#3314)
- Fix some compilation problems. (#4603)
* Modules
- Bump the ROC requirement to version 0.4.0
* SPA
- Handle SplitPCM too few or too many channels. Add an error
string to the device names when the UCM config has an error.
- Add backwards compatibility support for when the kernel does
not support UMP.
- Configure the channels in the resampler correctly in all
cases. (#4595)
- Fix UMP output.
- Use the right samplerate of the filter-graph in audioconvert
in all cases.
* Bluetooth
- Fix a crash with an incomming call.
==== podman ====
Version update (5.4.0 -> 5.4.1)
- Update to version 5.4.1:
* Bugfixes
- Fixed a bug where volume quotas were not being applied
(#25368).
- Fixed a bug where the --pid-limit=-1 option did not function
properly with containers using the runc OCI runtime.
- Fixed a bug where the podman artifact pull command did not
respect the --retry-delay option.
- Fixed a bug where Podman would leak a file and directory for
every container created.
- Fixed a bug where the podman wait command would sometimes
error when waiting for a container set to auto-remove.
- Fixed a bug where Quadlet .kube units would not report an
error (and stay running) even when a pod failed to start
(#20667).
* API
- Fixed a bug where the Compat DF endpoint did not correctly
report total size of all images.
* Misc
- Updated Buildah to v1.39.2
- Updated the containers/common library to v0.62.1
- Updated the containers/image library to v5.34.1
- drop patch
0001-CVE-2025-27144-vendor-don-t-allow-unbounded-amounts-.patch
==== psmisc ====
- fix build with gcc15
- added patches
+ psmisc-gcc15.patch
==== python-SQLAlchemy ====
Version update (2.0.36 -> 2.0.39)
- Update to 2.0.39
Details can be found here:
https://docs.sqlalchemy.org/en/20/changelog/changelog_20.html#change-2.0.39
==== rootlesskit ====
Version update (2.3.2 -> 2.3.4)
- Update to version 2.3.4:
* v2.3.4
* Revert "detach-netns: simplify unshare helper"
* v2.3.3+dev
* v2.3.3
* CI: release: update Ubuntu 24.04
* CI: update passt to 2025_02_17.a1e48a0
* CI: update slirp4netns to 1.3.2
* CI: update Go to 1.24
* detach-netns: simplify unshare helper
* Fix detach-netns permission error on Ubuntu 25.04
* Build(deps): Bump golang.org/x/sys from 0.30.0 to 0.31.0
* Build(deps): Bump github.com/urfave/cli/v2 from 2.27.5 to 2.27.6
* CI: test Docker v28 in addition to v27
* Build(deps): Bump github.com/containernetworking/plugins
* Build(deps): Bump golang.org/x/sys from 0.29.0 to 0.30.0
* Build(deps): Bump gotest.tools/v3 from 3.5.1 to 3.5.2
* v2.3.2+dev
==== shaderc ====
- Switch Leap build to newer gcc 13
==== spirv-tools ====
- Bump BuildRequires to match spirv-headers
==== suse-module-tools ====
Version update (16.0.57 -> 16.0.59)
Subpackages: suse-module-tools-scriptlets
- Update to version 16.0.59:
* inkmp-script: fix "bad array subscript" error (bsc#1239550)
- Update to version 16.0.58:
* mkosi-initrd: build initrds directly to /boot
(gh#openSUSE/suse-module-tools#115)
==== systemd ====
Version update (257.3 -> 257.4)
Subpackages: libsystemd0 libudev1 systemd-boot systemd-experimental udev
- triggers.systemd: more posix.fork() conversion (bsc#1238566)
- Import commit f133e5974e69708d7491d4823780690c913f7bda (merge v257.4)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/e03ffd74c4a30c1c75e05874ce18d31e503437b7...f133e5974e69708d7491d4823780690c913f7bda
==== vulkan-loader ====
Version update (1.4.304 -> 1.4.309)
- Update to tag SDK-1.4.309.0
* Make Xrandr not implicitly required when x11 is used
* Make emulate_VK_EXT_surface_maintenance1 comply better with
Vulkan spec
* Support VK_GOOGLE_surfaceless_query
==== vulkan-tools ====
Version update (1.4.304 -> 1.4.309)
- Update to tag SDK-1.4.309.0
* vulkaninfo: Add video profiles support
* cube: Correctly apply sRGB OETF/EOTF
* icd: Add VkPhysicalDeviceMaintenance3Properties
==== webkit2gtk3 ====
Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 webkit2gtk-4_1-injected-bundles
- Add 7d784721.patch: WebGL context primitive restart can be
toggled from WebContent process (boo#1239547 CVE-2025-24201).
==== webkit2gtk4 ====
Subpackages: libjavascriptcoregtk-6_0-1 libwebkitgtk-6_0-4 webkitgtk-6_0-injected-bundles
- Add 7d784721.patch: WebGL context primitive restart can be
toggled from WebContent process (boo#1239547 CVE-2025-24201).
==== wpa_supplicant ====
- CVE-2025-24912: hostapd fails to process crafted RADIUS packets
properly (bsc#1239461)
[+ CVE-2025-24912.patch]
==== xfsprogs ====
- Modernize specfile: remove implicit %defattr, trim -n arguments
==== yast2 ====
Version update (5.0.12 -> 5.0.13)
- Checking if a TPM2 device is available (has_tpm2). (jsc#PED-10703)
- 5.0.13
==== zypper ====
Version update (1.14.87 -> 1.14.88)
Subpackages: zypper-needs-restarting
- Do not double encode URL strings passed on the commandline
(bsc#1237587)
URLs passed on the commandline must have their special chars
encoded already. We just want to check and encode forgotten
unsafe chars like a blank. A '%' however must not be encoded
again.
- version 1.14.88