Packages changed: MicroOS-release (20250314 -> 20250316) SDL3 cryptsetup exempi ffmpeg-7 glibc glslang (15.1.0 -> 15.2.0) grub2 gstreamer-plugins-bad (1.24.12 -> 1.26.0) kernel-firmware-iwlwifi (20250206 -> 20250312) kernel-firmware-realtek (20250224 -> 20250313) kmod libbacktrace (1.0+git20241025 -> 1.0+git20250210) libxslt (1.1.42 -> 1.1.43) ncurses openblas_openmp patterns-base pciutils pipewire (1.4.0 -> 1.4.1) podman (5.4.0 -> 5.4.1) psmisc python-SQLAlchemy (2.0.36 -> 2.0.39) rootlesskit (2.3.2 -> 2.3.4) shaderc spirv-tools suse-module-tools (16.0.57 -> 16.0.59) systemd (257.3 -> 257.4) vulkan-loader (1.4.304 -> 1.4.309) vulkan-tools (1.4.304 -> 1.4.309) webkit2gtk3 webkit2gtk4 wpa_supplicant xfsprogs yast2 (5.0.12 -> 5.0.13) zypper (1.14.87 -> 1.14.88) === Details === ==== MicroOS-release ==== Version update (20250314 -> 20250316) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== SDL3 ==== - Trim extraneous X11 dependencies from SDL3-devel [boo#1239635] ==== cryptsetup ==== Subpackages: libcryptsetup12 - Set pbkdf2 as the default PBKDF algorithm in LUKS2 format. [bsc#1236375, bsc#1236164] * The default PBKDF algorithm in the LUKS2 format is now Argon2id but its not FIPS compliant. A system would be unbootable if using Argon2id or Argon2i for disk encryption and then switching to kernel FIPS mode. This can be avoided by setting pbkdf2 as default. * Build using the configure option --with-luks2-pbkdf=pbkdf2. * Remove the dependency on libargon2 as is now provided by openssl. ==== exempi ==== - Ignore testcore test failure on s390x. It is known to fail on big endian architectures. ==== ffmpeg-7 ==== Subpackages: libavcodec61 libavfilter10 libavformat61 libavutil59 libpostproc58 libswresample5 libswscale8 - Add 0001-avcodec-libsvtav1-unbreak-build-with-latest-svtav1.patch to build with SVT-AV1 3.0.0. ==== glibc ==== Subpackages: glibc-locale glibc-locale-base - Do not build libnsl1 (bsc#1239459) ==== glslang ==== Version update (15.1.0 -> 15.2.0) - Update to release 15.2 * Emit error if using in/out with struct pointer * Emit SPV_EXT_opacity_micromap if GL extension is present * Support GL_NV_linear_swept_spheres, GLSL_EXT_nontemporal_keyword, GL_NV_cluster_acceleration_structure, GL_NV_cooperative_vector, GL_EXT_texture_offset_non_const, EXT_integer_dot_product * Check SparseTextureOffset non-const parameters * Revert cross-stage check for missing outputs * Add support for OpTypeRayQueryKHR and OpTypeAccelerationStructureKHR to SPVRemapper - Make build recipe POSIX sh compatible - Switch Leap compiler to gcc 13 following the rest of the Vulkan stack ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-common grub2-snapper-plugin - Update the patch to fix "SRK not matched" errors when unsealing the key (bsc#1232411) * 0001-tpm2-Add-extra-RSA-SRK-types.patch ==== gstreamer-plugins-bad ==== Version update (1.24.12 -> 1.26.0) Subpackages: libgstadaptivedemux-1_0-0 libgstanalytics-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstinsertbin-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstmse-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0 - Disable nvcodec/cuda on aarch64 and %arm as it fails to build - Update to version 1.26.0: + Highlights - H.266 Versatile Video Coding (VVC) codec support - Low Complexity Enhancement Video Coding (LCEVC) support - Closed captions: H.264/H.265 extractor/inserter, cea708overlay, cea708mux, tttocea708 and more - New hlscmafsink, hlssink3, and hlsmultivariantsink; HLS/DASH client and dashsink improvements - New AWS and Speechmatics transcription, translation and TTS services elements, plus translationbin - Splitmux lazy loading and dynamic fragment addition support - Matroska: H.266 video and rotation tag support, defined latency muxing - MPEG-TS: support for H.266, JPEG XS, AV1, VP9 codecs and SMPTE ST-2038 and ID3 meta; mpegtslivesrc - ISO MP4: support for H.266, Hap, Lagarith lossless codecs; raw video support; rotation tags - SMPTE 2038 ancillary data streams support - JPEG XS image codec support - Analytics: New TensorMeta; N-to-N relationships; Mtd to carry segmentation masks - ONVIF metadata extractor and conversion to/from relation metas - New originalbuffer element that can restore buffers again after transformation steps for analytics - Improved Python bindings for analytics API - Lots of Vulkan integration and Vulkan Video decoder/encoder improvements - OpenGL integration improvements, esp. in glcolorconvert, gldownload, glupload - Qt5/Qt6 QML GL sinks now support direct DMABuf import from hardware decoders - CUDA: New compositor, Jetson NVMM memory support, stream-ordered allocator - NVCODEC AV1 video encoder element, and nvdsdewarp - New Direct3D12 integration support library - New d3d12swapchainsink and d3d12deinterlace elements and D3D12 sink/source for zero-copy IPC - Decklink HDR support (PQ + HLG) and frame scheduling enhancements - AJA capture source clock handling and signal loss recovery improvements - RTP and RTSP: New rtpbin sync modes, client-side MIKEY support in rtspsrc - New Rust rtpbin2, rtprecv, rtpsend, and many new Rust RTP payloaders and depayloaders - webrtcbin support for basic rollbacks and other improvements - webrtcsink: support for more encoders, SDP munging, and a built-in web/signalling server - webrtcsrc/sink: support for uncompressed audio/video and NTP & PTP clock signalling and synchronization - rtmp2: server authentication improvements incl. Limelight CDN (llnw) authentication - New Microsoft WebView2 based web browser source element - The GTK3 plugin has gained support for OpenGL/WGL on Windows - Many GTK4 paintable sink improvements - GstPlay: id-based stream selection and message API improvements - Real-time pipeline visualization in a browser using a new dots tracer and viewer - New tracers for tracking memory usage, pad push timings, and buffer flow as pcap files - VA hardware-acclerated H.266/VVC decoder, VP8 and JPEG encoders, VP9/VP8 alpha decodebins - Video4Linux2 elements support DMA_DRM caps negotiation now - V4L2 stateless decoders implement inter-frame resolution changes for AV1 and VP9 - Editing services: support for reverse playback and audio channel reordering - New QUIC-based elements for working with raw QUIC streams, RTP-over-QUIC (RoQ) and WebTransport - Apple AAC audio encoder and multi-channel support for the Apple audio decoders - cerbero: Python bindings and introspection support; improved Windows installer based on WiX5 - Lots of new plugins, features, performance improvements and bug fixes + VA plugin - New VA elements: * H.266 / VVC video decoder * VP8 video encoder * JPEG encoder * VP9 + VP8 alpha decodebin Remember that the availability of these elements depends on your platform and driver. - There are a lot of improvements and bug fixes, to hightlight some of them: * Improved B pyramid mode for both H264 and HEVC encoding when reference frame count exceeds 2, optimizing pyramid level handling. * Enabled ICQ and QVBR modes for several encoders, including H264, H265, VP9 and AV1. * Updated rate control features by setting the quality factor parameter, while improving bitrate change handling. * Improved VP9 encoder’s ability to avoid reopening or renegotiating encoder settings when parameters remain stable. * Added functionality to adjust the trellis parameter in ... changelog too long, skipping 14 lines ... - Use noun phrase for descriptions (not two noun phrases) ==== kernel-firmware-iwlwifi ==== Version update (20250206 -> 20250312) - Update to version 20250312 (git commit 89ba9b7ce05c): * iwlwifi: add Bz/gl FW for core94-91 release * iwlwifi: update ty/So/Ma firmwares for core94-91 release * iwlwifi: update cc/Qu/QuZ firmwares for core94-91 release ==== kernel-firmware-realtek ==== Version update (20250224 -> 20250313) - Update to version 20250313 (git commit 1d4c88ee96ec): * rtw88: Add firmware v33.6.0 for RTL8814AE/RTL8814AU * rtw89: 8922a: update fw to v0.35.64.0 * rtw89: 8922a: update fw to v0.35.63.0 * rtw89: 8852c: update fw to v0.27.125.0 ==== kmod ==== Subpackages: libkmod2 - tests: drop ppc64 workaround, print failed test results if any ==== libbacktrace ==== Version update (1.0+git20241025 -> 1.0+git20250210) - Update to version 1.0+git20250210: * libbacktrace: add cast to avoid undefined shift * libbacktrace: add casts to avoid undefined shifts * arm: libbacktrace: Check if the compiler supports __sync atomics - Update to version 1.0+git20241129: * libbacktrace: use WIN32_LEAN_AND_MEAN, not WIN32_MEAN_AND_LEAN ==== libxslt ==== Version update (1.1.42 -> 1.1.43) Subpackages: libexslt0 libxslt-tools libxslt1 - Update to 1.1.43: * Major changes: - The non-standard EXSLT crypto extensions and support for dynamically loaded plugins are now disabled by default. These features can be enabled by passing --with-crypto or --with-plugins to configure. In a future release, these features will be removed. - Debug output and the debugger are disabled by default and can be enabled by passing --with-debug or --with-debugger. * Security: - [bsc#1239625, CVE-2025-24855] Fix use-after-free of XPath context node - [bsc#1239637, CVE-2024-55549] Fix UAF related to excluded namespaces * Bug fixes: - variables: Fix non-deterministic generated IDs * libxml2 related cleanup: - python: Don't use removed libxml2 macro - tests: Skip test_bad.xsl with libxml2 before 2.13 - python: Don't include nanoftp.h and nanohttp.h - tests: Avoid namespace warning on Windows - numbers: Stop using libxml2 XPath axis API - numbers: Use private copy of xmlCopyCharMultiByte - documents: Use xmlCtxtParseDocument if available - tests: Make runtest compile with older libxml2 versions - utils: Account for libxml2 change - tests: Make bug-219.xsl compatible with older libxml2 - extensions: always include stdlib.h (Hugo Beauzée-Luyssen) - extensions: Don't use libxml2's "modules" feature * Code cleanup: - numbers: Make static variables const - variables: Remove debug code * Portability: - python: Declare init func with PyMODINIT_FUNC - exslt: Use C99 NAN macro * Build: - cmake: Always build Python module as shared library - cmake: Fix compatibility in package version file - configure.ac: Find libgcrypt via pkg-config (Alessandro Astone) * Remove patches fixed in the update: - libxslt-reproducible.patch - libxslt-test-compile-with-older-libxml2-versions.patch ==== ncurses ==== Subpackages: libncurses6 ncurses-utils terminfo-base - Add _c++ library subpackages to libncurses5, libncurses6 & libncurses6-compat This removes libstdc++ from the ncurses dependency chain unless a binary or librarly explicitly depends on libncurses++ or libncurses++w ==== openblas_openmp ==== - Use upstream patch for bsc#1239134 which is more friendly to the non-affected power9 and power10 sub-architectures: Replace: Revert-ba47c7f4f301aad100ed166de338b86e01da8465.patch by: Restore-the-non-vectorized-code-from-before-PR4880-for-POWER8.patch ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11 - Remove setserial, stty is the tool for this since a long time ==== pciutils ==== Subpackages: libpci3 - Synchronize SLE-12 and openSUSE:Factory [jsc#PED-4587]. The following patches are now obsolete in version 3.13.0: * add-decoding-of-vendor-specific-vpd-fields.patch * pciutils-3.1.7-fix-memory-leak-in-get_cache_name.patch * pciutils-3.2.0_update-dist.patch * pciutils-3.5.1-add-support-for-32-bit-pci-domains.patch * pciutils-lspci-Correct-Root-Capabilities-CRS-Software-Visibil.patch * show-gen4-speed-properly.patch ==== pipewire ==== Version update (1.4.0 -> 1.4.1) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 1.4.1: * Highlights - Handle SplitPCM wrong channels specifications. This fixes some problems with disappearing devices. - Add backwards compatibility support for when the kernel does not support UMP. Also fix UMP output. This restores MIDI support for older kernels/ALSA. - Fix a crash in audioconvert because the resampler was not using the right number of channels. - Some compilation fixes and small improvements. * PipeWire - Don't emit events when disconnecting a stream. (#3314) - Fix some compilation problems. (#4603) * Modules - Bump the ROC requirement to version 0.4.0 * SPA - Handle SplitPCM too few or too many channels. Add an error string to the device names when the UCM config has an error. - Add backwards compatibility support for when the kernel does not support UMP. - Configure the channels in the resampler correctly in all cases. (#4595) - Fix UMP output. - Use the right samplerate of the filter-graph in audioconvert in all cases. * Bluetooth - Fix a crash with an incomming call. ==== podman ==== Version update (5.4.0 -> 5.4.1) - Update to version 5.4.1: * Bugfixes - Fixed a bug where volume quotas were not being applied (#25368). - Fixed a bug where the --pid-limit=-1 option did not function properly with containers using the runc OCI runtime. - Fixed a bug where the podman artifact pull command did not respect the --retry-delay option. - Fixed a bug where Podman would leak a file and directory for every container created. - Fixed a bug where the podman wait command would sometimes error when waiting for a container set to auto-remove. - Fixed a bug where Quadlet .kube units would not report an error (and stay running) even when a pod failed to start (#20667). * API - Fixed a bug where the Compat DF endpoint did not correctly report total size of all images. * Misc - Updated Buildah to v1.39.2 - Updated the containers/common library to v0.62.1 - Updated the containers/image library to v5.34.1 - drop patch 0001-CVE-2025-27144-vendor-don-t-allow-unbounded-amounts-.patch ==== psmisc ==== - fix build with gcc15 - added patches + psmisc-gcc15.patch ==== python-SQLAlchemy ==== Version update (2.0.36 -> 2.0.39) - Update to 2.0.39 Details can be found here: https://docs.sqlalchemy.org/en/20/changelog/changelog_20.html#change-2.0.39 ==== rootlesskit ==== Version update (2.3.2 -> 2.3.4) - Update to version 2.3.4: * v2.3.4 * Revert "detach-netns: simplify unshare helper" * v2.3.3+dev * v2.3.3 * CI: release: update Ubuntu 24.04 * CI: update passt to 2025_02_17.a1e48a0 * CI: update slirp4netns to 1.3.2 * CI: update Go to 1.24 * detach-netns: simplify unshare helper * Fix detach-netns permission error on Ubuntu 25.04 * Build(deps): Bump golang.org/x/sys from 0.30.0 to 0.31.0 * Build(deps): Bump github.com/urfave/cli/v2 from 2.27.5 to 2.27.6 * CI: test Docker v28 in addition to v27 * Build(deps): Bump github.com/containernetworking/plugins * Build(deps): Bump golang.org/x/sys from 0.29.0 to 0.30.0 * Build(deps): Bump gotest.tools/v3 from 3.5.1 to 3.5.2 * v2.3.2+dev ==== shaderc ==== - Switch Leap build to newer gcc 13 ==== spirv-tools ==== - Bump BuildRequires to match spirv-headers ==== suse-module-tools ==== Version update (16.0.57 -> 16.0.59) Subpackages: suse-module-tools-scriptlets - Update to version 16.0.59: * inkmp-script: fix "bad array subscript" error (bsc#1239550) - Update to version 16.0.58: * mkosi-initrd: build initrds directly to /boot (gh#openSUSE/suse-module-tools#115) ==== systemd ==== Version update (257.3 -> 257.4) Subpackages: libsystemd0 libudev1 systemd-boot systemd-experimental udev - triggers.systemd: more posix.fork() conversion (bsc#1238566) - Import commit f133e5974e69708d7491d4823780690c913f7bda (merge v257.4) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/e03ffd74c4a30c1c75e05874ce18d31e503437b7...f133e5974e69708d7491d4823780690c913f7bda ==== vulkan-loader ==== Version update (1.4.304 -> 1.4.309) - Update to tag SDK-1.4.309.0 * Make Xrandr not implicitly required when x11 is used * Make emulate_VK_EXT_surface_maintenance1 comply better with Vulkan spec * Support VK_GOOGLE_surfaceless_query ==== vulkan-tools ==== Version update (1.4.304 -> 1.4.309) - Update to tag SDK-1.4.309.0 * vulkaninfo: Add video profiles support * cube: Correctly apply sRGB OETF/EOTF * icd: Add VkPhysicalDeviceMaintenance3Properties ==== webkit2gtk3 ==== Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 webkit2gtk-4_1-injected-bundles - Add 7d784721.patch: WebGL context primitive restart can be toggled from WebContent process (boo#1239547 CVE-2025-24201). ==== webkit2gtk4 ==== Subpackages: libjavascriptcoregtk-6_0-1 libwebkitgtk-6_0-4 webkitgtk-6_0-injected-bundles - Add 7d784721.patch: WebGL context primitive restart can be toggled from WebContent process (boo#1239547 CVE-2025-24201). ==== wpa_supplicant ==== - CVE-2025-24912: hostapd fails to process crafted RADIUS packets properly (bsc#1239461) [+ CVE-2025-24912.patch] ==== xfsprogs ==== - Modernize specfile: remove implicit %defattr, trim -n arguments ==== yast2 ==== Version update (5.0.12 -> 5.0.13) - Checking if a TPM2 device is available (has_tpm2). (jsc#PED-10703) - 5.0.13 ==== zypper ==== Version update (1.14.87 -> 1.14.88) Subpackages: zypper-needs-restarting - Do not double encode URL strings passed on the commandline (bsc#1237587) URLs passed on the commandline must have their special chars encoded already. We just want to check and encode forgotten unsafe chars like a blank. A '%' however must not be encoded again. - version 1.14.88