Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version=Tumbleweed&build=20250205 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: MozillaFirefox (134.0.2 -> 135.0) findutils gstreamer (1.24.11 -> 1.24.12) gstreamer-plugins-bad (1.24.11 -> 1.24.12) gstreamer-plugins-base (1.24.11 -> 1.24.12) gstreamer-plugins-good (1.24.11 -> 1.24.12) gstreamer-plugins-libav (1.24.11 -> 1.24.12) gstreamer-plugins-ugly (1.24.11 -> 1.24.12) nautilus (47.1 -> 47.2) ncurses (6.5.20250118 -> 6.5.20250201) python-hpack (4.0.0 -> 4.1.0) rpm tigervnc util-linux webrtc-audio-processing-1 === Details === ==== MozillaFirefox ==== Version update (134.0.2 -> 135.0) Subpackages: MozillaFirefox-branding-upstream - Mozilla Firefox 135.0 https://www.mozilla.org/en-US/firefox/135.0/releasenotes MFSA 2025-07 (bsc#1236539) * CVE-2025-1009 (bmo#1936613) Use-after-free in XSLT * CVE-2025-1010 (bmo#1936982) Use-after-free in Custom Highlight * CVE-2025-1018 (bmo#1910818) Fullscreen notification is not displayed when fullscreen is re-requested * CVE-2025-1011 (bmo#1936454) A bug in WebAssembly code generation could result in a crash * CVE-2025-1012 (bmo#1939710) Use-after-free during concurrent delazification * CVE-2025-1019 (bmo#1940162) Fullscreen notification not properly displayed * CVE-2025-1013 (bmo#1932555) Potential opening of private browsing tabs in normal browsing windows * CVE-2025-1014 (bmo#1940804) Certificate length was not properly checked * CVE-2025-1016 (bmo#1936601, bmo#1936844, bmo#1937694, bmo#1938469, bmo#1939583, bmo#1940994) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 * CVE-2025-1017 (bmo#1926256, bmo#1935471, bmo#1935984) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7 * CVE-2025-1020 (bmo#1939063, bmo#1942169) Memory safety bugs fixed in Firefox 135 and Thunderbird 135 - requires rust 1.83 ==== findutils ==== - do not crash when file system loop was encountered [bsc#1231472] - added patches fix https://git.savannah.gnu.org/cgit/findutils.git/commit/?id=e5d6eb919b9 + findutils-avoid-crash-system-loop.patch - modified patches % findutils-xautofs.patch (p1) ==== gstreamer ==== Version update (1.24.11 -> 1.24.12) Subpackages: gstreamer-utils libgstreamer-1_0-0 typelib-1_0-Gst-1_0 - Update to version 1.24.12: + Highlighted bugfixes: - d3d12: Fix shaders failing to compile with newer dxc versions - decklinkvideosink: Fix handling of caps framerate in auto mode; also a decklinkaudiosink fix - devicemonitor: Fix potential crash macOS when a device is unplugged - gst-libav: Fix crash in audio encoders like avenc_ac3 if input data has insufficient alignment - gst-libav: Fix build against FFmpeg 4.2 as in Ubuntu 20.04 - gst-editing-services: Fix Python library name fetching on Windows - netclientclock: Don't store failed internal clocks in the cache, so applications can re-try later - oggdemux: Seeking and duration fixes - osxaudiosrc: Fixes for failing init/no output on recent iOS versions - qtdemux: Use mvhd transform matrix and support for flipping - rtpvp9pay: Fix profile parsing - splitmuxsrc: Fix use with decodebin3 which would occasionally fail with an assertion when seeking - tsdemux: Fix backwards PTS wraparound detection with ignore-pcr=true - video-overlay-composition: Declare the video/size/orientation tags for the meta and implement scale transformations - vtdec: Fix seeks occasionally hanging on macOS due to a race condition when draining - webrtc: Fix duplicate payload types with RTX and multiple video codecs - win32-pluginoader: Make sure not to create any windows when inspecting plugins - wpe: Various fixes for re-negotiation, latency reporting, progress messages on startup - x264enc: Add missing data to AvcDecoderConfigurationRecord in codec_data for high profile variants - cerbero: Support using ccache with cmake if enabled - Various bug fixes, build fixes, memory leak fixes, and other stability and reliability improvements + gstreamer: - device: Fix racy nullptr deref on macOS when a device is unplugged - iterator: Added error handling to filtered iterators - netclientclock: Don't ever store failed internal clocks in the cache - netclock-replay: use gst_c_args when building, fixing build failure on Solaris - pluginloader-win32: create no window - pluginloader-win32: fix use after free in find_helper_bin_location - sparsefile: ensure error is set when read_buffer() returns 0 - basetransform: fix incorrect logging inside gst_base_transform_query_caps ==== gstreamer-plugins-bad ==== Version update (1.24.11 -> 1.24.12) Subpackages: libgstadaptivedemux-1_0-0 libgstanalytics-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstinsertbin-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstmse-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0 - Update to version 1.24.12: + decklinkvideosink: - Fix handling of caps framerate in auto mode - Don't crash if started without corresponding video sink + d3d12: Fix shaders failing to compile with newer dxc versions + tsdemux: Fix backwards PTS wraparound detection with ignore-pcr=true + vtdec: - fix seeks hangs due to a race condition draining - seeks freeze the pipeline + wayland: Print table split when DMABuf format changes + webrtc: fix duplicate payload types with RTX and multiple video codecs + wpevideosrc: Clear cached SHM buffers after caps re-negotiation + wpe: - Report latency and start-up progress messages - Remove glFlush() when filling buffer + Fix build with gtk3 but not wayland + Various fixes found from adding extra warning flags ==== gstreamer-plugins-base ==== Version update (1.24.11 -> 1.24.12) Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0 - Update to version 1.24.12: + oggdemux: fixes seeking in some cases by not overwriting a valid duration with CLOCK_TIME_NONE + video-overlay-composition: Declare the video/size/orientation tags for the meta & implement scale transformation + Various fixes found from adding extra warning flags ==== gstreamer-plugins-good ==== Version update (1.24.11 -> 1.24.12) Subpackages: gstreamer-plugins-good-gtk - Update to version 1.24.12: + osxaudiosrc: Fixes for failing init/no output on recent iOS versions + qtdemux: Use mvhd transform matrix and support for flipping + qtmux: fix critical warnings on negotiation error + rtpvp9pay: fix profile parsing + splitmuxsrc: - Ensure only a single stream-start event is pushed - decodebin3 Fails with assertion in mq_slot_handle_stream_start when seeking + Various fixes found from adding extra warning flags ==== gstreamer-plugins-libav ==== Version update (1.24.11 -> 1.24.12) - Update to version 1.24.12: + avaudenc: fix crash in avenc_ac3 if input buffers are insufficiently aligned + avcodecmap: Only use new channel positions when compiling against new enough ffmpeg + gst-libav: 1.24.11: Fails to build with minimum supported ffmpeg version ==== gstreamer-plugins-ugly ==== Version update (1.24.11 -> 1.24.12) - Update to version 1.24.12: + x264enc: add missing data to AvcDecoderConfigurationRecord, and switch to GstByteWriter ==== nautilus ==== Version update (47.1 -> 47.2) Subpackages: gnome-shell-search-provider-nautilus libnautilus-extension4 - Update to version 47.2: + Enhancements: - Adopt CI release workflow - Speed up batch file deletions - Speed up simple recursive search through mount monitors + Bugfixes: - Fix thumbnails for changed files - Fix parent path URIs for remote path - Fix potential crashes in directory callbacks + Updated translations. ==== ncurses ==== Version update (6.5.20250118 -> 6.5.20250201) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20250201 + add <new> to the possible headers declaring the C++ std::bad_alloc (report by Carl Hansen). + modify check for stdbool.h to be more conservative in case the headers are used with a compiler other than that which was used to configure (Redhat #2342514). + improve MKlib_gen.sh handling of "bool" type, for building link_test + improve formatting/style of manpages (patches by Branden Robinson). - Add ncurses patch 20250125 + improve error-handling in c++ binding (report by Mingjie Shen). + strict compiler-warning fixes for upcoming gcc15 - Install missed ticw.pc - Update README.devel ==== python-hpack ==== Version update (4.0.0 -> 4.1.0) - Update to 4.1.0 * API Changes (Backward Incompatible)** - Support for Python 3.6 has been removed. - Support for Python 3.7 has been removed. - Support for Python 3.8 has been removed. - Renamed `InvalidTableIndex` exception to `InvalidTableIndexError`. * API Changes (Backward Compatible)** - Support for Python 3.9 has been added. - Support for Python 3.10 has been added. - Support for Python 3.11 has been added. - Support for Python 3.12 has been added. - Support for Python 3.13 has been added. - Optimized bytes encoding of headers. - Updated packaging and testing infrastructure. - Code cleanup and linting. - Added type hints. - Refresh healthcheck.patch - Refresh test_fixtures.tar.xz - Switch build system from setuptools to pyproject.toml * Add python-pip and python-wheel to BuildRequires * Replace %python_build with %pyproject_wheel * Replace %python_install with %pyproject_install * Update name for dist directory in %files section ==== rpm ==== Subpackages: librpmbuild10 - allow to have the primary binding signature in the unhashed area * updated rpmpgp_legacy-1.0.tar.gz to rpmpgp_legacy-1.1.tar.gz ==== tigervnc ==== Subpackages: libXvnc1 tigervnc-selinux xorg-x11-Xvnc xorg-x11-Xvnc-module - Only add selinux on %suse_version >= 1600 ==== util-linux ==== Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 - Create and own directories /etc/blkid.conf.d and /usr/etc/blkid.conf.d (boo#1235887#c3). - Add missingok for /etc/blkid.conf. ==== webrtc-audio-processing-1 ==== - Fix package name in spec file to include the -1 - Rename package to webrtc-audio-processing-1 to use the unversioned package name for webrtc-audio-processing 2.1
