While running zypper to update Tumbleweed, it reported a problem that the new gstreamer-plugins-bad package obsoletes gstreamer-plugin-openh264. I have not seen this particular issue before and am curious as to whether the openh264 package is due to be updated to perhaps bring it up to the version number of the others? I aborted the upgrade, as I’m unsure what to do.
Thanks in advance, for any assistance/ideas.
Problem: 1: the to be installed gstreamer-plugins-bad-1.26.3-1.1.x86_64 obsoletes 'gstreamer-plugin-openh264 < 1.26.0' provided by the installed gstreamer-plugin-openh264-1.24.12-1.suse1699.2.x86_64
Solution 1: install gstreamer-plugins-bad-1.26.3-1.1.x86_64 from vendor openSUSE
replacing gstreamer-plugin-openh264-1.24.12-1.suse1699.2.x86_64 from vendor obs://build.opensuse.org/openSUSE:Factory
Solution 2: keep obsolete gstreamer-plugins-bad-1.26.2-2.1.x86_64
:~> zypper se -is gstreamer
Loading repository data...
Reading installed packages...
S | Name | Type | Version | Arch | Repository
---+------------------------------+---------+----------------------+--------+---------------------------------------
i | gstreamer | package | 1.26.2-1.1 | x86_64 | (System Packages)
i | gstreamer-libnice | package | 0.1.22-2.3 | x86_64 | Main Repository (OSS)
i | gstreamer-plugin-cluttergst3 | package | 3.0.27-2.8 | x86_64 | Main Repository (OSS)
i | gstreamer-plugin-openh264 | package | 1.24.12-1.suse1699.2 | x86_64 | Open H.264 Codec (openSUSE Tumbleweed)
i | gstreamer-plugins-bad | package | 1.26.2-2.1 | x86_64 | (System Packages)
i | gstreamer-plugins-base | package | 1.26.2-1.1 | x86_64 | (System Packages)
i | gstreamer-plugins-good | package | 1.26.2-1.2 | x86_64 | (System Packages)
i | gstreamer-plugins-good-gtk | package | 1.26.2-1.2 | x86_64 | (System Packages)
i | libgstreamer-1_0-0 | package | 1.26.2-1.1 | x86_64 | (System Packages)
i | PackageKit-gstreamer-plugin | package | 1.2.8-6.4 | x86_64 | Main Repository (OSS)
i | vlc-codec-gstreamer | package | 3.0.21-7.2 | x86_64 | Main Repository (OSS)
2 Problems:
Problem: 1: problem with the installed libfaad2-2.11.2-1699.2.pm.11.x86_64
Problem: 2: the to be installed gstreamer-plugins-bad-1.26.3-1.1.x86_64 obsoletes 'gstreamer-plugin-openh264 < 1.26.0' provided by the installed gstreamer-plugin-openh264-1.24.12-1.suse1699.2.x86_64
Problem: 1: problem with the installed libfaad2-2.11.2-1699.2.pm.11.x86_64
Solution 1: install libfaad2-2.11.2-2.1.x86_64 from vendor openSUSE
replacing libfaad2-2.11.2-1699.2.pm.11.x86_64 from vendor http://packman.links2linux.de
Solution 2: keep obsolete libfaad2-2.11.2-1699.2.pm.11.x86_64
Choose from above solutions by number or skip, retry or cancel [1/2/s/r/c/d/?] (c): 2
Problem: 2: the to be installed gstreamer-plugins-bad-1.26.3-1.1.x86_64 obsoletes 'gstreamer-plugin-openh264 < 1.26.0' provided by the installed gstreamer-plugin-openh264-1.24.12-1.suse1699.2.x86_64
Solution 1: install gstreamer-plugins-bad-1.26.3-1.1.x86_64 from vendor openSUSE
replacing gstreamer-plugin-openh264-1.24.12-1.suse1699.2.x86_64 from vendor obs://build.opensuse.org/openSUSE:Factory
Solution 2: keep obsolete gstreamer-plugins-bad-1.26.2-1.1.x86_64
Choose from above solutions by number or skip, retry or cancel [1/2/s/r/c/d/?] (c): 2
Resolving dependencies...
Computing distribution upgrade...
Problem: 1: the to be installed gstreamer-plugins-bad-lang-1.26.3-1.1.noarch requires 'gstreamer-plugins-bad = 1.26.3', but this requirement cannot be provided
not installable providers: gstreamer-plugins-bad-1.26.3-1.1.x86_64[openSUSE:repo-oss]
Solution 1: deinstallation of gstreamer-plugins-bad-lang-1.26.2-1.1.noarch
Solution 2: keep obsolete gstreamer-plugins-bad-lang-1.26.2-1.1.noarch
Solution 3: remove lock to allow removal of gstreamer-plugins-bad-1.26.2-1.1.x86_64
Solution 4: break gstreamer-plugins-bad-lang-1.26.3-1.1.noarch by ignoring some of its dependencies
In looking at the other thread and the link to the build system, I’ve decided to wait until the new gstreamer-plugins-bad package is available, before updating.
Reading installed packages...
Warning: You are about to do a distribution upgrade with all enabled repositories. Make sure these repositories are compatible before you continue. See 'man zypper' for more information about this command.
Computing distribution upgrade...
Problem: 1: the to be installed gstreamer-plugin-openh264-1.22.2-1.suse1699.1.x86_64 requires 'gstreamer-plugins-bad >= 1.22.2', but this requirement cannot be provided
deleted providers: gstreamer-plugins-bad-1.26.2-1.1.x86_64
not installable providers: gstreamer-plugins-bad-1.26.3-1.1.x86_64[download.opensuse.org-oss]
gstreamer-plugins-bad-1.26.3-1.1.x86_64[openSUSE-20250522-0]
Solution 1: install gstreamer-plugins-bad-1.26.3-1.1.x86_64 from vendor openSUSE
replacing gstreamer-plugin-openh264-1.24.12-1.suse1699.2.x86_64 from vendor obs://build.opensuse.org/openSUSE:Factory
Solution 2: keep obsolete gstreamer-plugins-bad-1.26.2-1.1.x86_64
Solution 3: break gstreamer-plugin-openh264-1.22.2-1.suse1699.1.x86_64 by ignoring some of its dependencies
Choose from above solutions by number or cancel [1/2/3/c/d/?] (c): c
I see there is a new gsstreamer-plugins-bad package: gstreamer-plugins-bad-1.26.3-2.1.x86_64 showing in zypper.
Is this the new package or is there another package forthcoming? This new package is also displaying the same issue as above, obsoleting the openh264 plugin package.
Problem: 1: the to be installed gstreamer-plugins-bad-1.26.3-2.1.x86_64 obsoletes 'gstreamer-plugin-openh264 < 1.26.0' provided by the installed gstreamer-plugin-openh264-1.24.12-1.suse1699.2.x86_64
Solution 1: install gstreamer-plugins-bad-1.26.3-2.1.x86_64 from vendor openSUSE
replacing gstreamer-plugin-openh264-1.24.12-1.suse1699.2.x86_64 from vendor obs://build.opensuse.org/openSUSE:Factory
Solution 2: keep obsolete gstreamer-plugins-bad-1.26.2-2.1.x86_64
The info on the Build Service link references obsoleting gstreamer-plugin-openh264 lower than 1.26.0 and gstreamer-1.20-plugin-openh264 lower than 1.22.0.
zypper is showing the current gstreamer-1.20-plugin-openh264 (not currently installed) package as version 1.20.3.
As I understand it, the current update obsoletes the old openh264 (which is no more compatible with the current gstreamer) but we should expect a new openh264 which is still in the making according to request 1291173.
Then we should expect the new openh264 to be published by Cisco…
Instead of holding off upgrading of your complete system, simply apply a lock for a single package. In this way you can upgrade and have a secure system.
I locked gstreamer-plugin-openh264 and it looks like the issue went in reverse:
Problem: 1: the installed gstreamer-plugin-openh264-1.24.12-1.suse1699.2.x86_64 requires 'gstreamer-plugins-bad >= 1.24.0', but this requirement cannot be provided
deleted providers: gstreamer-plugins-bad-1.26.2-2.1.x86_64
not installable providers: gstreamer-plugins-bad-1.26.3-2.1.x86_64[download.opensuse.org-oss]
Solution 1: keep obsolete gstreamer-plugins-bad-1.26.2-2.1.x86_64
Solution 2: remove lock to allow removal of gstreamer-plugin-openh264-1.24.12-1.suse1699.2.x86_64
Solution 3: break gstreamer-plugin-openh264-1.24.12-1.suse1699.2.x86_64 by ignoring some of its dependencies
I selected ‘cancel’ after seeing this. I unlocked gstreamer-plugin-openh264.
Then, I locked gstreamer-plugins-bad, ran zypper and it reported no conflicts.
So I assume gstreamer-plugins-bad is the correct package to (temporarily) lock.
I’ve always wanted to know what you mean by saying “secure” system. Forgive my ignorance, but Is there a way to determine how secure my system is: antivirus/antimalware scan, firewall leak test? Any logs to check whether anyone broken in and stole my files? Or is this based on faith that with every zypper dup my system is secure for some time.
To me this “upgrade or you’ll have an insecure system” narrative seems like a fearmongering. If someone is really determined and skilled to break into your system it will find a way no matter how secure it is. And there seems to be no reason to infect a system just to break it because the developers will eventually do that.
Keeping your system up to date is no fearmongering but basic computer knowledge.
Not updating your system leaves you with easy to exploit security issues like the recent sudo CVE which made it easy to gain root access. Or critical CVEs in browsers which are easy to exploit and which are reported to be used in the wild regularly. Or critical kernel issues…etc pp…(check bugzilla yourself for more).
It is not hard to do a basic recherche and see how an unpatched system risks your and other users security (because your unpatched system was incorporated into a bot net or whatever).
Can not confirm. But yes, rolling release distributions are not made for everyone. They might be a little bit more challenging for new users as they sometimes require some linux troubleshooting skills and knowledge. If you require more stability, you should switch to immutable solutions like Aeon, Kalpa, MicroOS, Leap Micro or fixed releases like Leap.
Is keeping the obsolete version dangerous to have, now, then? I updated it before and I couldn’t play my steam games anymore and I rolled my system back to fix it.
@Wtrfull as root user run fwupdmgr security for hardware…
You as the admin will have to be the one to decide, if you follow the link to a new snapshot release as well as follow the Mailing List, all your call.
Yes, I’m aware, it’s CVE-2025-32463. It’s delivery method mentioned as local execution by authenticated users. I’m a single user on a desktop PC, nobody can access my PC locally. What I mean is that you have to have enemies or carry some valuable information to target your PC specifically.
Well, to be honest, this kind of answer I would expect to be generated by ChatGPT, not an actual person. These things I’ve been hearing since Windows XP.
Still I don’t see an answer to my question on how to check if my system is secure, and not a part of botnet or whatever, nobody is stealing my automobile wallpaper collection, any back doors that are put in the system by the developers to collect user bank account info, keyloggers, etc?
Tell me what would you do: Use slightly outdated, unpatched system which does what you need, everything works? Or unusable system where there is graphical glitches, programs close randomly, there is no sound, but security is top notch? In other words if nothing works there is no reason to hack such a system.
Again, I am aware that by installing Tumbleweed I’m becoming a free beta tester, who gets to use it free of charge but is expected to provide bug reports. There is nothing I can do in this particular case with Gstreamer but wait for someone to fix. And if I update now there is no guarantee that the new distribution upgrade won’t introduce a new bugs associated with Gstreamer, or some dependency issues because of a locked package.
I know the the right thing to do for people like me would stop using Tumbleweed entirely until this issue is fixed, because my unpatched system is a security threat to me and other users.
I don’t run secure boot or use TPM 2.0 at present, not a big issue for me… but HS1 & HS2 outputs are good for me.
Again, it’s up to you as the system admin to decide, you can run the likes of ss to check open connections, or maybe wireshark to see what is happening.
Then you could always look at MicroOS for a read only filesystem, then there is Aeon and Kalpa.
For me this plugin is a non event, so just moved on. As suggested if not sure, just lock the package and dup your system. That’s why a read of the ML snapshot release and peruse the changelog highlights to decide what you want to do…
Host Security ID: HSI:0! (v2.0.12)
HSI-1
✔ SMM locked down: Locked
✔ BIOS firmware updates: Enabled
✔ Fused platform: Locked
✔ Supported CPU: Valid
✔ UEFI bootservice variables: Locked
✔ UEFI platform key: Valid
✔ UEFI secure boot: Enabled
✘ TPM v2.0: Not found
HSI-2
✔ IOMMU: Enabled
✔ Platform debugging: Locked
✘ SPI write protection: Disabled
HSI-3
✔ CET Platform: Supported
✘ SPI replay protection: Not supported
✘ Pre-boot DMA protection: Disabled
✘ Suspend-to-idle: Disabled
✘ Suspend-to-ram: Enabled
HSI-4
✔ SMAP: Enabled
✘ Processor rollback protection: Disabled
✘ Encrypted RAM: Not supported
Runtime Suffix -!
✔ CET OS Support: Supported
✔ fwupd plugins: Untainted
✔ Linux kernel lockdown: Enabled
✔ Linux kernel: Untainted
✔ UEFI db: Valid
✘ Linux swap: Unencrypted
This system has a low HSI security level.
» https://fwupd.github.io/hsi.html#low-security-level
This system has HSI runtime issues.
» https://fwupd.github.io/hsi.html#hsi-runtime-suffix
Host Security Events
2024-12-21 16:14:25: ✔ Kernel lockdown enabled
2024-12-21 16:14:25: ✔ Secure Boot enabled
Finally, thanks.
Thanks for suggestion, but I’ll stay with Tumbleweed. I can find a lot of info on how to configure it, there are explanations in the config files on how to edit. It is my first distro which “let me in” to do that with openSUSE User Documentation Project.
I’ve tried Leap 15.6 but didn’t want the trouble of upgrading to the next version with a possibility that something might go wrong. Also with the help of Yast was able to install ancient HP printer. Tor browser only works on Tumbleweed. I also play Steam games, swap is needed.