Packages changed: ImageMagick aaa_base (84.87+git20240318.3e4640d -> 84.87+git20240202.9526d46) bind (9.18.24 -> 9.18.25) boost-base boost-extra dracut (059+suse.557.g8a62bf73 -> 059+suse.560.g145cde90) ffmpeg-6 gdb libffi (3.4.4 -> 3.4.6) libnss_usrfiles (2.27 -> 2.27.1) python-netaddr (0.10.1 -> 1.2.1) strace (6.7 -> 6.8) unbound (1.19.2 -> 1.19.3) unixODBC wicked === Details === ==== ImageMagick ==== Subpackages: libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - allow delegates to be executed, was disabled by default policy - modified patches % ImageMagick-configuration-SUSE.patch (refreshed) % ImageMagick-library-installable-in-parallel.patch (refreshed) ==== aaa_base ==== Version update (84.87+git20240318.3e4640d -> 84.87+git20240202.9526d46) Subpackages: aaa_base-extras ==== bind ==== Version update (9.18.24 -> 9.18.25) Subpackages: bind-doc bind-utils - Update to release 9.18.25 Bug Fixes: * A regression in cache-cleaning code enabled memory use to grow significantly more quickly than before, until the configured max-cache-size limit was reached. This has been fixed. * Using rndc flush inadvertently caused cache cleaning to become less effective. This could ultimately lead to the configured max-cache-size limit being exceeded and has now been fixed. * The logic for cleaning up expired cached DNS records was tweaked to be more aggressive. This change helps with enforcing max-cache-ttl and max-ncache-ttl in a timely manner. [GL #4591] * It was possible to trigger a use-after-free assertion when the overmem cache cleaning was initiated. This has been fixed. ==== boost-base ==== Subpackages: boost-license1_84_0 libboost_filesystem1_84_0 libboost_filesystem1_84_0-x86-64-v3 libboost_iostreams1_84_0 libboost_iostreams1_84_0-x86-64-v3 libboost_locale1_84_0 libboost_locale1_84_0-x86-64-v3 libboost_program_options1_84_0 libboost_program_options1_84_0-x86-64-v3 libboost_thread1_84_0 libboost_thread1_84_0-x86-64-v3 - Avoid BuildRequire of 'gcc-c++ > 5' which is only a redundant check. This interferes with Substitute. ==== boost-extra ==== Subpackages: libboost_python-py3-1_84_0 libboost_python-py3-1_84_0-x86-64-v3 - Avoid BuildRequire of 'gcc-c++ > 5' which is only a redundant check. This interferes with Substitute. ==== dracut ==== Version update (059+suse.557.g8a62bf73 -> 059+suse.560.g145cde90) - Update to version 059+suse.560.g145cde90: * fix(systemd-pcrphase): rename systemd-pcrphase binary to systemd-pcrextend ==== ffmpeg-6 ==== Subpackages: libavcodec60 libavfilter9 libavformat60 libavutil58 libpostproc57 libswresample4 libswscale7 - Let the ffmpeg-6 main program be combinable with ffmpeg-6-mini-libs ==== gdb ==== - Avoid using a %gcc macro to support using gcc 4.8 for building on SLE11. Use the regular language compilers for testing. ==== libffi ==== Version update (3.4.4 -> 3.4.6) Subpackages: libffi8 libffi8-32bit - Add patches to fix BTI on aarch64: * 830.patch - Update to 3.4.6: * Fix long double regression on mips64 and alpha. - Update to 3.4.5: * Add support for wasm32. * Add support for aarch64 branch target identification (bti). * Add support for ARCv3: ARC32 & ARC64. * Add support for HPPA64, and many HPPA fixes. * Add support for Haikuos on PowerPC. * Fixes for AIX, loongson, MIPS, power, sparc64, and x86 Darwin. - Drop upstreamed patches: * 808.patch * 810.patch ==== libnss_usrfiles ==== Version update (2.27 -> 2.27.1) - Update to version 2.27.1 - Cleanup prototypes ==== python-netaddr ==== Version update (0.10.1 -> 1.2.1) - Update to 1.2.1: * Fix bad version 1.2.0 upload to PyPI – now yanked. No changes to the package. - 1.2.0: * Add CLI tool subcommand to display cli-network-info. * Support running interactive-shell without IPython installed. * Explicitly raise TypeError is a non-string value is passed to valid_ipv4 or valid_ipv6. - 1.1.0: * Add the required Python version to the package metadata (#365). * Add expand_partial_ipv4_address to the public API. * Fix IPNetwork(...) in IPRange(...) false negatives (#157). * Fix a few IPNetwork slicing edge cases (#214). * Fix support for partial IP addresses accidentally left in IPNetwork in 1.0.0. * Fixed an incorrect license classifier in the package metadata. - 1.0.0: * Removed: * Drop support for Python versions lower than 3.7. * Remove the flag shorthands: N, P and Z. Use NOHOST, INET_PTON and ZEROFILL instead. * Remove abbreviated CIDR format support in IPNetwork (implicit_prefix=True), use cidr_abbrev_to_verbose if you need this behavior. * Remove the IPAddress.is_private method. * Changed: * Stop accepting leading zeros when parsing IPv4 addresses in INET_PTON mode (it's been allowed on some platforms). * Stop parsing IPv4 addresses permissively (inet_aton()-like) by default. * Apply the two changes above to valid_ipv4 as well. * Update the address databases to the 2024-02-10 versions. * Fixed: * Return False instead of raising AddrFormatError when an empty string is passed to valid_ipv4 or valid_ipv6. * Fix handling of dialect provided to EUI during copy-construction. ==== strace ==== Version update (6.7 -> 6.8) - Update to strace 6.8 * Renamed --stack-traces to --stack-trace for consistency. Old option is retained for backwards compatibility. * Implemented --stack-trace-frame-limit=N option for configuring the limit of the number of printed backtrace frames. * Implemented decoding of statmount, listmount, lsm_get_self_attr, lsm_set_self_attr, and lsm_list_modules syscalls. * Implemented decoding of setsockopt(TCP_AO_ADD_KEY). * Updated decoding of landlock_create_ruleset and landlock_add_rule syscalls. * Updated decoding of SMC_DIAG_DMBINFO netlink attribute. * Updated decoding of UBI_IOCATT ioctl command. * Enhanced decoding of mount attributes of fsmount and mount_setattr syscalls. * Updated lists of BPF_*, KEXEC_*, KVM_*, PERF_*, SOL_*, STATX_*, UFFD_*, and V4L2_* constants. * Updated lists of ioctl commands from Linux 6.8. ==== unbound ==== Version update (1.19.2 -> 1.19.3) Subpackages: libunbound8 unbound-anchor - Update to 1.19.3: * Features: - Merge PR #973: Use the origin (DNAME) TTL for synthesized CNAMEs as per RFC 6672. * Bug Fixes - Fix unit test parse of origin syntax. - Use 127.0.0.1 explicitly in tests to avoid delays and errors on newer systems. - Fix #964: config.h.in~ backup file in release tar balls. - Merge #968: Replace the obsolescent fgrep with grep -F in tests. - Merge #971: fix 'WARNING: Message has 41 extra bytes at end'. - Fix #969: [FR] distinguish Do53, DoT and DoH in the logs. - Fix dnstap that assertion failed on logging other than UDP and TCP traffic. It lists it as TCP traffic. - Fix to sync the tests script file common.sh. - iana portlist update. - Updated IPv4 and IPv6 address for b.root-servers.net in root hints. - Update test script file common.sh. - Fix tests to use new common.sh functions, wait_logfile and kill_from_pidfile. - Fix #974: doc: default number of outgoing ports without libevent. - Merge #975: Fixed some syntax errors in rpl files. - Fix root_zonemd unit test, it checks that the root ZONEMD verifies, now that the root has a valid ZONEMD. - Update example.conf with cookie options. - Merge #980: DoH: reject non-h2 early. To fix #979: Improve errors for non-HTTP/2 DoH clients. - Merge #985: Add DoH and DoT to dnstap message. - Fix #983: Sha1 runtime insecure change was incomplete. - Remove unneeded newlines and improve indentation in remote control code. - Merge #987: skip edns frag retry if advertised udp payload size is not smaller. - Fix unit test for #987 change in udp1xxx retry packet send. - Merge #988: Fix NLnetLabs#981: dump_cache truncates large records. - Fix to link with -lcrypt32 for OpenSSL 3.2.0 on Windows. - Fix to link with libssp for libcrypto and getaddrinfo check for only header. Also update crosscompile to remove ssp for 32bit. - Merge #993: Update b.root-servers.net also in example config file. - Update workflow for ports to use newer openssl on windows compile. - Fix warning for windres on resource files due to redefinition. - Fix for #997: Print details for SSL certificate failure. - Update error printout for duplicate trust anchors to include the trust anchor name (relates to #920). - Update message TTL when using cached RRSETs. It could result in non-expired messages with expired RRSETs (non-usable messages by Unbound). - Merge #999: Search for protobuf-c with pkg-config. - Fix #1006: Can't find protobuf-c package since #999. - Fix documentation for access-control in the unbound.conf man page. - Merge #1010: Mention REFUSED has the TC bit set with unmatched allow_cookie acl in the manpage. It also fixes the code to match the documentation about clients with a valid cookie that bypass the ratelimit regardless of the allow_cookie acl. - Document the suspend argument for process_ds_response(). - Move github workflows to use checkoutv4. - Fix edns subnet replies for scope zero answers to not get stored in the global cache, and in cachedb, when the upstream replies without an EDNS record. - Fix for #1022: Fix ede prohibited in access control refused answers. - Fix unbound-control-setup.cmd to use 3072 bits so that certificates are long enough for newer OpenSSL versions. - Fix TTL of synthesized CNAME when a DNAME is used from cache. - Fix unbound-control-setup.cmd to have CA v3 basicConstraints, like unbound-control-setup.sh has. ==== unixODBC ==== - bsc#1221709: Fix build with gcc14 Add unixODBC-gcc14.patch ==== wicked ==== Subpackages: wicked-service - hide secrets in debug log (bsc#1221194) [+ 0003-move-all-attribute-definitions-to-compiler-h.patch] [+ 0004-hide-secrets-in-debug-log-bsc-1221194.patch]