Packages changed: Mesa Mesa-drivers apache2-mod_php8 avahi avahi-glib2 kf6-ksvg openSUSE-release (20240620 -> 20240621) pam-config (2.11+git.20240527 -> 2.11+git.20240620) php8 python-dnspython (2.4.2 -> 2.6.1) python311-packaging (24.0 -> 24.1) setserial shadow (4.15.1 -> 4.16.0) tftp vinagre virt-manager wayland (1.22.0 -> 1.23.0) wicked === Details === ==== Mesa ==== Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - Disable LTO on %ix86/x86_64 due to rendering bugs on Radeon graphics (boo#1226462) ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-gallium Mesa-libva libxatracker2 - Disable LTO on %ix86/x86_64 due to rendering bugs on Radeon graphics (boo#1226462) ==== apache2-mod_php8 ==== - drop unmaintained apache-rex usage ==== avahi ==== Subpackages: avahi-lang libavahi-client3 libavahi-client3-32bit libavahi-common3 libavahi-common3-32bit libavahi-core7 - Add avahi-filter-bogus-services.patch: no longer supply bogus services to callbacks (bsc#1226586). ==== avahi-glib2 ==== Subpackages: libavahi-glib1 libavahi-gobject0 libavahi-ui-gtk3-0 - Add avahi-filter-bogus-services.patch: no longer supply bogus services to callbacks (bsc#1226586). ==== kf6-ksvg ==== Subpackages: kf6-ksvg-imports libKF6Svg6 - Add upstream fix (kde#488295): * 0001-Restore-proper-devicepixelratio-when-extracting-from.patch - Rebase 0001-Revert-Support-for-fractional-scaling.patch ==== openSUSE-release ==== Version update (20240620 -> 20240621) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== pam-config ==== Version update (2.11+git.20240527 -> 2.11+git.20240620) - Update to version 2.11+git.20240620: * Call pam_fscrypt/pam_ecryptfs as first session module [bsc#1226452] ==== php8 ==== Subpackages: php8-ctype php8-dom php8-iconv php8-openssl php8-pdo php8-sqlite php8-tokenizer php8-xmlreader php8-xmlwriter - drop unmaintained apache-rex usage ==== python-dnspython ==== Version update (2.4.2 -> 2.6.1) - Update to version 2.6.1 * The Tudoor fix ate legitimate Truncated exceptions, preventing the resolver from failing over to TCP and causing the query to timeout. - Update to version 2.6.0 * As mentioned in the “TuDoor” paper and the associated CVE-2023-29483, the dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query. This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired. * Added support for the NSID EDNS option. * Dnspython now looks for version metadata for optional packages and will not use them if they are too old. This prevents possible exceptions when a feature like DoH is not desired in dnspython, but an old httpx is installed along with dnspython for some other purpose. * The DoHNameserver class now allows GET to be used instead of the default POST, and also passes source and source_port correctly to the underlying query methods. - Update to version 2.5.0 * Dnspython now uses hatchling for builds. * Cython is no longer supported due to various typing issues. * Dnspython now explicitly canonicalizes IPv4 and IPv6 addresses. Previously it was possible for non-canonical IPv6 forms to be stored in a AAAA address, which would work correctly but possibly cause problmes if the address were used as a key in a dictionary. * The number of messages in a section can be retrieved with section_count(). * Truncation preferences for messages can be specified. * The length of a message can be automatically prepended when rendering. * dns.message.create_response() automatically adds padding when required by RFC 8467. * The TLS verify parameter is now supported by dns.query.tls(), and the DoH and DoT Nameserver subclasses. * The MutableMapping used to store content in a zone may now be specified by a factory when subclassing. Factories may also be provided for writable verisons and immutable versions. * dns.name.Name now has predecessor() and successor() methods implementing RFC 4471. * QUIC has had a number of bug fixes and also now supports session tickets for faster session resumption. * The NSEC3 class now has a next_name() method for retrieving the next name as a dns.name.Name. ==== python311-packaging ==== Version update (24.0 -> 24.1) - update to 24.1: * No unreleased changes. ==== setserial ==== - Add setserial-2.17-C99.diff to fix C99 viloation in the configure script which prevents building with GCC 14 [boo#1225927]. ==== shadow ==== Version update (4.15.1 -> 4.16.0) Subpackages: login_defs - Update to 4.16.0: * The shadow implementations of id(1) and groups(1) are deprecated in favor of the GNU coreutils and binutils versions. They will be removed in 4.17.0. * The rlogind implementation has been removed. * The libsubid major version has been bumped, since it now requires specification of the module's free() implementation. - Update shadow-login_defs-suse.patch - Add shadow-4.16.0-econf.patch: Replace deprecated econf_readDirs with econf_readConfig ==== tftp ==== - Add tftp-c99.patch to avoid calling undeclaed function and thus make the package buildable with GCC 14 [boo#1225935] ==== vinagre ==== Subpackages: vinagre-lang - Add -fpermissive to compiler options to work around GCC 14 not allowing some violations of the C99 standard. [boo#1225951] ==== virt-manager ==== Subpackages: virt-install virt-manager-common - Skip some tests that fail under Pytest 8.x. ==== wayland ==== Version update (1.22.0 -> 1.23.0) Subpackages: libwayland-client0 libwayland-cursor0 libwayland-egl1 libwayland-server0 - Update to release 1.23.0 * A mechanism to set the size of the internal connection buffer used by libwayland * An enum-header mode for wayland-scanner to generate headers with only enums * wayland-scanner now generates validator functions for enums on the server side * Protocols can now indicate with a "deprecated-since" XML attribute that a request, event or enum entry is deprecated * An API to set a name for a queue to aid debugging * wl_client_get_user_data() and wl_client_set_user_data() to more easily attach custom data to a client * OpenBSD support * A wl_shm.release request for proper cleanup of this global ==== wicked ==== Subpackages: wicked-service - arp: increase arp-send retry value to avoid address configuration failure due to ENOBUF reported by kernel while duplicate address detection with underlying bonding in 802.3ad mode reporting link "up & running" too early (bsc#1218668, gh#openSUSE/wicked#1020, gh#openSUSE/wicked#1022). [+ 0002-increase-arp-retry-attempts-on-sending-bsc1218668.patch]