Packages changed:
ImageMagick
aaa_base (84.87+git20240318.3e4640d -> 84.87+git20240202.9526d46)
bind (9.18.24 -> 9.18.25)
boost-base
boost-extra
dracut (059+suse.557.g8a62bf73 -> 059+suse.560.g145cde90)
ffmpeg-6
gdb
libffi (3.4.4 -> 3.4.6)
libnss_usrfiles (2.27 -> 2.27.1)
python-netaddr (0.10.1 -> 1.2.1)
strace (6.7 -> 6.8)
unbound (1.19.2 -> 1.19.3)
unixODBC
wicked
=== Details ===
==== ImageMagick ====
Subpackages: libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10
- allow delegates to be executed, was disabled by default policy
- modified patches
% ImageMagick-configuration-SUSE.patch (refreshed)
% ImageMagick-library-installable-in-parallel.patch (refreshed)
==== aaa_base ====
Version update (84.87+git20240318.3e4640d -> 84.87+git20240202.9526d46)
Subpackages: aaa_base-extras
==== bind ====
Version update (9.18.24 -> 9.18.25)
Subpackages: bind-doc bind-utils
- Update to release 9.18.25
Bug Fixes:
* A regression in cache-cleaning code enabled memory use to grow
significantly more quickly than before, until the configured
max-cache-size limit was reached. This has been fixed.
* Using rndc flush inadvertently caused cache cleaning to become
less effective. This could ultimately lead to the configured
max-cache-size limit being exceeded and has now been fixed.
* The logic for cleaning up expired cached DNS records was
tweaked to be more aggressive. This change helps with enforcing
max-cache-ttl and max-ncache-ttl in a timely manner. [GL #4591]
* It was possible to trigger a use-after-free assertion when the
overmem cache cleaning was initiated. This has been fixed.
==== boost-base ====
Subpackages: boost-license1_84_0 libboost_filesystem1_84_0 libboost_filesystem1_84_0-x86-64-v3 libboost_iostreams1_84_0 libboost_iostreams1_84_0-x86-64-v3 libboost_locale1_84_0 libboost_locale1_84_0-x86-64-v3 libboost_program_options1_84_0 libboost_program_options1_84_0-x86-64-v3 libboost_thread1_84_0 libboost_thread1_84_0-x86-64-v3
- Avoid BuildRequire of 'gcc-c++ > 5' which is only a redundant
check. This interferes with Substitute.
==== boost-extra ====
Subpackages: libboost_python-py3-1_84_0 libboost_python-py3-1_84_0-x86-64-v3
- Avoid BuildRequire of 'gcc-c++ > 5' which is only a redundant
check. This interferes with Substitute.
==== dracut ====
Version update (059+suse.557.g8a62bf73 -> 059+suse.560.g145cde90)
- Update to version 059+suse.560.g145cde90:
* fix(systemd-pcrphase): rename systemd-pcrphase binary to systemd-pcrextend
==== ffmpeg-6 ====
Subpackages: libavcodec60 libavfilter9 libavformat60 libavutil58 libpostproc57 libswresample4 libswscale7
- Let the ffmpeg-6 main program be combinable with ffmpeg-6-mini-libs
==== gdb ====
- Avoid using a %gcc macro to support using gcc 4.8 for building
on SLE11. Use the regular language compilers for testing.
==== libffi ====
Version update (3.4.4 -> 3.4.6)
Subpackages: libffi8 libffi8-32bit
- Add patches to fix BTI on aarch64:
* 830.patch
- Update to 3.4.6:
* Fix long double regression on mips64 and alpha.
- Update to 3.4.5:
* Add support for wasm32.
* Add support for aarch64 branch target identification (bti).
* Add support for ARCv3: ARC32 & ARC64.
* Add support for HPPA64, and many HPPA fixes.
* Add support for Haikuos on PowerPC.
* Fixes for AIX, loongson, MIPS, power, sparc64, and x86 Darwin.
- Drop upstreamed patches:
* 808.patch
* 810.patch
==== libnss_usrfiles ====
Version update (2.27 -> 2.27.1)
- Update to version 2.27.1
- Cleanup prototypes
==== python-netaddr ====
Version update (0.10.1 -> 1.2.1)
- Update to 1.2.1:
* Fix bad version 1.2.0 upload to PyPI – now yanked. No changes to
the package.
- 1.2.0:
* Add CLI tool subcommand to display cli-network-info.
* Support running interactive-shell without IPython installed.
* Explicitly raise TypeError is a non-string value is passed to
valid_ipv4 or valid_ipv6.
- 1.1.0:
* Add the required Python version to the package metadata (#365).
* Add expand_partial_ipv4_address to the public API.
* Fix IPNetwork(...) in IPRange(...) false negatives (#157).
* Fix a few IPNetwork slicing edge cases (#214).
* Fix support for partial IP addresses accidentally left in IPNetwork in 1.0.0.
* Fixed an incorrect license classifier in the package metadata.
- 1.0.0:
* Removed:
* Drop support for Python versions lower than 3.7.
* Remove the flag shorthands: N, P and Z. Use NOHOST, INET_PTON
and ZEROFILL instead.
* Remove abbreviated CIDR format support in IPNetwork (implicit_prefix=True),
use cidr_abbrev_to_verbose if you need this behavior.
* Remove the IPAddress.is_private method.
* Changed:
* Stop accepting leading zeros when parsing IPv4 addresses in INET_PTON mode
(it's been allowed on some platforms).
* Stop parsing IPv4 addresses permissively (inet_aton()-like) by default.
* Apply the two changes above to valid_ipv4 as well.
* Update the address databases to the 2024-02-10 versions.
* Fixed:
* Return False instead of raising AddrFormatError when an empty string is passed
to valid_ipv4 or valid_ipv6.
* Fix handling of dialect provided to EUI during copy-construction.
==== strace ====
Version update (6.7 -> 6.8)
- Update to strace 6.8
* Renamed --stack-traces to --stack-trace for consistency.
Old option is retained for backwards compatibility.
* Implemented --stack-trace-frame-limit=N option for configuring the limit
of the number of printed backtrace frames.
* Implemented decoding of statmount, listmount, lsm_get_self_attr,
lsm_set_self_attr, and lsm_list_modules syscalls.
* Implemented decoding of setsockopt(TCP_AO_ADD_KEY).
* Updated decoding of landlock_create_ruleset and landlock_add_rule syscalls.
* Updated decoding of SMC_DIAG_DMBINFO netlink attribute.
* Updated decoding of UBI_IOCATT ioctl command.
* Enhanced decoding of mount attributes of fsmount and mount_setattr syscalls.
* Updated lists of BPF_*, KEXEC_*, KVM_*, PERF_*, SOL_*, STATX_*, UFFD_*,
and V4L2_* constants.
* Updated lists of ioctl commands from Linux 6.8.
==== unbound ====
Version update (1.19.2 -> 1.19.3)
Subpackages: libunbound8 unbound-anchor
- Update to 1.19.3:
* Features:
- Merge PR #973: Use the origin (DNAME) TTL for synthesized
CNAMEs as per RFC 6672.
* Bug Fixes
- Fix unit test parse of origin syntax.
- Use 127.0.0.1 explicitly in tests to avoid delays and errors
on newer systems.
- Fix #964: config.h.in~ backup file in release tar balls.
- Merge #968: Replace the obsolescent fgrep with grep -F in
tests.
- Merge #971: fix 'WARNING: Message has 41 extra bytes at end'.
- Fix #969: [FR] distinguish Do53, DoT and DoH in the logs.
- Fix dnstap that assertion failed on logging other than UDP
and TCP traffic. It lists it as TCP traffic.
- Fix to sync the tests script file common.sh.
- iana portlist update.
- Updated IPv4 and IPv6 address for b.root-servers.net in root
hints.
- Update test script file common.sh.
- Fix tests to use new common.sh functions, wait_logfile and
kill_from_pidfile.
- Fix #974: doc: default number of outgoing ports without
libevent.
- Merge #975: Fixed some syntax errors in rpl files.
- Fix root_zonemd unit test, it checks that the root ZONEMD
verifies, now that the root has a valid ZONEMD.
- Update example.conf with cookie options.
- Merge #980: DoH: reject non-h2 early. To fix #979: Improve
errors for non-HTTP/2 DoH clients.
- Merge #985: Add DoH and DoT to dnstap message.
- Fix #983: Sha1 runtime insecure change was incomplete.
- Remove unneeded newlines and improve indentation in remote
control code.
- Merge #987: skip edns frag retry if advertised udp payload
size is not smaller.
- Fix unit test for #987 change in udp1xxx retry packet send.
- Merge #988: Fix NLnetLabs#981: dump_cache truncates large
records.
- Fix to link with -lcrypt32 for OpenSSL 3.2.0 on Windows.
- Fix to link with libssp for libcrypto and getaddrinfo check
for only header. Also update crosscompile to remove ssp for
32bit.
- Merge #993: Update b.root-servers.net also in example config
file.
- Update workflow for ports to use newer openssl on windows
compile.
- Fix warning for windres on resource files due to
redefinition.
- Fix for #997: Print details for SSL certificate failure.
- Update error printout for duplicate trust anchors to include
the trust anchor name (relates to #920).
- Update message TTL when using cached RRSETs. It could result
in non-expired messages with expired RRSETs (non-usable
messages by Unbound).
- Merge #999: Search for protobuf-c with pkg-config.
- Fix #1006: Can't find protobuf-c package since #999.
- Fix documentation for access-control in the unbound.conf man
page.
- Merge #1010: Mention REFUSED has the TC bit set with
unmatched allow_cookie acl in the manpage. It also fixes the
code to match the documentation about clients with a valid
cookie that bypass the ratelimit regardless of the
allow_cookie acl.
- Document the suspend argument for process_ds_response().
- Move github workflows to use checkoutv4.
- Fix edns subnet replies for scope zero answers to not get
stored in the global cache, and in cachedb, when the upstream
replies without an EDNS record.
- Fix for #1022: Fix ede prohibited in access control refused
answers.
- Fix unbound-control-setup.cmd to use 3072 bits so that
certificates are long enough for newer OpenSSL versions.
- Fix TTL of synthesized CNAME when a DNAME is used from cache.
- Fix unbound-control-setup.cmd to have CA v3 basicConstraints,
like unbound-control-setup.sh has.
==== unixODBC ====
- bsc#1221709: Fix build with gcc14
Add unixODBC-gcc14.patch
==== wicked ====
Subpackages: wicked-service
- hide secrets in debug log (bsc#1221194)
[+ 0003-move-all-attribute-definitions-to-compiler-h.patch]
[+ 0004-hide-secrets-in-debug-log-bsc-1221194.patch]