Packages changed: bind (9.18.9 -> 9.18.10) ca-certificates-mozilla (2.56 -> 2.60) cronie dconf glib2 (2.74.3 -> 2.74.4) gnome-control-center gtk4 (4.8.2 -> 4.8.3) iproute2 (6.0 -> 6.1) nftables (1.0.5 -> 1.0.6) open-iscsi pipewire sssd vulkan-loader (1.3.231.0 -> 1.3.236.0) vulkan-tools (1.3.231 -> 1.3.236.0) webkit2gtk3 (2.38.2 -> 2.38.3) webkit2gtk4 (2.38.2 -> 2.38.3) wicked (0.6.70 -> 0.6.71) zbar zlib-ng-compat === Details === ==== bind ==== Version update (9.18.9 -> 9.18.10) - Update to release 9.18.10 Feature Changes: * To reduce unnecessary memory consumption in the cache, NXDOMAIN records are no longer retained past the normal negative cache TTL, even if stale-cache-enable is set to yes. * The auto-dnssec option has been deprecated and will be removed in a future BIND 9.19.x release. Please migrate to dnssec-policy. * The coresize, datasize, files, and stacksize options have been deprecated. The limits these options set should be enforced externally, either by manual configuration (e.g. using ulimit) or via the process supervisor (e.g. systemd). * Setting alternate local addresses for inbound zone transfers has been deprecated. The relevant options (alt-transfer-source, alt-transfer-source-v6, and use-alt-transfer-source) will be removed in a future BIND 9.19.x release. * The number of HTTP headers allowed in requests sent to named’s statistics channel has been increased from 10 to 100, to accommodate some browsers that send more than 10 headers by default. Bug Fixes: * named could crash due to an assertion failure when an HTTP connection to the statistics channel was closed prematurely (due to a connection error, shutdown, etc.). * When a catalog zone was removed from the configuration, in some cases a dangling pointer could cause the named process to crash. * When a zone was deleted from a server, a key management object related to that zone was inadvertently kept in memory and only released upon shutdown. This could lead to constantly increasing memory use on servers with a high rate of changes affecting the set of zones being served. * TLS configuration for primary servers was not applied for zones that were members of a catalog zone. * In certain cases, named waited for the resolution of outstanding recursive queries to finish before shutting down. * host and nslookup command-line options setting the custom TCP/UDP port to use were ignored for ANY queries (which are sent over TCP). * The zone /: final reference detached log message was moved from the INFO log level to the DEBUG(1) log level to prevent the named-checkzone tool from superfluously logging this message in non-debug mode. ==== ca-certificates-mozilla ==== Version update (2.56 -> 2.60) - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle "valid before nov 30 2022" and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 Patch: remove-trustcor.patch ==== cronie ==== Subpackages: cron - Use %_pam_vendordir ==== dconf ==== Subpackages: gsettings-backend-dconf libdconf1 - Drop baselibs.conf: there is no known consumer of the -32bit package. ==== glib2 ==== Version update (2.74.3 -> 2.74.4) Subpackages: glib2-lang glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 libgthread-2_0-0 - Update to version 2.74.4: + Fix missing input validation in `GDBusMenuModel`. + Various GVariant security fixes when handling untrusted data. + Bugs fixed: glgo#GNOME/GLib#861, glgo#GNOME/GLib#2121, glgo#GNOME/GLib#2540, glgo#GNOME/GLib#2794, glgo#GNOME/GLib#2797, glgo#GNOME/GLib#2835, glgo#GNOME/GLib#2839, glgo#GNOME/GLib#2840, glgo#GNOME/GLib#2841, glgo#GNOME/GLib#2852, glgo#GNOME/GLib!3114, glgo#GNOME/GLib!3126, glgo#GNOME/GLib!3134, glgo#GNOME/GLib!3138, glgo#GNOME/GLib!3153, glgo#GNOME/GLib!3161, glgo#GNOME/GLib!3164. + Updated translations. - Add 1539540.patch: gthread-posix: need to #include . ==== gnome-control-center ==== Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-lang gnome-control-center-user-faces - Modify gnome-control-center-disable-error-message-for-NM.patch: fix wifi panel(bsc#1206233). - Rebase gnome-control-center-disable-error-message-for-NM.patch. - Add gnome-control-center-network-use-AdwStatusPage.patch: network-panel: Use AdwStatusPage to show NetworkManager error. This is needed by the above rebased patch (glgo#GNOME/gnome-control-center/commit/2b3de01124). - Add gnome-control-center-fix-ws-sea-pass-toggle.patch: Fix crash when user clicking password visibility toggle in Security page when method is WPA3 Personal (glgo#GNOME/gnome-control-center!1520). ==== gtk4 ==== Version update (4.8.2 -> 4.8.3) Subpackages: gtk4-lang gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0 - Update to version 4.8.3: + GtkText: - Claim gestures more selectively. - Prevent unexpected notify::direction emissions. + Accessibility: Remember if we don't find the a11y bus. + DND: Prefer file:// urls over other protocols. + GtkMountOperation: Work on Wayland. + GtkListView: Cancel rubberband if not handling drag. + Wayland: Fix button masks. + Windows: Fix resizes with native decorations. + X11: Fix some ordering problems with surface destruction. + Updated translations. ==== iproute2 ==== Version update (6.0 -> 6.1) Subpackages: iproute2-bash-completion - update to 6.1: * man: ss.8: fix a typo * testsuite: fix build failure * genl: remove unused vars in Makefile * json: do not escape single quotes * ip-monitor: Do not error out when RTNLGRP_STATS is not available * ip-link: man: Document existence of netns argument in add command * macsec: add Extended Packet Number support * macsec: add user manual description for extended packet number feature * ip: xfrm: support "external" (`collect_md`) mode in xfrm interfaces * ip: xfrm: support adding xfrm metadata as lwtunnel info in routes * ip: add NLM_F_ECHO support * libnetlink: add offset for nl_dump_ext_ack_done * tc/tc_monitor: print netlink extack message * rtnetlink: add new function rtnl_echo_talk() * ip: fix return value for rtnl_talk failures * iplink_bridge: Add no_linklocal_learn option support * devlink: use dl_no_arg instead of checking dl_argc == 0 * devlink: remove dl_argv_parse_put * mnlg: remove unnused mnlg_socket structure * utils: extract CTRL_ATTR_MAXATTR and save it * devlink: expose nested devlink for a line card object * devlink: load port-ifname map on demand * devlink: fix parallel flash notifications processing * devlink: move use_iec into struct dl * devlink: fix typo in variable name in ifname_map_cb() * devlink: load ifname map on demand from ifname_map_rev_lookup() as well * dcb: unblock mnl_socket_recvfrom if not message received * libnetlink: Fix memory leak in __rtnl_talk_iov() * tc_util: Fix no error return when large parent id used * tc_util: Change datatype for maj to avoid overflow issue * ss: man: add missing entries for MPTCP * ss: man: add missing entries for TIPC * ss: usage: add missing parameters * ss: re-add TIPC query support * devlink: Fix setting parent for 'rate add' * link: display 'allmulti' counter * seg6: add support for flavors in SRv6 End* behaviors * tc: ct: Fix invalid pointer dereference * uapi: update from 6.1 pre rc1 * u32: fix json formatting of flowid * tc_stab: remove dead code * uapi: update for in.h and ip.h * remove #if 0 code * tc: add json support to size table * tc: put size table options in json object * tc/basic: fix json output filter * iplink: support JSON in MPLS output * tc: print errors on stderr * ip: print mpls errors on stderr * tc: make prefix const * man: add missing tc class show * iplink_can: add missing `]' of the bitrate, dbitrate and termination arrays * ip link: add sub-command to view and change DSA conduit interface ==== nftables ==== Version update (1.0.5 -> 1.0.6) Subpackages: libnftables1 python3-nftables - Update to release 1.0.6 * Fix bytecode generation for concatenation of intervals where selectors use different byteorder datatypes, e.g. IPv4 (network byte order). * Fix match of uncommon protocol matches with raw expressions * Unbreak insertion of rules with intervals ("sport { 3478-3497, 16384-16387 }") ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0 - Update iscsid.service so it starts iscsid.socket, if needed (bsc#1206132). ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-lang pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Add patch from upstream to remember last routing after a reboot (glfo#pipewire/pipewire#2893): * 0001-alsa-dont-set--1-as-node.target.patch ==== sssd ==== Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap - Take systemd units off the restart list that have RefuseManualStart=yes [boo#1206592] - Add symvers.patch [boo#1206592] ==== vulkan-loader ==== Version update (1.3.231.0 -> 1.3.236.0) - Update to release SDK-1.3.236.0 * Fix cases where OOM was handled wrong * Null check vk_icdGetPhysicalDeviceProcAddr ==== vulkan-tools ==== Version update (1.3.231 -> 1.3.236.0) - Update to release SDK-1.3.236.0 * vulkaninfo: Add Driver Version handling - Delete 0001-cubepp-Fix-presentKHR-assert.patch (merged) ==== webkit2gtk3 ==== Version update (2.38.2 -> 2.38.3) Subpackages: WebKit2GTK-4.1-lang libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Update to version 2.38.3 (boo#1206474): + Fix runtime critical warnings from media player. + Fix network process crash when fetching website data on ephemeral session. + Fix the build with Ruby 3.2. + Fix several crashes and rendering issues. + Security fixes: CVE-2022-42856. - Drop b7ac5d0c.patch: fixed upstream. ==== webkit2gtk4 ==== Version update (2.38.2 -> 2.38.3) Subpackages: WebKit2GTK-5.0-lang libjavascriptcoregtk-5_0-0 libwebkit2gtk-5_0-0 webkit2gtk-5_0-injected-bundles - Update to version 2.38.3 (boo#1206474): + Fix runtime critical warnings from media player. + Fix network process crash when fetching website data on ephemeral session. + Fix the build with Ruby 3.2. + Fix several crashes and rendering issues. + Security fixes: CVE-2022-42856. - Drop b7ac5d0c.patch: fixed upstream. ==== wicked ==== Version update (0.6.70 -> 0.6.71) Subpackages: wicked-service - version 0.6.71 - dhcp: enable raw-ip support for wwan-qmi interfaces (jsc#PED-90) - schema: fix the ip rule to-selector to handle network prefixes ==== zbar ==== - ImageMagick instead of GraphicsMagick ==== zlib-ng-compat ==== - add 0001-Add-one-extra-byte-to-return-value-of-compressBound-.patch fixes a data corruption regression in 2.0.6