Packages changed:
  Mesa
  Mesa-drivers
  MozillaFirefox (132.0.2 -> 133.0)
  gnome-session
  libpwquality
  libreoffice (24.8.2.1 -> 24.8.3.2)
  openSUSE-release (20241127 -> 20241129)
  python-setuptools (72.1.0 -> 75.6.0)
  python311-packaging (24.1 -> 24.2)
  unbound
  webkit2gtk3 (2.46.3 -> 2.46.4)

=== Details ===

==== Mesa ====
Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1

- trying to make buildservice happy by adding both tarballs to
  specfile ...
- on s390x build Mesa 24.1.7 to fix colors with Xvnc (boo#1233167)
- adjusted patches for Mesa 24.1.7:
  * python36-buildfix1-s390x.patch
  * u_dep_xcb-s390x.patch
  * u_mesa-CVE-2023-45913-s390x.patch

==== Mesa-drivers ====
Subpackages: Mesa-dri Mesa-gallium Mesa-libva libxatracker2

- trying to make buildservice happy by adding both tarballs to
  specfile ...
- on s390x build Mesa 24.1.7 to fix colors with Xvnc (boo#1233167)
- adjusted patches for Mesa 24.1.7:
  * python36-buildfix1-s390x.patch
  * u_dep_xcb-s390x.patch
  * u_mesa-CVE-2023-45913-s390x.patch

==== MozillaFirefox ====
Version update (132.0.2 -> 133.0)
Subpackages: MozillaFirefox-branding-upstream MozillaFirefox-translations-common

- Mozilla Firefox 133.0
  https://www.mozilla.org/en-US/firefox/133.0/releasenotes
  MFSA 2024-63 (bsc#1233695)
  * CVE-2024-11691 (bmo#1914707, bmo#1924184)
    Memory corruption in Apple GPU drivers
  * CVE-2024-11700 (bmo#1836921)
    Potential Tapjacking Exploit for Intent Confirmation on Android
  * CVE-2024-11692 (bmo#1909535)
    Select list elements could be shown over another site
  * CVE-2024-11701 (bmo#1914797)
    Misleading Address Bar State During Navigation Interruption
  * CVE-2024-11702 (bmo#1918884)
    Inadequate Clipboard Protection in Private Browsing Mode on
    Android
  * CVE-2024-11693 (bmo#1921458)
    Download Protections were bypassed by .library-ms files on
    Windows
  * CVE-2024-11694 (bmo#1924167)
    CSP Bypass and XSS Exposure via Web Compatibility Shims
  * CVE-2024-11695 (bmo#1925496)
    URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
  * CVE-2024-11703 (bmo#1928779)
    Password access without authentication via PIN bypass on Android
  * CVE-2024-11696 (bmo#1929600)
    Unhandled Exception in Add-on Signature Verification
  * CVE-2024-11697 (bmo#1842187)
    Improper Keypress Handling in Executable File Confirmation Dialog
  * CVE-2024-11704 (bmo#1899402)
    Potential Double-Free Vulnerability in PKCS#7 Decryption Handling
  * CVE-2024-11698 (bmo#1916152)
    Fullscreen Lock-Up When Modal Dialog Interrupts Transition on macOS
  * CVE-2024-11705 (bmo#1921768)
    Null Pointer Dereference in NSC_DeriveKey
  * CVE-2024-11706 (bmo#1923767)
    Null Pointer Dereference in PKCS#12 Utility
  * CVE-2024-11708 (bmo#1922912)
    Data race with PlaybackParams
  * CVE-2024-11699 (bmo#1880582, bmo#1929911)
    Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5,
    and Thunderbird 128.5
- requires NSS 3.106
- remove obsolete mozilla-python313.patch
- add mozilla-python313.patch to fix build with python 3.13+

==== gnome-session ====
Subpackages: gnome-session-core gnome-session-lang gnome-session-wayland gnome-session-xsession

- Build gnome-session-wayland also on s390x: It was originally
  excluded because xwayland did not exist. That has been solved in
  2021 though.

==== libpwquality ====
Subpackages: libpwquality-lang libpwquality1 libpwquality1-32bit pam_pwquality pam_pwquality-32bit

- Drop python 2.x support (it's been 4 years).
- Add python3-setuptools BuildRequires which is needed for
  distutils.

==== libreoffice ====
Version update (24.8.2.1 -> 24.8.3.2)
Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-qt6 libreoffice-writer libreofficekit

- Update to 24.8.3.2 (24.8.3 final)
  * Release notes:
    https://wiki.documentfoundation.org/Releases/24.8.3/RC1
    https://wiki.documentfoundation.org/Releases/24.8.3/RC2
- Update bundled dependencies:
  * curl 8.10.1 -> 8.11.0
- New translation: Tagalog

==== openSUSE-release ====
Version update (20241127 -> 20241129)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd

- automatically generated by openSUSE-release-tools/pkglistgen

==== python-setuptools ====
Version update (72.1.0 -> 75.6.0)

- Skip over the tests which require network.
- Don't use pytest-xdist, it breaks test suite.
- update to 75.6.0:
  * Preserve original PKG-INFO into METADATA when creating wheel
    (instead of calling wheel.metadata.pkginfo_to_metadata). This
    helps to be more compliant with the flow specified in PEP
    517.
  * Changed the WindowsSdkVersion, FrameworkVersion32 and
    FrameworkVersion64 properties of setuptools.msvc.PlatformInfo
    to return an empty tuple instead of None as a fallthrough
    case --  by :user:`Avasam`
- update to 75.5.0:
  * Removed support for
    SETUPTOOLS_DANGEROUSLY_SKIP_PYPROJECT_VALIDATION, as it is
    deemed prone to errors.
  * Added support for the environment variable
    SETUPTOOLS_DANGEROUSLY_SKIP_PYPROJECT_VALIDATION=true,
    allowing users to bypass the validation of pyproject.toml.
    This option should be used only as a last resort when
    resolving dependency issues, as it may lead to improper
    functioning. Users who enable this setting are responsible
    for ensuring that pyproject.toml complies with setuptools
    requirements. (#4611)  Attention! This environment variable
    was removed in a later version of setuptools.
  * Require Python 3.9 or later. (#4718)
  * Remove dependency on importlib_resources and the vendored
    copy of the library. Instead, setuptools consistently rely on
    stdlib's importlib.resources (available on Python 3.9+).
    (#4718)
  * Setuptools' bdist_wheel implementation no longer produces
    wheels with the m SOABI flag (pymalloc-related). This flag
    was removed on Python 3.8+ (see :obj:`sys.abiflags`). (#4718)
  * Updated vendored packaging version to 24.2. (#4740)
  * Merge with pypa/distutils@251797602, including fix for
    dirutil.mkpath handling in pypa/distutils#304.
  * Allowed using dict as an ordered type in
    setuptools.dist.check_requirements -- by :user:`Avasam`
  * Ensured methods in setuptools.modified preferably raise a
    consistent distutils.errors.DistutilsError type (except in
    the deprecated use case of SETUPTOOLS_USE_DISTUTILS=stdlib)
  - - by :user:`Avasam`
  * Fix the ABI tag when building a wheel using the debug build
    of Python 3.13 on Windows. Previously, the ABI tag was
    missing the "d" flag.
  * Fix clashes for optional-dependencies in pyproject.toml and
    extra_requires in setup.cfg/setup.py. As per PEP 621,
    optional-dependencies have to be honoured and dynamic
    behaviour is not allowed.
  * #4560
  * Made errors when parsing Distribution data more explicit
    about the expected type (tuple[str, ...] | list[str]) -- by
    :user:`Avasam`
  * Fix a TypeError when a Distribution's old included attribute
    was a tuple -- by :user:`Avasam`
  * Add workaround for bdist_wheel --dist-info-dir errors when
    customisation does not inherit from setuptools.
  * Re-use pre-existing .dist-info dir when creating wheels via
    the build backend APIs (PEP 517) and the metadata_directory
    argument is passed -- by :user:`pelson`.
  * Changed egg_info command to avoid adding an empty .egg-info
    directory while iterating over entry-points. This avoids
    triggering integration problems with
    importlib.metadata/importlib_metadata (reference:
    pypa/pyproject-hooks#206).
  * Deprecated bdist_wheel.universal configuration.
  * Removed reference to upload_docs module in entry points.
  * Declare also the dependencies used by distutils (adds
    jaraco.collections).
  * Removed upload_docs command.
  * Merge with pypa/distutils@7283751. Removed the register and
    upload commands and the config module that backs them
    (pypa/distutils#294). Removed the borland compiler. Replaced
    vendored dependencies with natural dependencies. Cygwin C
    compiler now gets compilers from sysconfig
    (pypa/distutils#296).
  * Fix cross-platform compilation using
    distutils._msvccompiler.MSVCCompiler -- by :user:`saschanaz`
    and :user:`Avasam`
  * Fixed TypeError in sdist filelist processing by adding
    support for pathlib Paths for the build_base.
  * Removed degraded and deprecated test_integration
    (easy_install) from the test suite.
  * Fixed TypeError in msvc.EnvironmentInfo.return_env when no
    runtime redistributables are installed.
  * Added support for defining ext-modules via pyproject.toml
    (EXPERIMENTAL, may change in future releases).
  * Merge with pypa/distutils@3dcdf8567, removing the duplicate
    vendored copy of packaging.
  * Restored setuptools.msvc.Environmentinfo as it is used
    externally.
  * Changed the type of error raised by
    setuptools.command.easy_install.CommandSpec.from_param on
    unsupported argument from AttributeError to TypeError -- by
    :user:`Avasam`
  * Added detection of ARM64 variant of MSVC -- by
    :user:`saschanaz`
  * Made setuptools.package_index.Credential a typing.NamedTuple
  - - by :user:`Avasam`
  * Reraise error from setuptools.command.easy_install.auto_chmod
    ... changelog too long, skipping 42 lines ...
    get_msvcr() (pypa/distutils#274).

==== python311-packaging ====
Version update (24.1 -> 24.2)

- update to 24.2:
  * PEP 639: Implement License-Expression and License-File
    (:issue:`828`)
  * Use !r formatter for error messages with filenames
    (:issue:`844`)
  * Add support for PEP 730 iOS tags (:issue:`832`)
  * Fix prerelease detection for > and < (:issue:`794`)
  * Fix uninformative error message (:issue:`830`)
  * Refactor canonicalize_version (:issue:`793`)
  * Patch python_full_version unconditionally (:issue:`825`)
  * Fix doc for canonicalize_version to mention strip_trailing_zero
    and a typo in a docstring (:issue:`801`)
  * Fix typo in Version __str__ (:issue:`817`)
  * Support creating a SpecifierSet from an iterable of Specifier
    objects (:issue:`775`)

==== unbound ====
Subpackages: libunbound8 unbound-anchor

- add workaround for bug
  https://github.com/NLnetLabs/unbound/issues/509
  Starting up with 127.0.0.1 in the /etc/resolv.conf leads to long
  delays if the anchor update is being run as ExecStartPre in the
  unbound service

==== webkit2gtk3 ====
Version update (2.46.3 -> 2.46.4)
Subpackages: WebKitGTK-4.1-lang libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles

- Update to version 2.46.4:
  + Improve memory consumption and performance of Canvas
    getImageData.
  + Fix preserve-3D intersection rendering.
  + Fix video dimensions since GStreamer 1.24.9.
  + Fix the HTTP-based remote Web Inspector not loading in
    Chromium.
  + Fix content filters not working on about:blank iframes.
  + Fix several crashes and rendering issues.
  + Security fixes: CVE-2024-44308, CVE-2024-44309.
- Drop patches fixed upstream:
  + 9e9ea966373d3858668f6a29d8ba91a5807c8dd8.patch
  + webkit2gtk3-CVE-2024-44308.patch
  + webkit2gtk3-CVE-2024-44309.patch