Packages changed:
  SVT-AV1 (1.4.1 -> 1.6.0)
  acpica (20221020 -> 20230331)
  ceph
  ffmpeg-4
  flac (1.4.2 -> 1.4.3)
  gegl (0.4.44 -> 0.4.46)
  kdump (1.0.3 -> 1.9.2)
  libHX (4.12 -> 4.13)
  libnettle
  lockdev
  lvm2
  lvm2-device-mapper
  mozjs102 (102.11.0 -> 102.12.0)
  perl-Bootloader (1.2 -> 1.4)
  pipewire (0.3.71 -> 0.3.72)
  publicsuffix (20230613 -> 20230616)
  python-Twisted
  python-cryptography (40.0.2 -> 41.0.1)
  python-qt5
  python-service_identity (21.1.0 -> 23.1.0)
  rtkit
  rubygem-asciidoctor (2.0.18 -> 2.0.20)
  snapper (0.10.4 -> 0.10.5)
  strace (6.3 -> 6.4)
  yast2-kdump (4.6.0 -> 4.6.1)
  zlib-ng-compat

=== Details ===

==== SVT-AV1 ====
Version update (1.4.1 -> 1.6.0)

- Enable build on riscv64
- Update to release 1.6.0
  * Improved the tradeoffs for the random access mode across
    presets M1-M13:
  * Speeding up the higher quality presets by 30-40%
  * Improving the BD-rate by 1-4% for the faster presets
  * Improved the tradeoffs for the low delay mode for both screen
    content and non-screen content encoding modes
  * Added a toggle to remove the legacy one-frame buffer at the
    input of the pipeline allowing the low delay mode to operate
    at sub-frame processing latencies
  * Added a new API allowing the user to specify quantization
    offsets for a region of interest per frame

==== acpica ====
Version update (20221020 -> 20230331)

- Update to version 20230331
  * Add C Flexible Array support.
  * Add support for 64 bit LoongArch compilation.
  * Add first batch of RISC-V related definitions.
  * hwvalid: Drop port I/O validation.
  * iASL: Added full macro support in the preprocessor.
  * Add support for AMD Secure Processor Table (ASPT) version 1.
  * Add support for Arm's MPAM ACPI table version 2.
  * ACPI 6.5: MADT: add support for trace buffer extension in GICC.
  * Headers: Delete bogus NodeArray array of pointers from AEST table.

==== ceph ====
Subpackages: librados2 librbd1

- Remove _constraints file, add README-constraints.txt and pre_checkin.env

==== ffmpeg-4 ====
Subpackages: libavcodec58_134 libavformat58_76 libavutil56_70 libpostproc55_9 libswresample3_9 libswscale5_9

- Add 0001-avcodec-libsvtav1-remove-compressed_ten_bit_format-a.patch

==== flac ====
Version update (1.4.2 -> 1.4.3)
Subpackages: libFLAC++10 libFLAC12

- Update to version 1.4.3:
  + General
  * All PowerPC-specific code has been removed, as it turned out
    those improvements didn't actually improve anything
  * Large improvements in encoder speed for all presets. The
    largest change is for the fastest presets and for 24-bit and
    32-bit inputs.
  * Small improvement in decoder speed for BMI2-capable CPUs
  * Various documentation fixes and cleanups
  * Various fixes
  * Fix building on Universal Windows Platform
  + flac
  * A lot of small fixes for bugs found by fuzzing
  * Various improvements to the --keep-foreign-metadata and
  - -keep-foreign-metadata-if-present options on decoding
    + The output format (WAV/AIFF/RF64 etc.) is now automatically
    selected based on what kind of foreign metadata is stored
    + Decoded file is checked afterwards, to see whether stored
    foreign format data agrees with FLAC audio properties
    + AIFF-C sowt data can now be restored
  * Add --force-legacy-wave-format option, to decode to WAV with
    WAVEFORMATPCM where WAVE_FORMAT_EXTENSIBLE would be more
    appropriate
  * Add --force-aiff-c-none-format and --force-aiff-c-sowt-format
    to decode to AIFF-C
  * The storage of WAVEFORMATEXTENSIBLE_CHANNEL_MASK is no longer
    restricted to known channel orderings
  * Throw an error when WAV or AIFF files are over 4GiB in length
    and the --ignore-chunk-sizes option is not set
  * Warn on testing files when ID3v2 tags are found
  * Warn when data trails the audio data of a WAV/AIFF/RF64/W64
    file
  * Fix output file not being deleted after error on Windows
  * Removal of the --sector--align option
  + metaflac
  * A lot of small fixes for bugs found by fuzzing
  * Added options --append and --data-format, which makes it
    possible to copy metadata blocks from one FLAC file to another
  * Added option --remove-all-tags-except
  * Added option --show-all-tags
  + libFLAC
  * No longer write seektables to Ogg, even when specifically
    asked for. Seektables in Ogg are not defined
  * Add functions FLAC__metadata_object_set_raw and
    FLAC__metadata_object_get_raw to convert between blob and
    FLAC__StreamMetadata
  + Build system
  * Autoconf (configure): The option --enable-64-bit-words is now
    on by default
  * CMake: The option ENABLE_64_BIT_WORDS is now on by default
  + Testing/validation
  * Fuzzers were added for the flac and metaflac command line
    tools
  * Fuzzer coverage was improved
- Changed source to github link since it wasn't released in the
  xiph page.

==== gegl ====
Version update (0.4.44 -> 0.4.46)
Subpackages: gegl-0_4 gegl-0_4-lang libgegl-0_4-0

- Update to version 0.4.46:
  + Operations:
  - local-threshold: new operation that does neighborhood aware
    and optionallyantialiased thresholding of an image.
  - chamfer: new operation in workshop that useis
    distance-transform and emboss or LinuxBeaver’s research
    into modeling different bevels with combinations of blurs.
  - ff-load,ff-save: clean up of deprecated API, builds with
    ffmpeg-6.0 but ff-save hasn’t been made to work with this
    release of ffmpeg yet.
  + Updated vendored libraries:
  - ctx and libnsgif have been updated from upstream.
  + Build:
  - Depend on meson 0.55.0
  - Various cleanups including re-enabling of deprecation
    warnings.
  - make ctx be an internal library.

==== kdump ====
Version update (1.0.3 -> 1.9.2)

- upgrade to version 1.9.2
  * adapt kdumptool to work with YaST
  * wait for SMTP server to become reachable
- upgrade to version 1.9.1
  * reimplement e-mail notifications
- upgrade to version 1.9
  * complete rewrite of kdump-save and parts of initrd generation
  * mounts are now entirely handled by dracut
  * deprecated: split dumps (saving to more than one targets at once)
  * deprecated: KDUMPTOOL_FLAGS option removed; original XENALLDOMAINS is now
    the default, disable with MAKEDUMPFILE_OPTIONS=-X
  * deprecated: notification e-mails
  * deprecated: copying of the kernel image (KDUMP_COPY_KERNEL)
  * FTP and SFTP are now handled by lftp, added to the spec file as Recommends:
  * SSH and SFTP now support passwords provided in the URL
  * fixed KDUMP_SSH_HOST_KEY, now needs to include the key type
  * new KDUMP_DUMPFORMAT=raw, will save an unmodified /proc/vmcore
  * the output directory name is now YYYY-MM-DD-HH-MM, i.e. the separator between
    HH and MM changed
  * unified default KDUMP_SAVEDIR across config, code and man to /var/crash
  * ping is now used to detect network is up; disable with KDUMP_NET_TIMEOUT=0
  * all the yes/no options changed to true/false; yes/no/1/0 still accepted
  * put the kdump initrd in /var/lib/kdump/initrd
  * use default kernel symlink (/boot/vmlinuz) instead of kernel autodetection
  * KDUMP_KERNELVER can specify an absolute path to a kernel image
  * improved mkdumprd detection of changed settings
  * removed all of kdumptool except the calibrate subcommand
  * cleaned up dependencies (ssh now only Recommended)

==== libHX ====
Version update (4.12 -> 4.13)

- Update to release 4.13
  * io: do not fail HX_mkdir when a component is a symlink to a
    directory
  * xml_helper: fix infinite recursion in xml_getnsprop

==== libnettle ====
Subpackages: libhogweed6 libhogweed6-32bit libnettle8 libnettle8-32bit

- Add the architecture specific READMEs as provided by upstream.

==== lockdev ====
Subpackages: liblockdev1

- lock group is created by system-group-hardware
- use sysusers mechanism to create lock group and tmpfiles for
  /{var/,}run (boo#1078466)
- add lockdev-debug.diff

==== lvm2 ====
Subpackages: liblvm2cmd2_03

- multipath_component_detection = 0 in lvm.conf does not have any effect (bsc#1212613)
  - bug-1212613_apply-multipath_component_detection-0-to-duplicate-P.patch

==== lvm2-device-mapper ====
Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03

- multipath_component_detection = 0 in lvm.conf does not have any effect (bsc#1212613)
  - bug-1212613_apply-multipath_component_detection-0-to-duplicate-P.patch

==== mozjs102 ====
Version update (102.11.0 -> 102.12.0)

- Update to version 102.12.0:
  + Various security fixes.
  + CVE-2023-34414: Click-jacking certificate exceptions through
    rendering lag.

==== perl-Bootloader ====
Version update (1.2 -> 1.4)

- merge gh#openSUSE/perl-bootloader#151
- default-settings: support non-x86 architectures
- add man pages for all commands
- 1.4
- merge gh#openSUSE/perl-bootloader#149
- use signed grub EFI binary when updating grub in default EFI
  location (bsc#1210799)
- 1.3

==== pipewire ====
Version update (0.3.71 -> 0.3.72)
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-lang pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools

- Update to version 0.3.72:
  * Highlights
  - Fix a critical bug that would refuse to update the samplerate
    or buffersize in JACK clients.
  - A new module-netjack2-driver and module-netjack2-manager were
    added that are compatible with NETJACK2. This allows PipeWire
    to become a NETJACK2 manager or a driver between JACK2 or
    PipeWire servers.
  - Support was added for firewire devices with FFADO. This is
    untested for now and MIDI is not implemented yet.
  - The node scheduling was optimized some more. External drivers
    are now as efficient as in-server ones. This should improve
    performance of various drivers such as bluetooth and JACK
    based drivers.
  - Many, many bug fixes and a ton of improvements.
  * PipeWire
  - pw-filter can now be used to write sinks and sources.
  - The node activation for drivers was changed. The driver now
    does not need to go to the server to start the processing
    cycle. This makes out-of-server drivers as efficient as
    in-server drivers.
  - Don't try to use drivers with 0 priority as fallback drivers.
    This avoids making the screencast driver a driver for audio.
  - Improve xrun count reporting in pw-top and the profiler. Now
    each node has their own xrun counter updated when it fails to
    complete processing during the cycle.
  - pw-filter now also has support for TRIGGER.
  - A potential fd leak was found when fds were send to a zombie
    client.
  - Fix a bug where monitor or capture streams were logged twice
    in the profiler.
  - Remove stream hooks safely.
  - A bug in serialization of container properties was fixed.
    This could result in truncated property values.
  - The PIPEWIRE_AUTOCONNECT environment variable now always
    overrides the autoconnect settings of streams.
  - Node, port and link destroy now avoids some useless work.
  - Port will now try to renegotiate a new format when idle.
  * Modules
  - The module-sap now is more compatible with AES67.
  - A new FFADO driver module was added. This is completely
    untested because of lack of hardware. Please test and report
    issues.
  - A new NETJACK2 driver and a NETJACK2 manager module were
    added. These should be drop in replacements for the JACK2
    parts.
  - The RAOP discover module now tries harder to only list
    devices once.
  - The zeroconf discover module now tries harder to only list
    devices once.
  - The RAOP sink module now handles latency better and is
    compatible with some more devices.
  - The loopback and filter-chain modules now always dequeue the
    last input buffer to avoid stuttering in some cases.
  - The SPA node factory module can now also export nodes. This
    is used to export the PTP clock from the AES67 config file.
  - A bug in module-jack-tunnel was fixed that would cause
    stuttering and corrupted output in some cases.
  - The resampler is now disabled in module-loopback and
    filter-chain when the samplerate is set to follow the graph
    rate.
  - The way the mixer peer is sent to clients was improved. It is
    now also possible to let a remote node know about mixer port
    removes, which can avoid memory leaks and some code
    simplifications.
  * SPA
  - Monitor ports now report latency correctly.
  - The ALSA plugin now uses htimestamp to get a more accurate
    ringbuffer position to estimate the clock skew.
  - The channelmixer now has min/max-volume settings to limit or
    fix the volume.
  - The ALSA plugin can now control the playback and capture rate
    of USB gadgets. This can avoid resampling and instead use the
    USB feedback to control the rate.
  - The ALSA output to multiple devices has been improved, some
    lockups are avoided when the device ringbuffer is full.
  - The compress-offload sink has improved negotiation.
  * pulse-server
  - Only try to use GSettings when the schema exists.
  - @DEFAULT_SOURCE@, @DEFAULT_SINK@ and @DEFAULT_MONITOR@ are
    now correctly handled as targets in playback and capture
    streams.
  - 2 new quirks are added to disable volume updates on
    sinks/sources.
  - The virtual-sink and virtual-source modules were added. These
    are really example modules but actually also work and are
    useful on PulseAudio so implement them as well.
  - Fix initial stream volumes.
  * Bluetooth
  - Only register A2DP or BAP when we have codecs.
  - Include codec into the media.name
  * JACK
  - Fix a critical bug that would refuse to update the samplerate
    or buffersize.
  - Improve updates of samplerate/buffersize, delay the updates
    until the client is activated.
  - Use the new mix-info updates to simplify the mixer setup and
    peer detection.
  * GStreamer
    ... changelog too long, skipping 5 lines ...
  the ld.so.conf.d file).

==== publicsuffix ====
Version update (20230613 -> 20230616)

- Update to version 20230616:
  * Add 63 geographical domains for .vn ccTLD (#1776)
  * util: gTLD data autopull updates for 2023-06-16T15:12:40 UTC (#1778)
  * util: gTLD data autopull updates for 2023-06-14T15:13:06 UTC (#1777)

==== python-Twisted ====
Subpackages: python311-Twisted python311-Twisted-tls

- add regenerate-cert-to-work-with-latest-service-identity.patch
  remove-pynacl-optional-dependency.patch: backports from main
  git to fix tests with newer dependency versions

==== python-cryptography ====
Version update (40.0.2 -> 41.0.1)

- update to 41.0.1 (bsc#1212568):
  * Temporarily allow invalid ECDSA signature algorithm
    parameters in X.509 certificates, which are
    generated by older versions of Java.
  * Allow null bytes in pass phrases when serializing private
    keys.
  * **BACKWARDS INCOMPATIBLE:** Support for OpenSSL less than
    1.1.1d has been removed.  Users on older version of
    OpenSSL will need to upgrade.
  * **BACKWARDS INCOMPATIBLE:** Support for Python 3.6 has been
    removed.
  * **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL <
    3.6.
  * Updated the minimum supported Rust version (MSRV) to 1.56.0,
    from 1.48.0.
  * Added support for the
    :class:`~cryptography.x509.OCSPAcceptableResponses`
    OCSP extension.
  * Added support for the
    :class:`~cryptography.x509.MSCertificateTemplate`
    proprietary Microsoft certificate extension.
  * Implemented support for equality checks on all asymmetric
    public key types.
  * Added support for ``aes256-gcm@openssh.com`` encrypted keys
    in :func:`~cryptography.hazmat.primitives.serialization.load_ssh
    _private_key`.
  * Added support for obtaining X.509 certificate signature
    algorithm parameters (including PSS)

==== python-qt5 ====

- Fix shell stubs of pyuic5 pylupdate5 pyrcc5 in order to run the
  correct interpreter

==== python-service_identity ====
Version update (21.1.0 -> 23.1.0)

- Update to 23.1.0
  * Removed
  - All Python versions up to and including 3.7 have been dropped.
  - Support for commonName in certificates has been dropped.
    It has been deprecated since 2017 and isn't supported by any
    major browser.
  - The oldest supported pyOpenSSL version (when using the
    pyopenssl backend) is now 17.0.0.
    When using such an old pyOpenSSL version, you have to pin
    cryptography yourself to ensure compatibility between them.
    Please check out contraints/oldest-pyopenssl.txt to verify
    what we are testing against.
  * Deprecated
  - If you've used service_identity.(cryptography|pyopenssl).extract_ids(),
    please switch to the new names extract_patterns(). #56
  * Added
  - service_identity.(cryptography|pyopenssl).extract_patterns()
    are now public APIs (FKA extract_ids()).
    You can use them to extract the patterns from a certificate
    without verifying anything. #55
  - service-identity is now fully typed. #57

==== rtkit ====

- rtkit-daemon: Don't log debug messages by default (bsc#1206745).
  Added patch(es):
  * rtkit-silent-debug-messages-by-default.patch

==== rubygem-asciidoctor ====
Version update (2.0.18 -> 2.0.20)

- update to 2.0.20
  Bug Fixes::
  * Update `release-version` attribute in READMEs and man page during release
  * Rebuild man page during release
  === Details
  {url-repo}/releases/tag/v2.0.20[git tag] | {url-repo}/compare/v2.0.19\...v2.0.20[full diff]
  // end::compact[]
  == 2.0.19 (2023-05-17) - @mojavelinux
  Improvements::
  * Return empty string instead of nil if raw or verbatim block has no lines
  * Don't uppercase monospace span in section title in manpage output (#4402)
  * Simplify processing of implicit link (i.e., autolink) by separating implicit and explicit match
  * Generate partintro block consistently (#4450)
  * Add Kiswahili translation for built-in labels (PR #4454) (*@bkmgit*)
  Compliance::
  * Fix call order so use of an include file with invalid encoding continues to raise error when using Ruby >= 3.2.0
  * Fix test assertion for fallback Rouge stylesheet to be compatible with Rouge 4.1 (#4406) (*@tmzullinger*)
  * Support `notitle` option on section as alternative to `untitled` to hide title (#4437)
  * Add support for Haml 6 to template converter (#4429)
  Bug Fixes::
  * Process constrained inline passthrough inside monospace span (#4458)
  * Catalog inline ref defined using anchor macro even when resolved reftext is empty
  * Use while loop rather than recursion to locate next line to process; prevents stack limit error (#4368)
  * Avoid matching numeric character references when searching for # in xref target (#4393)
  * Use correct selector to collapse margin on first and last child of sidebar
  * Don't allow target of include directive to start with a space (to distinguish it from a dlist item) or to end with a space
  * Manify alt text of block image in manpage output (#4401)
  * Adjust font size of term in horizontal dlist to match font size of term in regular dlist
  * Implicitly attach nested list that starts with block attribute lines to dlist entry (#4268)
  * Don't swallow square brackets when processing escaped URL macro
  * Treat `uri:classloader:` as an absolute path prefix when running on JRuby (#3929)
  * Apply reftext substitutions to value of `mantitle` attribute in DocBook output (#4448)
  * Enclose `<reftext>` tag in `<article>` tag in DocBook output for man page (#4452)
  * Correctly handle compat role on monospace and constrained passthrough when box attrlist or formatted text is escaped

==== snapper ====
Version update (0.10.4 -> 0.10.5)
Subpackages: libsnapper7 snapper-zypp-plugin

- improved responsiveness of snapperd when a btrfs quota rescan
  is running (see bsc#1211459)
- update qgroup in config info in snapperd when running setup-quota
- improved waiting for btrfs quota rescan (see bsc #1211459)

==== strace ====
Version update (6.3 -> 6.4)

- Update to strace 6.4
  * Implemented decoding of IFLA_BRPORT_NEIGH_VLAN_SUPPRESS netlink attribute.
  * Implemented decoding of IP_PROTOCOL type control messages and socket option.
  * Updated lists of BPF_*, IP_*, KVM_*, MDBA_*, PACKET_*, PR_*, PTRACE_*,
    UFFD_*, and V4L2_PIX_FMT_* constants.
  * Updated lists of ioctl commands from Linux 6.4.
  * Turn --seccomp-bpf off when --syscall-limit option is specified.
  * Fixed --trace-fds filtering support of syscalls taking file descriptor
    arguments that do not normally have a path associated with them.

==== yast2-kdump ====
Version update (4.6.0 -> 4.6.1)

- adapt for version kdump versions 1.9+ (bsc#1212646)
- call mkdumprd directly, not through tu-rebuild-kdump-initrd
- update initrd even in non-fadump case
- remove KDUMP_COPY_KERNEL and KDUMPTOOL_FLAGS options
- update default config values according to kdump defaults
- unify config boolean variables to "true" or "false"
- support the snappy, zstd and raw dump formats
- 4.6.1

==== zlib-ng-compat ====

- Add patch to fix boo#1212735:
  * 1526.patch