Packages changed:
  apache2-mod_php8 (8.2.7 -> 8.2.8)
  bind (9.18.16 -> 9.18.17)
  elfutils-debuginfod
  hwinfo (23.1 -> 23.2)
  kernel-source (6.4.3 -> 6.4.4)
  libshumate (1.0.4 -> 1.0.5)
  libva (2.18.0 -> 2.19.0)
  libva-gl (2.18.0 -> 2.19.0)
  libvirt
  netcontrol
  nghttp2 (1.54.0 -> 1.55.1)
  openssh (9.3p1 -> 9.3p2)
  openssh-askpass-gnome (9.3p1 -> 9.3p2)
  openssl-1_1
  openssl-3
  ovmf (202302 -> 202305)
  php8 (8.2.7 -> 8.2.8)
  python-rich
  qalculate (4.6.1 -> 4.7.0)
  sysuser-tools
  tar
  update-alternatives (1.21.8 -> 1.21.22)
  virtualbox (7.0.8 -> 7.0.10)
  virtualbox-kmp (7.0.8_k6.4.3_1 -> 7.0.10_k6.4.4_1)
  webkit2gtk3 (2.40.3 -> 2.40.4)
  webkit2gtk3-soup2 (2.40.3 -> 2.40.4)

=== Details ===

==== apache2-mod_php8 ====
Version update (8.2.7 -> 8.2.8)

- version update to 8.2.8
  * This is a bug fix release.
  * https://www.php.net/ChangeLog-8.php#8.2.8
- modified patches
  % php-sort-filelist-phar.patch (refreshed)

==== bind ====
Version update (9.18.16 -> 9.18.17)
Subpackages: bind-doc bind-utils

- Update to release 9.18.17
  Feature Changes:
  * If a response from an authoritative server has its RCODE set to
    FORMERR and contains an echoed EDNS COOKIE option that was
    present in the query, named now retries sending the query to
    the same server without an EDNS COOKIE option.
  * The relaxed QNAME minimization mode now uses NS records. This
    reduces the number of queries named makes when resolving, as it
    allows the non-existence of NS RRsets at non-referral nodes to
    be cached in addition to the normally cached referrals.
  Bug Fixes:
  * The ability to read HMAC-MD5 key files, which was accidentally
    lost in BIND 9.18.8, has been restored.
  * Several minor stability issues with the catalog zone
    implementation have been fixed.

==== elfutils-debuginfod ====
Subpackages: debuginfod-profile libdebuginfod1

- Replace libdebuginfo1 sub-package's debuginfod-profile Recommends
  with config(debuginfod-profile) Requires, but on the debuginfod-\
  client sub-package, instead. And add binutils, bpftrace-tools,
  elfutils, gdb, perf, systemd-coredump, and valgrind Supplements
  to debuginfod-client sub-package. This should make installation
  of debuginfod-client more consistent, along with debuginfod-\
  profile, with software/packages that have debuginfod support.

==== hwinfo ====
Version update (23.1 -> 23.2)
Subpackages: libhd23

- merge gh#openSUSE/hwinfo#128
- Add support for loongarch cpu
- 23.2

==== kernel-source ====
Version update (6.4.3 -> 6.4.4)

- Linux 6.4.4 (bsc#1012628).
- start_kernel: Add __no_stack_protector function attribute
  (bsc#1012628).
- USB: serial: option: add LARA-R6 01B PIDs (bsc#1012628).
- usb: dwc3: gadget: Propagate core init errors to UDC during
  pullup (bsc#1012628).
- phy: tegra: xusb: Clear the driver reference in usb-phy dev
  (bsc#1012628).
- extcon: usbc-tusb320: Unregister typec port on driver removal
  (bsc#1012628).
- dt-bindings: iio: ad7192: Add mandatory reference voltage source
  (bsc#1012628).
- iio: addac: ad74413: don't set DIN_SINK for functions other
  than digital input (bsc#1012628).
- iio: adc: ad7192: Fix null ad7192_state pointer access
  (bsc#1012628).
- iio: adc: ad7192: Fix internal/external clock selection
  (bsc#1012628).
- iio: accel: fxls8962af: errata bug only applicable for
  FXLS8962AF (bsc#1012628).
- iio: accel: fxls8962af: fixup buffer scan element type
  (bsc#1012628).
- Revert "drm/amd/display: edp do not add non-edid timings"
  (bsc#1012628).
- fs: pipe: reveal missing function protoypes (bsc#1012628).
- s390/kasan: fix insecure W+X mapping warning (bsc#1012628).
- blk-mq: don't queue plugged passthrough requests into scheduler
  (bsc#1012628).
- block: Fix the type of the second bdev_op_is_zoned_write()
  argument (bsc#1012628).
- block/rq_qos: protect rq_qos apis with a new lock (bsc#1012628).
- splice: Fix filemap_splice_read() to use the correct inode
  (bsc#1012628).
- erofs: kill hooked chains to avoid loops on deduplicated
  compressed images (bsc#1012628).
- x86/resctrl: Only show tasks' pid in current pid namespace
  (bsc#1012628).
- fsverity: use shash API instead of ahash API (bsc#1012628).
- fsverity: don't use bio_first_page_all() in
  fsverity_verify_bio() (bsc#1012628).
- blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost
  (bsc#1012628).
- x86/sev: Fix calculation of end address based on number of pages
  (bsc#1012628).
- blk-cgroup: Reinit blkg_iostat_set after clearing in
  blkcg_reset_stats() (bsc#1012628).
- virt: sevguest: Add CONFIG_CRYPTO dependency (bsc#1012628).
- blk-mq: fix potential io hang by wrong 'wake_batch'
  (bsc#1012628).
- lockd: drop inappropriate svc_get() from locked_get()
  (bsc#1012628).
- nvme-core: fix memory leak in dhchap_secret_store (bsc#1012628).
- nvme-core: fix memory leak in dhchap_ctrl_secret (bsc#1012628).
- nvme-core: add missing fault-injection cleanup (bsc#1012628).
- nvme-core: fix dev_pm_qos memleak (bsc#1012628).
- md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
  (bsc#1012628).
- md/raid10: fix overflow of md/safe_mode_delay (bsc#1012628).
- md/raid10: fix wrong setting of max_corr_read_errors
  (bsc#1012628).
- md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
  (bsc#1012628).
- md/raid10: fix io loss while replacement replace rdev
  (bsc#1012628).
- md/raid1-10: factor out a helper to add bio to plug
  (bsc#1012628).
- md/raid1-10: factor out a helper to submit normal write
  (bsc#1012628).
- md/raid1-10: submit write io directly if bitmap is not enabled
  (bsc#1012628).
- block: fix blktrace debugfs entries leakage (bsc#1012628).
- irqchip/loongson-eiointc: Fix irq affinity setting during resume
  (bsc#1012628).
- splice: don't call file_accessed in copy_splice_read
  (bsc#1012628).
- irqchip/stm32-exti: Fix warning on initialized field overwritten
  (bsc#1012628).
- irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
  (bsc#1012628).
- svcrdma: Prevent page release when nothing was received
  (bsc#1012628).
- erofs: fix compact 4B support for 16k block size (bsc#1012628).
- posix-timers: Prevent RT livelock in itimer_delete()
  (bsc#1012628).
- tick/rcu: Fix bogus ratelimit condition (bsc#1012628).
- tracing/timer: Add missing hrtimer modes to
  decode_hrtimer_mode() (bsc#1012628).
- btrfs: always read the entire extent_buffer (bsc#1012628).
- btrfs: don't use btrfs_bio_ctrl for extent buffer reading
  (bsc#1012628).
- btrfs: return bool from lock_extent_buffer_for_io (bsc#1012628).
- btrfs: submit a writeback bio per extent_buffer (bsc#1012628).
- btrfs: fix range_end calculation in extent_write_locked_range
  (bsc#1012628).
- btrfs: don't fail writeback when allocating the compression
  context fails (bsc#1012628).
- btrfs: only call __extent_writepage_io from
  extent_write_locked_range (bsc#1012628).
- btrfs: don't treat zoned writeback as being from an async
    ... changelog too long, skipping 1321 lines ...
- commit f6ca0bc

==== libshumate ====
Version update (1.0.4 -> 1.0.5)
Subpackages: libshumate-1_0-1 libshumate-lang typelib-1_0-Shumate-1_0

- Update to version 1.0.5:
  + Don't defer frame clock when widget is unrealized.

==== libva ====
Version update (2.18.0 -> 2.19.0)
Subpackages: libva-drm2 libva-wayland2 libva-x11-2 libva2

- Update to 2.19.0:
  * add: Add mono_chrome to VAEncSequenceParameterBufferAV1
  * add: Enable support for license acquisition of multiple protected
    playbacks
  * fix: use secure_getenv instead of getenv
  * trace: Improve and add VA trace log for AV1 encode
  * trace: Unify va log message, replace va_TracePrint with va_TraceMsg.

==== libva-gl ====
Version update (2.18.0 -> 2.19.0)

- Update to 2.19.0:
  * add: Add mono_chrome to VAEncSequenceParameterBufferAV1
  * add: Enable support for license acquisition of multiple protected
    playbacks
  * fix: use secure_getenv instead of getenv
  * trace: Improve and add VA trace log for AV1 encode
  * trace: Unify va log message, replace va_TracePrint with va_TraceMsg.

==== libvirt ====
Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-proxy libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs

- CVE-2023-3750: storage: Fix returning of locked objects from
  'virStoragePoolObjListSearch'
  bsc#1213447

==== netcontrol ====

- Fix EOF handling in xml-reader to avoid `virsh iface-*` commands
  hang on aarch64 (bsc#1213349)
  [+ 0001-xml-reader-fix-xml_getc-and-xml_ungetc.patch,
  + 0002-xml-reader-allow-uppercase-for-lt-gt-and-amp-expansi.patch]

==== nghttp2 ====
Version update (1.54.0 -> 1.55.1)

- update to 1.55.1:
  * Fix memory leak
    This commit fixes memory leak that happens when
    PUSH_PROMISE or HEADERS frame cannot be sent, and
    nghttp2_on_stream_close_callback fails with a fatal error.
    For example, if GOAWAY frame has been received, a
    HEADERS frame that opens new stream cannot be sent.
    This issue has already been made public via CVE-2023-35945
    by envoyproxy/envoy project.  During embargo period, the
    patch to fix this bug was accidentally submitted to
    nghttp2/nghttp2 repository [2]. And they decided to
    disclose CVE early.  I was notified just 1.5 hours
    before disclosure.  I had no time to respond.
    PoC described in [1] is quite simple, but I think it is
    not enough to trigger this bug.  While it is true that
    receiving GOAWAY prevents a client from opening new stream,
    and nghttp2 enters error handling branch, in order to cause
    the memory leak, nghttp2_session_close_stream function
    must return a fatal error.
    NGHTTP2_ERR_NOMEM, as its name suggests, indicates out of
    memory.  It is unlikely that a process gets short of
    memory with this simple PoC scenario unless application
    does something memory heavy processing.
  * NGHTTP2_ERR_CALLBACK_FAILURE is returned from application
    defined callback function (nghttp2_on_stream_close_callback, in
    this case), which indicates something fatal happened inside a
    callback, and a connection must be closed immediately without
    any further action.  As nghttp2_on_stream_close_error_callback
    documentation says, any error code other than 0 or
    NGHTTP2_ERR_CALLBACK_FAILURE is treated as fatal
    error code.  More specifically, it is treated as if
    NGHTTP2_ERR_CALLBACK_FAILURE is returned.  I guess that
    envoy returns
    NGHTTP2_ERR_CALLBACK_FAILURE or other error code which is
    translated into NGHTTP2_ERR_CALLBACK_FAILURE.
    https://github.com/envoyproxy/envoy/security/advisories/GHSA-
    jfxv-29pc-x22r

==== openssh ====
Version update (9.3p1 -> 9.3p2)
Subpackages: openssh-clients openssh-common openssh-server

- Update to openssh 9.3p2 (bsc#1213504, CVE-2023-38408):
  Security
  ========
  Fix CVE-2023-38408 - a condition where specific libaries loaded via
  ssh-agent(1)'s PKCS#11 support could be abused to achieve remote
  code execution via a forwarded agent socket if the following
  conditions are met:
  * Exploitation requires the presence of specific libraries on
    the victim system.
  * Remote exploitation requires that the agent was forwarded
    to an attacker-controlled system.
  Exploitation can also be prevented by starting ssh-agent(1) with an
  empty PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring
  an allowlist that contains only specific provider libraries.
  This vulnerability was discovered and demonstrated to be exploitable
  by the Qualys Security Advisory team.
  In addition to removing the main precondition for exploitation,
  this release removes the ability for remote ssh-agent(1) clients
  to load PKCS#11 modules by default (see below).
  Potentially-incompatible changes
  - -------------------------------
  * ssh-agent(8): the agent will now refuse requests to load PKCS#11
    modules issued by remote clients by default. A flag has been added
    to restore the previous behaviour "-Oallow-remote-pkcs11".
    Note that ssh-agent(8) depends on the SSH client to identify
    requests that are remote. The OpenSSH >=8.9 ssh(1) client does
    this, but forwarding access to an agent socket using other tools
    may circumvent this restriction.

==== openssh-askpass-gnome ====
Version update (9.3p1 -> 9.3p2)

- Update to openssh 9.3p2
  * No changes for askpass, see main package changelog for
    details

==== openssl-1_1 ====
Subpackages: libopenssl1_1

- Security fix: [bsc#1213487, CVE-2023-3446]
  * Fix DH_check() excessive time with over sized modulus.
  * The function DH_check() performs various checks on DH parameters.
    One of those checks confirms that the modulus ("p" parameter) is
    not too large. Trying to use a very large modulus is slow and
    OpenSSL will not normally use a modulus which is over 10,000 bits
    in length.
    However the DH_check() function checks numerous aspects of the
    key or parameters that have been supplied. Some of those checks
    use the supplied modulus value even if it has already been found
    to be too large.
    A new limit has been added to DH_check of 32,768 bits. Supplying
    a key/parameters with a modulus over this size will simply cause
    DH_check() to fail.
  * Add openssl-CVE-2023-3446.patch openssl-CVE-2023-3446-test.patch

==== openssl-3 ====
Subpackages: libopenssl3 libopenssl3-32bit

- Security fix: [bsc#1213487, CVE-2023-3446]
  * Fix DH_check() excessive time with over sized modulus.
  * The function DH_check() performs various checks on DH parameters.
    One of those checks confirms that the modulus ("p" parameter) is
    not too large. Trying to use a very large modulus is slow and
    OpenSSL will not normally use a modulus which is over 10,000 bits
    in length.
    However the DH_check() function checks numerous aspects of the
    key or parameters that have been supplied. Some of those checks
    use the supplied modulus value even if it has already been found
    to be too large.
    A new limit has been added to DH_check of 32,768 bits. Supplying
    a key/parameters with a modulus over this size will simply cause
    DH_check() to fail.
  * Add openssl-CVE-2023-3446.patch openssl-CVE-2023-3446-test.patch
- Security fix: [bsc#1213383, CVE-2023-2975]
  * AES-SIV implementation ignores empty associated data entries
  * Add openssl-CVE-2023-2975.patch

==== ovmf ====
Version update (202302 -> 202305)
Subpackages: qemu-ovmf-x86_64

- Removed the following patches because they are not necessary and
  they blocked for submit to openSUSE:Factory. (bsc#1205978)
    ovmf-Revert-OvmfPkg-PlatformInitLib-Add-PlatformAddHobCB.patch
    ovmf-Revert-OvmfPkg-PlatformInitLib-Add-PlatformGetLowMem.patch
    ovmf-Revert-OvmfPkg-PlatformInitLib-Add-PlatformReservati.patch
    ovmf-Revert-OvmfPkg-PlatformInitLib-Add-PlatformScanE820-.patch
    ovmf-Revert-OvmfPkg-PlatformInitLib-reorder-PlatformQemuU.patch
- Add openssl.keyring.README to shim.spec as Source113 to avoid
  erroe when submit to openSUSE:Factory
- Enable support for riscv64
- Update to edk2-stable202305 (bsc#1205588)
  - Features (https://github.com/tianocore/edk2/releases):
    Expose IBT/BTI compatible runtime DXE drivers via memory attributes table
    Update toolchain support
    MdePkg: Support FDT library
    Add google mocks support to UnitTestFrameworkPkg GoogleTestLib
    Platform Redfish Host Interface library for USBNIC
    [OpenSSL] Update OpenSSL version to version 1.1.1t to include CVE fix
    Replace pre-standard FUNCTION with C99 func throughout edk2
    Implement EFI memory attributes protocol for ARM platforms
    Add TraceHubLib Support
  - Patches (git log --oneline --date-order edk2-stable202302..edk2-stable202305):
    ba91d0292e MdeModulePkg/Core/Pei: set AprioriCount=0 before walking through next FV
    5ce29ae84d ArmPkg/ArmMmuLib AARCH64: Add missing ISB after page table update
    c5cf7f69c9 pip-requirements.txt: Update edk2 pip modules
    0abfb0be6c OvmfPkg: RiscVVirt: Add missing SerialPortInitialize to Sec
    45da4e3135 MdePkg: add SBI-based SerialPortLib for RISC-V
    2900e75511 MdePkg: BaseRiscVSbiLib: make more useful to consumers
    cafb4f3f36 UefiPayloadPkg: Fix boot shell issue for universal UEFI payload
    80bc13db83 Maintainers.txt: Update reviewers and maintainers for FdtLib.
    d322557712 BaseTools/tools_def: Disable overzealous unused variable warning on Clang
    e2607d3a78 BaseTools/tools_def: Drop ref to undefined CLANGDWARF_ARM_PREFIX
    0b37723186 ShellPkg/UefiShellDebug1CommandsLib: Replace hardcoded SMBIOS strings.
    2d4c76f783 MdePkg/IndustryStandard: Add SMBIOS anchor string & length defines.
    c08a3a96fd MdePkg/IndustryStandard: Add IPMI Interface Capabilities definitions
    083b029538 MdePkg: Add new PCDs for IPMI SSIF
    dea6c7dc2a MdePkg/IndustryStandard: Add definitions for IPMI SSIF
    0a0e60caf2 Maintainers.txt: Update reviewers and maintainers for TraceHubDebugLib.
    0f0422cedc MdeModulePkg: Add TraceHubDebugSysTLib library
    3d50fdc5c6 MdePkg: Add NULL library of TraceHubDebugSysTLib
    c6bb7d54be MdePkg: Add MipiSysTLib library
    782948c1a7 MdePkg: Add mipisyst submodule
    6dd64168ed BaseTools/Plugin: Too many execute files cause "cmd too long" failure
    c6382ba0f2 SecurityPkg: Add missing break in Tpm2TestParms
    77f75c7fb8 BaseTools: Update Tests/TestTools.py to allow it to work on Windows
    b9bbb4ae93 BaseTools: only print the environment once in toolsetup.bat
    dd246227d6 BaseTools: Update toolsetup.bat to not use BASETOOLS_PYTHON_SOURCE
    f47415e031 BaseTools: Revert Set the CLANGDWARF OBJCOPY path in tools_def.template
    6fb2760dc8 OvmfPkg: drop PlatformBootManagerLibGrub
    81dc0d8b4c OvmfPkg/AmdSev: stop using PlatformBootManagerLibGrub
    63887e272d OvmfPkg/NvVarsFileLib: disable in case PcdBootRestrictToFirmware is set
    41d7832db0 OvmfPkg/PlatformBootManagerLib: add PcdBootRestrictToFirmware
    e6447d2a08 Remove bashisms from edksetup.sh and BaseTools/BuildEnv
    373a95532a BaseTools: Remove the CLANGCC build rule for Hii-Binary-Package.UEFI_HII
    ecbc394365 BaseTools: Set CLANGDWARF RC path to llvm-objcopy in tools_def.template
    11f62f4cc0 BaseTools: Set the CLANGDWARF OBJCOPY path in tools_def.template
    c6f47e678f BaseTools: Remove BUILDRULEFAMILY from CLANGDWARF in tools_def.template
    9165a7e95e CryptoPkg: Delete CLANG35 and CLANG38 build flags; add CLANGDWARF flags
    e97b9b4e5a MdePkg: Add more HobLib/PeiServicesLib gmock support
    25c9d44315 MdeModulePkg: Add more PciHostBridgeLib gmock support
    bee67e0c14 OvmfPkg: Relax assertion that interrupts do not occur at TPL_HIGH_LEVEL
    ae0be176a8 OvmfPkg: Clarify invariants for NestedInterruptTplLib
    5215cd5baf BaseTools: Update toolsetup.bat and Tests/PythonTest.py to check ver
    e6de6052a0 edksetup.bat: if toolsetup.bat fails, just exit
    11ec5161fa BaseTools: use threading.current_thread in NmakeSubdirs.py
    db7e6291c0 BaseTools: Remove Python2/Python3 detection from toolset.bat
    6eeb58ece3 RedfishPkg: Fix compile issue on Linux
    665fca9ee7 RedfishPkg: Add missing newline character
    a1f6485a9b RedfishPkg: Create RestEx child on selected interface
    05762bd2e0 RedfishPkg: Fix condition checking of error status
    c580e27efc RedfishPkg: Correct variable type to prevent memory corruption
    d89492456f Securitypkg/hddpassword: Update HddPasswordDxeInit to use Variable Policy
    8dbf868e02 Add volatile keyword to NvmExpressPei's Passthru CQ
    293b97d0c4 Add the volatile keyword to NvmExpressDxe's Passthru CQ
    4dea9e4a0e BaseTools/Conf: Add quotes to ADDDEBUGFLAG in tools_def.txt
    8e985ac3fd BaseTools/Conf: Align CLANGDWARF and CLANGPDB warning overrides
    66494e5324 MdeModulePkg/CapsuleApp: Add EFIAPI to CompareFileNameInAlphabet()
    eabaeb0613 OvmfPkg: move OvmfTpmDxe.fdf.inc to Include/Fdf
    8bca1bb977 OvmfPkg: move OvmfTpmPei.fdf.inc to Include/Fdf
    b65c0eed6b BaseSynchronizationLib: Fix LoongArch64 synchronization functions
    757f502a3b BaseTools/Conf/tools_def.template: Bump VERSION to 3.00
    050d6e9434 BaseTools: Delete CLANG38 from tools_def.template
    128547b081 BaseTools: Remove CLANG35 toolchain from tools_def.template
    4ef4b81c9b BaseTools: As with CLANGDWARF IA32 and X64, use lld for ARM and AARCH64
    98edce75fa BaseTools: Add ARM and AARCH64 CLANGDWARF support in tools_def.template
    0fc07b1c6a BaseTools/Conf/tools_def.template: Add section for deprecated toolchains
    01225075db Add GCC and GCCNOLTO toolchains to tools_def.txt and update packages
    66803cafcf BaseTools: Update VS toolchain descriptions in tools_def.txt.template
    d7c6030a47 BaseTools: Remove EBC (EFI Byte Code) compiler definitions
    8b441847e3 BaseTools: Remove unused IPHONE_TOOLS and SOURCERY_CYGWIN_TOOLS defs
    ba634ce82b edksetup.bat: Remove VS2008-VS2013 remnants
    c844d86bee MdePkg: Remove VS2008-VS2013 remnants
    c3ac3301e9 BaseTools: Remove VS2008-VS2013 remnants
    0363584ac9 BaseTools: Remove VS2008, 2010, 2012 and 2013 toolchain definitions
    94c802e108 MdePkg/BasePeCoffLib: Deal with broken debug directories
    ff7cb2d7c9 .pytool: Support FDT library.
    5d586606c7 MdePkg: Support FDT library.
    10416bf46e Tianocore: Support FDT library.
    d992a05ade Maintainers.txt: Update for IntelFsp2Pkg and IntelFsp2WrapperPkg.
    ... changelog too long, skipping 312 lines ...
    issue be fixed.

==== php8 ====
Version update (8.2.7 -> 8.2.8)
Subpackages: php8-cli php8-ctype php8-dom php8-gd php8-gettext php8-iconv php8-mbstring php8-mysql php8-openssl php8-pdo php8-sqlite php8-tokenizer php8-xmlreader php8-xmlwriter

- version update to 8.2.8
  * This is a bug fix release.
  * https://www.php.net/ChangeLog-8.php#8.2.8
- modified patches
  % php-sort-filelist-phar.patch (refreshed)

==== python-rich ====

- %{?sle15_python_module_pythons} mut be at beginning to work.

==== qalculate ====
Version update (4.6.1 -> 4.7.0)
Subpackages: libqalculate22 qalculate-data

- version update to 4.7.0
  * Support for custom default angle unit, e.g. turn, arcsec, arcmin
  * Append default angle unit (instead of always radians) when converting
    value without unit to angle unit
  * More consistent addition and removal of angle unit from function arguments
  * Always interpret ./, .*, and .^ as entrywise operators if user intention is unclear
  * Change order of operations to place entrywise and ordinary operators on
    the same precedence level
  * Add function, kron(), for Kronecker product, and constants for Pauli matrices
  * Add radius to planets dataset and update other properties
  * Support replacement of unknown variables within variable values
  * Fix besselj(0, 0)
  * Fix incomplete calculation in tan() with try exact approximation
  * Fix 0/0=0 equality (do not return true) and output of 2/0 (and similar)
  * Fixes and improvements for newtonsolve() and secantsolve()
  * Fix segfault when MathStructure is deleted after Calculator, and in destructor
    of calculated DynamicVariable (called from Calculator destructor)
  * Do not save mode on exit if "-defaults" command line switch where used (CLI)
  * Allow multiple actions for keyboard shortcuts (GTK, Qt)
  * Add toggle precision, and min, max, or min and max decimals to available
    shortcut and button actions (GTK, Qt)
  * Add option to exclude units for unformatted ASCII copy (GTK, Qt)
  * Add optional value to copy result action, allowing expression copy and
    formatting selection (GTK, Qt)
  * Fix copy unformatted ASCII when local digit group separator is same as selected
    decimal separator (GTK, Qt)
  * Add option to automatically copy result (Qt)
  * Always set (primary) selection clipboard contents when whole expression is
    selected or selection is cleared, e.g. after calculation (Qt)
  * Improve support dark mode and high contrast modes, and change default style
    to Fusion, on Windows (Qt)
  * Minor bug fixes and feature enhancements

==== sysuser-tools ====

- Add "quilt setup" friendly hint to %sysusers_requires usage
  It is not required to have sysuser-tools installed when working
  with a pkg source which uses sysuser-tools at build time.

==== tar ====
Subpackages: tar-lang tar-rmt

- Update tests-skip-time01-on-32bit-time_t.patch to not run test
  on armv6 either

==== update-alternatives ====
Version update (1.21.8 -> 1.21.22)

- openssl.patch: use openssl library for MD5 calculation instead
  of relying on libmd. libmd is not in Ring0
- require Perl 5.28.1 or later

==== virtualbox ====
Version update (7.0.8 -> 7.0.10)

-  VirtualBox 7.0.10 (released July 18 2023)
  This is a maintenance release. The following items were fixed and/or added:
    OCI: Introduced general improvements
    VMM: Fixed a bug while walking page tables while executing nested VMs causing flooding of the release log as a consequence (Intel hosts only, bug #21551)
    GUI: Added general improvements
    TPM: Fixed a crash when a VM has a TPM version 1.2 configured (bug #21622)
    3D: Initial support for OpenGL 4.1
    3D: Fixed various graphics issues with Windows 11 guests (bugs #21136, #21515)
    Guest Control/VBoxManage: Fixed parameter "--ignore-orphaned-processes"
    Guest Control/VBoxManage: Fixed behavior of how handling argument 0 for a started guest process works: One can now explicitly specify it with the newly added option "--arg0". This will effectively restore the behavior of former VirtualBox versions
    Audio: Also use the PulseAudio backend when pipewire-pulse is running instead of falling back to ALSA (bug #21575)
    NAT: Adjusted UDP proxy timeout from 18-21 to 21-24 range to respect intended 20 second timeout (bug #21560)
    Linux Host: Added initial support for Indirect Branch Tracking (bug #21435)
    Linux Host: Added initial support for kernel 6.5 (NOTE: Guest Additions do not support kernel 6.5 yet)
    Linux Host and Guest: Improved condition check when kernel modules need to be signed
    Linux Host and Guest: Added initial support for RHEL 8.8 (bug #21692), 8.9 (bug #21690) and 9.3 (bugs #21598 and #21671) kernels
    Linux Guest Additions: Fixed issue when kernel modules were rebuilt on each boot when guest system has no X11 installed
    Linux Guest Additions: Added initial support for kernel 6.4
    Linux Guest Additions: Fixed issue when vboxvideo module reloading caused kernel panic in some guests (bug #21740)
    Linux Guest Additions: Introduced general improvements in the installer area
    Windows Guest Additions: Introduced general improvements in graphics drivers area
    removed "fixes_for_kernel_6.4.patch" as this is fixed upstream
    Fix issue with kernel on newer CPU (boo#1212209)

==== virtualbox-kmp ====
Version update (7.0.8_k6.4.3_1 -> 7.0.10_k6.4.4_1)

-  VirtualBox 7.0.10 (released July 18 2023)
  This is a maintenance release. The following items were fixed and/or added:
    OCI: Introduced general improvements
    VMM: Fixed a bug while walking page tables while executing nested VMs causing flooding of the release log as a consequence (Intel hosts only, bug #21551)
    GUI: Added general improvements
    TPM: Fixed a crash when a VM has a TPM version 1.2 configured (bug #21622)
    3D: Initial support for OpenGL 4.1
    3D: Fixed various graphics issues with Windows 11 guests (bugs #21136, #21515)
    Guest Control/VBoxManage: Fixed parameter "--ignore-orphaned-processes"
    Guest Control/VBoxManage: Fixed behavior of how handling argument 0 for a started guest process works: One can now explicitly specify it with the newly added option "--arg0". This will effectively restore the behavior of former VirtualBox versions
    Audio: Also use the PulseAudio backend when pipewire-pulse is running instead of falling back to ALSA (bug #21575)
    NAT: Adjusted UDP proxy timeout from 18-21 to 21-24 range to respect intended 20 second timeout (bug #21560)
    Linux Host: Added initial support for Indirect Branch Tracking (bug #21435)
    Linux Host: Added initial support for kernel 6.5 (NOTE: Guest Additions do not support kernel 6.5 yet)
    Linux Host and Guest: Improved condition check when kernel modules need to be signed
    Linux Host and Guest: Added initial support for RHEL 8.8 (bug #21692), 8.9 (bug #21690) and 9.3 (bugs #21598 and #21671) kernels
    Linux Guest Additions: Fixed issue when kernel modules were rebuilt on each boot when guest system has no X11 installed
    Linux Guest Additions: Added initial support for kernel 6.4
    Linux Guest Additions: Fixed issue when vboxvideo module reloading caused kernel panic in some guests (bug #21740)
    Linux Guest Additions: Introduced general improvements in the installer area
    Windows Guest Additions: Introduced general improvements in graphics drivers area
    removed "fixes_for_kernel_6.4.patch" as this is fixed upstream
    Fix issue with kernel on newer CPU (boo#1212209)

==== webkit2gtk3 ====
Version update (2.40.3 -> 2.40.4)
Subpackages: WebKitGTK-4.1-lang libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles

- Update to version 2.40.4:
  + Fix a bug in JavaScript reading variable arguments in a call.

==== webkit2gtk3-soup2 ====
Version update (2.40.3 -> 2.40.4)
Subpackages: WebKitGTK-4.0-lang libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles

- Update to version 2.40.4:
  + Fix a bug in JavaScript reading variable arguments in a call.