Packages changed:
  Mesa (23.1.3 -> 23.1.4)
  Mesa-drivers (23.1.3 -> 23.1.4)
  apparmor
  crypto-policies (20230420.3d08ae7 -> 20230614.5f3458e)
  curl (8.1.2 -> 8.2.0)
  dLeyna
  fwupd (1.8.16 -> 1.8.17)
  gcc13 (13.1.1+git7552 -> 13.1.1+git7597)
  ghostscript
  glu (9.0.2 -> 9.0.3)
  grub2
  gstreamer (1.22.4 -> 1.22.5)
  gstreamer-plugins-bad (1.22.4 -> 1.22.5)
  gstreamer-plugins-base (1.22.4 -> 1.22.5)
  gstreamer-plugins-good (1.22.4 -> 1.22.5)
  gstreamer-plugins-libav (1.22.4 -> 1.22.5)
  gstreamer-plugins-rs (0.10.9 -> 0.10.11)
  gstreamer-plugins-ugly (1.22.4 -> 1.22.5)
  gupnp
  hidapi (0.13.1 -> 0.14.0)
  highway (1.0.4 -> 1.0.5)
  ipmitool (1.8.19.0.g19d7878 -> 1.8.19.13.gbe11d94)
  java-11-openjdk (11.0.19.0 -> 11.0.20.0)
  kdeconnect-kde
  kernel-firmware (20230707 -> 20230724)
  kernel-source (6.4.4 -> 6.4.6)
  kmod
  lensfun (0.3.3 -> 0.3.4)
  lftp
  libapparmor
  libarchive (3.6.2 -> 3.7.0)
  libgexiv2 (0.14.1 -> 0.14.2)
  libnvme
  libqb (2.0.7+20230607.06c8641 -> 2.0.8+20230721.002171b)
  librsvg (2.56.1 -> 2.56.3)
  libxcrypt (4.4.35 -> 4.4.36)
  lilv
  man
  mdadm
  nftables (1.0.7 -> 1.0.8)
  perl-XML-LibXML (2.0208 -> 2.0209)
  perl-libwww-perl (6.71 -> 6.720.0)
  pipewire (0.3.74 -> 0.3.75)
  python-SQLAlchemy (2.0.16 -> 2.0.19)
  python-mysqlclient
  python-py
  python-pycairo (1.23.0 -> 1.24.0)
  python-pygit2 (1.11.1 -> 1.12.2)
  python-urllib3 (2.0.3 -> 2.0.4)
  python-zope.event
  python-zope.hookable
  python-zope.i18nmessageid
  qt6-base (6.5.1 -> 6.5.2)
  qt6-declarative (6.5.1 -> 6.5.2)
  qt6-imageformats (6.5.1 -> 6.5.2)
  qt6-translations (6.5.1 -> 6.5.2)
  qt6-wayland (6.5.1 -> 6.5.2)
  rdma-core (45.0 -> 47.0)
  samba (4.18.3+git.303.c08b73d523c -> 4.18.5+git.313.c8e274c7852)
  shotwell (0.32.1 -> 0.32.2)
  sudo (1.9.13p3 -> 1.9.14p1)
  sysuser-tools (3.1 -> 3.2)
  texlive-specs-n (2023.201.2.005svn65956 -> 2023.209.2.005svn65956)
  tpm2-0-tss
  vlc
  xfsprogs (6.3.0 -> 6.4.0)
  yast2-trans (84.87.20230714.966688ddd0 -> 84.87.20230720.09601d9b28)
  zlib-ng-compat

=== Details ===

==== Mesa ====
Version update (23.1.3 -> 23.1.4)
Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libOSMesa8 libgbm1

- Update to bugfix release 23.1.4
  - -> https://docs.mesa3d.org/relnotes/23.1.4.html
- supersedes u_fix-glx-context-opengl-4.5.patch

==== Mesa-drivers ====
Version update (23.1.3 -> 23.1.4)
Subpackages: Mesa-dri Mesa-gallium Mesa-libva libxatracker2

- Update to bugfix release 23.1.4
  - -> https://docs.mesa3d.org/relnotes/23.1.4.html
- supersedes u_fix-glx-context-opengl-4.5.patch

==== apparmor ====
Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang python3-apparmor

- Add pam_apparmor README, referenced from online cha-apparmor-pam.html
  documentation (bsc#1213472)

==== crypto-policies ====
Version update (20230420.3d08ae7 -> 20230614.5f3458e)
Subpackages: crypto-policies-scripts

- BSI.pol: Added a new BSI policy for BSI TR 02102* (jsc#PED-4933)
  derived from NEXT.pol
- Update to version 20230614.5f3458e:
  * policies: impose old OpenSSL groups order for all back-ends
  * Rebase patches:
  - crypto-policies-revert-rh-allow-sha1-signatures.patch
  - crypto-policies-supported.patch

==== curl ====
Version update (8.1.2 -> 8.2.0)
Subpackages: libcurl4

- Update to 8.2.0 [bsc#1213237, CVE-2023-32001]
  * Security fix:
  - CVE-2023-32001: fopen race condition
  * Changes:
  - curl: add --ca-native and --proxy-ca-native
  - curl: add --trace-ids
  - CURLOPT_MAIL_RCPT_ALLOWFAILS: replace CURLOPT_MAIL_RCPT_ALLLOWFAILS
  - haproxy: add --haproxy-clientip flag to set client IPs
  - lib: add CURLINFO_CONN_ID and CURLINFO_XFER_ID
  * Bugfixes:
  - cf-socket: don't bypass fclosesocket callback if cancelled before connect
  - cf-socket: skip getpeername()/getsockname for TFTP
  - curl: count uploaded data to stop at the originally given size
  - curl: return error when asked to use an unsupported HTTP version
  - http2: fix crash in handling stream weights
  - http2: send HEADER & DATA together if possible
  - http3/ngtcp2: upload EAGAIN handling
  - http: rectify the outgoing Cookie: header field size check
  - hyper: fix EOF handling on input
  - imap: Provide method to disable SASL if it is advertised
  - libssh2: provide error message when setting host key type fails
  - libssh2: use custom memory functions
  - ngtcp2: assigning timeout, but value is overwritten before used
  - quiche: avoid NULL deref in debug logging
  - sectransp: fix EOF handling
  - system.h: remove __IBMC__/__IBMCPP__ guards and apply to all z/OS compiles
  - timeval: use CLOCK_MONOTONIC_RAW if available
  - tls13-ciphers.d: include Schannel
  - tool_easysrc.h: correct `easysrc_perform` for `CURL_DISABLE_LIBCURL_OPTION`
  - tool_operate: allow cookie lines up to 8200 bytes
  - tool_parsecfg: accept line lengths up to 10M
  - tool_writeout_json: fix encoding of control characters
  - transfer: clear credentials when redirecting to absolute URL
  - urlapi: have *set(PATH) prepend a slash if one is missing
  - urlapi: scheme must start with alpha
  - vtls: avoid memory leak if sha256 call fails
  - websocket-cb: example doing WebSocket download using callback
  - ws: make the curl_ws_meta() return pointer a const

==== dLeyna ====

- Add 61d24fdc.patch: Fix typos for meson 1.2 compatibility.

==== fwupd ====
Version update (1.8.16 -> 1.8.17)
Subpackages: fwupd-bash-completion fwupd-lang libfwupd2 typelib-1_0-Fwupd-2_0

- Update to version 1.8.17:
  + Correctly obtain the Thunderbolt is_native controller
    attribute.
  + Fix a Wacom emulation failure on s390x.
  + Only allow --force on security attributes for unsupported
    builds.
  + Reduce the amount of RSS by ~12% at startup.

==== gcc13 ====
Version update (13.1.1+git7552 -> 13.1.1+git7597)
Subpackages: cpp13 gcc13-locale libasan8 libatomic1 libgcc_s1 libgccjit0 libgfortran5 libgomp1 libhwasan0 libitm1 liblsan0 libobjc4 libquadmath0 libstdc++6 libstdc++6-devel-gcc13 libstdc++6-locale libstdc++6-pp libtsan2 libubsan1

- Bump to 9aac37ab8a7b919a89c6d64bc7107a8436996e93, git7597
  * GCC 13.2 RC1
- Add rpmlint filter for SLE12 complaining about invalid licenses.
- Also handle -static-pie in the default-PIE specs

==== ghostscript ====
Subpackages: ghostscript-x11

- CVE-2023-38559.patch fixes CVE-2023-38559
  "out of bounds read devn_pcx_write_rle() could result in DoS"
  see bsc#1213637
  and https://bugs.ghostscript.com/show_bug.cgi?id=706897
  which is in base/gdevdevn.c the same issue
  "ordering in if expression to avoid out-of-bounds access"
  as the already fixed CVE-2020-16305 in devices/gdevpcx.c
  see https://bugs.ghostscript.com/show_bug.cgi?id=701819

==== glu ====
Version update (9.0.2 -> 9.0.3)

- Update to version 9.0.3
  * drop autotools
  * apple: Fix compatibility version and current version of meson
    build to be compatible with autotools build
  * pkgconfig: Depend on opengl when built with libglvnd
  * pkgconfig: Drop unneeded lines from autotools build
  * pkgconfig: meson build should match autotools requires
  * Remove deprecated register in C++17
- switch to meson build

==== grub2 ====
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen

- Fix error message "unknown command tpm_record_pcrs" with encrypted boot and
  no tpm device present (bsc#1213547)
  * 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch

==== gstreamer ====
Version update (1.22.4 -> 1.22.5)
Subpackages: gstreamer-lang gstreamer-utils libgstreamer-1_0-0 typelib-1_0-Gst-1_0

- Update to version 1.22.5:
  + Highlighted bugfixes:
  - Security fixes for the RealMedia demuxer
  - vaapi decoders, postproc: Disable DMAbuf from caps
    negotiation to fix garbled video in some cases
  - decodebin3, playbin3, parsebin fixes, especially for stream
    reconfiguration
  - hlsdemux2: fix early seeking; don't pass referer when
    updating playlists; webvtt fixes
  - gtk: Fix critical caused by pointer movement when stream is
    getting ready
  - qt6: Set sampler filtering method, fixes bad quality with
    qml6glsink and gstqt6d3d11
  - v4l2src: handle resolution change when buffers are copied
  - videoflip: update orientation tag in auto mode
  - video timecode: Add support for framerates lower than 1fps
    and accept 119.88 (120/1.001) fps
  - webrtcsink: fixes for x264enc and NVIDIA encoders
  - cerbero: Pull ninja from system if possible, avoid spurious
    bootstrap of cmake
  - packages: Recipe updates for ffmpeg, libsoup, orc
  - various bug fixes, memory leak fixes, and other stability and
    reliability improvements
  + gstreamer:
  - taglist, plugins: fix compiler warnings with GLib >= 2.76
  - tracerutils: allow casting parameter types
  - inputselector: fix playing variable is never set
- Rebase patch.

==== gstreamer-plugins-bad ====
Version update (1.22.4 -> 1.22.5)
Subpackages: gstreamer-plugins-bad-lang libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0

- Update to version 1.22.5:
  + d3d11bufferpool: Fix heavy CPU usage in case of fixed-size pool
  + jpegparser: jpegdecoder: Don't pollute bus and comply with spec
  + plugins: fix compiler warnings with GLib >= 2.76
  + webrtcbin: Prevent critical warning when creating an additional
    data channel
  + webrtcstats: Properly report IceCandidate type
- Rebase reduce-required-meson.patch.

==== gstreamer-plugins-base ====
Version update (1.22.4 -> 1.22.5)
Subpackages: gstreamer-plugins-base-lang libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0

- Update to version 1.22.5:
  + appsink: add missing make_writable call
  + audioaggregator: Do not post message before being constructed
  + decodebin3:
  - Prevent a critical warning when reassigning output slots
  - Fix slot input linking when the associated stream has changed
  - Remove spurious input locking during parsebin reconfiguration
  + urisourcebin: Set source element to READY before querying it
  + gl/viv-fb: meson build updates
  + plugins: fix compiler warnings with GLib >= 2.76
  + subtitleoverlay: fix mutex error if sink caps is not video
  + video:
  - timecode: Add support for framerates lower than 1fps
  - accept timecode of 119.88 (120/1.001) FPS
  - cannot attach time code meta when frame rate is 119.88
    (120000/1001)
  + videodecoder: fix copying buffer metas
- Rebase reduce-required-meson.patch.

==== gstreamer-plugins-good ====
Version update (1.22.4 -> 1.22.5)
Subpackages: gstreamer-plugins-good-extra gstreamer-plugins-good-gtk gstreamer-plugins-good-jack gstreamer-plugins-good-lang gstreamer-plugins-good-qtqml

- Update to version 1.22.5:
  + adaptivedemux2: Fix early seeking
  + hlsdemux2:
  - Ensure processed webvtt ends with empty new line
  - Don't set a referer when updating playlists
  + matroska: demux: Strip signal byte when encrypted
  + rtspsrc: Fix crash when is-live=false
  + gtk: Fix critical caused by pointer movement when stream is
    getting ready
  + qt6: Set sampler filtering method, fixes bad quality with
    qml6glsink and gstqt6d3d11
  + qtdemux: opus: set entry as sampled
  + v4l2src: handle resolution change when buffers are copied
  + v4l2videodec:
  - Fix handling of initial gaps
  - correctly register v4l2mpeg2dec
  - replace custom QUERY_CAPS handling with getcaps callback
  + videoflip:
  - update orientation tag in auto mode
  - fix critical when tag list is not writable
- Rebase reduce-required-meson.patch.
- Pass qt-egl=disabled to meson, we are not ready for this feature
  yet.

==== gstreamer-plugins-libav ====
Version update (1.22.4 -> 1.22.5)

- Update to version 1.22.5:
  + No changes
- Rebase reduce-required-meson.patch.

==== gstreamer-plugins-rs ====
Version update (0.10.9 -> 0.10.11)

- Update to version 0.10.11:
  + fallbackswitch:
  - Change the threshold for trailing buffers
  - Fix pad health calculation and notifies
  + fmp4mux: Fix draining in chunk mode if keyframes are too late
  + webrtcsink:
  - fix pipeline when input caps contain max-framerate
  - Configure only 4 threads for x264enc
  - Translate force-keyunit events to force-IDR action signal for
    NVIDIA encoders
  - Set config-interval=-1 and aggregate-mode=zero-latency on
    rtph264pay and rtph265pay
  - Set VP8/VP9 payloader based on payloader element factory name
- Update to version 0.10.10:
  + webrtcsink:
  - Avoid panic on unprepare from an async tokio context
  - Use correct property types for nvvideoconvert
  + webrtc/signalling: fix race condition in message ordering
  + livesync:
  - Wait for the end timestamp of the previous buffer before
    looking at queue
  - Improve EOS handling
  + videofx: Minimize dependencies of the image crate
  + togglerecord:
  - Clip segment before calculating timestamp/duration
  - Error out if main stream buffer has no valid running time

==== gstreamer-plugins-ugly ====
Version update (1.22.4 -> 1.22.5)
Subpackages: gstreamer-plugins-ugly-lang

- Update to version 1.22.5:
  + rmdemux: add some integer overflow checks
- Rebase reduce-required-meson.patch.

==== gupnp ====

- Add upstream patches to fix build with meson 1.2.0:
  + a10c57bd.patch: Add missing "s" to wrap file syntax.
  + 884639bd.patch: properly spell [provide] in *.wrap files.

==== hidapi ====
Version update (0.13.1 -> 0.14.0)

- update to 0.14.0:
  * general: add `hid_get_report_descriptor` API function (#451)
  * libusb: fix crash in hid_enumerate() caused by a stale device
    handle (#526)
  * fixes (mostly error handling) of issues found by
    Coverity Scan (#552/#554/#555/#559/#560/#561)
  * various fixes and improvements

==== highway ====
Version update (1.0.4 -> 1.0.5)

- Update to release 1.0.5
  * Add Insert/ExtractBlock, BroadcastBlock/Lane, NumBlocks
  * Add integer Le/Ge and [Neg]MulAdd, extend DemoteTo/PromoteTo
  * Add Leading/TrailingZeroCount, HighestSetBitIndex, ReverseBits
  * Add MaskedLoadOr, tuple Get/Set/Create, ReduceSum,
    WidenMulPairwiseAdd
  * Add [ZeroExtend]ResizeBitCast, BitwiseIfThenElse,
    Find[Known]LastTrue
  * Add AESRoundInv, AESKeyGenAssist
  * Add contrib/math Atan2/SinCos, contrib/unroller
  * Add fp16/bf16 support (Armv8, SVE, RVV), HWY_DYNAMIC_POINTER
  * Add OrderedTruncate2To, Per4LaneBlockShuffle,
    TwoTablesLookupLanes
  * Add SlideUp/Down[Blocks/Lanes], Slide1Up/Down, ReverseLaneBytes
  * Add SetBeforeFirst, SetAtOrBefore/AfterFirst, SetOnlyFirst
  * Add 8-bit Reverse2/4/8, Shl/Shr, RotateRight, Reverse, Mul
  * Add 8/16-bit DupEven/Odd, TableLookupLanes
  * Add F64 ApproximateReciprocal[Sqrt], 32/64-bit SaturatedAdd/Sub

==== ipmitool ====
Version update (1.8.19.0.g19d7878 -> 1.8.19.13.gbe11d94)

- Fix: ipmitool duplicates the timestamp (bsc#1213390)
  A    Fix-time-format-for-sel-list-v.patch
- Remove: Make-IANA-PEN-download-configurable (is mainline)
  D 0006-Make-IANA-PEN-download-configurable-fix-uninitalized.patch
- Update to version 1.8.19.13.gbe11d94:
  * configure.ac: allow disabling registry downloads
  * lan: channel: Fix set alert on/off
  * make: use correct docdir variable provided by autotools
  * Do not require the IANA PEN registry file
  * configure.ac: fix readline static build
  * Update github actions for modern OSes
  * Update macos target name in github actions
  * delloem: Fix the unalign bug in arm64
  * lanplus: Realloc the msg if the payload_length gets updated
  * fru print: Add area checksum verification
  * fru: Add decoder for multirec system mgmt records
  * Fix enterprise-numbers URL
  * Update issue templates

==== java-11-openjdk ====
Version update (11.0.19.0 -> 11.0.20.0)
Subpackages: java-11-openjdk-headless

- Upgrade to upstream tag jdk-11.0.20+8 (July 2023 CPU)
  * CVEs
    + CVE-2023-22006, bsc#1213473
    + CVE-2023-22036, bsc#1213474
    + CVE-2023-22041, bsc#1213475
    + CVE-2023-22044, bsc#1213479
    + CVE-2023-22045, bsc#1213481
    + CVE-2023-22049, bsc#1213482
    + CVE-2023-25193, bsc#1207922
  * Security fixes
    + JDK-8298676: Enhanced Look and Feel
    + JDK-8300285: Enhance TLS data handling
    + JDK-8300596: Enhance Jar Signature validation
    + JDK-8301998, JDK-8302084: Update HarfBuzz to 7.0.1
    + JDK-8302475: Enhance HTTP client file downloading
    + JDK-8302483: Enhance ZIP performance
    + JDK-8303376: Better launching of JDI
    + JDK-8304468: Better array usages
    + JDK-8305312: Enhanced path handling
    + JDK-8308682: Enhance AES performance
  * Other changes
    + JDK-8171426: java/lang/ProcessBuilder/Basic.java failed with
    Stream closed
    + JDK-8178806: Better exception logging in crypto code
    + JDK-8187522: test/sun/net/ftp/FtpURLConnectionLeak.java timed
    out
    + JDK-8209167: Use CLDR's time zone mappings for Windows
    + JDK-8209546: Make sun/security/tools/keytool/autotest.sh to
    support macosx
    + JDK-8209880: tzdb.dat is not reproducibly built
    + JDK-8213531: Test javax/swing/border/TestTitledBorderLeak.java
    fails
    + JDK-8214459: NSS source should be removed
    + JDK-8214807: Improve handling of very old class files
    + JDK-8215015: [TESTBUG] remove unneeded -Xfuture option from
    tests
    + JDK-8215575: C2 crash: assert(get_instanceKlass()->is_loaded())
    failed: must be at least loaded
    + JDK-8220093: Change to GCC 8.2 for building on Linux at Oracle
    + JDK-8227257: javax/swing/JFileChooser/4847375/bug4847375.java
    fails with AssertionError
    + JDK-8232853: AuthenticationFilter.Cache::remove may throw
    ConcurrentModificationException
    + JDK-8243936: NonWriteable system properties are actually
    writeable
    + JDK-8246383: NullPointerException in
    JceSecurity.getVerificationResult when using Entrust provider
    + JDK-8248701: On Windows generated modules-deps.gmk can
    contain backslash-r (CR) characters
    + JDK-8257856: Make ClassFileVersionsTest.java robust to JDK
    version updates
    + JDK-8259530: Generated docs contain MIT/GPL-licenced works
    without reproducing the licence
    + JDK-8263420: Incorrect function name in
    NSAccessibilityStaticText native peer implementation
    + JDK-8264290: Create implementation for
    NSAccessibilityComponentGroup protocol peer
    + JDK-8264304: Create implementation for NSAccessibilityToolbar
    protocol peer
    + JDK-8265486: ProblemList javax/sound/midi/Sequencer/
    /Recording.java on macosx-aarch64
    + JDK-8268558: [TESTBUG] Case 2 in
    TestP11KeyFactoryGetRSAKeySpec is skipped
    + JDK-8269746: C2: assert(!in->is_CFG()) failed: CFG Node with
    no controlling input?
    + JDK-8274864: Remove Amman/Cairo hacks in ZoneInfoFile
    + JDK-8275233: Incorrect line number reported in exception
    stack trace thrown from a lambda expression
    + JDK-8275721: Name of UTC timezone in a locale changes
    depending on previous code
    + JDK-8275735: [linux] Remove deprecated Metrics api (kernel
    memory limit)
    + JDK-8276880: Remove java/lang/RuntimeTests/exec/ExecWithDir
    as unnecessary
    + JDK-8277775: Fixup bugids in RemoveDropTargetCrashTest.java -
    add 4357905
    + JDK-8278434: timeouts in test java/time/test/java/time/format/
    /TestZoneTextPrinterParser.java
    + JDK-8280703: CipherCore.doFinal(...) causes potentially
    massive byte[] allocations during decryption
    + JDK-8282077: PKCS11 provider C_sign() impl should handle
    CKR_BUFFER_TOO_SMALL error
    + JDK-8282201: Consider removal of expiry check in
    VerifyCACerts.java test
    + JDK-8282467: add extra diagnostics for JDK-8268184
    + JDK-8282600: SSLSocketImpl should not use user_canceled
    workaround when not necessary
    + JDK-8283059: Uninitialized warning in check_code.c with GCC
    11.2
    + JDK-8285497: Add system property for Java SE specification
    maintenance version
    + JDK-8286398: Address possibly lossy conversions in
    jdk.internal.le
    + JDK-8287007: [cgroups] Consistently use stringStream
    throughout parsing code
    + JDK-8287246: DSAKeyValue should check for missing params
    instead of relying on KeyFactory provider
    + JDK-8287876: The recently de-problemlisted
    TestTitledBorderLeak test is unstable
    ... changelog too long, skipping 104 lines ...
    + regenerate to changed context

==== kdeconnect-kde ====
Subpackages: kdeconnect-kde-lang kdeconnect-kde-zsh-completion

- Require kirigami-addons: used in app/qml/Settings.qml

==== kernel-firmware ====
Version update (20230707 -> 20230724)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network

- Update to version 20230724 (git commit 59fbffa9ec8e):
  * amdgpu: update VCN 4.0.0 firmware
  * amdgpu: add initial SMU 13.0.10 firmware
  * amdgpu: add initial SDMA 6.0.3 firmware
  * amdgpu: add initial PSP 13.0.10 firmware
  * amdgpu: add initial GC 11.0.3 firmware
  * linux-firmware: Update AMD fam17h cpu microcode
  * linux-firmware: Update AMD cpu microcode
  * amdgpu: update green sardine VCN firmware
  * amdgpu: update renoir VCN firmware
  * amdgpu: update raven VCN firmware
  * amdgpu: update raven2 VCN firmware
  * amdgpu: update Picasso VCN firmware
  * amdgpu: update DMCUB to v0.0.175.0 for various AMDGPU ASICs
  * Updated NXP SR150 UWB firmware
  * wfx: update to firmware 3.16.1
  * mediatek: Update mt8195 SCP firmware to support 10bit mode
  * i915: update DG2 GuC to v70.8.0
  * i915: update to GuC 70.8.0 and HuC 8.5.1 for MTL
  * cirrus: Add CS35L41 firmware for ASUS ROG 2023 Models

==== kernel-source ====
Version update (6.4.4 -> 6.4.6)

- Update
  patches.kernel.org/6.4.6-002-x86-cpu-amd-Add-a-Zenbleed-fix.patch
  (bsc#1012628 bsc#1213286 CVE-2023-20593).
  Add references.
- commit 55520bc
- Linux 6.4.6 (bsc#1012628).
- x86/cpu/amd: Add a Zenbleed fix (bsc#1012628).
- x86/cpu/amd: Move the errata checking functionality up
  (bsc#1012628).
- commit cd14b53
- Update config files. (bsc#1213592)
  Disable old unmaintained serial drivers
- commit ac1bf5a
- io_uring: Fix io_uring mmap() by using architecture-provided
  get_unmapped_area() (bsc#1212773).
- Delete
  patches.suse/Revert-io_uring-Adjust-mapping-wrt-architecture-alia.patch.
  Replace the temporary fix by an upstream fix.
- commit 2f220f8
- Refresh
  patches.suse/of-Preserve-of-display-device-name-for-compatibility.patch.
  Update upstream status.
- commit 8817ac3
- Linux 6.4.5 (bsc#1012628).
- security/integrity: fix pointer to ESL data and its size on
  pseries (bsc#1012628).
- HID: input: fix mapping for camera access keys (bsc#1012628).
- HID: amd_sfh: Rename the float32 variable (bsc#1012628).
- HID: amd_sfh: Fix for shift-out-of-bounds (bsc#1012628).
- net: lan743x: Don't sleep in atomic context (bsc#1012628).
- net: lan743x: select FIXED_PHY (bsc#1012628).
- ksmbd: add missing compound request handing in some commands
  (bsc#1012628).
- ksmbd: fix out of bounds read in smb2_sess_setup (bsc#1012628).
- drm/panel: simple: Add connector_type for innolux_at043tn24
  (bsc#1012628).
- drm: bridge: dw_hdmi: fix connector access for scdc
  (bsc#1012628).
- drm/bridge: ti-sn65dsi86: Fix auxiliary bus lifetime
  (bsc#1012628).
- swiotlb: always set the number of areas before allocating the
  pool (bsc#1012628).
- swiotlb: reduce the number of areas to match actual memory
  pool size (bsc#1012628).
- drm/panel: simple: Add Powertip PH800480T013 drm_display_mode
  flags (bsc#1012628).
- xen/virtio: Fix NULL deref when a bridge of PCI root bus has
  no parent (bsc#1012628).
- netfilter: nf_tables: report use refcount overflow
  (bsc#1012628).
- netfilter: conntrack: don't fold port numbers into addresses
  before hashing (bsc#1012628).
- ice: Fix max_rate check while configuring TX rate limits
  (bsc#1012628).
- ice: Fix tx queue rate limit when TCs are configured
  (bsc#1012628).
- igc: Add condition for qbv_config_change_errors counter
  (bsc#1012628).
- igc: Remove delay during TX ring configuration (bsc#1012628).
- igc: Add igc_xdp_buff wrapper for xdp_buff in driver
  (bsc#1012628).
- igc: Add XDP hints kfuncs for RX hash (bsc#1012628).
- igc: Fix TX Hang issue when QBV Gate is closed (bsc#1012628).
- net/mlx5e: fix double free in mlx5e_destroy_flow_table
  (bsc#1012628).
- net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create
  (bsc#1012628).
- net/mlx5e: fix memory leak in mlx5e_ptp_open (bsc#1012628).
- net/mlx5e: RX, Fix flush and close release flow of regular rq
  for legacy rq (bsc#1012628).
- net/mlx5: Register a unique thermal zone per device
  (bsc#1012628).
- net/mlx5e: Check for NOT_READY flag state after locking
  (bsc#1012628).
- net/mlx5e: TC, CT: Offload ct clear only once (bsc#1012628).
- net/mlx5: Query hca_cap_2 only when supported (bsc#1012628).
- net/mlx5e: RX, Fix page_pool page fragment tracking for XDP
  (bsc#1012628).
- igc: set TP bit in 'supported' and 'advertising' fields of
  ethtool_link_ksettings (bsc#1012628).
- igc: Include the length/type field and VLAN tag in queueMaxSDU
  (bsc#1012628).
- igc: Handle PPS start time programming for past time values
  (bsc#1012628).
- blk-crypto: use dynamic lock class for blk_crypto_profile::lock
  (bsc#1012628).
- scsi: qla2xxx: Fix error code in qla2x00_start_sp()
  (bsc#1012628).
- scsi: ufs: ufs-mediatek: Add dependency for RESET_CONTROLLER
  (bsc#1012628).
- bpf: Fix max stack depth check for async callbacks
  (bsc#1012628).
- net: mvneta: fix txq_map in case of txq_number==1 (bsc#1012628).
- net: dsa: felix: make vsc9959_tas_guard_bands_update() visible
  to ocelot->ops (bsc#1012628).
- net: mscc: ocelot: fix oversize frame dropping for preemptible
  TCs (bsc#1012628).
- net/sched: cls_fw: Fix improper refcount update leads to
  use-after-free (bsc#1012628).
    ... changelog too long, skipping 404 lines ...
- commit 8d5ae5f

==== kmod ====
Subpackages: kmod-bash-completion libkmod2

- Use pkgconfig for kmod configuration.
  * Delete kmod-Add-config-command-to-show-compile-time-configu.patch
  * Add kmod-Add-pkgconfig-file-with-kmod-compile-time-confi.patch,
    Provide-fallback-for-successfully-running-make-modules_install.patch
    compat-module_directory-module_prefix.patch.
- Refresh usr-lib-modprobe.patch, usr-lib-modules.patch.
- Add configure-Detect-openssl-sm3-support.patch to
  fix build with older openssl without SM3 support.

==== lensfun ====
Version update (0.3.3 -> 0.3.4)
Subpackages: lensfun-data liblensfun1

- Update to 0.3.4
  Check https://github.com/lensfun/lensfun/releases/tag/v0.3.4 for
  the list of new cameras and lenses supported.
  * Port apps/setup.py from Python distutils
  * CMake: Numerous backports from master

==== lftp ====

- The lftp_wrapper script has been deprecated over 1.5 years ago.
  It's time to remove it from the package. [jsc#SLE-17861]
- Dropped patches:
  * 0004-Include-config.h-to-detect-gnulib-macros.patch
  * add-deprecation-warning-to-lftp-wrapper.patch
- Refreshed patches:
  * 0002-Add-content-of-lftp-compat-addfiles.patch.patch
  * 0005-Add-the-wrapper-code-to-the-Makefile-in-order-to-bui.patch
  * lftp-default-ssl-cipher.patch

==== libapparmor ====

- Add pam_apparmor README, referenced from online cha-apparmor-pam.html
  documentation (bsc#1213472)

==== libarchive ====
Version update (3.6.2 -> 3.7.0)

- update to 3.7.0
  * bsdunzip port from FreeBSD
  * fix 2 year 2038 issues

==== libgexiv2 ====
Version update (0.14.1 -> 0.14.2)

- Update to version 0.14.2:
  + Make compatible with exiv2 0.28 or later.
  + Fix double free if creation of meta-data fails.
  + Fix floating point compare in tests.
- Drop patches fixed upstream:
  + 06adc8fb70cb8c77c0cd364195d8251811106ef8.patch
  + fix-32bit-compat.patch

==== libnvme ====
Subpackages: libnvme-mi1 libnvme1

- Fix build with meson 1.2.0

==== libqb ====
Version update (2.0.7+20230607.06c8641 -> 2.0.8+20230721.002171b)

- Update to version 2.0.8+20230721.002171b (v2.0.8):
- log: fix potential overflow with long log messages (gh#ClusterLabs/libqb#490)

==== librsvg ====
Version update (2.56.1 -> 2.56.3)
Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0

- Update to version 2.56.3:
  + This is a security release for bug glgo#GNOME/librsvg#996.
  - glgo#GNOME/librsvg#996: Fix arbitrary file read when href has
    special characters.
  - glgo#GNOME/librsvg#998: Fix cascade for symbol elements being
    referenced from use elements.

==== libxcrypt ====
Version update (4.4.35 -> 4.4.36)
Subpackages: libcrypt1 libcrypt1-32bit libxcrypt-devel

- Update to 4.4.36
  * Fix left over bits failing with Perl v5.38.0

==== lilv ====

- Actually package the __pycache__ that appears when building using
  meson 1.2.0.
- Avoid  __pycache__ directory with meson 1.2.0

==== man ====

- Remove harden_man-db.service.patch as already done upstream
  at the end of the service file man-db.service
- Add man-propose-online.patch: if patch was not found locally,
  propose to read it online, offering a URL where it could possibly
  be found.

==== mdadm ====

- mdadm.spec: replace transitional %usrmerged macro with regular
  version check (boo#1206798)

==== nftables ====
Version update (1.0.7 -> 1.0.8)
Subpackages: libnftables1 python3-nftables

- Update to release 1.0.8
  * Support for setting meta and ct mark from other fields in
    rules, e.g. set meta mark to ip dscp header field.
  * Enhacements for -o/--optimize to deal with NAT statements, to
    compact masquerade statements.
  * Support for stateful statements in anonymous maps, such as
    counters.
  * Support for resetting stateful expressions in sets, maps and
    elements, e.g. counters.
  * broute support to short-circuit bridge logic from the bridge
    prerouting hook and pass up packets to the local IP stack.
  * JSON support for table and chain comments.
- Added 0001-Revert-py-replace-distutils-with-setuptools.patch

==== perl-XML-LibXML ====
Version update (2.0208 -> 2.0209)

- Added versions to 'Provides' lines after fixing a bug in cpanspec
- updated to 2.0209
  see /usr/share/doc/packages/perl-XML-LibXML/Changes
  2.0209  2023-07-15
  - t/35huge_mode.t: fix test with libxml2 2.11
  - thanks to Dominique Martinet
  - Add clearer reference to using cloneNode to extract node with namespaces
  - thanks to Timothy Legge
  - initialize xmlValidCtxt
  - thanks to Alexander Bluhm

==== perl-libwww-perl ====
Version update (6.71 -> 6.720.0)

- updated to 6.72
  see /usr/share/doc/packages/perl-libwww-perl/Changes
  6.72      2023-07-17 22:01:19Z
  - Don't mangle protocol scheme and don't require it to be valid if
    implementor is already known (GH#436) (mwgamera)

==== pipewire ====
Version update (0.3.74 -> 0.3.75)
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-lang pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools

- Add code in the spec file to modify the patch file
  reduce-meson-dependency.patch (used to build in SLE/Leap) so that
  we don't need to rebase it manually for every version update.
- Use gcc 11 in SLE/Leap since gcc 9 fails to build 0.3.75 with
  ../spa/include/spa/utils/cleanup.h:52:13: error: dereferencing pointer to incomplete type ‘DIR’ {aka ‘struct __dirstream’}
    52 |  __typeof__(*(ptr)) *_old_value = spa_steal_ptr(ptr); \
- Update to version 0.3.75:
  * Highlights
  - Link permissions between nodes are now enforced. This avoids
    potential portal managed screencast nodes to link to the
    camera even though it was not assigned permissions to do so
    by the session manager.
  - Libcamera and v4l2 devices now have properties so that
    duplicates can be filtered out by the session manager.
  - A bug with draining was fixed where a buffer would be marked
    EMPTY and would not play when it contained drained samples.
  - Many fixes and improvements.
  * PipeWire
  - Permissions for links between nodes are now enforced. The
    link will now check that the owner clients of the nodes can
    see each other before allowing the link. This avoids
    screensharing clients to accidentally being linked to the
    camera nodes by the session manager. A side effect is that
    patchbay tools will no longer be able to link portal managed
    screencast nodes to the camera, for this we need a new
    permission for those patchbay clients.
  - The stream.rules/filter.rules are now evaluated when
    connecting the stream/filter so that more properties can be
    matched.
  - Move some internal events from the context to the nodes to
    better handle per-node threads in the future.
  - The thread-loop will now signal when the thread is started.
  * modules
  - A timestamp workaround in module-raop was reverted because it
    does not work in all cases. Instead latency was increased to
    1.5 seconds, which also makes the problematic device in
    question work.
  - The profiler module was reworked a bit to use the new node
    realtime events. It should now also handle dynamically added
    and removed drivers.
  - The module-rt now does the rtkit calls from a separate thread
    so that it does not block the main thread. This could cause
    deadlocks during startup in some cases.
  * SPA
  - Atomic operation macros were move from internal pipewire API
    to public API.
  - The video-info structure now has a new
    SPA_VIDEO_FLAG_MODIFIER_FIXATION_REQUIRED flag to instruct
    the application to fixate the modifiers. This simplifies some
    logic in applications a lot.
  - The libcamera and v4l2 nodes now have properties to enumerate
    the device id they are using. This can be used to match v4l2
    devices and libcamera devices and filter out duplicates.
  - A bug with draining was fixed where a buffer would be marked
    EMPTY and would not

==== python-SQLAlchemy ====
Version update (2.0.16 -> 2.0.19)

- update to 2.0.19:
  * Various bugfixes, see
  https://docs.sqlalchemy.org/en/20/changelog/changelog_20.html#change-2.0.19

==== python-mysqlclient ====

- Drop sphinx doctrees for reproducible builds

==== python-py ====

- Skip tests failing with pytest 7.4, they don't matter
  * failure comes from py.core, which has low usage
  * https://github.com/pytest-dev/py/issues/288
  * according to that this code is not used in Tumbleweed anyway

==== python-pycairo ====
Version update (1.23.0 -> 1.24.0)

- update to 1.24.0:
  * Dropped Python 3.7 support
  * Bumped meson version requirement from 0.53.0 to 0.56.0
  * Various cairo dependency updates for the Windows wheel build
  * Various code cleanups :pr:`306`
  * Added Python 3.12 Windows wheels

==== python-pygit2 ====
Version update (1.11.1 -> 1.12.2)

- Update to version 1.12.2:
  + Update wheels to bundle libssh2 1.11.0 and OpenSSL 3.0.9.
    Remove obsolete Remote.save().
- Changes from version 1.12.1:
  + Fix segfault in signature when encoding is incorrect.
  + Typing improvements.
  + Update wheels to libgit2 v1.6.4.
- Changes from version 1.12.0:
  + Upgrade to libgit2 v1.6.3.
  + Update Linux wheels to bundle OpenSSL 3.0.8.
  + Downgrade Linux wheels to manylinux2014.
  + New ConflictCollection.__contains__.1
  + New Repository.references.iterator(...).
  + New favor, flags and file_flags optional arguments for
    Repository.merge(...).
  + New keep_all and paths optional arguments for
    Repository.stash(...).
  + New Respository.state().
  + Improve Repository.write_archive(...) performance.
  + Sync type annotations.
- Drop support-libgit2-1.6.patch: fixed upstream.
- Add support-libgit2-1.7.patch: support libgit2 1.7.0.

==== python-urllib3 ====
Version update (2.0.3 -> 2.0.4)

- update to 2.0.4:
  * Added support for union operators to ``HTTPHeaderDict``
  * Added ``BaseHTTPResponse`` to ``urllib3.__all__`` (`#3078
  * Fixed ``urllib3.connection.HTTPConnection`` to raise the
    ``http.client.connect`` audit event to have the same behavior
    as the standard library HTTP client
  * Relied on the standard library for checking hostnames in
    supported PyPy releases

==== python-zope.event ====

- Drop sphinx doctrees for reproducible builds

==== python-zope.hookable ====

- Drop sphinx doctrees for reproducible builds

==== python-zope.i18nmessageid ====

- Drop sphinx doctrees for reproducible builds

==== qt6-base ====
Version update (6.5.1 -> 6.5.2)
Subpackages: libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6Sql6 libQt6Test6 libQt6Widgets6 qt6-network-tls qt6-platformtheme-gtk3

- Use a mirror to download sources for all Qt packages. Upstream
  servers are very slow since a couple weeks.
- Update to 6.5.2
  * https://www.qt.io/blog/qt-6.5.2-released-1
- Drop patches, merged upstream:
  * 0001-Schannel-Reject-certificate-not-signed-by-a-configur.patch
  * 0001-Ssl-Copy-the-on-demand-cert-loading-bool-from-defaul.patch
  * 0001-tabbar-fix.patch
- Add patch:
  * CVE-2023-38197-qtbase-6.5.diff (boo#1213326, CVE-2023-38197)

==== qt6-declarative ====
Version update (6.5.1 -> 6.5.2)
Subpackages: libQt6LabsAnimation6 libQt6LabsFolderListModel6 libQt6LabsQmlModels6 libQt6LabsSettings6 libQt6LabsSharedImage6 libQt6LabsWavefrontMesh6 libQt6Qml6 libQt6QmlCore6 libQt6QmlLocalStorage6 libQt6QmlModels6 libQt6QmlWorkerScript6 libQt6QmlXmlListModel6 libQt6Quick6 libQt6QuickControls2-6 libQt6QuickControls2Impl6 libQt6QuickDialogs2-6 libQt6QuickDialogs2QuickImpl6 libQt6QuickDialogs2Utils6 libQt6QuickEffects6 libQt6QuickLayouts6 libQt6QuickParticles6 libQt6QuickShapes6 libQt6QuickTemplates2-6 libQt6QuickTest6 qt6-declarative-imports

- Update to 6.5.2
  * https://www.qt.io/blog/qt-6.5.2-released-1

==== qt6-imageformats ====
Version update (6.5.1 -> 6.5.2)

- Update to 6.5.2
  * https://www.qt.io/blog/qt-6.5.2-released-1

==== qt6-translations ====
Version update (6.5.1 -> 6.5.2)

- Update to 6.5.2
  * https://www.qt.io/blog/qt-6.5.2-released-1

==== qt6-wayland ====
Version update (6.5.1 -> 6.5.2)
Subpackages: libQt6WaylandClient6 libQt6WaylandCompositor6 libQt6WaylandEglClientHwIntegration6 libQt6WaylandEglCompositorHwIntegration6 libQt6WlShellIntegration6

- Update to 6.5.2
  * https://www.qt.io/blog/qt-6.5.2-released-1

==== rdma-core ====
Version update (45.0 -> 47.0)
Subpackages: libefa1 libibverbs libibverbs1 libmana1 libmlx4-1 libmlx5-1 librdmacm1 rdma-ndd

- Update to v47.0
  - Fixes for all providers

==== samba ====
Version update (4.18.3+git.303.c08b73d523c -> 4.18.5+git.313.c8e274c7852)
Subpackages: libsamba-policy0-python3 samba-ad-dc-libs samba-ad-dc-libs-32bit samba-client samba-client-32bit samba-client-libs samba-client-libs-32bit samba-gpupdate samba-ldb-ldap samba-libs samba-libs-32bit samba-libs-python3 samba-python3 samba-winbind samba-winbind-libs samba-winbind-libs-32bit

- Update to 4.18.5
  * CVE-2022-2127: lm_resp_len not checked properly in
    winbindd_pam_auth_crap_send; (bso#15072); (bsc#1213174).
  * CVE-2023-34966: Samba Spotlight mdssvc RPC Request Infinite
    Loop Denial-of-Service Vulnerability; (bso#15340); (bsc#1213173).
  * CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type
    Confusion Denial-of-Service Vulnerability; (bso#15341); (bsc#1213172).
  * CVE-2023-34968: Spotlight server-side Share Path Disclosure;
    (bso#15388); (bsc#1213171).
  * CVE-2023-3347: Samba doesn't require SMB2+ signing if
    `server signing = mandatory` is set; (bso#15397); (bsc#1213170).
  * secure channel faulty since Windows 10/11 update 07/2023;
    (bso#15418); (bsc#1213384).
- Update to 4.18.4
  * Backport --pidl-developer fixes; (bso#15404).
  * Named crashes on DLZ zone update; (bso#14030).
  * smbcacls and smbcquotas do not check // before the server;
    (bso#2312).
  * cli_list loops 100% CPU against pre-lanman2 servers;
    (bso#15382).
  * smbclient leaks fds with showacls; (bso#15391).
  * smbd returns NOT_FOUND when creating files on a r/o
    filesystem; (bso#15402).
  * NSS_WRAPPER_HOSTNAME doesn't match NSS_WRAPPER_HOSTS entry
    and causes test timeouts; (bso#15355).
  * net ads lookup (with unspecified realm) fails; (bso#15384).
  * Register Samba processes with GPFS; (bso#15381).
  * Python tarfile extraction needs change to avoid a warning
    (CVE-2007-4559 mitigation); (bso#15390).
  * The winbind child segfaults when listing users with `winbind
    scan trusted domains = yes`; (bso#15398).
  * Remove comments about deprecated 'write cache size';
    (bso#15383).
  * smbget memory leak if failed to download files recursively;
    (bso#15403).

==== shotwell ====
Version update (0.32.1 -> 0.32.2)
Subpackages: shotwell-lang

- Update to version 0.32.2:
  + Fix using wrong data folder when starting profile through
    browser
  + Fix sendto in flatpak environment
  + Support HEIF files with HIF extension
  + Fix meta-data being written in a loop
  + Fix detecting false mtime changes
  + Fix broken aspect ratio of thumbnail when using external
    editors
  + Fix critical when exporting file with no exposure date
  + Fix minor leak in Flickr and Google authenticators
  + Enable C&P of paths in profile editor
  + Updated translations.

==== sudo ====
Version update (1.9.13p3 -> 1.9.14p1)
Subpackages: sudo-plugin-python

- Update to 1.9.14p1:
  * Fixed an invalid free bug in sudo_logsrvd that was introduced
    in version 1.9.14 which could cause sudo_logsrvd to crash.
  * The sudoers plugin no longer tries to send the terminal name
    to the log server when no terminal is present.  This bug was
    introduced in version 1.9.14.
  * Fixed a bug where if the "intercept" or "log_subcmds" sudoers
    option was enabled and a sub-command was run where the first
    entry of the argument vector didn't match the command being run.
    This resulted in commands like "sudo su -" being killed due to
    the mismatch.  Bug #1050.
  * The sudoers plugin now canonicalizes command path names before
    matching (where possible).  This fixes a bug where sudo could
    execute the wrong path if there are multiple symbolic links with
    the same target and the same base name in sudoers that a user is
    allowed to run.  GitHub issue #228.
  * Improved command matching when a chroot is specified in sudoers.
    The sudoers plugin will now change the root directory id needed
    before performing command matching.  Previously, the root directory
    was simply prepended to the path that was being processed.
  * When NETGROUP_BASE is set in the ldap.conf file, sudo will now
    perform its own netgroup lookups of the host name instead of
    using the system innetgr(3) function.  This guarantees that user
    and host netgroup lookups are performed using  the same LDAP
    server (or servers).
  * Fixed a bug introduced in sudo 1.9.13 that resulted in a missing
    " ; " separator between environment variables and the command
    in log entries.
  * The visudo utility now displays a warning when it ignores a file
    in an include dir such as /etc/sudoers.d.
  * When running a command in a pseudo-terminal, sudo will initialize
    the terminal settings even if it is the background process.
    Previously, sudo only initialized the pseudo-terminal when running
    in the foreground.  This fixes an issue where a program that
    checks the window size would read the wrong value when sudo was
    running in the background.
  * Fixed a bug where only the first two digits of the TSID field
    being was logged.  Bug #1046.
  * The "log_pty" sudoers option is now enabled by default.  To
    restore the historic behavior where a command is run in the
    user's terminal, add "Defaults !use_pty" to the sudoers file.
    GitHub issue #258.
  * Sudo's "-b" option now works when the command is run in a
    pseudo-terminal.
  * When disabling core dumps, sudo now only modifies the soft limit
    and leaves the hard limit as-is.  This avoids problems on Linux
    when sudo does not have CAP_SYS_RESOURCE, which may be the case
    when run inside a container.  GitHub issue #42.
  * Sudo configuration file paths have been converted to colon-separated
    lists of paths.  This makes it possible to have configuration
    files on a read-only file system while still allowing for local
    modifications in a different (writable) directory.  The new
  - -enable-adminconf configure option can be used to specify a
    directory that is searched for configuration files in preference
    to the sysconfdir (which is usually /etc).
  * The "intercept_verify" sudoers option is now only applied when
    the "intercept" option is set in sudoers.  Previously, it was
    also applied when "log_subcmds" was enabled.
  * The NETGROUP_QUERY ldap.conf parameter can now be disabled for
    LDAP servers that do not support querying the nisNetgroup object
    by its nisNetgroupTriple attribute, while still allowing sudo to
    query the LDAP server directly to determine netgroup membership.
  * Fixed a long-standing bug where a sudoers rule without an explicit
    runas list allowed the user to run a command as root and any
    group instead of just one of the groups that root is a member
    of.  For example, a rule such as "myuser ALL = ALL" would permit
    "sudo -u root -g othergroup" even if root did not belong to
    "othergroup".
  * Fixed a bug where a sudoers rule with an explicit runas list
    allowed a user to run sudo commands as themselves.  For example,
    a rule such as "myuser ALL = (root) ALL", "myuser" should only
    allow commands to be run as root (optionally using one of root's
    groups).  However, the rule also allowed the user to run
    "sudo -u myuser -g myuser command".
  * Fixed a bug that prevented the user from specifying a group on
    the command line via "sudo -g" if the rule's Runas_Spec contained
    a Runas_Alias.
  * Sudo now requires a C compiler that conforms to ISO C99 or higher
    to build.

==== sysuser-tools ====
Version update (3.1 -> 3.2)

- Version 3.2
- update sysusers_requires to request sysuser-shadow 3.2
- Use TAB consistently for indention in sysusers2shadow.sh
- This pkg needs to follow behavior which is described in sysusers.d(5).
  Always create a system group of the same name as the system user,
  even if the user already exists. (bsc#1205161, bsc#1207778, bsc#1213240)

==== texlive-specs-n ====
Version update (2023.201.2.005svn65956 -> 2023.209.2.005svn65956)

- Rework lua(meta)tex/context resource findings
- Add requirement in invoice2 for siunitx as shown upstream
- Add patch context_shell-escape.dif
  * Add upstream fix for enabling --socket and --shell-escape
- Drop gracht.mp, detcow.mp, and mycow.mp from context.doc as
  only given with CC-BY-NC-SA-3.0, a non-commercial license

==== tpm2-0-tss ====
Subpackages: libtss2-esys0 libtss2-mu0 libtss2-rc0 libtss2-sys1 libtss2-tctildr0

- Require openssl-3 over openssl-1 to assist migration of applications
  to newer openssl-3.

==== vlc ====
Subpackages: libvlc5 libvlccore9 vlc-codec-gstreamer vlc-lang vlc-noX vlc-qt vlc-vdpau

- Update specfile to prevent building with libplacebo v6.292.0 or newer

==== xfsprogs ====
Version update (6.3.0 -> 6.4.0)
Subpackages: libhandle1 xfsprogs-scrub

- update to 6.4.0:
  - xfs_db: expose the flag in rmapbt keys
  - xfs_repair: warn about unwritten bits set in rmap btree keys
  - xfs_repair: check low keys of rmap btrees
  - xfs_repair: always perform extended xattr checks on uncertain inodes
  - xfs_repair: fix messaging when fixing imap due to sparse cluster
  - xfs_repair: fix messaging in longform_dir2_entry_check_data
  - xfs_repair: fix messaging when shortform_dir2_junk is called
  - xfs_repair: don't log inode problems without printing resolution
  - xfs_repair: don't spray correcting imap all by itself
  - libxcmd: Fix crash due to missing return value check on add_command()
  - xfs_db: make the hash command print the dirent hash
  - xfs_db: Add new cmd to create dirents and xattrs that induce dahash collisions
  - mkfs: deprecate the ascii-ci feature
  - xfs_db: fix metadump name obfuscation for ascii-ci filesystems
  - libxfs: kernel sync

==== yast2-trans ====
Version update (84.87.20230714.966688ddd0 -> 84.87.20230720.09601d9b28)
Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sr yast2-trans-sv yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu

- Update to version 84.87.20230720.09601d9b28:
  * Translated using Weblate (English (United Kingdom))
  * Translated using Weblate (English (United Kingdom))
  * Translated using Weblate (Russian)

==== zlib-ng-compat ====

- Fix build on riscv64
- Build with %{optflags}