Packages changed:
  MozillaFirefox (117.0 -> 117.0.1)
  curl (8.2.1 -> 8.3.0)
  gptfdisk
  javapackages-tools
  libwebp
  man
  mcelog (194 -> 195)
  multipath-tools
  ocfs2-tools (1.8.7 -> 1.8.8)
  openldap2
  openldap2-contrib-src
  perl-Mail-DKIM (1.20230630 -> 1.20230911)
  polkit-default-privs (1550+20230829.1a9a761 -> 1550+20230912.0978001)
  qemu (8.0.4 -> 8.1.0)
  rubygem-yast-rake (0.2.48 -> 0.2.50)
  sudo (1.9.14p1 -> 1.9.14p3)

=== Details ===

==== MozillaFirefox ====
Version update (117.0 -> 117.0.1)
Subpackages: MozillaFirefox-translations-common

- Mozilla Firefox 117.0.1
  * Fix a bug causing extensions using an event page for long-
    running tasks to be terminated while running, causing
    unexpected behavior changes (bmo#1851373)
  * Temporarily revert an intentional behavior change preventing
    Javascript from changing URL.protocol (bmo#1850954).
  * Fix audio worklets not working for sites using WebAssembly
    exception handling (bmo#1851468)
  * Fix the Reopen all tabs option in the Recently closed tabs
    menu sometimes failing to open all tabs (bmo#1850856)
  * Fix the bookmarks menu sometimes remaining partially visible
    when minimizing Firefox (bmo#1843700)
  * Fix an issue causing incorrect time zones to be detected on
    some sites (bmo#1848615)
  * MFSA 2023-40 CVE-2023-4863 (boo#1215231)
    Heap buffer overflow in WebP

==== curl ====
Version update (8.2.1 -> 8.3.0)
Subpackages: libcurl4

- Update to 8.3.0: [bsc#1215026, CVE-2023-38039]
  * Changes:
  - curl: make %output{} in -w specify a file to write to
  - gskit: remove
  - lib: --disable-bindlocal builds curl without local binding support
  - nss: remove support for this TLS library
  - tool: add "variable" support
  - trace: make tracing available in non-debug builds
  - url: change default value for CURLOPT_MAXREDIRS to 30
  - urlapi: CURLU_PUNY2IDN - convert from punycode to IDN name
  * Bugfixes:
  - altsvc: accept and parse IPv6 addresses in response headers
  - asyn-ares: reduce timeout to 2000ms
  - aws-sigv4: canonicalize the query
  - aws-sigv4: fix having date header twice in some cases
  - aws-sigv4: handle no-value user header entries
  - c-hyper: adjust the hyper to curlcode conversion
  - c-hyper: fix memory leaks in `Curl_http`
  - cf-haproxy: make CURLOPT_HAPROXY_CLIENT_IP set the *source* IP
  - cf-socket: log successful interface bind
  - cmake: add GnuTLS option
  - cmake: add support for `CURL_DEFAULT_SSL_BACKEND`
  - cmake: detect `SSL_set0_wbio` in OpenSSL
  - configure: trust pkg-config when it's used for zlib
  - configure: use the pkg-config --libs-only-l flag for libssh2
  - connect: stop halving the remaining timeout when less than 600 ms left
  - crypto: ensure crypto initialization works
  - digest: Use hostname to generate spn instead of realm
  - ftp: fix temp write of ipv6 address
  - headers: accept leading whitespaces on first response header
  - http2: fix in h2 proxy tunnel: progress in ingress on sending
  - http3/ngtcp2: shorten handshake, trace cleanup
  - http3: quiche, handshake optimization, trace cleanup
  - http: close the connection after a late 417 is received
  - http: fix sending of large requests
  - http: return error when receiving too large header set
  - lib: fix null ptr derefs and uninitialized vars (h2/h3)
  - lib: move mimepost data from ->req.p.http to ->state
  - list-only.d: mention SFTP as supported protocol
  - ngtcp2: fix handling of large requests
  - openssl: auto-detect `SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED`
  - openssl: clear error queue after SSL_shutdown
  - openssl: make aws-lc version support OCSP
  - openssl: Support async cert verify callback
  - openssl: switch to modern init for LibreSSL 2.7.0+
  - openssl: when CURLOPT_SSL_CTX_FUNCTION is registered, init x509 store before
  - quic: don't set SNI if hostname is an IP address
  - quiche: adjust quiche `QUIC_IDLE_TIMEOUT` to 60s
  - quiche: enable quiche to handle timeout events
  - resolve: use PF_INET6 family lookups when CURL_IPRESOLVE_V6 is set
  - schannel: verify hostname independent of verify cert
  - tool_filetime: make -z work with file dates before 1970
  - tool_operate: allow both SSL_CERT_FILE and SSL_CERT_DIR
  - tool_operate: make aws-sigv4 not require TLS to be used
  - transfer: also stop the sending on closed connection
  - urlapi: fix heap buffer overflow
  - urlapi: setting a blank URL ("") is not an ok URL

==== gptfdisk ====

- Add patch to fix UUID generation with util-linux >= 2.38:
  * gptfdisk-1.0.9-libuuid.patch

==== javapackages-tools ====
Subpackages: javapackages-filesystem

- Added patch:
  * 0004-Reproducible-builds-keep-order-of-aliases-and-depend.patch
    + make the aliases and dependencies lists so that the order is
    kept
- Added patch:
  * 0003-Reproducible-exclusions-order-in-maven-metadata.patch
    + sort exclusions in maven metadata

==== libwebp ====
Subpackages: libsharpyuv0 libwebp7 libwebpdecoder3 libwebpdemux2 libwebpmux3

- Add 0001-Fix-OOB-write-in-BuildHuffmanTable.patch
  [boo#1215231] [CVE-2023-4863]

==== man ====

- Add man-db-groff-1.23.0-warnings.patch
  * Fix build errors with groff 1.23.0

==== mcelog ====
Version update (194 -> 195)

- This contains following features:
  PED-6122
  [GNR] RAS: mcelog Add support for Granite Rapids (ALP)
  PED-6102
  [GNR] RAS: mcelog Add support for Granite Rapids (SLE 15 SP6)
  PED-6021
  [SRF] RAS: mcelog support for Sierra Forest (SLE 15 SP6)
  PED-6050
  [SRF] RAS: mcelog support for Sierra Forest (ALP)
- Change git repo in _service file from git to https url
- Update to version 195:
  * mcelog: Wire up model-specific decoding for Sierra Forest
  * mcelog: Add model-specific decoding for Granite Rapids
  * client.c: fix build w/ musl libc
  * mcelog: New model number for Arrowlake
  * mcelog: Don't overwrite model number when lookup fails
  * mcelog: Add Graniterapids, Grandridge and Sierraforest
  * mcelog: New model number for Lunarlake
  * mcelog: Add Emerald Rapids
  * Update PFA_test_howto
- Adopt to mainline:
  M email.patch

==== multipath-tools ====
Subpackages: kpartx libmpath0

- Configuration directory should be /etc/multipath/conf.d
  (broken since 0.9.4+68+suse.98559ea)

==== ocfs2-tools ====
Version update (1.8.7 -> 1.8.8)

- Update from 1.8.7 to 1.8.8 (PED-6362)
  * Upstream only marked a new tag, there is no new feature in this upgrade.
  * remove patch
  - ocfs2-tools-kernel33.patch
  - fixed-mounted.ocfs2-output-when-some-devices-are-Not.patch
  - update-mounted.ocfs2-mounted.c.patch
  - libocfs2-roll-back-when-dir_index-creation-fails.patch
  - fsck.ocfs2-do-not-try-locking-after-replaying-journa.patch
  - bug-1203166-dump_fs_locks-support-v4.patch

==== openldap2 ====
Subpackages: libldap-data libldap2 libldap2-32bit openldap2-client

- Disable SLP by default for Factory and ALP (bsc#1214884)

==== openldap2-contrib-src ====

- Disable SLP by default for Factory and ALP (bsc#1214884)

==== perl-Mail-DKIM ====
Version update (1.20230630 -> 1.20230911)

- updated to 1.20230911
  see /usr/share/doc/packages/perl-Mail-DKIM/Changes
  1.20230911 2023-09-11 UTC
  * Option to add custom tags to generated ARC signatures and seals

==== polkit-default-privs ====
Version update (1550+20230829.1a9a761 -> 1550+20230912.0978001)

- Update to version 1550+20230912.0978001:
  * udisks2: add additional mount and NVME actions (bsc#1214897)

==== qemu ====
Version update (8.0.4 -> 8.1.0)
Subpackages: qemu-accel-tcg-x86 qemu-audio-spice qemu-block-curl qemu-block-nfs qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-img qemu-ipxe qemu-ksm qemu-lang qemu-microvm qemu-pr-helper qemu-seabios qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios qemu-x86

- Fix bsc#1211000:
  * [openSUSE] block: Add a thread-pool version of fstat (bsc#1211000)
  * [openSUSE] block: Convert qmp_query_block() to coroutine_fn (bsc#1211000)
  * [openSUSE] block: Don't query all block devices at hmp_nbd_server_start (bsc#1211000)
  * [openSUSE] block: Convert qmp_query_named_block_nodes to coroutine (bsc#1211000)
  * [openSUSE] block: Convert bdrv_block_device_info into co_wrapper (bsc#1211000)
  * [openSUSE] block: Convert bdrv_query_block_graph_info to coroutine (bsc#1211000)
  * [openSUSE] block: Temporarily mark bdrv_co_get_allocated_file_size as mixed (bsc#1211000)
  * [openSUSE] block: Allow the wrapper script to see functions declared in qapi.h (bsc#1211000)
  * [openSUSE] block: Remove unnecessary variable in bdrv_block_device_info (bsc#1211000)
  * [openSUSE] block: Remove bdrv_query_block_node_info (bsc#1211000)
- Fix bsc#1213210:
  * target/s390x: Fix the "ignored match" case in VSTRS (bsc#1213210)
- Update to version 8.1.0. Full list of changes are available at:
  https://wiki.qemu.org/ChangeLog/8.1
  Highlights:
  * VFIO: improved live migration support, no longer an experimental feature
  * GTK GUI now supports multi-touch events
  * ARM, PowerPC, and RISC-V can now use AES acceleration on host processor
  * PCIe: new QMP commands to inject CXL General Media events, DRAM
    events and Memory Module events
  * ARM: KVM VMs on a host which supports MTE (the Memory Tagging Extension)
    can now use MTE in the guest
  * ARM: emulation support for bpim2u (Banana Pi BPI-M2 Ultra) board and
    neoverse-v1 (Cortex Neoverse-V1) CPU
  * ARM: new architectural feature support for: FEAT_PAN3 (SCTLR_ELx.EPAN),
    FEAT_LSE2 (Large System Extensions v2), and experimental support for
    FEAT_RME (Realm Management Extensions)
  * Hexagon: new instruction support for v68/v73 scalar, and v68/v69 HVX
  * Hexagon: gdbstub support for HVX
  * MIPS: emulation support for Ingenic XBurstR1/XBurstR2 CPUs, and MXU
    instructions
  * PowerPC: TCG SMT support, allowing pseries and powernv to run with up
    to 8 threads per core
  * PowerPC: emulation support for Power9 DD2.2 CPU model, and perf
    sampling support for POWER CPUs
  * RISC-V: ISA extension support for BF16/Zfa, and disassembly support
    for Zcm*/Z*inx/XVentanaCondOps/Xthead
  * RISC-V: CPU emulation support for Veyron V1
  * RISC-V: numerous KVM/emulation fixes and enhancements
  * s390: instruction emulation fixes for LDER, LCBB, LOCFHR, MXDB, MXDBR,
    EPSW, MDEB, MDEBR, MVCRL, LRA, CKSM, CLM, ICM, MC, STIDP, EXECUTE, and
    CLGEBR(A)
  * SPARC: updated target/sparc to use tcg_gen_lookup_and_goto_ptr() for
    improved performance
  * Tricore: emulation support for TC37x CPU that supports ISA v1.6.2
    instructions
  * Tricore: instruction emulation of POPCNT.W, LHA, CRC32L.W, CRC32.B,
    SHUFFLE, SYSCALL, and DISABLE
  * x86: CPU model support for GraniteRapids
  * and lots more...
- This also (automatically) fixes:
  * bsc#1212850 (CVE-2023-3354)
  * bsc#1213001 (CVE-2023-3255)
  * bsc#1213925 (CVE-2023-3180)
  * bsc#1213414 (CVE-2023-3301)
  * bsc#1207205 (CVE-2023-0330)
  * bsc#1212968 (CVE-2023-2861)
  * bsc#1179993, bsc#1181740

==== rubygem-yast-rake ====
Version update (0.2.48 -> 0.2.50)

- Adapt "sle15sp6" to GA as it is still in development and it is
  now based on previous SP and not on git master (bsc#1213989)
- 0.2.50
- Move the "sle_latest" build target to SLE15-SP6 (bsc#1213989)
- Added "sle15sp6" and future "sle15sp7" build targets
- 0.2.49

==== sudo ====
Version update (1.9.14p1 -> 1.9.14p3)
Subpackages: sudo-plugin-python

- Update to 1.9.14p3:
  * Fixed a crash with Python 3.12 when the sudo Python python is unloaded.
    This only affects make check for the Python plugin.
  * Adapted the sudo Python plugin test output to match Python 3.12.
- Update to 1.9.14p2:
  * Fixed a crash on Linux systems introduced in version 1.9.14 when running a
    command with a NULL argv[0] if log_subcmds or intercept is enabled in
    sudoers.
  * Fixed a problem with "stair-stepped" output when piping or redirecting the
    output of a sudo command that takes user input when running a command in
    a pseudo-terminal.
  * Fixed a bug introduced in sudo 1.9.14 that affects matching sudoers rules
    containing a Runas_Spec with an empty Runas user. These rules should only
    match when sudo’s -g option is used but were matching even without the -g
    option. #290.