Packages changed:
  groff (1.22.4 -> 1.23.0)
  groff-full (1.22.4 -> 1.23.0)
  health-checker (1.9 -> 1.10)
  libev
  liburing
  libwebp (1.3.1 -> 1.3.2)
  openssl-1_1 (1.1.1v -> 1.1.1w)
  qemu
  snapper (0.10.5 -> 0.10.6)
  tiff (4.5.1 -> 4.6.0)

=== Details ===

==== groff ====
Version update (1.22.4 -> 1.23.0)

- Refresh bash-scripts.patch
- Add nroff-map-CW-to-R.patch
  * Fixes man-db build errors
- Update to 1.23.0:
  * Too many changes, see NEWS file for details.
- Refreshed patches:
  * 0002-documentation-for-the-locale-keyword.patch
  * 0004-don-t-use-usr-bin-env-in-shebang.patch
  * groff-1.20.1-deunicode.patch
  * groff-1.20.1-nroff-empty-LANGUAGE.patch
  * groff-1.21-CVE-2009-5081.patch
  * groff-force-locale-usage.patch
- Drop sort-perl-hash-keys.patch (upstreamed)
- Drop doc-volume-operating-system and doc-default-operating-system
  changes (doesn't default to BSD anymore)
- Configure flag --with-appresdir has been renamed to --with-appdefdir
- Update file list with files that were removed from the package

==== groff-full ====
Version update (1.22.4 -> 1.23.0)
Subpackages: gxditview

- Refresh bash-scripts.patch
- Add nroff-map-CW-to-R.patch
  * Fixes man-db build errors
- Update to 1.23.0:
  * Too many changes, see NEWS file for details.
- Refreshed patches:
  * 0002-documentation-for-the-locale-keyword.patch
  * 0004-don-t-use-usr-bin-env-in-shebang.patch
  * groff-1.20.1-deunicode.patch
  * groff-1.20.1-nroff-empty-LANGUAGE.patch
  * groff-1.21-CVE-2009-5081.patch
  * groff-force-locale-usage.patch
- Drop sort-perl-hash-keys.patch (upstreamed)
- Drop doc-volume-operating-system and doc-default-operating-system
  changes (doesn't default to BSD anymore)
- Configure flag --with-appresdir has been renamed to --with-appdefdir
- Update file list with files that were removed from the package

==== health-checker ====
Version update (1.9 -> 1.10)
Subpackages: health-checker-plugins-MicroOS

- Update to version 1.10
  * Fix Btrfs subvolume check if subvol starts with '-'
    [boo#1215368].

==== libev ====

- %bcond for signify

==== liburing ====

- tests-don-t-expect-multishot-recv-overflow-backloggi.patch (bsc#1215332)
- build tests in parallel (using %{?_smp_mflags})

==== libwebp ====
Version update (1.3.1 -> 1.3.2)
Subpackages: libsharpyuv0 libwebp7 libwebpdecoder3 libwebpdemux2 libwebpmux3

- update to 1.3.2:
  * security fix for lossless decoder (boo#1215231 CVE-2023-4863)
- Drop 0001-Fix-OOB-write-in-BuildHuffmanTable.patch,
  0001-Fix-invalid-incremental-decoding-check.patch
- Add 0001-Fix-invalid-incremental-decoding-check.patch:
  [boo#1215231] [CVE-2023-4863]

==== openssl-1_1 ====
Version update (1.1.1v -> 1.1.1w)
Subpackages: libopenssl1_1

- Update to 1.1.1w:
  * Fix POLY1305 MAC implementation corrupting XMM registers on Windows.
  The POLY1305 MAC (message authentication code) implementation in OpenSSL
  does not save the contents of non-volatile XMM registers on Windows 64
  platform when calculating the MAC of data larger than 64 bytes. Before
  returning to the caller all the XMM registers are set to zero rather than
  restoring their previous content. The vulnerable code is used only on newer
  x86_64 processors supporting the AVX512-IFMA instructions.
  The consequences of this kind of internal application state corruption can
  be various - from no consequences, if the calling application does not
  depend on the contents of non-volatile XMM registers at all, to the worst
  consequences, where the attacker could get complete control of the
  application process. However given the contents of the registers are just
  zeroized so the attacker cannot put arbitrary values inside, the most likely
  consequence, if any, would be an incorrect result of some application
  dependent calculations or a crash leading to a denial of service.
  (CVE-2023-4807)
- Add missing FIPS patches from SLE:
  * Add patches:
  - bsc1185319-FIPS-KAT-for-ECDSA.patch
  - bsc1198207-FIPS-add-hash_hmac-drbg-kat.patch
  - openssl-1.1.1-fips-fix-memory-leaks.patch
  - openssl-1_1-FIPS-PBKDF2-KAT-requirements.patch
  - openssl-1_1-FIPS_drbg-rewire.patch
  - openssl-1_1-Zeroization.patch
  - openssl-1_1-fips-drbg-selftest.patch
  - openssl-1_1-fips-list-only-approved-digest-and-pubkey-algorithms.patch
  - openssl-1_1-jitterentropy-3.4.0.patch
  - openssl-1_1-ossl-sli-000-fix-build-error.patch
  - openssl-1_1-ossl-sli-001-fix-faults-preventing-make-update.patch
  - openssl-1_1-ossl-sli-002-ran-make-update.patch
  - openssl-1_1-ossl-sli-003-add-sli.patch
  - openssl-1_1-ossl-sli-004-allow-aes-xts-256.patch
  - openssl-1_1-ossl-sli-005-EC_group_order_bits.patch
  - openssl-1_1-ossl-sli-006-rsa_pkcs1_padding.patch
  - openssl-1_1-ossl-sli-007-pbkdf2-keylen.patch
  - openssl-1_1-ossl-sli-008-pbkdf2-salt_pass_iteration.patch
  - openssl-1_1-serialize-jitterentropy-calls.patch
  - openssl-1_1-shortcut-test_afalg_aes_cbc.patch
  - openssl-DH.patch
  - openssl-FIPS-KAT-before-integrity-tests.patch
  - openssl-fips-DH_selftest_shared_secret_KAT.patch
  - openssl-fips-kdf-hkdf-selftest.patch
  - openssl-kdf-selftest.patch
  - openssl-kdf-ssh-selftest.patch
  - openssl-kdf-tls-selftest.patch
  - openssl-no-date.patch
  - openssl-s_client-check-ocsp-status.patch
  * Modify patches:
  - openssl-1.1.1-fips.patch
  - openssl-1_1-FIPS-fix-error-reason-codes.patch
  * Remove patches:
  - openssl-add_rfc3526_rfc7919.patch
  - openssl-fips-dont_run_FIPS_module_installed.patch
  - openssl-fips_fix_selftests_return_value.patch
  * Add build and runtime dependency on jitterentropy
- Pass over with spec-cleaner

==== qemu ====
Subpackages: qemu-accel-tcg-x86 qemu-audio-spice qemu-block-curl qemu-block-nfs qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-img qemu-ipxe qemu-ksm qemu-lang qemu-microvm qemu-pr-helper qemu-seabios qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios qemu-x86

- Fix the build for SLE/Leap:
  * [openSUSE][RPM] Make the package buildable on SLE/Leap 15.x

==== snapper ====
Version update (0.10.5 -> 0.10.6)
Subpackages: libsnapper7 snapper-zypp-plugin

- fixed creating files in root dir (gh#openSUSE/snapper#168)
- version 0.10.6
- relax access to info.xml files (gh#openSUSE/snapper#279)
- enable snapper-timeline.timer when adjusting config using
  snapper (gh#openSUSE/snapper#788)

==== tiff ====
Version update (4.5.1 -> 4.6.0)

- Update to version 4.6.0:
  * API/ABI breaks: none
  * WebP decoder: validate WebP blob width, height, band count against
    TIFF parameters to avoid use of uninitialized variable, or decoding
    corrupted content without explicit error (fixes issue #581, issue #582).
  * WebP codec: turn exact mode when creating lossless files to avoid
    altering R,G,B values in areas where alpha=0
  * Fix TransferFunction writing of only two transfer functions.
  * TIFFReadDirectoryCheckOrder: avoid integer overflow. When it occurs,
    it should be harmless in practice though
  * tiffcp: remove -i option (ignore errors)
  * This version removes a big number of utilities that have suffered from
    lack of maintenance over the years and were the source of various
    reported security issues:
    + fax2ps
    + fax2tiff
    + pal2rgb
    + ppm2tiff
    + raw2tiff
    + rgb2ycbcr
    + thumbnail
    + tiff2bw
    + tiff2rgba
    + tiffcmp
    + tiffcrop
    + tiffdither
    + tiffgt
    + tiffmedian
    + tiff2ps
    + tiff2pdf
- Remove no longer needed tiff-4.0.3-compress-warning.patch.