Packages changed:
  ell (0.59 -> 0.60)
  fwupd (1.9.8 -> 1.9.9)
  git (2.42.1 -> 2.43.0)
  grub2
  libblockdev
  libheif (1.17.3 -> 1.17.5)
  mariadb-connector-c (3.3.5 -> 3.3.7)
  nghttp2
  nvidia-open-driver-G06-signed
  p11-kit (0.25.2 -> 0.25.3)
  python-numpy (1.25.2 -> 1.26.2)
  python-pip (23.2.1 -> 23.3.1)
  readline
  sssd
  transactional-update (4.4.0 -> 4.5.0)
  xen (4.18.0_02 -> 4.18.0_04)
  xkeyboard-config

=== Details ===

==== ell ====
Version update (0.59 -> 0.60)

- update to 0.60:
  * Fix issue with missing NETLINK_EXT_ACK definition.
  * Fix issue with incorrect derivation of ECC compressed points.
  * Add support for ECC usage from SPAKE2+ key exchange protocol.

==== fwupd ====
Version update (1.9.8 -> 1.9.9)
Subpackages: fwupd-bash-completion fwupd-lang libfwupd2 typelib-1_0-Fwupd-2_0

- Update to version 1.9.9 (boo#1217295):
  + This release adds the following features:
  - Add a new generic request for the device power cable.
  + This release adds support for the following hardware:
  - Lenovo X1 Yoga Gen7 530E.
  - Advantech BMC devices.

==== git ====
Version update (2.42.1 -> 2.43.0)
Subpackages: git-core git-email git-web perl-Git

- update to 2.43.0:
  * The "--rfc" option of "git format-patch" used to be a valid way to
  override an earlier "--subject-prefix=<something>" on the command
  line and replace it with "[RFC PATCH]", but from this release, it
  merely prefixes the string "RFC " in front of the given subject
  prefix.  If you are negatively affected by this change, please use
  "--subject-prefix=PATCH --rfc" as a replacement.
  * In Git 2.42, "git rev-list --stdin" learned to take non-revisions
  (like "--not") from the standard input, but the way such a "--not" was
  handled was quite confusing, which has been rethought.  The updated
  rule is that "--not" given from the command line only affects revs
  given from the command line that comes but not revs read from the
  standard input, and "--not" read from the standard input affects
  revs given from the standard input and not revs given from the
  command line.
  * A message written in olden time prevented a branch from getting
  checked out, saying it is already checked out elsewhere. But these
  days, we treat a branch that is being bisected or rebased just like
  a branch that is checked out and protect it from getting modified
  with the same codepath.  The message has been rephrased to say that
  the branch is "in use" to avoid confusion.
  * Hourly and other schedules of "git maintenance" jobs are randomly
  distributed now.
  * "git cmd -h" learned to signal which options can be negated by
  listing such options like "--[no-]opt".
  * The way authentication related data other than passwords (e.g.,
  oauth token and password expiration data) are stored in libsecret
  keyrings has been rethought.
  * Update the libsecret and wincred credential helpers to correctly
  match which credential to erase; they erased the wrong entry in
  some cases.
  * Git GUI updates.
  * "git format-patch" learned a new "--description-file" option that
  lets cover letter description to be fed; this can be used on
  detached HEAD where there is no branch description available, and
  also can override the branch description if there is one.
  * Use of the "--max-pack-size" option to allow multiple packfiles to
  be created is now supported even when we are sending unreachable
  objects to cruft packs.
  * "git format-patch --rfc --subject-prefix=<foo>" used to ignore the
  "--subject-prefix" option and used "[RFC PATCH]"; now we will add
  "RFC" prefix to whatever subject prefix is specified.
  * "git log --format" has been taught the %(decorate) placeholder for
  further customization over what the "--decorate" option offers.
  * The default log message created by "git revert", when reverting a
  commit that records a revert, has been tweaked, to encourage people
  to describe complex "revert of revert of revert" situations better in
  their own words.
  * The command-line completion support (in contrib/) learned to
  complete "git commit --trailer=" for possible trailer keys.
  * "git update-index" learned the "--show-index-version" option to
  inspect the index format version used by the on-disk index file.
  * "git diff" learned the "diff.statNameWidth" configuration variable,
  to give the default width for the name part in the "--stat" output.
  * "git range-diff --notes=foo" compared "log --notes=foo --notes" of
  the two ranges, instead of using just the specified notes tree,
  which has been corrected to use only the specified notes tree.
  * The command line completion script (in contrib/) can be told to
  complete aliases by including ": git <cmd> ;" in the alias to tell
  it that the alias should be completed in a similar way to how "git
  <cmd>" is completed.  The parsing code for the alias has been
  loosened to allow ';' without an extra space before it.
  * "git for-each-ref" and friends learned to apply mailmap to
  authorname and other fields in a more flexible way than using
  separate placeholder letters like %a[eElL] every time we want to
  come up with small variants.
  * "git repack" machinery learned to pay attention to the "--filter="
  option.
  * "git repack" learned the "--max-cruft-size" option to prevent cruft
  packs from growing without bounds.
  * "git merge-tree" learned to take strategy backend specific options
  via the "-X" option, like "git merge" does.
  * "git log" and friends learned the "--dd" option that is a
  short-hand for "--diff-merges=first-parent -p".
  * The attribute subsystem learned to honor the "attr.tree"
  configuration variable that specifies which tree to read the
  .gitattributes files from.
  * "git merge-file" learns a mode to read three variants of the
  contents to be merged from blob objects.
  * see https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.0.txt

==== grub2 ====
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen

- Update the TPM2 patches to skip the persistent SRK handle if not
  specified and improve the error messages
  + 0003-protectors-Add-TPM2-Key-Protector.patch
  + 0005-util-grub-protect-Add-new-tool.patch
  + 0004-tpm2-Support-authorized-policy.patch

==== libblockdev ====
Subpackages: libbd_btrfs3 libbd_crypto3 libbd_fs3 libbd_loop3 libbd_lvm3 libbd_mdraid3 libbd_nvme3 libbd_part3 libbd_swap3 libbd_utils3 libblockdev3

- Add %{_libdir}/libbd_s390.so for s390x because missing file identitied

==== libheif ====
Version update (1.17.3 -> 1.17.5)
Subpackages: gdk-pixbuf-loader-libheif libheif-aom libheif-dav1d libheif-ffmpeg libheif-jpeg libheif-openjpeg libheif-rav1e libheif-svtenc libheif1

- update to 1.17.5:
  * Fixes installation of the Gnome "heif.thumbnailer" config
    file.
- update to 1.17.4:
  * ispe boxes in AVIF images with clap boxes were written with
    the wrong size (would only happen with svt-av1 encoder),
    always output MIAF brand for AVIF images
  * fix kvazaar encoding with odd image sizes and encodings with
    non-4:2:0 chroma

==== mariadb-connector-c ====
Version update (3.3.5 -> 3.3.7)

- update to 3.3.7:
  * https://mariadb.com/kb/en/mariadb-connector-c-3-3-7-release-notes/
  * https://mariadb.com/kb/en/mariadb-connector-c-3-3-6-release-notes/

==== nghttp2 ====

- fix unversioned provides to be in sync with nghttp3

==== nvidia-open-driver-G06-signed ====

- no longer try to overwrite NVreg_OpenRMEnableSupporteGpus driver
  option setting; apparently it's ignored by the driver (boo#1215981,
  comment#26)
- use different modprobe.d config file to resolve conflict with
  older driver package (boo#1217370); overwrite
  NVreg_OpenRMEnableSupporteGpus driver option setting (disable it),
  since letting it enabled is supposed to break booting (boo#1215981,
  comment#23)

==== p11-kit ====
Version update (0.25.2 -> 0.25.3)
Subpackages: libp11-kit0 libp11-kit0-32bit p11-kit-tools

- Update to 0.25.3:
  * rpc: fix serialization of NULL mechanism pointer [#601]
  * fix meson build failure in macOS (appleframeworks not found) [#603]

==== python-numpy ====
Version update (1.25.2 -> 1.26.2)

- Update to 1.26.2:
  * TYP: Trim down the ``_NestedSequence.__getitem__`` signature
  * BUG: fix choose refcount leak
  * TST: fix running the test suite in builds without BLAS/LAPACK
  * BUG: random: Fix generation of nan by dirichlet.
  * TST: fix distutils tests for deprecations in recent setuptools...
  * MAINT: Remove versioneer
  * MAINT: Pin upper version of sphinx.
  * ENH: Add prefix to _ALIGN Macro
  * BUG: cleanup warnings [skip azp][skip circle][skip travis][skip...
  * BUG: ``asv dev`` has been removed, use ``asv run``.
  * BUG: Fix meson build failure due to unchanged inplace auto-generated...
  * BUG: fix issue with git-version script, needs a shebang to run
  * BUG: Use a default assignment for git_hash [skip ci]
  * BUG: fix NPY_cast_info error handling in choose
  * BUG: Fix common block handling in f2py
  * BUG: Fix assumed length f2py regression
  * MAINT: Harmonize fortranobject
  * TYP: add kind argument to numpy.isin type specification
  * BUG: fix comparisons between masked and unmasked structured arrays
  * ENH: Adopt new macOS Accelerate BLAS/LAPACK Interfaces, including...
  * TYP: Add the missing ``casting`` keyword to ``np.clip``
  * TST: convert cython test from setup.py to meson
  * MAINT: Fixup ``fromnumeric.pyi``
  * BUG, ENH: Fix ``iso_c_binding`` type maps
  * TYP: Allow ``binary_repr`` to accept any object
  * TYP: Explicitly declare ``dtype`` and ``generic`` hashable
  * ENH: Refactor the typing "reveal" tests using `typing.assert_type`
  * ENH: ``meson`` backend for ``f2py``
  * MAINT: Refactor partial load Workaround for Clang
  * BUG: Fix data stmt handling for complex values in f2py
  * TYP: Add annotations for the py3.12 buffer protocol
  * DOC: Updated the f2py docs to remove a note on -fimplicit-none
  * BUG: Fix SIMD f32 trunc test on s390x when baseline is none
  * BUG: Fix DATA statements for f2py
  * API: Add ``NumpyUnpickler`` for backporting
  * MAINT: Xfail test failing on PyPy.
  * ENH: meson: implement BLAS/LAPACK auto-detection
  * DOC: add a 1.26.1 release notes section for BLAS/LAPACK build
  * MAINT: Backport ``numpy._core`` stubs. Remove ``NumpyUnpickler``
  * BUG: loongarch doesn't use REAL(10)
  * MAINT: align test_dispatcher s390x targets with _umath_tests_mtargets
  * ENH: Add Cython enumeration for NPY_FR_GENERIC
  * MAINT: Remove unhelpful error replacements from ``import_array()``
  * BUG: Avoid intp conversion regression in Cython 3
  * MAINT: Add missing ``noexcept`` to shuffle helpers
  * DOC: Fix license identifier for OpenBLAS
  * BLD: improve detection of Netlib libblas/libcblas/liblapack
  * MAINT: Make bitfield integers unsigned
  * BUG: Make n a long int for np.random.multinomial
  * BUG: ensure passing ``np.dtype`` to itself doesn't crash
- Update BuildRequires as appropiate, build system changed from setuptools
  to meson.
- Drop patch ignore-pkg_resources-deprecation.patch, no longer required
- f2py3 no longer shipped

==== python-pip ====
Version update (23.2.1 -> 23.3.1)

- Update to 23.3.1:
  - Bug Fixes
  - Handle a timezone indicator of Z when parsing dates in the
    self check. (#12338)
  - Fix bug where installing the same package at the same time
    with multiple pip processes could fail. (#12361)
- Update to 23.3:
  - Process
  - Added reference to vulnerability reporting guidelines to
    pip's security policy.
  - Features
  - Improve extras resolution for multiple constraints on same
    base package. (#11924)
  - Improve use of datastructures to make candidate selection
    1.6x faster. (#12204)
  - Allow pip install --dry-run to use platform and ABI
    overriding options. (#12215)
  - Add is_yanked boolean entry to the installation report
    (--report) to indicate whether the requirement was yanked
    from the index, but was still selected by pip conform to
    PEP 592. (#12224)
  - Bug Fixes
  - Ignore errors in temporary directory cleanup (show a
    warning instead). (#11394)
  - Normalize extras according to PEP 685 from package metadata
    in the resolver for comparison. This ensures extras are
    correctly compared and merged as long as the package
    providing the extra(s) is built with values normalized
    according to the standard. Note, however, that this
    does not solve cases where the package itself contains
    unnormalized extra values in the metadata. (#11649)
  - Prevent downloading sdists twice when PEP 658 metadata is
    present. (#11847)
  - Include all requested extras in the install report
    (--report). (#11924)
  - Removed uses of datetime.datetime.utcnow from non-vendored
    code. (#12005)
  - Consistently report whether a dependency comes from an
    extra. (#12095)
  - Fix completion script for zsh (#12166)
  - Fix improper handling of the new onexc argument of
    shutil.rmtree() in Python 3.12. (#12187)
  - Filter out yanked links from the available versions
    error message: "(from versions: 1.0, 2.0, 3.0)" will
    not contain yanked versions conform PEP 592. The yanked
    versions (if any) will be mentioned in a separate error
    message. (#12225)
  - Fix crash when the git version number contains something
    else than digits and dots. (#12280)
  - Use -r=... instead of -r ... to specify references with
    Mercurial. (#12306, CVE-2023-5752, bsc#1217353)
  - Redact password from URLs in some additional
    places. (#12350)
  - pip uses less memory when caching large packages. As a
    result, there is a new on-disk cache format stored in a new
    directory ($PIP_CACHE_DIR/http-v2). (#2984)
  - Vendored Libraries
  - Upgrade certifi to 2023.7.22
  - Add truststore 0.8.0
  - Upgrade urllib3 to 1.26.17
  - Improved Documentation
  - Document that pip search support has been removed from PyPI
    (#12059)
  - Clarify --prefer-binary in CLI and docs (#12122)
  - Document that using OS-provided Python can cause pip's test
    suite to report false failures. (#12334)
- Adjust pip-shipped-requests-cabundle.patch.

==== readline ====
Subpackages: libreadline8 readline-doc

- Add upstream patch readline82-002
  * It's possible for readline to try to zero out a line that's not null-
    terminated, leading to a memory fault.
- Add upstream patch readline82-003
- Add upstream patch readline82-004
- Add upstream patch readline82-005
  * If an application is using readline in callback mode, and a signal arrives
    after readline checks for it in rl_callback_read_char() but before it
    restores the application's signal handlers, it won't get processed until the
    next time the application calls rl_callback_read_char(). Readline needs to
    check for and resend any pending signals after restoring the application's
    signal handlers.
- Add upstream patch readline82-006
  * This is a variant of the same issue as the one fixed by patch 5. In this
    case, the signal arrives and is pending before readline calls rl_getc().
    When this happens, the pending signal will be handled by the loop, but may
    alter or destroy some state that the callback uses. Readline needs to treat
    this case the same way it would if a signal interrupts pselect/select, so
    compound operations like searches and reading numeric arguments get cleaned
    up properly.
- Add upstream patch readline82-007
  * If readline is called with no prompt, it should display a newline if return
    is typed on an empty line. It should still suppress the final newline if
    return is typed on the last (empty) line of a multi-line command.

==== sssd ====
Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap

- Adapt spec file for SLE 15 SP6/Leap 15.6; (jsc#PED-6714);
  * Remove package sssd-common, merged into sssd
  * Continue building deprecated files provider and infopipe
    responder
  * Disable selinux and semanage
  * Provide rcsssd shortcut

==== transactional-update ====
Version update (4.4.0 -> 4.5.0)
Subpackages: dracut-transactional-update libtukit4 transactional-update-zypp-config tukit tukitd

- Version 4.5.0
  - libtukit: Use permissions of real /etc when creating overlay
    [bsc#1215878]
  - libtukit, tukit: Support "rollback" via library now
  - tukitd: Implement Snapshot delete and rollback methods
  - tukit: Check for missing arguments with "close" and "abort"
    commands
  - t-u: Warn user when using "kdump" if it isn't configured to
    avoid confusion with "setup-kdump" [boo#1215725]
  - t-u: Abort if mkdumprd run is not successful
  - t-u: Use defaut from config file if t-u is called without
    arguments [gh#openSUSE/transactional-update#101]
  - Improved README.md [gh#openSUSE/transactional-update#59] and
    API docs
  - Code cleanup

==== xen ====
Version update (4.18.0_02 -> 4.18.0_04)
Subpackages: xen-libs xen-tools xen-tools-domU

- Enable the Kconfig options REQUIRE_NX and DIT_DEFAULT to
  provide better hypervisor security
  xen.spec
- Upstream bug fixes (bsc#1027519)
  654370e2-x86-x2APIC-remove-ACPI_FADT_APIC_CLUSTER-use.patch
  65437103-x86-i8259-dont-assume-IRQs-always-target-CPU0.patch
  655b2ba9-fix-sched_move_domain.patch

==== xkeyboard-config ====
Subpackages: xkeyboard-config-lang

- the current source supersedes old sle15-sp5 patches (see
  changelog below)
  * U_Map-evdev-keycodes-KEY_RFKILL-and-KEY_WWAN-to-XF86RF.patch
  * U_Updating-Old-Hungarian.patch
  * U_Fix-media-keys-lag-on-ABNT2-keyboard.patch
  * U_Add-the-new-AZERTY-layout-norm-NF-Z71-300.patch
- includes fixes for
  * missing mappings for evdev keys KEY_RFKILL and KEY_WWAN
    (boo#1123784)
  * capslock in Old Hungarian layout (boo#1153774)
  * wrong keyboard mapping causing input delays with ABNT2 keyboards
    (bsc#1191242)
- includes backport of French standardized AZERTY layout (AFNOR:
  NF Z71-300) (bsc#1188867)
- supersedes a patch called 'U_fixed-keycode-comment.patch' from
  sle15-sp5, which wasn't applied there any longer either.
    <I247> = 247;   // #define KEY_UWB                 239
  is defined in keycodes/evdev since a long time ...