Packages changed:
  apr
  ceph
  discover
  dracut (059+suse.530.gba7b6a35 -> 059+suse.533.g5a7cf9fa)
  fwupd
  jbigkit
  jq (1.7 -> 1.7.1)
  kdump
  krb5 (1.21.1 -> 1.21.2)
  libpwquality
  libssh2_org
  libstorage-ng (4.5.162 -> 4.5.163)
  libvirt
  metamail
  mozilla-nss (3.94 -> 3.95)
  mutter
  open-vm-tools
  perl-Bootloader (1.9 -> 1.10)
  ppp (2.4.9 -> 2.5.0)
  python-hiredis (2.2.2 -> 2.3.2)
  python-lxml (4.9.3 -> 4.9.4)
  python311
  python311-core
  rsync
  sudo (1.9.15p2 -> 1.9.15p4)
  systemd
  vim (9.0.2146 -> 9.0.2181)
  vinagre
  vte (0.74.1 -> 0.74.2)
  wtmpdb (0.9.3 -> 0.10.0)
  zbar

=== Details ===

==== apr ====

- Add reproducible.patch to drop build host name (boo#1084909)

==== ceph ====
Subpackages: librados2 librbd1

- Add ceph-cmake-3.28.patch: Fix build with cmake 3.28 and no git
  command found (https://github.com/ceph/ceph/pull/54963,
  boo#1218111).

==== discover ====
Subpackages: discover-backend-flatpak discover-backend-fwupd discover-backend-packagekit discover-lang

- Update appstream build requirement for compatibility with 1.0.0
  (boo#1217047)
- Remove obsolete version checks

==== dracut ====
Version update (059+suse.530.gba7b6a35 -> 059+suse.533.g5a7cf9fa)

- Update to version 059+suse.533.g5a7cf9fa:
  * feat(dracut.sh): protect `push_host_devs` function
  * fix(dracut.sh): do not add device if `find_block_device` returns an error

==== fwupd ====
Subpackages: fwupd-bash-completion fwupd-lang libfwupd2 typelib-1_0-Fwupd-2_0

- Own %{_modulesloaddir}: used to be present via udev-mini -> kmod
  - > suse-module-tools dependency before.

==== jbigkit ====

- security update
- added patches
  fix CVE-2022-1210 [bsc#1198146], Malicious file leads to a denial of service in TIFF File Handler
  + jbigkit-CVE-2022-1210.patch

==== jq ====
Version update (1.7 -> 1.7.1)
Subpackages: libjq1

- Update to version 1.7.1
  Security
  * Fix CVE-2023-50246 (boo#1218034)
    + Fix heap buffer overflow in jvp_literal_number_literal.
  * Fix CVE-2023-50268 (boo#1218038)
    fix stack-buffer-overflow if comparing nan with payload.
  CLI changes
  * Make the default background color more suitable for bright
    backgrounds.
  * Allow passing the inline jq script after --.
  * Fix possible uninitialised value dereference if jq_init() fails
  Language changes
  * Simplify paths/0 and paths/1.
  * Reject U+001F in string literals.
  * Remove unused nref accumulator in block_bind_library.
  * Remove a bunch of unused variables, and useless assignments.
  * main.c: Remove unused EXIT_STATUS_EXACT option.
  * Actually use the number correctly casted from double to int as
    index.
  * src/builtin.c: remove unnecessary jv_copy-s in
    type_error/type_error2.
  * Remove undefined behavior caught by LLVM 10 UBSAN.
  * Convert decnum to binary64 (double) instead of decimal64.
    This makes jq behave like the JSON specification suggests and
    more similar to other languages.
  * Fix memory leaks on invalid input for ltrimstr/1 and
    rtrimstr/1.
  * Fix memory leak on failed get for setpath/2.
  * Fix nan from json parsing also for nans with payload that
    start with 'n'.
  * Allow carriage return characters in comments.
  Documentation changes
  * Generate links in the man page.
  libjq
  * Add extern C for C++.

==== kdump ====

- Update calibrate values for riscv64

==== krb5 ====
Version update (1.21.1 -> 1.21.2)
Subpackages: krb5-32bit krb5-client

- update to 1.21.2 (bsc#1218211, CVE-2023-39975):
  * Fix double-free in KDC TGS processing [CVE-2023-39975].

==== libpwquality ====
Subpackages: libpwquality-lang libpwquality1 libpwquality1-32bit pam_pwquality pam_pwquality-32bit

- add: prereq "pam-config" in baselibs.conf
  * post scriptlet in pam_pwquality-32bit runs: pam-config

==== libssh2_org ====

- Security fix: [bsc#1218127, CVE-2023-48795]
  * Add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack"
  * Add libssh2_org-CVE-2023-48795.patch

==== libstorage-ng ====
Version update (4.5.162 -> 4.5.163)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1

- merge gh#openSUSE/libstorage-ng#970
- consistent (and original) naming of bcache operations
- coding style
- improved logging
- updated integration tests
- fixed typo
- 4.5.163

==== libvirt ====
Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs

- apparmor: Add capabilities for PCI passthrough to virtxend profile
  bsc#1216656

==== metamail ====

- Have fixed date in mgrep.1 (boo#1047218)

==== mozilla-nss ====
Version update (3.94 -> 3.95)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-tools

- update to NSS 3.95
  * bmo#1842932 - Bump builtins version number.
  * bmo#1851044 - Remove Email trust bit from Autoridad de Certificacion
    Firmaprofesional CIF A62634068 root cert.
  * bmo#1855318 - Remove 4 DigiCert (Symantec/Verisign) Root Certificates
  * bmo#1851049 - Remove 3 TrustCor Root Certificates from NSS.
  * bmo#1850982 - Remove Camerfirma root certificates from NSS.
  * bmo#1842935 - Remove old Autoridad de Certificacion Firmaprofesional
    Certificate.
  * bmo#1860670 - Add four Commscope root certificates to NSS.
  * bmo#1850598 - Add TrustAsia Global Root CA G3 and G4 root certificates.
  * bmo#1863605 - Include P-384 and P-521 Scalar Validation from HACL*
  * bmo#1861728 - Include P-256 Scalar Validation from HACL*.
  * bmo#1861265 - After the HACL 256 ECC patch, NSS incorrectly encodes
    256 ECC without DER wrapping at the softoken level
  * bmo#1837987 - Add means to provide library parameters to C_Initialize
  * bmo#1573097 - clang format
  * bmo#1854795 - add OSXSAVE and XCR0 tests to AVX2 detection.
  * bmo#1858241 - Typo in ssl3_AppendHandshakeNumber
  * bmo#1858241 - Introducing input check of ssl3_AppendHandshakeNumber
  * bmo#1573097 - Fix Invalid casts in instance.c

==== mutter ====
Subpackages: mutter-lang

- Add mutter-fix-text-input-delete-surrounding.patch: text-input-v3
  requrires byte based offset but Clutter uses char based offset
  for delete_surrounding_text, fix it by converting before passing
  arguments (glgo#GNOME/mutter#2146, glgo#GNOME/mutter!2712).

==== open-vm-tools ====
Subpackages: libvmtools0 open-vm-tools-desktop

- Own %{_modulesloaddir}: used to be present via udev-mini -> kmod
  - > suse-module-tools dependency before.

==== perl-Bootloader ====
Version update (1.9 -> 1.10)

- merge gh#openSUSE/perl-bootloader#160
- fix 'pbl --version' to show correct version number
- 1.10

==== ppp ====
Version update (2.4.9 -> 2.5.0)

- Update to version 2.5.0. This release is a major release of pppd
  which contains breaking changes for third-party plugins, a
  complete revamp of the build-system and that allows for
  flexibility of configuring features as needed.
  * CVE-2022-4603, bsc#1218251: improper validation of array index
    of the component pppdump
  * Support for PEAP authentication
  * Support for loading PKCS12 certificate envelopes
  * Adoption of GNU Autoconf / Automake build environment
  * Support for pkgconfig
  * Bunch of fixes and cleanup to PPPoE and IPv6 support
  * Major revision to PPPD's Plugin API
  * Lots of internal fixes and cleanups for Radius and PPPoE
  * Dropped IPX support, as Linux has dropped it in version 5.15
  * Pppd is no longer installed setuid-root
  * New pppd options:
  - ipv6cp-noremote, ipv6cp-nosend, ipv6cp-use-remotenumber,
    ipv6-up-script, ipv6-down-script
  - -v, show-options
  - usepeerwins, ipcp-no-address, ipcp-no-addresses, nosendip
  * On Linux, any baud rate can be set on a serial port provided
    the kernel serial driver supports that.
- Obsoleted patches:
  * ppp-lib64.patch
  * ppp-compiling-with-clang-encounters-an-error-in-eap-tls..patch
  * ppp-pie.patch
- Source file pppoe-discovery.8.gz is now part of the tarball.
- Enable support for systemd notification.

==== python-hiredis ====
Version update (2.2.2 -> 2.3.2)

- update to 2.3.2:
  * Added Python 3.12 to test matrix and classifiers (#174)
  * Linking to Redis learning resources (#173)
  * Updating client license to clear, MIT (#170)
  * Integrating spellcheck into CI (#169)
  * hiredis 1.2.0 support, versioning as 2.3.0 (#168)
  * Fix including tests in sdist (#166)
  * Use absolute imports and remove __init__.py from tests.
  * Implement garbage collection support in Reader (#162) (#163)

==== python-lxml ====
Version update (4.9.3 -> 4.9.4)

- update to 4.9.4:
  * LP#2046398: Inserting/replacing an ancestor into a node's
    children could loop indefinitely.
  * LP#1980767, GH#379: ``TreeBuilder.close()`` could fail with a
    ``TypeError`` after parsing incorrect input.
  * LP#1522052: A file-system specific test is now optional and
    should no longer fail on systems that don't support it.
  * Built with Cython 0.29.37.
- drop libxml2212-tests.patch (upstream)

==== python311 ====
Subpackages: python311-curses python311-dbm python311-x86-64-v3

- Refresh CVE-2023-27043-email-parsing-errors.patch to
  gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
- Thus we can remove Revert-gh105127-left-tests.patch, which is
  now useless.

==== python311-core ====
Subpackages: libpython3_11-1_0 libpython3_11-1_0-x86-64-v3 python311-base python311-base-x86-64-v3

- Refresh CVE-2023-27043-email-parsing-errors.patch to
  gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
- Thus we can remove Revert-gh105127-left-tests.patch, which is
  now useless.

==== rsync ====

- Moved rsyncd.conf and rsyncd.secrets to /usr/etc.
  * Add rsync-usr-etc.patch

==== sudo ====
Version update (1.9.15p2 -> 1.9.15p4)
Subpackages: sudo-plugin-python

- For existing products (SLE15-SP* and older) keep using /etc and don't
  switch to /usr/etc. So only SLES16/ALP, Tumbleweed and newer products
  will use both /etc and /usr/etc locations.
- Update to 1.9.15p4:
  * Fixed a bug introduced in sudo 1.9.15 that could prevent a user’s
    privileges from being listed by sudo -l if the sudoers entry
    in /etc/nsswitch.conf contains [SUCCESS=return]. This did not affect the
    ability to run commands via sudo. Bug #1063.
- Update to 1.9.15p3:
  * Always disable core dumps when sudo sends itself a fatal signal. Fixes a
    problem where sudo could potentially dump core dump when it re-sends the
    fatal signal to itself. This is only an issue if the command   * received
    a signal that would normally result in a core dump but the command did
    not actually dump core.
  * Fixed a bug matching a command with a relative path name when the sudoers
    rule uses shell globbing rules for the path name. Bug #1062.
  * Permit visudo to be run even if the local host name is not set. GitHub
    issue #332.
  * Fixed an editing error introduced in sudo 1.9.15 that could prevent
    sudoreplay from replaying sessions correctly. GitHub issue #334.
  * Fixed a bug introduced in sudo 1.9.15 where sudo -l > /dev/null could hang
    on Linux systems. GitHub issue #335.
  * Fixed a bug introduced in sudo 1.9.15 where Solaris privileges specified
    in sudoers were not applied to the command being run.

==== systemd ====
Subpackages: libsystemd0 libsystemd0-32bit libudev1 systemd-32bit systemd-boot systemd-container systemd-coredump systemd-lang udev

- udev: only require kmod in the full flavor. udev-mini is only
  used inside OBS in a strictly defined setup and udev will never
  have to load device drivers there.
- Import commit 071ac409a0564863657d8f8a5a35e6a4f914695f
  071ac409a0 rules: set up tty permissions and group for /dev/hvc* nodes
  f693b3ed8a vconsole-setup: remember the correct error value when open_terminal() fails
  963d838bad vconsole-setup: handle the case where the vc is in KD_GRAPHICS mode more gracefully (bsc#1215282)
  6f53f71d2d vconsole-setup: simplify error handling

==== vim ====
Version update (9.0.2146 -> 9.0.2181)
Subpackages: vim-data vim-data-common xxd

- update to 9.0.2181:
  * Vim9: missing error messages
  * update helptags
  * POSIX function name in exarg causes issues
  * no filetype detection for execline scripts
  * reg_executing() wrong for :normal with range
  * Wrong cursor position when dragging out of window
  * Update Serbian messages translation
  * runtime(netrw): prevent E11 on FocusGained autocommand
  * Update Japanese translation
  * runtime(8th): updated 8th syntax
  * change dependabot prefix to "CI"
  * Update change.txt
  * Compile error with Motif UI + mouse support
  * Create Changelog until v9.0.2175
  * Update Italian translations
  * Update tmux syntax rules
  * Update Turkish translations
  * Compiler warning for uninitialized var
  * update fortran syntax rules and doc notes
  * Vim9: segfault when assigning to type
  * remove deprecation warning for gdefault
  * Vim9: crash when compiling for statement and non-existing type
  * Vim9: compiling :defer may fail
  * Updated Irish translation
  * Update Logtalk runtime files for the latest language spec
  * update Racket runtime files
  * Update colorschemes
  * The options[] array is still not sorted alphabetically
  * Vim9: no support for const/final class/objects vars
  * Vim9: builtin funcs may accept a non-value
  * Moving tabpages on :drop may cause an endless loop
  * sync runtime files with upstream
  * grammar & typo fixes
  * add Tbreak command
  * Vim9: not consistently using :var for declarations
  * Memory leak in Configure Script when checking GTK
  * Vim9: can simplify arg type checking code
  * Vim9: can use type a func arg/return value
  * escape curdir in BrowseUpDir
  * Vim9: type can be assigned to list/dict
  * Vim9: type documentation out-dated
  * Vim9: not able to use imported interfaces and classes
  * instanceof() should use varargs as second arg
  * Update syntax file, fix missing for highlight
  * screenpos() may crash with neg. column
  * [security]: use-after-free in check_argument_type
  * Vim9: incorrectly parses :def func definitions
  * Vim9: can use typealias in assignment
  * ft detection maybe wrong if 'fic' set for *.[CH]
  * re-generate helptags
  * do not set b:did_ftplugin before sourcing scala ftplugin(#13657)
  * Fix `w:netrw_bannercnt` ref error with `netrw_fastbrowse=2`
  * fix examples in comments for JSON formatting
  * Add json formating plugin (Issue #11426)
  * Update syntax file
  * link cmdline completion to to |wildcards| and fix typos
  * Update eval.txt
  * Vim9: type not kept when assigning vars
  * The option[] array is not sorted
  * unlet b:filetype_in_cpp_family for cpp & squirrel
  * fix typo in change.txt
  * update syntax and ftplugins
  * Update syntax file and syntax test
  * Sort options.txt alphabetically
  * update todo items
  * sort option-list alphabetically
  * no support to build on OpenVMS
  * Using type unknown for List/Dict containers
  * 'breakindent' is not drawn after diff filler lines
  * remove non-existent parameter in shift-command
  * Using int for errbuflen in option funcs
  * [security]: use-after-free in exec_instructions()
  * Vim does not detect pacman.log file
  * reference 'go-!' inside os_win32.txt for !start
  * Type check tests fail without the channel feature

==== vinagre ====
Subpackages: vinagre-lang

- Disable RDP support for the time being: vinagre has been archived
  upstream and does not support freerdp 3.0. If you rely on RDP
  connections, please switch to GNOME Connections.

==== vte ====
Version update (0.74.1 -> 0.74.2)
Subpackages: libvte-2_91-0 typelib-1_0-Vte-2_91 vte-lang

- Update to version 0.74.2:
  * lib,bidi: Work on the heap rather than the stack
  * stream: Fix a rare corruption when advancing the tail
  * widget: Fix initial cursor blink state
  * build: Post release version bump

==== wtmpdb ====
Version update (0.9.3 -> 0.10.0)
Subpackages: libwtmpdb0

- Update to version 0.10.0
  - last: support matching for username and/or tty

==== zbar ====

- security update:
  * CVE-2023-40889 [bsc#1214770]
    Fix heap based buffer overflow in qr_reader_match_centers()
    + zbar-CVE-2023-40889.patch
  * CVE-2023-40890 [bsc#1214771]
    Fix stack based buffer overflow in lookup_sequence()
    + zbar-CVE-2023-40890.patch