Packages changed:
  desktop-file-utils
  ffmpeg-5 (5.1.2 -> 5.1.3)
  gnome-branding-MicroOS (20230323 -> 20230420)
  grep (3.9 -> 3.10)
  libpaper (2.0.10 -> 2.1.0)
  libpng16
  libunistring
  libxml2 (2.10.3 -> 2.10.4)
  microos-tools (2.20+git20230413.2a43cdb -> 2.21+git0)
  mpfr
  ncurses (6.4.20230408 -> 6.4.20230418)
  pam (1.5.2 -> 1.5.2.90)
  pam-config (2.4 -> 2.5)
  pam-full-src (1.5.2 -> 1.5.2.90)
  patterns-gnome
  patterns-microos
  plasma-branding-MicroOS (20230323 -> 20230420)
  plasma5-desktop
  python-pymemcache
  qalculate (4.5.1 -> 4.6.1)
  selinux-policy (20230321 -> 20230420)
  shadow
  snapper
  tuned (2.19.0.29+git.b894a3e -> 2.20.0.18+git.7b1a20b)
  vulkan-loader (1.3.243.0 -> 1.3.247)
  vulkan-tools (1.3.243.0 -> 1.3.247)
  xkeyboard-config
  yast2-trans (84.87.20230416.972001c66e -> 84.87.20230420.b54e9530)

=== Details ===

==== desktop-file-utils ====

- suse-update-mime-defaults:
  * add support for MATE desktop
  * ensure C locale is set for sorting order
  * fix quoting of DESTDIR

==== ffmpeg-5 ====
Version update (5.1.2 -> 5.1.3)
Subpackages: libavcodec59 libavfilter8 libavformat59 libavutil57 libpostproc56 libswresample4_ff5 libswscale6

- Update to version 5.1.3:
  * avcodec/012v: Order operations for odd size handling
  * avcodec/alsdec:
  - Check bits left before block decoding in non multi channel
    coding loop
  - The minimal block is at least 7 bits
  * avcodec/atrac3plus: reorder channels to match the output layout
  * avcodec/audiotoolboxenc: return AVERROR_EXTERNAL immediately
    when encode error
  * avcodec/bink:
  - Avoid undefined out of array end pointers in
    binkb_decode_plane()
  - Fix off by 1 error in ref end
  * avcodec/eac3dec: avoid float noise in fixed mode addition to
    overflow
  * avcodec/eatgq: : Check index increments in tgq_decode_block()
  * avcodec/escape124:
  - Fix signdness of end of input check
  - Fix some return codes
  * avcodec/ffv1dec:
  - Check that num h/v slices is supported
  - Fail earlier if prior context is corrupted
  * avcodec/ffv1dec: restructure slice coordinate reading a bit
  * avcodec/h274: fix include
  * avcodec/libjxldec:
  - Fix gamma22 and gamma28 recognition
  - Avoid hard failure with unspecified primaries
  * avcodec/mjpegenc: take into account component count when
    writing the SOF header size
  * avcodec/mlpdec: Check max matrix instead of max channel in
    noise check
  * avcodec/motionpixels: Mask pixels to valid values
  * avcodec/mpeg12dec:
  - Check input size
  - Use init_get_bits8 and check the return value
  * avcodec/nvenc: fix vbv buffer size in cq mode
  * avcodec/pictordec: Remove mid exit branch
  * avcodec/pngdec:
  - Check deloco index more exactly
  - Dont skip/read chunk twice
  * avcodec/rpzaenc: stop accessing out of bounds frame
  * avcodec/scpr3: Check bx
  * avcodec/scpr: Test bx before use
  * avcodec/smcenc: stop accessing out of bounds frame
  * avcodec/snowenc: Fix visual weight calculation
  * avcodec/speedhq: Check buf_size to be big enough for DC
  * avcodec/speexdec: Check channels > 2
  * avcodec/sunrast: Fix maplength check
  * avcodec/tests/snowenc:
  - Fix 2nd test
  - Return a failure if DWT/IDWT mismatches
  - Unbreak DWT tests
  * avcodec/tiff: Ignore tile_count
  * avcodec/utils:
  - Allocate a line more for VC1 and WMV3
  - Ensure linesize for SVQ3
  - Use 32pixel alignment for bink
  * avcodec/videodsp_template: Adjust pointers to avoid undefined
    pointer things
  * avcodec/wavpack:
  - Avoid undefined shift in get_tail()
  - Check for end of input in wv_unpack_dsd_high()
  * avcodec/xpmdec: Check size before allocation to avoid
    truncation
  * avcodec/aacdec: fix parsing streams with channel configuration
    11
  * avformat/id3v2: Check taglen in read_uslt()
  * avformat/mov: Check samplesize and offset to avoid integer
    overflow
  * avformat/mxfdec: Use 64bit in remainder
  * avformat/replaygain: avoid undefined / negative abs
  * avformat/vividas: Check packet size
  * avutil/tx: Use unsigned in ff_tx_fft_sr_combine() to avoid
    undefined behavior
  * hwcontext_vulkan: remove optional encode/decode extensions from
    the list
  * lavf/async: Fix ring_write return value
  * lavu/vulkan: fix handle type for 32-bit targets
  * libswscale: force a minimum size of the slide for bayer sources
  * swscale/input: Use more unsigned intermediates
  * swscale/output:
  - Bias 16bps output calculations to improve non overflowing
    range
  - Bias 16bps output calculations to improve non overflowing
    range for GBRP16/GBRPF32
  * swscale: aarch64: Fix yuv2rgb with negative strides
  * Use https for repository links
  * vulkan: Fix win/i386 calling convention
- Rebase patches with quilt.
- Drop ffmpeg-CVE-2022-3964.patch: Fixed upstream.
- Drop no-vk-video-decoding.patch: Upstream removed this optional
  code.
- Use ldconfig_scriptlets macro.

==== gnome-branding-MicroOS ====
Version update (20230323 -> 20230420)

- Remove unneeded cleanup of desktop drop-in
- 20230420
- Correct location for Desktop drop-in config
- Clean up invalid desktop drop-in file
- 20230419

==== grep ====
Version update (3.9 -> 3.10)
Subpackages: grep-lang

- update to 3.10:
  * With -P, \d now matches only ASCII digits, regardless of
    PCRE options/modes. The changes in grep-3.9 to make ^H and \w
    work properly had the undesirable side effect of making \d
    also match e.g., the Arabic digits: ٠١٢٣٤٥٦٧٨٩.
    With grep-3.9, -P '\d+' would match that ten-digit (20-byte)
    string. Now, to match such a digit, you would use \p{Nd}.
    Similarly, \D is now mapped to [^0-9].

==== libpaper ====
Version update (2.0.10 -> 2.1.0)
Subpackages: libpaper-tools libpaper2

- Update to 2.1.0:
  * This release reintroduces the old ‘paperconf’ utility, for
    backwards compatibility only.

==== libpng16 ====

- Fix license tag to libpng-2.0.

==== libunistring ====

- Fix license tag to GPL-3.0-or-later or LGPL-3.0-or-later.

==== libxml2 ====
Version update (2.10.3 -> 2.10.4)
Subpackages: libxml2-2 libxml2-tools

- Update to version 2.10.4:
  + Security:
  - [CVE-2023-29469, bsc#1210412] Hashing of empty dict strings
    isn’t deterministic
  - [CVE-2023-28484, bsc#1210411] Fix null deref in
    xmlSchemaFixupComplexType
  - schemas: Fix null-pointer-deref in
    xmlSchemaCheckCOSSTDerivedOK
  + Regressions:
  - SAX2: Ignore namespaces in HTML documents
  - io: Fix “buffer full” error with certain buffer sizes

==== microos-tools ====
Version update (2.20+git20230413.2a43cdb -> 2.21+git0)

- Switch to obs_scm
- Call autogen.sh so that it actually builds
- Update to version 2.21+git0:
  * Release version 2.21
  * 98selinux-microos: Work around overlayfs bug (bsc#1210690)
  * 98selinux-microos: Create .relabelled marker before relabelling

==== mpfr ====

- Add mpfr-4.2.0-cummulative.patch, cummulative patches for
  mpfr 4.2.0:
  * A test of the thousands separator in tsprintf.c is based on the
    output from the GNU C Library up to 2.36, which is incorrect.
  * The mpfr_ui_pow_ui function has infinite loop in case of overflow.
  * The tfprintf and tprintf tests may fail in locales where decimal_point
    has several bytes, such as ps_AF.
  * In particular cases that are very hard to round, mpfr_rec_sqrt may yield
    a stack overflow due to many small allocations in the stack, based on
    alloca().
- Remove tests-tsprintf.patch that's included in the above set.

==== ncurses ====
Version update (6.4.20230408 -> 6.4.20230418)
Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen

- Fix get_version_number.sh to show version without suffix gz.asc
- Add ncurses patch 20230418 (boo#1210485, (boo#1210434)
  + improve checks for limits on privileged execution:
    + modify _nc_syserr_abort() to use _nc_env_access(), rather than
    only checking root uid.
    + use getauxval() when available, to improve setuid/setgid checks.
    + modify test packages to disable root access/environ options.
  + modify tgoto() to accept no-parameter capabilities, for joe editor
    (OpenSUSE #1210485, Gentoo #904263).
- Add signatures of the patches as well in patch tar ball
- Add ncurses patch 20230415 (boo#1210485)
  + configure script fixes:
    + fix copy/paste error in configure option --disable-root-access
    (report/patch by Sven Joachim).
    + modify CF_XOPEN_SOURCE macro's amend default case to avoid
    undefining _XOPEN_SOURCE if _POSIX_C_SOURCE is defined.
  + modify test_tparm to account for extended capabilities.
  + add checks in tparm() and tiparm() for misuse of numeric parameters,
    overlooked in 20230408.
  + fix errata in clear.1 and curs_terminfo.3x

==== pam ====
Version update (1.5.2 -> 1.5.2.90)

- pam-extra: add split provide
- pam-userdb: add split provide
- Drop pam-xauth_ownership.patch, got fixed in sudo itself
- Drop pam-bsc1177858-dont-free-environment-string.patch, was a
  fix for above patch
- Use bcond selinux to disable SELinux
- Remove old pam_unix_* compat symlinks
- Move pam_userdb to own pam-userdb sub-package
- pam-extra contains now modules having extended dependencies like
  libsystemd
- Update to 1.5.3.90 git snapshot
- Drop merged patches:
  - pam-git.diff
  - docbook5.patch
  - pam_pwhistory-docu.patch
  - pam_xauth_data.3.xml.patch
- Drop Linux-PAM-1.5.2.90.tar.xz as we have to rebuild all
  documentation anyways and don't use the prebuild versions
- Move all devel manual pages to pam-manpages, too. Fixes the
  problem that adjusted defaults not shown correct.

==== pam-config ====
Version update (2.4 -> 2.5)

- Update to version 2.5
  - Add skip_if option for pam_wtmpdb

==== pam-full-src ====
Version update (1.5.2 -> 1.5.2.90)

- pam-extra: add split provide
- pam-userdb: add split provide
- Drop pam-xauth_ownership.patch, got fixed in sudo itself
- Drop pam-bsc1177858-dont-free-environment-string.patch, was a
  fix for above patch
- Use bcond selinux to disable SELinux
- Remove old pam_unix_* compat symlinks
- Move pam_userdb to own pam-userdb sub-package
- pam-extra contains now modules having extended dependencies like
  libsystemd
- Update to 1.5.3.90 git snapshot
- Drop merged patches:
  - pam-git.diff
  - docbook5.patch
  - pam_pwhistory-docu.patch
  - pam_xauth_data.3.xml.patch
- Drop Linux-PAM-1.5.2.90.tar.xz as we have to rebuild all
  documentation anyways and don't use the prebuild versions
- Move all devel manual pages to pam-manpages, too. Fixes the
  problem that adjusted defaults not shown correct.

==== patterns-gnome ====
Subpackages: patterns-gnome-gnome_basic patterns-gnome-gnome_basis patterns-gnome-gnome_basis_opt patterns-gnome-sw_management_gnome

- Drop pidgin and planner Recommends from openSUSE, only install by
  default on SLED. Planner is no longer available on Tumbleweed.

==== patterns-microos ====
Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap

- Relocate the below change to kernel-firmware-all and sof-firmware
  from base pattern to desktop-common - the requirement is for
  very broad hardware support Desktops, not ever MicroOS install
- Add kernel-firmware-all and sof-firmware to the base pattern.
  This should ensure any MicroOS system can handle the various
  kinds/vendors of hardware out of the box, since those systems
  don't use package recommendation/supplementation (boo#1184767,
  boo#1210483).
- Add missing gtk4-branding-openSUSE requirement (GTK2 and GTK3 are
  already being required).
- Drop duplicated NetworkManager requirement from GNOME pattern.
  This is part of the base pattern which get's pulled in by any
  MicrOS system.
- Move xdg-desktop-portal-gtk to the desktop common pattern. Both
  GNOME and KDE need it for proper theming of GTK-based flatpak
  apps.

==== plasma-branding-MicroOS ====
Version update (20230323 -> 20230420)

- Remove unneeded cleanup of desktop drop-in
- 20230420
- Correct location for Desktop drop-in config
- Clean up invalid desktop drop-in file
- 20230419

==== plasma5-desktop ====
Subpackages: plasma5-desktop-emojier plasma5-desktop-lang

- Add patch to fix configuration of mouse acceleration with
  xf86-input-libinput >= 1.3.0 (kde#468217):
  * 0001-KCM-mouse-enable-compatibility-with-x11-libinput-1.3.patch

==== python-pymemcache ====

- add sle15_python_module_pythons (jsc#PED-68)
- Make calling of %{sle15modernpython} optional.

==== qalculate ====
Version update (4.5.1 -> 4.6.1)
Subpackages: libqalculate22 qalculate-data

- Update to 4.6.1:
  * Do not automatically by default set prefix higher than kilo for meter,
    gram, higher than 1 (no prefix) for second and litre, or lower than 1
    for byte and bit
  * Do not use recently introduced SI prefixes (R, Q, r, q)
    automatically by default
  * Do not set automatic prefix if resulting multiplier is
    less than 1 or greater than 1000, with some exceptions (e.g. km)
  * Default prefix unit property (use for gram, and few other units,
    instead of hard coded value)
  * Option to change symbols used for output of digits 10 and 11 in
    duodecimal numbers (use A and B as default digits)
  * Allow the same variable left and right of the equals sign (e.g. var=var+2),
    in variable assignment without colon, if the variable exists and the
    previous value is known
  * Use Unicode symbol for minus in scientific e notation
  * Do not show multiplier if exactly 1, in HTML output of scientific notation
  * Prefer Nm (torque) over J when the result is a vector with three components
  * Add "amp" abbreviation to ampere unit, and "thou" name for 1/1000 in (mil)
  * Fix unit order for Nm and Ws
  * Fix conversion from ounce (interpreted as fluid ounce) to litre with prefix
  * Fix automatic reactivation of global object after deletion of conflicting object
  * Fix parsing of scientific e notation when the number is extremely large and
    exponentiation fails because of floating point overflow
  * Fixes for output of scientific notation using number bases other than decimal
  * Fix prefix selection in denominator when multiplier is higher than the
    value of the largest prefix
  * Fix segfault in multisolve()
  * Don't show anything on empty input
  * Support "help [OPTION]" and "help set [OPTION]" command to display
    description for a single set option
  * Fix division and exponentiation of scalar by matrix/vector, e.g. 4./[8 4.5]
  * Improve parsing of element-wise operators with comma as decimal separator
  * Fix rref() with different units for different elements
  * Fix segfault with empty vector in uncertainty calculation
  * Fix segfault trying to solve cbrt(x)^(1/3)-x=0
  * Fix segfault in handling of vector variable with uncertainty
  * Fix internal id does not exist error
  * Fix erroneous simplification of sin(x)^2*y-cos(x)sin(x)^2y
  * Do not try to calculate norm() and magnitude() for matrices
  * Fix some memory leaks
  * Fix order of argument titles in csum() function

==== selinux-policy ====
Version update (20230321 -> 20230420)
Subpackages: selinux-policy-targeted

- Update to version 20230420:
  * libzypp creates temporary files in /var/adm/mount. Label it with
    rpm_var_cache_t to prevent wrong labels in /var/cache/zypp
  * only use rsync_exec_t for the rsync server, not for the client
    (bsc#1209890)
  * properly label sshd-gen-keys-start to ensure ssh host keys have proper
    labels after creation
  * Allow dovecot-deliver write to the main process runtime fifo files
  * Allow dmidecode write to cloud-init tmp files
  * Allow chronyd send a message to cloud-init over a datagram socket
  * Allow cloud-init domain transition to insights-client domain
  * Allow mongodb read filesystem sysctls
  * Allow mongodb read network sysctls
  * Allow accounts-daemon read generic systemd unit lnk files
  * Allow blueman watch generic device dirs
  * Allow nm-dispatcher tlp plugin create tlp dirs
  * Allow systemd-coredump mounton /usr
  * Allow rabbitmq to read network sysctls
  * Allow certmonger dbus chat with the cron system domain
  * Allow geoclue read network sysctls
  * Allow geoclue watch the /etc directory
  * Allow logwatch_mail_t read network sysctls
  * allow systemd_resolved_t to bind to all nodes (bsc#1200182)
  * Allow insights-client read all sysctls
  * Allow passt manage qemu pid sock files
  * Allow sssd read accountsd fifo files
  * Add support for the passt_t domain
  * Allow virtd_t and svirt_t work with passt
  * Add new interfaces in the virt module
  * Add passt interfaces defined conditionally
  * Allow tshark the setsched capability
  * Allow poweroff create connections to system dbus
  * Allow wg load kernel modules, search debugfs dir
  * Boolean: allow qemu-ga manage ssh home directory
  * Label smtpd with sendmail_exec_t
  * Label msmtp and msmtpd with sendmail_exec_t
  * Allow dovecot to map files in /var/spool/dovecot
  * Confine gnome-initial-setup
  * Allow qemu-guest-agent create and use vsock socket
  * Allow login_pgm setcap permission
  * Allow chronyc read network sysctls
  * Enhancement of the /usr/sbin/request-key helper policy
  * Fix opencryptoki file names in /dev/shm
  * Allow system_cronjob_t transition to rpm_script_t
  * Revert "Allow system_cronjob_t domtrans to rpm_script_t"
  * Add tunable to allow squid bind snmp port
  * Allow staff_t getattr init pid chr & blk files and read krb5
  * Allow firewalld to rw z90crypt device
  * Allow httpd work with tokens in /dev/shm
  * Allow svirt to map svirt_image_t char files
  * Allow sysadm_t run initrc_t script and sysadm_r role access
  * Allow insights-client manage fsadm pid files
  * Allowing snapper to create snapshots of /home/ subvolume/partition
  * Add boolean qemu-ga to run unconfined script
  * Label systemd-journald feature LogNamespace
  * Add none file context for polyinstantiated tmp dirs
  * Allow certmonger read the contents of the sysfs filesystem
  * Add journalctl the sys_resource capability
  * Allow nm-dispatcher plugins read generic files in /proc
- Add debug-build.sh script to make debugging without committing easier

==== shadow ====
Subpackages: libsubid4 login_defs

- bsc#1210507 (CVE-2023-29383):
  Check for control characters
- Add shadow-CVE-2023-29383.patch

==== snapper ====
Subpackages: libsnapper7 snapper-zypp-plugin

- fixed deleting configs (bsc#1210716)

==== tuned ====
Version update (2.19.0.29+git.b894a3e -> 2.20.0.18+git.7b1a20b)

- New polkit interface has been reviewed by security bsc#1185418
- Remove old outdated spec scripts before suse_version 1500
- Separate SAP and related profiles to not be installed in SLE 15 SPx
  and older, but add them with openSUSE (as before), ALP and upcoming
  SLE distros
- Update to version tuned-2.20.0.18+git.7b1a20b
  * scheduler: fix traceback if running with runtime=0
  * plugin_scheduler: fix perf fd leaks
  * Better log on unsupported hw for pm_qos_resume_latency_us option
  * fix-tuned-profiles-adoc-error
  * explicitly use /bin/bash for tuned scripts
  * set the icon in the about dialog
  * install dbus policy in /usr/share/dbus-1
  * tuned-adm: better error message for unauthorized switch_profile
  * man: updated manual pages to be more consistent
  * spec: dropped unneeded ncat dependency
  * fix log error
  * Report reapplied sysctls only on different values
  * Fixing no _evlist attribute when run without daemon
  * fix 'is_active' does not work
  * new release (2.20.0-rc.1)
  * build: fixed FTBFS with python2
  * Expose TuneD API to the Unix Domain Socket.
  * Inform users about reapplied sysctls
  * API: add support for moving devices between instances
  * throughput-performance: set net.core.somaxconn to at least 2048
  * Adding support for cpu intel_pstate scaling driver
  * configparser: use no strict parser to mimic old behavior
  * Adding pm_qos_resume_latency_us option for cpu plugin.i
  * Makefile: added fix for python-3.12
  * D-Bus: only send tracebacks through the D-Bus if in the debug mode
  * update vendor_url in policy file
  * correct section of the tuned-profiles-openshift manpage
  * Allow selecting a different pkg-config executable
  * fix tuned/gtk/gui_profile_loader.py spell error
  * bootloader: create bootcmdline even when skip_grub_config=true
  * profiles: added aws profile for aws ec2 instances
  * Closing fd from perf module in scheduler plugin

==== vulkan-loader ====
Version update (1.3.243.0 -> 1.3.247)

- Update to 1.3.247
  * Make correct layer be used when duplicates are present
  * Fix ordering regression for VK_INSTANCE_LAYERS

==== vulkan-tools ====
Version update (1.3.243.0 -> 1.3.247)

- Update to release 1.3.247
  * vulkaninfo: Dont enable Direct Driver Loading Ext
  * vkcubepp: Fix custom height not working

==== xkeyboard-config ====
Subpackages: xkeyboard-config-lang

- remove CCDL from license strings (boo#1210681)

==== yast2-trans ====
Version update (84.87.20230416.972001c66e -> 84.87.20230420.b54e9530)
Subpackages: yast2-trans-cs yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-fr yast2-trans-hu yast2-trans-it yast2-trans-ja yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ru yast2-trans-zh_CN yast2-trans-zh_TW

- Update to version 84.87.20230420.b54e9530:
  * Translated using Weblate (Dutch)
  * Translated using Weblate (Japanese)
  * Translated using Weblate (Catalan)
  * New POT for text domain 'storage'.
  * Translated using Weblate (Czech)