Packages changed:
  crypto-policies (20210917.c9d86d1 -> 20230420.3d08ae7)
  diffutils (3.9 -> 3.10)
  grep (3.10 -> 3.11)
  gstreamer (1.22.2 -> 1.22.3)
  gstreamer-plugins-bad (1.22.2 -> 1.22.3)
  gstreamer-plugins-base (1.22.2 -> 1.22.3)
  gstreamer-plugins-good (1.22.2 -> 1.22.3)
  icewm (3.3.4 -> 3.3.5)
  kernel-source (6.3.2 -> 6.3.4)
  libgcrypt
  libqt5-qtwebengine (5.15.13 -> 5.15.14)
  lsof
  mdadm
  mutter
  zstd

=== Details ===

==== crypto-policies ====
Version update (20210917.c9d86d1 -> 20230420.3d08ae7)
Subpackages: crypto-policies-scripts

- FIPS: Enable to set the kernel FIPS mode with fips-mode-setup
  and fips-finish-install commands, add also the man pages. The
  required FIPS modules are left to be installed by the user.
  * Rebase crypto-policies-FIPS.patch
- Revert a breaking change that introduces the config option
  rh-allow-sha1-signatures that is unkown to OpenSSL and fails
  on startup. We will consider adding this option to openssl.
  * https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/commit/97fe4494
  * Add crypto-policies-revert-rh-allow-sha1-signatures.patch
- Update the update-crypto-policies(8) man pages and README.SUSE
  to mention the supported back-end policies. [bsc#1209998]
  * Add crypto-policies-supported.patch
- Update to version 20230420.3d08ae7:
  * openssl, alg_lists: add brainpool support
  * openssl: set Groups explicitly
  * codespell: ignore aNULL
  * rpm-sequoia: allow 1024 bit DSA and SHA-1 per FeSCO decision 2960
  * sequoia: add separate rpm-sequoia backend
  * crypto-policies.7: state upfront that FUTURE is not so interoperable
  * Makefile: update for asciidoc 10
  * Skip not needed LibreswanGenerator and SequoiaGenerator:
  - Add crypto-policies-policygenerators.patch
  * Remove crypto-policies-test_supported_modules_only.patch
  * Rebase crypto-policies-no-build-manpages.patch
- Update to version 20221214.a4c31a3:
  * bind: expand the list of disableable algorithms
  * libssh: Add support for openssh fido keys
  * .gitlab-ci.yml: install krb5-devel for krb5-config
  * sequoia: check using sequoia-policy-config-check
  * sequoia: introduce new back-end
  * Makefile: support overriding asciidoc executable name
  * openssh: make none and auto explicit and different
  * openssh: autodetect and allow forcing RequiredRSASize presence/name
  * openssh: remove _pre_8_5_ssh
  * pylintrc: update
  * Revert "disable SHA-1 further for a Fedora 38 Rawhide "jump scare"..."
  * disable SHA-1 further for a Fedora 38 Rawhide "jump scare"...
  * Makefile: exclude built manpages from codespell
  * add openssh HostbasedAcceptedAlgorithms
  * openssh: add RSAMinSize option following min_rsa_size
  * Revert ".gitlab-ci.yml: skip pylint (bz2069837)"
  * docs: add customization recommendation
  * tests/java: fix java.security.disableSystemPropertiesFile=true
  * policies: add FEDORA38 and TEST-FEDORA39
  * bind: control ED25519/ED448
  * openssl: disable SHA-1 signatures in FUTURE/NO-SHA1
  * .gitlab-ci.yml: skip pylint (bz2069837)
  * openssh: add support for sntrup761x25519-sha512@openssh.com
  * fips-mode-setup: fix one unrelated check to intended state
  * fips-mode-setup, fips-finish-install: abandon /etc/system-fips
  * Makefile: fix alt-policy test of LEGACY:AD-SUPPORT
  * fips-mode-setup: catch more inconsistencies, clarify --check
  * fips-mode-setup: improve handling FIPS plus subpolicies
  * .gitlab-ci.yml: use rawhide so that we get gnutls 3.7.3
  * gnutls: enable SHAKE, needed for Ed448
  * gnutls: use allowlisting
  * openssl: add newlines at the end of the output
  * FIPS:OSPP: relax -ECDSA-SHA2-512, -FFDHE-*
  * fips-mode-setup, fips-finish-install: call zipl more often
  * Add crypto-policies-rpmlintrc file to avoid files-duplicate,
    zero-length and non-conffile-in-etc warnings.
  * Rebase patches:
  - crypto-policies-FIPS.patch
  - crypto-policies-no-build-manpages.patch
  * Update README.SUSE

==== diffutils ====
Version update (3.9 -> 3.10)
Subpackages: diffutils-lang

- diffutils 3.10:
  * cmp/diff can again work with file dates past Y2K38
  * diff -D no longer fails to output #ifndef lines

==== grep ====
Version update (3.10 -> 3.11)
Subpackages: grep-lang

- update to 3.11:
  * With -P, patterns like [\d] now work again. Fixing this
    has caused grep to revert to the behavior of grep 3.8, in that
    patterns like \w and ^H go back to using ASCII rather
    than Unicode interpretations.
    However, future versions of GNU grep and/or PCRE2 are
    likely to fix this and change the behavior of \w and ^H
    back to Unicode again, without breaking [\d] as 3.10 did.

==== gstreamer ====
Version update (1.22.2 -> 1.22.3)
Subpackages: gstreamer-lang libgstreamer-1_0-0 typelib-1_0-Gst-1_0

- Update to version 1.22.3:
  + Highlighted bugfixes:
  - avdec: fix occasional video decoder deadlock on seeking with
    FFmpeg 6.0.
  - decodebin3: fix regression handling input streams without
    CAPS or TIME segment such as e.g. udpsrc or `pushfilesrc.
  - bluez: a2dpsink: fix Bluetooth SIG Certification test
    failures.
  - osxvideosink: fix deadlock upon closing output window.
  - qtdemux: fix edit list handling regression and AV1 codec box
    parsing.
  - qtmux: fix extraction of CEA608 closed caption data from
    S334-1A packets.
  - rtspsrc: Fix handling of * control path.
  - splitmux: timestamp handling improvements.
  - v4l2videodec: Rework dynamic resolution change handling
    (needed for IMX6 mainline codec).
  - videoflip: fix regression with automatically rotating video
    based on tags.
  - d3d11: many d3d11videosink and d3d11compositor fixes.
  - webrtc, rtp: numerous data race fixes and stability fixes.
  - various bug fixes, memory leak fixes, and other stability and
    reliability improvements.
  + gstreamer:
  - tracing: Initialize tracing infrastructure even if the debug
    system is not compiled in.
  - parse-launch: fix missing unref of looked-up child element.
  - gstutils: Add category and object to most logging messages.
- Rebase reduce-required-meson.patch.

==== gstreamer-plugins-bad ====
Version update (1.22.2 -> 1.22.3)
Subpackages: gstreamer-plugins-bad-lang libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0

- Update to version 1.22.3:
  + a2dpsink: Fails many tests in Bluetooth SIG Certification.
  + avdtputil: Use int instead of int range for fixed bitpool
    values.
  + ccconverter:
  - reintroduce frame count reset on cycle completion
  - integer overflow & crashing
  + codectimestamper: remove PC file generation from plugin's own
    meson.build.
  + cudamemory: Fix for semi planar YUV memory size decision.
  + d3d11compositor:
  - Reconfigure resource only when output caps is changed.
  - Skip zero alpha input.
  + d3d11convert: Fix for runtime property update.
  + d3d11memory: Don't clear wrapped texture memory.
  + d3d11videosink:
  - Fix for ignored initial render rectangle.
  - Fix race condition in window unprepare.
  - Enhancement for initial window size decision.
  - Don't clear prepared buffer on unlock_stop().
  + dashdemux: mpdclient: fix divide by 0 if segment has no
    duration.
  + dtlstransport: Keep strong ref of dtls encoder/decoder.
  + GstPlay:
  - Avoid getting property of playbin2 if subtitle_sid is null.
  - Fix critical log when using playbin3.
  + h264decoder: Drop nonexisting picture silently without error.
  + dtmf: element classification improvements.
  + mfvideoenc: Allow only even resolution numbers.
  + sctpenc:
  - Fix potential shutdown deadlock.
  - Fix "srtp-key" check.
  + tests: disable dtls test if openssl is not present.
  + tsdemux: Set number of channels to 2 for dual mono Opus.
  + va: Various fixes for defects found with MSVC.
  + wasapi2: Allows process loopback capture on Windows 10.
  + webrtcdatachannel: Bind to parent webrtcbin using a weak
    reference.
  + webrtcbin: Fix potential deadlock when closing before any data
    was sent.
  + webrtc:
  - Plug leaks of resolved ICE addresses.
  - Do not tear down data channel before data is flushed.
- Rebase reduce-required-meson.patch.

==== gstreamer-plugins-base ====
Version update (1.22.2 -> 1.22.3)
Subpackages: gstreamer-plugins-base-lang libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstTag-1_0

- Update to version 1.22.3:
  + allocators: Fix fdmem unit test with recent GLib versions.
  + audiotestsrc: Initialize all samples in wave=ticks mode.
  + decodebin3:
  - Handle input streams without CAPS or TIME segment such as
    e.g. udpsrc or pushfilesrc.
  - Fix regression handling streams without caps.
  - Fix random hang when remove failing stream.
  + uridecodebin3: Ensure atomic urisourcebin state change.
  + glvideoflip: fix leaked caps.
  + glcontext_wgl: fix missing unref.
  + playsink: Fix volume leak.
- Rebase reduce-required-meson.patch.

==== gstreamer-plugins-good ====
Version update (1.22.2 -> 1.22.3)
Subpackages: gstreamer-plugins-good-gtk gstreamer-plugins-good-lang

- Update to version 1.22.3:
  + adaptivedemux2: fix critical when using an unsupported URI.
  + dashdemux2: mpdclient: fix divide by 0 if segment has no
    duration.
  + imagesequencesrc: Properly set default location.
  + multifile: error out if no filename was set.
  + osxvideosink: fix deadlock upon closing output window.
  + rtpmanager: rtpsession:
  - Data race leading to critical warnings.
  - Race conditions leading to critical warnings.
  + rtspsrc: Fix handling of * control path.
  + splitmuxsink: Catch invalid DTS to avoid running into problems
    later.
  + splitmuxsrc: Make PTS contiguous by preference.
  + qtdemux: emit no-more-pads after pruning old pads.
  + Revert "qtdemux: fix conditions for end of segment in reverse
    playback" to fix edit list regression.
  + qtdemux: Fix av1C parsing.
  + qtmux: Fix extraction of CEA608 data from S334-1A packets.
  + qtwindow: unref caps in destructor.
  + v4l2:
  - device provider: Fix GMainLoop leak.
  - videodec: Rework dynamic resolution change handling.
  - videodec: Prefer acquired caps over anything downstream.
  + videoflip:
  - Fix setting of method property at construction time.
  - Videoflip 1.22.2 not rotating video when extracting frames.
- Rebase reduce-required-meson.patch.

==== icewm ====
Version update (3.3.4 -> 3.3.5)
Subpackages: icewm-config-upstream icewm-default icewm-lang

- Update to 3.3.5:
  * Lookup icons in more context directories for issue ice-wm/icewm#132.
  * An Escape key release event must match the key press event for #726.
  * Report when icon could not be found for issue ice-wm/icewm#133.
  * Use "firefox" instead of "mozilla" as Firefox icon for ice-wm/icewm#132.
  * Rescale workspace buttons when taskbar is rather high.
  * Temporarily hide the taskbar collapse button when collapsing or expanding.
  * Compute the ultimate workspace button height, before creating them.
  * Limit the resource string of an unresponsive client for issue #729.
  * Check for TaskBarDoubleHeight when computing workspace button height.
  * Also focus last window when hiding and Click-to-focus for issue #727.
  * Let icesh exit with zero if the last action was a successful manager
    action.

==== kernel-source ====
Version update (6.3.2 -> 6.3.4)

- xfs: fix livelock in delayed allocation at ENOSPC (brc#2208553
  xfs-issue).
- commit 2c66b1f
- Linux 6.3.4 (bsc#1012628).
- drm/fbdev-generic: prohibit potential out-of-bounds access
  (bsc#1012628).
- drm/dsc: fix DP_DSC_MAX_BPP_DELTA_* macro values (bsc#1012628).
- drm/nouveau/disp: More DP_RECEIVER_CAP_SIZE array fixes
  (bsc#1012628).
- drm/mipi-dsi: Set the fwnode for mipi_dsi_device (bsc#1012628).
- ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings
  (bsc#1012628).
- net: skb_partial_csum_set() fix against transport header magic
  value (bsc#1012628).
- net: mdio: mvusb: Fix an error handling path in
  mvusb_mdio_probe() (bsc#1012628).
- perf/core: Fix perf_sample_data not properly initialized for
  different swevents in perf_tp_event() (bsc#1012628).
- scsi: ufs: core: Fix I/O hang that occurs when BKOPS fails in
  W-LUN suspend (bsc#1012628).
- tick/broadcast: Make broadcast device replacement work correctly
  (bsc#1012628).
- linux/dim: Do nothing if no time delta between samples
  (bsc#1012628).
- net: stmmac: Initialize MAC_ONEUS_TIC_COUNTER register
  (bsc#1012628).
- net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs()
  (bsc#1012628).
- net: phy: bcm7xx: Correct read from expansion register
  (bsc#1012628).
- netfilter: nf_tables: always release netdev hooks from notifier
  (bsc#1012628).
- netfilter: conntrack: fix possible bug_on with enable_hooks=1
  (bsc#1012628).
- bonding: fix send_peer_notif overflow (bsc#1012628).
- netlink: annotate accesses to nlk->cb_running (bsc#1012628).
- net: annotate sk->sk_err write from do_recvmmsg() (bsc#1012628).
- net: deal with most data-races in sk_wait_event() (bsc#1012628).
- net: add vlan_get_protocol_and_depth() helper (bsc#1012628).
- tcp: add annotations around sk->sk_shutdown accesses
  (bsc#1012628).
- gve: Remove the code of clearing PBA bit (bsc#1012628).
- ipvlan:Fix out-of-bounds caused by unclear skb->cb
  (bsc#1012628).
- net: mscc: ocelot: fix stat counter register values
  (bsc#1012628).
- drm/sched: Check scheduler work queue before calling timeout
  handling (bsc#1012628).
- net: datagram: fix data-races in datagram_poll() (bsc#1012628).
- af_unix: Fix a data race of sk->sk_receive_queue->qlen
  (bsc#1012628).
- af_unix: Fix data races around sk->sk_shutdown (bsc#1012628).
- drm/i915/guc: Don't capture Gen8 regs on Xe devices
  (bsc#1012628).
- drm/i915: Fix NULL ptr deref by checking new_crtc_state
  (bsc#1012628).
- drm/i915/dp: prevent potential div-by-zero (bsc#1012628).
- drm/i915: taint kernel when force probing unsupported devices
  (bsc#1012628).
- fbdev: arcfb: Fix error handling in arcfb_probe() (bsc#1012628).
- ext4: reflect error codes from ext4_multi_mount_protect()
  to its callers (bsc#1012628).
- ext4: don't clear SB_RDONLY when remounting r/w until quota
  is re-enabled (bsc#1012628).
- ext4: allow to find by goal if EXT4_MB_HINT_GOAL_ONLY is set
  (bsc#1012628).
- ext4: allow ext4_get_group_info() to fail (bsc#1012628).
- refscale: Move shutdown from wait_event() to wait_event_idle()
  (bsc#1012628).
- selftests: cgroup: Add 'malloc' failures checks in
  test_memcontrol (bsc#1012628).
- rcu: Protect rcu_print_task_exp_stall() ->exp_tasks access
  (bsc#1012628).
- open: return EINVAL for O_DIRECTORY | O_CREAT (bsc#1012628).
- fs: hfsplus: remove WARN_ON() from
  hfsplus_cat_{read,write}_inode() (bsc#1012628).
- drm/displayid: add displayid_get_header() and check bounds
  better (bsc#1012628).
- drm/amd/display: populate subvp cmd info only for the top pipe
  (bsc#1012628).
- drm/amd/display: Correct DML calculation to align HW formula
  (bsc#1012628).
- drm/amd/display: enable DPG when disabling plane for phantom
  pipe (bsc#1012628).
- platform/x86: x86-android-tablets: Add Acer Iconia One 7 B1-750
  data (bsc#1012628).
- drm/amd/display: Enable HostVM based on rIOMMU active
  (bsc#1012628).
- drm/amd/display: Use DC_LOG_DC in the trasform pixel function
  (bsc#1012628).
- regmap: cache: Return error in cache sync operations for
  REGCACHE_NONE (bsc#1012628).
- remoteproc: imx_dsp_rproc: Add custom memory copy implementation
  for i.MX DSP Cores (bsc#1012628).
- arm64: dts: qcom: msm8996: Add missing DWC3 quirks
  (bsc#1012628).
- accel/habanalabs: postpone mem_mgr IDR destruction to
  hpriv_release() (bsc#1012628).
- drm/amd/display: reallocate DET for dual displays with high
    ... changelog too long, skipping 952 lines ...
- commit 1237d35

==== libgcrypt ====

- FIPS: Merge the libgcrypt20-hmac package into the library and
  remove the "module is complete" trigger file .fips [bsc#1185116]
  * Remove libgcrypt-1.10.0-use-fipscheck.patch

==== libqt5-qtwebengine ====
Version update (5.15.13 -> 5.15.14)

- Update to version 5.15.14:
  * Blacklist TouchInputTest::touchTap for sles 15.4
  * Blacklist tst_QWebEnginePage::mouseMovementProperties for SLES-15
  * Do not allow universal with debug builds
  * Enable accessibility by default on Linux
  * Fix blacklisting of mouseMovementProperties for sles 15.4
  * Fix build with GCC 13
  * Fix initialization of QWebEngineDownloadItem::totalBytes for Widgets
  * Fix memory management in QPdfDocument functions
  * Update Chromium:
  * Fixes for building with GCC-13
  * [Backport] CVE-2023-1215: Type Confusion in CSS
  * [Backport] CVE-2023-1217: Stack buffer overflow in Crash reporting
  * [Backport] CVE-2023-1219: Heap buffer overflow in Metrics
  * [Backport] CVE-2023-1220: Heap buffer overflow in UMA
  * [Backport] CVE-2023-1222: Heap buffer overflow in Web Audio API
  * [Backport] CVE-2023-1529: Out of bounds memory access in WebHID
  * [Backport] CVE-2023-1530: Use after free in PDF
  * [Backport] CVE-2023-1531: Use after free in ANGLE
  * [Backport] CVE-2023-1534: Out of bounds read in ANGLE
  * [Backport] CVE-2023-1810: Heap buffer overflow in Visuals
  * [Backport] CVE-2023-1811: Use after free in Frames
  * [Backport] CVE-2023-2033: Type Confusion in V8
  * [Backport] CVE-2023-2137: Heap buffer overflow in sqlite
  * [Backport] CVE-2023-29469 / Security bug 1433328
  * [Backport] Security bug 1337747
  * [Backport] Security bug 1417585
  * [Backport] Security bug 1418734
  * [Backport] Security bug 1423360
  * [Backport] Security bug 1427388
- Drop patch, merged upstream:
  * 0001-Fixes-for-building-with-GCC-13.patch

==== lsof ====

- Repacked tarball to remove proprietary code in dialects/uw/uw7/sys/fs

==== mdadm ====

- Grow: fix possible memory leak (bsc#1208618)
  0060-Grow-fix-possible-memory-leak.patch
- Grow: fix can't change bitmap type from none to clustered
  (bsc#1208618)
  0061-Grow-fix-can-t-change-bitmap-type-from-none-to-clustered.patch
- Use source code mdadm-4.2.tar.xz from kernel.org version for
  checksum
  - mdadm-4.2.tar.xz

==== mutter ====
Subpackages: mutter-lang

- Add mutter-do-not-unminimize-windows-with-initial-iconic.patch:
  mutter used to unminimize windows with initial IconicState, which
  is a workaround for some old wine games, it breaks apps like
  xterm starts with -iconic, this patch revert it (bsc#1193190,
  glgo#GNOME/mutter!3001).

==== zstd ====
Subpackages: libzstd1

- Revert the addition of build specific cmake files: breaks
  gdal, apache-arrow and possibly others -- boo#1211566
  * note that shipping cmake files is not intentional or supported
    upstream at the moment: gh#facebook/zstd#3642