Packages changed:
  ImageMagick (7.1.1.10 -> 7.1.1.11)
  MozillaFirefox-branding-openSUSE
  apparmor (3.1.3 -> 3.1.4)
  checkmedia (6.1 -> 6.2)
  cups
  curl (8.1.1 -> 8.1.2)
  dav1d (1.2.0 -> 1.2.1)
  glslang (12.1.0 -> 12.2.0)
  gnutls
  imlib2 (1.11.0 -> 1.11.1)
  installation-images-MicroOS (17.86 -> 17.87)
  javapackages-tools
  kio-extras5
  kyotocabinet
  libX11 (1.8.4 -> 1.8.5)
  libapparmor (3.1.3 -> 3.1.4)
  libdnf (0.70.0 -> 0.70.1)
  libmfx (22.6.5 -> 23.2.2)
  libproxy
  libproxy-plugins
  libreoffice (7.5.3.2 -> 7.5.4.1)
  librsvg (2.56.0 -> 2.56.1)
  libstorage-ng (4.5.112 -> 4.5.115)
  libxcrypt (4.4.33 -> 4.4.34)
  libyui (4.5.2 -> 4.6.0)
  libyui-ncurses (4.5.2 -> 4.6.0)
  libyui-ncurses-pkg (4.5.2 -> 4.6.0)
  libyui-qt (4.5.2 -> 4.6.0)
  libyui-qt-graph (4.5.2 -> 4.6.0)
  libyui-qt-pkg (4.5.2 -> 4.6.0)
  lua54 (5.4.4 -> 5.4.6)
  man-pages (6.02 -> 6.04)
  manpages-l10n (4.18.1 -> 4.19.0)
  mariadb-connector-c (3.3.4 -> 3.3.5)
  mozilla-nss
  ncurses (6.4.20230506 -> 6.4.20230520)
  openssl-3 (3.0.8 -> 3.1.1)
  openssl (3.0.8 -> 3.1.1)
  perl-Bootloader (1.1 -> 1.2)
  perl-IO-Socket-SSL (2.081 -> 2.083)
  perl-libwww-perl (6.68 -> 6.70)
  podman (4.5.0 -> 4.5.1)
  python-gevent
  python-pycryptodome (3.17.0 -> 3.18.0)
  python-rich (13.3.5 -> 13.4.1)
  python-rpm
  python-tornado6 (6.2 -> 6.3.2)
  python-zope.event
  qemu (8.0.0 -> 8.0.2)
  rpm
  shaderc (2023.2 -> 2023.4)
  texlive
  tracker (3.5.2 -> 3.5.3)
  vulkan-loader (1.3.247 -> 1.3.250.0)
  vulkan-tools (1.3.247 -> 1.3.250.0)
  webkit2gtk3 (2.40.1 -> 2.40.2)
  webkit2gtk4 (2.40.1 -> 2.40.2)
  yast2-control-center (4.6.0 -> 4.6.1)

=== Details ===

==== ImageMagick ====
Version update (7.1.1.10 -> 7.1.1.11)
Subpackages: ImageMagick-config-7-SUSE libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10

- version update to 7.1.1.11
  * upstream changelog:
  https://github.com/ImageMagick/Website/blob/main/ChangeLog.md#711-11---2023-05-29

==== MozillaFirefox-branding-openSUSE ====

- add sle_version 150500 check
- add some useful links about openSUSE in the about:newtab page
- add sle_version 150300 and 150400 check

==== apparmor ====
Version update (3.1.3 -> 3.1.4)
Subpackages: apparmor-abstractions apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang python3-apparmor

- update to AppArmor 3.1.4
  - parser: fix mount rules encoding (CVE-2016-1585)
  - aa-logprof: fix error when choosing named exec with plain profile names
  - aa-status: fix json output
  - several fixes for profiles and abstractions
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.4
    for the full upstream changelog

==== checkmedia ====
Version update (6.1 -> 6.2)
Subpackages: libmediacheck6

- merge gh#openSUSE/checkmedia#17
- do not select EFI System Partition for digest calculation
  (bsc#1211953)
- use default for SKIPSECTORS only for RH media
- add man pages for checkmedia and tagmedia
- add spec file for OBS
- 6.2

==== cups ====
Subpackages: cups-client cups-config libcups2 libcupsimage2

- cups-2.4.2-CVE-2023-32324.patch fixes CVE-2023-32324
  "Heap buffer overflow in cupsd"
  https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7
  bsc#1211643

==== curl ====
Version update (8.1.1 -> 8.1.2)
Subpackages: libcurl4

- Update to 8.1.2:
  * Bugfixes:
  - configure: quote the assignments for run-compiler
  - configure: without pkg-config and no custom path, use -lnghttp2
  - curl: cache the --trace-time value for a second
  - http2: fix EOF handling on uploads with auth negotiation
  - http3: send EOF indicator early as possible
  - lib1560: verify more scheme guessing
  - lib: remove unused functions, make single-use static
  - libcurl.m4: remove trailing 'dnl' that causes this to break autoconf
  - libssh: when keyboard-interactive auth fails, try password
  - misc: fix spelling mistakes
  - page-header: mention curl version and how to figure out current release
  - page-header: minor wording polish in the URL segment
  - scripts/singleuse.pl: add more API calls
  - urlapi: remove superfluous host name check

==== dav1d ====
Version update (1.2.0 -> 1.2.1)

- Update to version 1.2.1
  * Fix a threading race on task_thread.init_done
  * NEON z2 8bpc and high bit-depth optimizations
  * SSSE3 z2 high bit-depth optimziations
  * Fix a desynced luma/chroma planes issue with Film Grain
  * Reduce memory consumption
  * Improve dav1d_parse_sequence_header() speed
  * OBU: Improve header parsing and fix potential overflows
  * OBU: Improve ITU-T T.35 parsing speed
  * Misc buildsystems, CI and headers fixes
- Add to description some performance mentions that set it apart
  from other packages e.g. gav1.

==== glslang ====
Version update (12.1.0 -> 12.2.0)

- Update to release 12.2.0
  * Support GLSL_EXT_shader_tile_image,
    GL_EXT_ray_tracing_position_fetch, and custom include callbacks
    via the C API
  * Add preamble-text command-line option
  * Accept variables as parameters of spirv_decorate_id

==== gnutls ====

- FIPS: Fix baselibs.conf to mention libgnutls30-hmac [bsc#1211476]
  Extend also the checks in gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch

==== imlib2 ====
Version update (1.11.0 -> 1.11.1)
Subpackages: imlib2-loaders libImlib2-1

- update to 1.11.1:
  * imlib2: added loader for y4m files (uses liby4m and
    libyuv)
  * imlib2: add y4m test examples
  * Y4M loader: Various minor changes
  * autofoo: Tweak PACKAGE_DATA_DIR definition
  * XPM loader: Add rgb.txt
  * loaders: Fix loaders potentially being loaded more than
    once
  * loaders: Change method used to not unload loaders
  * Add JXL saver
  * loaders: Cosmetics

==== installation-images-MicroOS ====
Version update (17.86 -> 17.87)

- merge gh#openSUSE/installation-images#646
- etc: update module.config to match 6.4
- 17.87

==== javapackages-tools ====
Subpackages: javapackages-filesystem

- Enable the tests also for older distributions
- Require python3-xml (python-xml for distributions that use
  versioned modules), since module xml needed by some scripts.

==== kio-extras5 ====
Subpackages: kio-extras5-lang libkioarchive5

- Add some missing BuildRequires (boo#1211933)

==== kyotocabinet ====

- Update url to new website.

==== libX11 ====
Version update (1.8.4 -> 1.8.5)
Subpackages: libX11-6 libX11-data libX11-xcb1

- Update to version 1.8.5
  * gitlab CI: Add libtool to required packages
  * configure: raise minimum autoconf requirement to 2.70
  * configure: replace deprecated AC_HELP_STRING with AS_HELP_STRING
  * configure: Use LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL
  * gitlab CI: add workflow rules
  * nls: delete compose sequences that pointlessly mix upper and lower case
  * nls: remove four hundred and sixty untypable Greek compose sequences
  * nls: remove twenty two untypable Greek compose sequences
  * XSetScreenSaver.man: restore the part that was accidentally snipped
  * nls: make the Amharic compose sequences use the dead-vowel symbols
  * nls: sort three sequences alphabetically in their group, like all others
  * nls: delete six compose sequences that cannot be typed
  * nls: use a slash instead of a combining solidus in compose sequences
  * NLS: move long S compositions to respective blocks
  * NLS: implement the expansion of the six Breton N-graph keysyms
  * NLS: move dead-caron subscript compositions to the relevant Unicode block
  * NLS: Remove strange dead_cedilla cedi sign sequences
  * nls: add compose sequence for capital schwa, and delete a deviant one
- Users of the Amharic (am_ET.UTF-8) compose key sequences provided by libX11
  will also want to upgrade to xkeyboard-config 2.39 (releasing soon), in order
  to keep those sequeunces working with this release.

==== libapparmor ====
Version update (3.1.3 -> 3.1.4)

- update to AppArmor 3.1.4
  - parser: fix mount rules encoding (CVE-2016-1585)
  - aa-logprof: fix error when choosing named exec with plain profile names
  - aa-status: fix json output
  - several fixes for profiles and abstractions
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.4
    for the full upstream changelog

==== libdnf ====
Version update (0.70.0 -> 0.70.1)
Subpackages: libdnf-repo-config-zypp libdnf2

- update to 0.70.1:
  * Add repoid to solver errors for RPMs (RhBug:2179413)
  * Avoid using obsolete RPM API and drop redundant calls
  * Remove DNF from list of protected packages
- avoid bashism

==== libmfx ====
Version update (22.6.5 -> 23.2.2)

- update to 23.2.2:
  * [Encode] Fix JPEG payload insertion on Linux
  * Update checking of bitsream left size (#3033)
  * [Decode] Fix memory out-of-bounds issue for VP9
  * [Decode] Fix memory out-of-bounds issue for VP8
  * [Decode]Remove AVC level 6.0 check
  * [Decode]Fix hevc decode issue
  * hevce: use Low Power mode for RGB encoding by default

==== libproxy ====

- Only build mono support on openSUSE, not SLE nor SUSE ALP.

==== libproxy-plugins ====
Subpackages: libproxy1-config-gnome3 libproxy1-config-kde libproxy1-networkmanager libproxy1-pacrunner-duktape

- Only build mono support on openSUSE, not SLE nor SUSE ALP.

==== libreoffice ====
Version update (7.5.3.2 -> 7.5.4.1)
Subpackages: libreoffice-base libreoffice-branding-upstream libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit

- Update to 7.5.4.1:
  https://wiki.documentfoundation.org/Releases/7.5.4/RC1
- Update bundled dependencies:
  * gpgme-1.16.0.tar.bz2 -> gpgme-1.18.0.tar.bz2
  * curl-7.86.0.tar.xz -> curl-8.0.1.tar.xz
  * icu4c-71_1-src.tgz -> icu4c-72_1-src.tgz
  * icu4c-71_1-data.zip -> icu4c-72_1-data.zip

==== librsvg ====
Version update (2.56.0 -> 2.56.1)
Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0

- Update to version 2.56.1:
  + The minimum supported Rust version (MSRV) is 1.65.
    Unfortunately the assert_cmd crate, used in the test suite,
    bumped its MSRV and is forcing us to do the same.
  + Shrink the shared library by telling the linker to omit unused
    code.
  + Updates to dependencies.

==== libstorage-ng ====
Version update (4.5.112 -> 4.5.115)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1

- Translated using Weblate (Georgian) (bsc#1149754)
- 4.5.115
- Translated using Weblate (Georgian) (bsc#1149754)
- 4.5.114
- Translated using Weblate (Indonesian) (bsc#1149754)
- 4.5.113

==== libxcrypt ====
Version update (4.4.33 -> 4.4.34)

- Update to 4.4.34
  * Optimize some cast operation for performance in
    lib/alg-yescrypt-platform.c.
  * Add SHA-2 Maj() optimization proposed by Wei Dai in lib/alg-sha512.c.
  * Explicitly clean the stack and context state after computation in
    lib/alg-gost3411-2012-hmac.c, lib/alg-hmac-sha1.c, and lib/alg-sha256.c
    (issue #168).

==== libyui ====
Version update (4.5.2 -> 4.6.0)

- NCurses UI: Prevent buffer overflow when drawing very wide labels
  (bsc#1211354)
- 4.6.0
- Cherry-picked BLumia's patch from community PR #97:
  CMake: use pkg-config to find and use ncurses libs
  by Wang Zichong <wangzichong@deepin.org>

==== libyui-ncurses ====
Version update (4.5.2 -> 4.6.0)

- NCurses UI: Prevent buffer overflow when drawing very wide labels
  (bsc#1211354)
- 4.6.0
- Cherry-picked BLumia's patch from community PR #97:
  CMake: use pkg-config to find and use ncurses libs
  by Wang Zichong <wangzichong@deepin.org>

==== libyui-ncurses-pkg ====
Version update (4.5.2 -> 4.6.0)

- NCurses UI: Prevent buffer overflow when drawing very wide labels
  (bsc#1211354)
- 4.6.0
- Cherry-picked BLumia's patch from community PR #97:
  CMake: use pkg-config to find and use ncurses libs
  by Wang Zichong <wangzichong@deepin.org>

==== libyui-qt ====
Version update (4.5.2 -> 4.6.0)

- NCurses UI: Prevent buffer overflow when drawing very wide labels
  (bsc#1211354)
- 4.6.0
- Cherry-picked BLumia's patch from community PR #97:
  CMake: use pkg-config to find and use ncurses libs
  by Wang Zichong <wangzichong@deepin.org>

==== libyui-qt-graph ====
Version update (4.5.2 -> 4.6.0)

- NCurses UI: Prevent buffer overflow when drawing very wide labels
  (bsc#1211354)
- 4.6.0
- Cherry-picked BLumia's patch from community PR #97:
  CMake: use pkg-config to find and use ncurses libs
  by Wang Zichong <wangzichong@deepin.org>

==== libyui-qt-pkg ====
Version update (4.5.2 -> 4.6.0)

- NCurses UI: Prevent buffer overflow when drawing very wide labels
  (bsc#1211354)
- 4.6.0
- Cherry-picked BLumia's patch from community PR #97:
  CMake: use pkg-config to find and use ncurses libs
  by Wang Zichong <wangzichong@deepin.org>

==== lua54 ====
Version update (5.4.4 -> 5.4.6)

- Library is always liblua5_4-5: due to SOVERSION leading digit
  being 5
- Final release of 5.4.6. No change in the changelog.
- Experimenting with lua 5.4.6-rc1 (release 5.4.5 has been
  effectively withdrawn).
- Update to 5.4.5:
  - this is a bug-fix release.
  - Lua 5.4.5 also contains several internal improvements and
    includes a revised reference manual
- Remove upstreamed patches:
  - luabugs1.patch
  - luabugs10.patch
  - luabugs11.patch
  - luabugs2.patch
  - luabugs3.patch
  - luabugs4.patch
  - luabugs5.patch
  - luabugs6.patch
  - luabugs7.patch
  - luabugs8.patch
  - luabugs9.patch

==== man-pages ====
Version update (6.02 -> 6.04)

- update to 6.04:
  * Newly documented interfaces in existing pages
  * proc.5
    KPF_PGTABLE                     (Linux 4.18)
  * landlock.7
    LANDLOCK_ACCESS_FS_REFER        (Linux 5.19)
  * udp.7
    UDP_GRO                         (Linux 5.0)
    UDP_SEGMENT                     (Linux 4.18)
  * Changes to individual pages

==== manpages-l10n ====
Version update (4.18.1 -> 4.19.0)
Subpackages: man-pages-cs man-pages-da man-pages-de man-pages-el man-pages-es man-pages-fr man-pages-hu man-pages-it man-pages-pl man-pages-pt_BR man-pages-ru

- Update to version 4.19.0: Updated and added many translations.

==== mariadb-connector-c ====
Version update (3.3.4 -> 3.3.5)

- update to 3.3.5:
  * https://mariadb.com/kb/en/mariadb-connector-c-3-3-5-release-notes/

==== mozilla-nss ====
Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs

- Move testsuite to %check-section and move env-variables to
  files for easier chroot-debugging

==== ncurses ====
Version update (6.4.20230506 -> 6.4.20230520)
Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen

- Add ncurses patch 20230520
  + fixes for compiler warnings in MinGW environments.
- Add ncurses patch 20230514
  + modify test-package "ncurses6-doc" to use manpage-aliases, which in
    turn required a change to the configure script to factor in the
    extra-suffix option when deriving alias names.
  + add mode 1004 to xterm+sm+1006 from xterm #380 -TD
- Port and correct offsets of patch ncurses-6.4.dif

==== openssl-3 ====
Version update (3.0.8 -> 3.1.1)
Subpackages: libopenssl3

- Update to 3.1.1:
  * Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translate
    (CVE-2023-2650, bsc#1211430)
  * Multiple algorithm implementation fixes for ARM BE platforms.
  * Added a -pedantic option to fipsinstall that adjusts the various settings
    to ensure strict FIPS compliance rather than backwards compatibility.
  * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms which
    happens if the buffer size is 4 mod 5 in 16 byte AES blocks. This can
    trigger a crash of an application using AES-XTS decryption if the memory
    just after the buffer being decrypted is not mapped. Thanks to Anton
    Romanov (Amazon) for discovering the issue. (CVE-2023-1255, bsc#1210714)
  * Add FIPS provider configuration option to disallow the use of truncated
    digests with Hash and HMAC DRBGs (q.v. FIPS 140-3 IG D.R.). The
    option '-no_drbg_truncated_digests' can optionally be supplied
    to 'openssl fipsinstall'.
  * Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention that
    it does not enable policy checking. Thanks to David Benjamin for
    discovering this issue. (CVE-2023-0466, bsc#1209873)
  * Fixed an issue where invalid certificate policies in leaf certificates are
    silently ignored by OpenSSL and other certificate policy checks are
    skipped for that certificate. A malicious CA could use this to
    deliberately assert invalid certificate policies in order to circumvent
    policy checking on the certificate altogether. (CVE-2023-0465, bsc#1209878)
  * Limited the number of nodes created in a policy tree to mitigate against
    CVE-2023-0464. The default limit is set to 1000 nodes, which should be
    sufficient for most installations. If required, the limit can be adjusted
    by setting the OPENSSL_POLICY_TREE_NODES_MAX build time define to a
    desired maximum number of nodes or zero to allow unlimited growth.
    (CVE-2023-0464, bsc#1209624)
  * Update openssl.keyring with key
    A21F AB74 B008 8AA3 6115 2586 B8EF 1A6B A9DA 2D5C (Tomas Mraz)
  * Rebased patches:
  - openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
  - openssl-Add_support_for_Windows_CA_certificate_store.patch
  * Removed patches:
  - openssl-CVE-2023-0464.patch
  - openssl-Fix-OBJ_nid2obj-regression.patch
  - openssl-CVE-2023-0465.patch
  - openssl-CVE-2023-0466.patch
- FIPS: Merge libopenssl3-hmac package into the library [bsc#1185116]
- Add support for Windows CA certificate store [bsc#1209430]
  https://github.com/openssl/openssl/pull/18070
  * Add openssl-Add_support_for_Windows_CA_certificate_store.patch
- Security Fix: [CVE-2023-0465, bsc#1209878]
  * Invalid certificate policies in leaf certificates are silently ignored
  * Add openssl-CVE-2023-0465.patch
- Security Fix: [CVE-2023-0466, bsc#1209873]
  * Certificate policy check not enabled
  * Add openssl-CVE-2023-0466.patch
- Fix regression in the OBJ_nid2obj() function: [bsc#1209430]
  * Upstream https://github.com/openssl/openssl/issues/20555
  * Add openssl-Fix-OBJ_nid2obj-regression.patch
- Fix compiler error "initializer element is not constant" on s390
  * Add openssl-z16-s390x.patch
- Security Fix: [CVE-2023-0464, bsc#1209624]
  * Excessive Resource Usage Verifying X.509 Policy Constraints
  * Add openssl-CVE-2023-0464.patch
- Pass over with spec-cleaner
- Update to 3.1.0:
  * Add FIPS provider configuration option to enforce the Extended Master
    Secret (EMS) check during the TLS1_PRF KDF. The option '-ems-check' can
    optionally be supplied to 'openssl fipsinstall'.
  * The FIPS provider includes a few non-approved algorithms for backward
    compatibility purposes and the "fips=yes" property query must be used for
    all algorithm fetches to ensure FIPS compliance. The algorithms that are
    included but not approved are Triple DES ECB, Triple DES CBC and EdDSA.
  * Added support for KMAC in KBKDF.
  * RNDR and RNDRRS support in provider functions to provide random number
    generation for Arm CPUs (aarch64).
  * s_client and s_server apps now explicitly say when the TLS version does not
    include the renegotiation mechanism. This avoids confusion between that
    scenario versus when the TLS version includes secure renegotiation but the
    peer lacks support for it.
  * AES-GCM enabled with AVX512 vAES and vPCLMULQDQ.
  * The various OBJ_* functions have been made thread safe.
  * Parallel dual-prime 1536/2048-bit modular exponentiation for AVX512_IFMA
    capable processors.
  * The functions OPENSSL_LH_stats, OPENSSL_LH_node_stats,
    OPENSSL_LH_node_usage_stats, OPENSSL_LH_stats_bio,
    OPENSSL_LH_node_stats_bio and OPENSSL_LH_node_usage_stats_bio are now
    marked deprecated from OpenSSL 3.1 onwards and can be disabled by defining
    OPENSSL_NO_DEPRECATED_3_1. The macro DEFINE_LHASH_OF is now deprecated in
    favour of the macro DEFINE_LHASH_OF_EX, which omits the corresponding
    type-specific function definitions for these functions regardless of
    whether OPENSSL_NO_DEPRECATED_3_1 is defined. Users of DEFINE_LHASH_OF may
    start receiving deprecation warnings for these functions regardless of
    whether they are using them. It is recommended that users transition to the
    new macro, DEFINE_LHASH_OF_EX.
  * When generating safe-prime DH parameters set the recommended private key
    length equivalent to minimum key lengths as in RFC 7919.
  * Change the default salt length for PKCS#1 RSASSA-PSS signatures to the
    maximum size that is smaller or equal to the digest length to comply with
    FIPS 186-4 section 5. This is implemented by a new option
    OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX ("auto-digestmax") for the
    rsa_pss_saltlen parameter, which is now the default. Signature verification
    is not affected by this change and continues to work as before.
  * Update openssl.keyring with key
    8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491 (Matt Caswell)

==== openssl ====
Version update (3.0.8 -> 3.1.1)

- Update to 3.1.1
- Update to 3.1.0

==== perl-Bootloader ====
Version update (1.1 -> 1.2)

- merge gh#openSUSE/perl-bootloader#148
- UEFI: update also default location, if it is controlled by SUSE
  (bsc#1210799, bsc#1201399)
- 1.2

==== perl-IO-Socket-SSL ====
Version update (2.081 -> 2.083)

- updated to 2.083
  see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
  2.083 2023/05/18
  - fix t/protocol_version.t for OpenSSL versions which don't support SECLEVEL
    (regression from #122)
  2.082 2023/05/17
  - SSL_version default now TLS 1.2+ since TLS 1.1 and lower deprecated #122
  - fix output of alert string when debugging #132
  - improve regex for hostname validation #130, #126
  - add can_ciphersuites subroutine for feature checking #127
  - Utils::CERT_create - die if unexpected arguments are given instead of ignoring
    these

==== perl-libwww-perl ====
Version update (6.68 -> 6.70)

- updated to 6.70
  see /usr/share/doc/packages/perl-libwww-perl/Changes
  6.70      2023-04-30 13:22:56Z
  - Add cookie_jar_class attribute to allow different cookie jar modules
    to be used more easily (GH#91) (Tom Hukins, Julien Fiegehenn)
  - POD now contains all default attributes (GH#428) (Julien Fiegehenn)
  6.69      2023-04-29 13:14:31Z
  - Timeouts for cached connections now update (GH#73) (Eric Johnson)
  - The conn_cache() can now be unset (GH#424) (Julien Fiegehenn)
  - LWP::Protocol now only attempts to load modules once (GH#62) (Burak Gursoy)
  - Fix a bug in no_proxy that allowed partial matches to a proxy address
    to disable a proxy (GH#421) (Julien Fiegehenn)

==== podman ====
Version update (4.5.0 -> 4.5.1)
Subpackages: podman-cni-config

- Update to version 4.5.1:
  * Release v4.5.1
  * [CI:DOCS] Final release notes for v4.5.1
  * [CI:BUILD] Packit: set propose-downstream action type to pre-sync
  * Revert "Resolve symlink path for qemu directory if possible"
  * no need for podman-next rpm test on maint branch
  * [CI:BUILD] Packit: add jobs for downstream Fedora package builds
  * libpod: configureNetNS() tear down on errors
  * libpod: rootlessNetNs.Cleanup() fix error message
  * network create/update: allow dns servers comma separated
  * machine: fix default connection URL to use 127.0.0.1
  * compat: accept tag in /images/create?fromSrc
  * compat container create: match duplicate mounts correctly
  * machine: qemu only remove connection after confirmation
  * windows: podman save allow the use of stdout
  * remote: exec inspect update exec session status
  * podman-remote logs: handle server error correctly
  * libpod: stop containers with --restart=always
  * Do not include image annotations when building spec
  * [v4.5] system tests: fix race in kube-play read-only
  * api: fix parsing filters
  * Support systemd optional prefix '-' for devices.
  * *: migrate image registry to registry.k8s.io
  * Makefile: include `release-artifacts` target
  * [CI:BUILD] Packit: Initial Enablement
  * Bump to v4.5.1-dev

==== python-gevent ====

- handle-python-ssl-changes.patch: refresh to handle ssl.shared_ciphers()
  behavior change in python 3.11 as well

==== python-pycryptodome ====
Version update (3.17.0 -> 3.18.0)

- update to 3.18.0:
  * Added support for DER BOOLEAN encodings.
  * The library now compiles on Windows ARM64. Thanks to Niyas
    Sait.
  * GH#722: ``nonce`` attribute was not correctly set for
    XChaCha20_Poly1305 ciphers. Thanks to Liam Haber.
  * GH#728: Workaround for a possible x86 emulator bug in Windows
    for ARM64.
  * GH#739: OID encoding for arc 2 didn't accept children larger
    than 39. Thanks to James.
  * Correctly check that the scalar matches the point when
    importing an ECC private key.

==== python-rich ====
Version update (13.3.5 -> 13.4.1)

- update to 13.4.1:
  * Fixed typing extensions import in markdown #2979
- update to 13.4.0:
  * Added support for tables in Markdown #2977

==== python-rpm ====

- add _multibuild for multiple .spec-files

==== python-tornado6 ====
Version update (6.2 -> 6.3.2)

- New upstream release 6.3.2
  - Security improvements
  - Fixed an open redirect vulnerability in StaticFileHandler
    under certain configurations.
  - ``tornado.web``
  - `.RequestHandler.set_cookie` once again accepts capitalized
    keyword arguments for backwards compatibility. This is
    deprecated and in Tornado 7.0 only lowercase arguments will
    be accepted.
  - What's new in Tornado 6.3.0
  - The new `.Application` setting ``xsrf_cookie_name``
    can now be used to take advantage of the ``__Host``
    cookie prefix for improved security.  To use it, add
    ``{"xsrf_cookie_name": "__Host-xsrf", "xsrf_cookie_kwargs":
    {"secure": True}}`` to your `.Application` settings. Note
    that this feature currently only works when HTTPS is used.
  - `.WSGIContainer` now supports running the application in
    a ``ThreadPoolExecutor`` so the event loop is no longer
    blocked.
  - `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were
    deprecated in Tornado 6.2, are no longer deprecated.
  - WebSockets are now much faster at receiving large messages
    split into many fragments.
  - General changes
  - Python 3.7 is no longer supported; the minimum supported  .
    Python version is 3.8 Python 3.12 is now supported        .
  - To avoid spurious deprecation warnings, users of Python
    3.10 should upgrade to at least version 3.10.9, and users
    of Python 3.11 should upgrade to at least version 3.11.1.
  - Tornado submodules are now imported automatically on
    demand. This means it is now possible to use a single
    ``import tornado`` statement and refer to objects in
    submodules such as `tornado.web.RequestHandler`.
  - Deprecation notices
  - In Tornado 7.0, `tornado.testing.ExpectLog` will match
    ``WARNING`` and above regardless of the current logging
    configuration, unless the ``level`` argument is used.
  - `.RequestHandler.get_secure_cookie` is now a deprecated
    alias for `.RequestHandler.get_signed_cookie`.
    `.RequestHandler.set_secure_cookie` is now a deprecated
    alias for `.RequestHandler.set_signed_cookie`.
  - `.RequestHandler.clear_all_cookies` is
    deprecated. No direct replacement is provided;
    `.RequestHandler.clear_cookie` should be used on individual
    cookies.
  - Calling the `.IOLoop` constructor without a
    ``make_current`` argument, which was deprecated in Tornado
    6.2, is no longer deprecated.
  - `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were
    deprecated in Tornado 6.2, are no longer deprecated.
  - `.AsyncTestCase.get_new_ioloop` is deprecated.
  - ``tornado.auth``
  - New method `.GoogleOAuth2Mixin.get_google_oauth_settings`
    can now be overridden to get credentials from a source
    other than the `.Application` settings.
  - ``tornado.gen``
  - `contextvars` now work properly when a ``@gen.coroutine``
    calls a native coroutine.
  - ``tornado.options``
  - `~.OptionParser.parse_config_file` now recognizes single
    comma-separated strings (in addition to lists of strings)
    for options with ``multiple=True``.
  - ``tornado.web``
  - New `.Application` setting ``xsrf_cookie_name`` can be used
    to change the name of the XSRF cookie. This is most useful
    to take advantage of the ``__Host-`` cookie prefix.
  - `.RequestHandler.get_secure_cookie` and
    `.RequestHandler.set_secure_cookie` (and related
    methods and attributes) have been renamed
    to `~.RequestHandler.get_signed_cookie` and
    `~.RequestHandler.set_signed_cookie`.  This makes it
    more explicit what kind of security is provided, and
    avoids confusion with the ``Secure`` cookie attribute
    and ``__Secure-`` cookie prefix.  The old names remain
    supported as deprecated aliases.
  - `.RequestHandler.clear_cookie` now accepts all keyword
    arguments accepted by `~.RequestHandler.set_cookie`. In
    some cases clearing a cookie requires certain arguments to
    be passed the same way in which it was set.
  - `.RequestHandler.clear_all_cookies` now accepts
    additional keyword arguments for the same reason as
    ``clear_cookie``. However, since the requirements for
    additional arguments mean that it cannot reliably clear all
    cookies, this method is now deprecated.
  - ``tornado.websocket``
  - It is now much faster (no longer quadratic) to receive
    large messages that have been split into many fragments.
  - `.websocket_connect` now accepts a ``resolver`` parameter.
  - ``tornado.wsgi``
  - `.WSGIContainer` now accepts an ``executor`` parameter
    which can be used to run the WSGI application on a thread
    pool.
  - What's new in Tornado 6.2.0
  - Deprecation notice
  - Python 3.10 has begun the process of significant changes
    to the APIs for managing the event loop. Calls to
    methods such as `asyncio.get_event_loop` may now raise
    `DeprecationWarning` if no event loop is running. This
    has significant impact on the patterns for initializing
    ... changelog too long, skipping 101 lines ...
- Remove upstreamed ignore-py310-deprecation-warnings.patch

==== python-zope.event ====

- Switch documentation to be within the main package.

==== qemu ====
Version update (8.0.0 -> 8.0.2)

- Update to version 8.0.2:
  * Stability, security and bug fixes
- Patch added:
  * [openSUSE][RPM] Update to version 8.0.2

==== rpm ====
Subpackages: librpmbuild9

- add _multibuild for multiple .spec-files

==== shaderc ====
Version update (2023.2 -> 2023.4)

- Update to release 2023.4
  * Add option to preserve bindings
  * Add options to control mesh shading limits

==== texlive ====

- Move the provides of pdfjam to its usecase (boo#1211877)

==== tracker ====
Version update (3.5.2 -> 3.5.3)
Subpackages: libtracker-sparql-3_0-0 tracker-data-files tracker-lang

- Update to version 3.5.3:
  + Build fixes around strftime() bug workarounds on some
    architectures/platforms.
  + Improved compatibility of JSON cursor readers.
  + Leaks plugged.
- Drop 63ea8f1a.patch: Fixed upstream.
- Drop %systemd_user_postun_with_restart macro from the %postun
  directive. It's been deprecated and emptied (expands to nil) on
  both Tumbleweed and Leap already.
- Comment unneded "/usr/bin/env python3" shebang line on utils/
  trackertestutils/__main__.py Python script.
- Change tracker-data-files package's architecture to noarch, as it
  doesn't contain any binaries.

==== vulkan-loader ====
Version update (1.3.247 -> 1.3.250.0)

- Update to release SDK-1.3.250.0
  * No changes over 1.3.247 [SDK-250 is a branch of regular-243
    with some cherry-picks bringing it to roughly regular-247;
    there is little relation to regular-250]

==== vulkan-tools ====
Version update (1.3.247 -> 1.3.250.0)

- Update to release SDK-1.3.250.0
  * vulkaninfo: Issue flush before exiting

==== webkit2gtk3 ====
Version update (2.40.1 -> 2.40.2)
Subpackages: WebKitGTK-4.1-lang libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles

- Update to version 2.40.2 (boo#1211846):
  + Fix scrollbar jumping to top when drag released outside window
    in GTK4.
  + Fix video rendering when GL is disabled.
  + Fix flickering on looped videos when starting again.
  + Fix CPU usage on autoplaying videos.
  + Choose amount of painting threads depending on available CPU
    cores on GTK4.
  + Fix several crashes and rendering issues.
  + Security fixes: CVE-2023-28204 CVE-2023-32373 (boo#1211658
    boo#1211659).
- Drop gcc13-fix.patch: fixed upstream.

==== webkit2gtk4 ====
Version update (2.40.1 -> 2.40.2)
Subpackages: WebKitGTK-6.0-lang libjavascriptcoregtk6_0-1 libwebkitgtk6_0-4 webkitgtk-6_0-injected-bundles

- Update to version 2.40.2 (boo#1211846):
  + Fix scrollbar jumping to top when drag released outside window
    in GTK4.
  + Fix video rendering when GL is disabled.
  + Fix flickering on looped videos when starting again.
  + Fix CPU usage on autoplaying videos.
  + Choose amount of painting threads depending on available CPU
    cores on GTK4.
  + Fix several crashes and rendering issues.
  + Security fixes: CVE-2023-28204 CVE-2023-32373 (boo#1211658
    boo#1211659).
- Drop gcc13-fix.patch: fixed upstream.

==== yast2-control-center ====
Version update (4.6.0 -> 4.6.1)
Subpackages: yast2-control-center-qt

- Require xdg-utils since it's no longer required by desktop-data-openSUSE
  and yast-control-center-qt needs it to start modules with 'xdg-su'.
  (bsc#1211869)
- 4.6.1