Packages changed:
  MozillaFirefox (114.0.2 -> 115.0)
  accountsservice
  docker-buildx (0.11.0 -> 0.11.1)
  evince (44.2 -> 44.3)
  fwupd
  gdm
  gnome-user-docs (44.1 -> 44.3)
  gupnp (1.6.3 -> 1.6.4)
  hwinfo (22.3 -> 23.1)
  ibus-table-others (1.3.13 -> 1.3.16)
  libxcrypt (4.4.34 -> 4.4.35)
  mozilla-nss (3.89.1 -> 3.90)
  pulseaudio
  python-configobj
  python-urllib3 (2.0.2 -> 2.0.3)
  python311 (3.11.3 -> 3.11.4)
  python311-core (3.11.3 -> 3.11.4)
  upower (1.90.0 -> 1.90.1)

=== Details ===

==== MozillaFirefox ====
Version update (114.0.2 -> 115.0)
Subpackages: MozillaFirefox-translations-common

- Mozilla Firefox 115.0
  * Support for importing payment methods saved in Chrome-based browser
  * Hardware video decoding is now enabled for Intel GPUs on Linux
  * The Tab Manager dropdown now features close buttons, so tabs
    can be closed more quickly
  * Streamlined the user interface for importing data in from other browsers
  * Users without platform support for H264 video decoding can now
    fallback to Cisco's OpenH264 plugin for playback.
  * Undo and redo are now available in Password fields
  * Changed: On Linux, middle clicks on the new tab button will
    now open the xclipboard contents in the new tab. If the
    xclipboard content is a URL then that URL is opened, any
    other text is opened with your default search provider.
  * Changed: For users with a Firefox Colorways built-in theme,
    the theme will be automatically migrated to the same theme
    hosted on addons.mozilla.org for Firefox profiles that have
    disabled add-ons auto-updates. This will allow users to keep
    their Colorways theme when they are later removed from
    Firefox installer files.
  * Changed: Certain Firefox users may come across a message in
    the extensions panel indicating that their add-ons are not
    allowed on the site currently open. We have introduced a new
    back-end feature to only allow some extensions monitored by
    Mozilla to run on specific websites for various reasons,
    including security concerns.
  * HTML5: The builtin editor now behaves similarly to other
    browsers with `contenteditable` and `designMode` when
    splitting a node, e.g. typing Enter to split a paragraph, and
    also when joining two nodes, e.g. typing Backspace at the
    start of a paragraph to join the paragraph and the previous
    one.
    When a node is split, the builtin editor creates a new node
    after the original one instead of before, i.e. creates the
    right node instead of the left node.
    Similarly, when two nodes are joined, the builtin editor
    deletes the latter node and moves its children to the end of
    the preceding node instead of deleting the former node and
    moving its child to the start of the following node.
  * HTML5: WebRTC application developers can now specify a target
    in milliseconds of media for the jitter buffer to hold.
    Altering the target value allows applications to control the
    tradeoff between playout delay and the risk of running out of
    audio or video frames due to network jitter.
  * HTML5: Change array by copy provides additional methods on
    `Array.prototype` and `TypedArray.prototype` to enable
    changes on the array by returning a new copy of it with the
    change.
  * HTML5: The animation-composition property is now supported,
    allowing a declarative way to define the composite operation
    used when multiple animations affect the same property
    simultaneously.
  * HTML5: Added the URL.canParse() function to allow easy and
    fast checking if URLs are valid and parseable.
  * HTML5: IndexedDB is now also supported in private browsing
    without memory limits thanks to encrypted storage on disk.
    The temporary keys to decrypt the information are hold in RAM
    only and all stored information is purged at the normal end
    of a private browsing session from disk.
  * HTML5: Supports conditions are now supported in CSS import
    rules @import supports(...)
  * Developer: In web development, we rely on third-party
    libraries which you may not be interested in while debugging.
    These can be ignored. Ignoring them means that breakpoints
    will not get hit and they are skipped during stepping.
    You can now choose to **Hide ignore-listed sources** in the
    Developer Tools source tree
  * Developer: We have introduced a new option,
    `devtools.f12_enabled`, that can be utilized to prevent the
    accidental use of the F12 key, which opens the DevTools
    toolbox (bug).
  * Enterprise: You can find information about policy updates and
    enterprise specific bug fixes in the Firefox for Enterprise
    115 Release Notes.
  MFSA 2023-22 (bsc#1212438)
  * CVE-2023-3482 (bmo#1839464)
    Block all cookies bypass for localstorage
  * CVE-2023-37201 (bmo#1826002)
    Use-after-free in WebRTC certificate generation
  * CVE-2023-37202 (bmo#1834711)
    Potential use-after-free from compartment mismatch in SpiderMonkey
  * CVE-2023-37203 (bmo#291640)
    Drag and Drop API may provide access to local system files
  * CVE-2023-37204 (bmo#1832195)
    Fullscreen notification obscured via option element
  * CVE-2023-37205 (bmo#1704420)
    URL spoofing in address bar using RTL characters
  * CVE-2023-37206 (bmo#1813299)
    Insufficient validation of symlinks in the FileSystem API
  * CVE-2023-37207 (bmo#1816287)
    Fullscreen notification obscured
  * CVE-2023-37208 (bmo#1837675)
    Lack of warning when opening Diagcab files
  * CVE-2023-37209 (bmo#1837993)
    Use-after-free in `NotifyOnHistoryReload`
  * CVE-2023-37210 (bmo#1821886)
    Full-screen mode exit prevention
  * CVE-2023-37211 (bmo#1832306, bmo#1834862, bmo#1835886,
    bmo#1836550, bmo#1837450)
    Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13,
    ... changelog too long, skipping 9 lines ...
- removed obsolete mozilla-buildfixes.patch

==== accountsservice ====
Subpackages: accountsservice-lang libaccountsservice0 typelib-1_0-AccountsService-1_0

- Rebase accountsservice-sysconfig.patch: (boo#1212675 boo#1212973).
- Remove accountsservice-assume-gdm.patch: Fixed by new rebasing
  of accountsservice-sysconfig.patch.

==== docker-buildx ====
Version update (0.11.0 -> 0.11.1)

- fix wrong version output by using the git tag as the commit hash
- Update to version 0.11.1:
  * Revert "bake: fix incorrect dockerfile resolution against
    cwd:// context"
  * vendor: update tonistiigi/vt100 to master@f9a4f7ef6531
  * build: fix host-gateway handling
  * docs: update generated content
  * vendor: update cli-docs-tool to 0.6.0
  * test: build details output
  * build: missing newline when printing build details on error
  * dockerfile: update docker to 24.0.2
  * controller: include CgroupParent in build.Options
  * bake: ignore profiles in compose definitions
  * chore: make docs
  * docs: set experimental annotation
  * builder: skip name validation for docker context
  * bake: fix incorrect dockerfile resolution against cwd://
    context

==== evince ====
Version update (44.2 -> 44.3)
Subpackages: evince-lang evince-plugin-pdfdocument libevdocument3-4 libevview3-3 typelib-1_0-EvinceDocument-3_0 typelib-1_0-EvinceView-3_0

- Update to version 44.3:
  + Add support for validating appdata versions.
  + Check for NEWS and appdata updates for new releases.
  + Don't discard matches without text area in the find bar.
  + Updated translations.

==== fwupd ====
Subpackages: fwupd-bash-completion fwupd-lang libfwupd2 typelib-1_0-Fwupd-2_0

- Enable efi_fw_update on riscv64
- fwupdagent and dfu-tool are only built %{with efi_fw_update}

==== gdm ====
Subpackages: gdm-lang gdm-schema gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0

- Merge pulseaudio-gdm-hooks into the gdm package. This was previously
  part of pulseaudio.spec, which was fairly complex (dir ownership,
  separate tmpfiles, dependencies) and it also caused pulseaudio.spec
  to runtime depend on gdm. Avoid all of that by just adding it here:
  + Add default.pa
  + Add entries to gdm.tmpfiles

==== gnome-user-docs ====
Version update (44.1 -> 44.3)

- Update to version 44.3:
  + Updated translations.

==== gupnp ====
Version update (1.6.3 -> 1.6.4)

- Update to version 1.6.4:
  + Keep a weak reference to proxy in action.
  + Add API to provide HTTP credentials for simple authentication.
  + Remove xmlRecoverMemory usage.
- Drop 80e68995.patch: Fixed upstream.

==== hwinfo ====
Version update (22.3 -> 23.1)

- merge gh#openSUSE/hwinfo#137
- adjust exported symbols to yast2-hardware-detection test case
- 23.1
- merge gh#openSUSE/hwinfo#134
- restrict libhd exported symbols to the documented API
  (bsc#1212756)
- fix pppoe compile warning
- 23.0

==== ibus-table-others ====
Version update (1.3.13 -> 1.3.16)
Subpackages: ibus-table-rustrad ibus-table-translit

- Update to 1.3.16
  * feat: several improvements to Old Hungarian
  * fix: remove { and } from VALID_INPUT_CHARS in LaTeX table

==== libxcrypt ====
Version update (4.4.34 -> 4.4.35)

- update to 4.4.35:
  * Fix build with Perl v5.38.0 (issue #170).
  * Fix build with MinGW-w(32|64).

==== mozilla-nss ====
Version update (3.89.1 -> 3.90)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs

- update to NSS 3.90
  * bmo#1623338 - ride along: remove a duplicated doc page
  * bmo#1623338 - remove a reference to IRC
  * bmo#1831983 - clang-format lib/freebl/stubs.c
  * bmo#1831983 - Add a constant time select function
  * bmo#1774657 - Updating an old dbm with lots of certs with keys to
    sql results in a database that is slow to access.
  * bmo#1830973 - output early build errors by default
  * bmo#1804505 - Update the technical constraints for KamuSM
  * bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates
  * bmo#1790763 - Enable default UBSan Checks
  * bmo#1786018 - Add explicit handling of zero length records
  * bmo#1829391 - Tidy up DTLS ACK Error Handling Path
  * bmo#1786018 - Refactor zero length record tests
  * bmo#1829112 - Fix compiler warning via correct assert
  * bmo#1755267 - run linux tests on nss-t/t-linux-xlarge-gcp
  * bmo#1806496 - In FIPS mode, nss should reject RSASSA-PSS salt lengths
    larger than the output size of the hash function used,
    or provide an indicator
  * bmo#1784163 - Fix reading raw negative numbers
  * bmo#1748237 - Repairing unreachable code in clang built with gyp
  * bmo#1783647 - Integrate Vale Curve25519
  * bmo#1799468 - Removing unused flags for Hacl*
  * bmo#1748237 - Adding a better error message
  * bmo#1727555 - Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6
  * bmo#1782980 - Fall back to the softokn when writing certificate trust
  * bmo#1806010 - FIPS-104-3 requires we restart post programmatically
  * bmo#1826650 - cmd/ecperf: fix dangling pointer warning on gcc 13
  * bmo#1818766 - Update ACVP dockerfile for compatibility with debian
    package changes
  * bmo#1815796 - Add a CI task for tracking ECCKiila code status, update
    whitespace in ECCKiila files
  * bmo#1819958 - Removed deprecated sprintf function and replaced with snprintf
  * bmo#1822076 - fix rst warnings in nss doc
  * bmo#1821997 - Fix incorrect pygment style
  * bmo#1821292 - Change GYP directive to apply across platforms
  * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag
- add nss-fix-bmo1836925.patch to fix build-errors
- Remove nss-fips-tls-allow-md5-prf.patch, since we no longer need
  the workaround in FIPS mode (bsc#1200325)
- Remove nss-fips-tests-skip.patch. This is no longer needed since
  we removed the code to short-circuit broken hashes and moved to
  using the SLI
- Add nss-allow-slow-tests.patch, which allows a timed test to run
  longer than 1s. This avoids turning slow builds into broken builds
- Add nss-fips-drbg-libjitter.patch to use libjitterentropy for
  entropy. This is disabled until we can avoid the inline assembler
  in the latter's header file that relies on GNU extensions
- Add nss-fips-pct-pubkeys.patch (bsc#1207209) for pairwise consistency
  checks

==== pulseaudio ====
Subpackages: libpulse-mainloop-glib0 libpulse0 pulseaudio-setup pulseaudio-utils system-user-pulse

- Drop pulseaudio-gdm-hooks subpackage including default.pa-for-gdm
  and pulseaudio-gdm-hooks.tmpfiles. Moved to gdm instead.

==== python-configobj ====

- Add remove_six.patch (gh#DiffSK/configobj#239) removing the
  need for six.

==== python-urllib3 ====
Version update (2.0.2 -> 2.0.3)

- Disable test_deprecated_no_scheme so it needs network connection to
  run correctly.
- update to 2.0.3:
  * Allowed alternative SSL libraries such as LibreSSL, while
    still issuing a warning as we cannot help users facing issues
    with implementations other than OpenSSL.
  * Deprecated URLs which don't have an explicit scheme
  * Fixed response decoding with Zstandard when compressed data
    is made of several frames.
  * Fixed ``assert_hostname=False`` to correctly skip hostname
    check.

==== python311 ====
Version update (3.11.3 -> 3.11.4)
Subpackages: python311-curses python311-dbm

- Update to Python 3.11.4:
  - gh-103142: The version of OpenSSL used in Windows and
    Mac installers has been upgraded to 1.1.1u to address
    CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464,
    as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303
    fixed previously in 1.1.1t (gh-101727).
  - gh-102153: urllib.parse.urlsplit() now strips leading C0
    control and space characters following the specification for
    URLs defined by WHATWG in response to CVE-2023-24329
    (bsc#1208471).
  - gh-99889: Fixed a security in flaw in uu.decode() that could
    allow for directory traversal based on the input if no
    out_file was specified.
  - gh-104049: Do not expose the local on-disk
    location in directory indexes produced by
    http.client.SimpleHTTPRequestHandler.
  - gh-103935: trace.__main__ now uses io.open_code() for files
    to be executed instead of raw open().
  - gh-102953: The extraction methods in tarfile, and
    shutil.unpack_archive(), have a new filter argument that
    allows limiting tar features than may be surprising or
    dangerous, such as creating files outside the destination
    directory. See Extraction filters for details (fixing
    CVE-2007-4559, bsc#1203750).
- Remove upstreamed patches:
  - CVE-2007-4559-filter-tarfile_extractall.patch

==== python311-core ====
Version update (3.11.3 -> 3.11.4)
Subpackages: libpython3_11-1_0 python311-base

- Update to Python 3.11.4:
  - gh-103142: The version of OpenSSL used in Windows and
    Mac installers has been upgraded to 1.1.1u to address
    CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464,
    as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303
    fixed previously in 1.1.1t (gh-101727).
  - gh-102153: urllib.parse.urlsplit() now strips leading C0
    control and space characters following the specification for
    URLs defined by WHATWG in response to CVE-2023-24329
    (bsc#1208471).
  - gh-99889: Fixed a security in flaw in uu.decode() that could
    allow for directory traversal based on the input if no
    out_file was specified.
  - gh-104049: Do not expose the local on-disk
    location in directory indexes produced by
    http.client.SimpleHTTPRequestHandler.
  - gh-103935: trace.__main__ now uses io.open_code() for files
    to be executed instead of raw open().
  - gh-102953: The extraction methods in tarfile, and
    shutil.unpack_archive(), have a new filter argument that
    allows limiting tar features than may be surprising or
    dangerous, such as creating files outside the destination
    directory. See Extraction filters for details (fixing
    CVE-2007-4559, bsc#1203750).
- Remove upstreamed patches:
  - CVE-2007-4559-filter-tarfile_extractall.patch

==== upower ====
Version update (1.90.0 -> 1.90.1)
Subpackages: libupower-glib3 typelib-1_0-UpowerGlib-1_0 upower-lang

- Update to 1.90.1:
  * Detect headsets with kernel batteries such as Logitech and
    Steelseries headsets, and make them automatically disappear if
    the headset is turned off (if the kernel driver supports the
    wireless_status attribute)
  * Hide duplicate Logitech Bluetooth devices (Bolt-compatible devices
    connected through Bluetooth would show as 2 batteries)
  * Hide duplicate Logitech wireless devices when they get connected
    through USB as well
  * Fix Bluetooth device names not synchronising, and use user-chosen
    names when available
  * Handle the "present" sysfs attribute changing
  * Fix iDevices not appearing
  * Fix reading capacity_level with newer libgudev