Packages changed:
  Mesa (23.1.4 -> 23.1.5)
  Mesa-drivers (23.1.4 -> 23.1.5)
  SDL2 (2.28.1 -> 2.28.2)
  cockpit (293 -> 296)
  cockpit-podman (70 -> 73)
  colord
  dracut (059+suse.476.g5e324584 -> 059+suse.488.g81715832)
  grub2
  ibus-m17n (1.4.19 -> 1.4.20)
  installation-images-MicroOS (17.90 -> 17.91)
  libdnf (0.70.1 -> 0.70.2)
  openssl-3 (3.1.1 -> 3.1.2)
  openssl (3.1.1 -> 3.1.2)
  podman
  setools (4.4.2 -> 4.4.3)
  tar
  util-linux
  util-linux-systemd

=== Details ===

==== Mesa ====
Version update (23.1.4 -> 23.1.5)
Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1

- Update to bugfix release 23.1.5
  - -> https://docs.mesa3d.org/relnotes/23.1.4.html

==== Mesa-drivers ====
Version update (23.1.4 -> 23.1.5)
Subpackages: Mesa-dri Mesa-gallium Mesa-libva

- Update to bugfix release 23.1.5
  - -> https://docs.mesa3d.org/relnotes/23.1.4.html

==== SDL2 ====
Version update (2.28.1 -> 2.28.2)

- Update to release 2.28.2
  * Fixed 8BitDo gamepad mapping when in XInput mode on Linux
  * Fixed controller lockup initializing some unofficial PS4
    replica controllers
  * Fixed video initialization on headless Linux systems using VNC

==== cockpit ====
Version update (293 -> 296)
Subpackages: cockpit-bridge cockpit-packagekit cockpit-system

- new version 296:
  - https://cockpit-project.org/blog/cockpit-296.html
  - https://cockpit-project.org/blog/cockpit-295.html
  - https://cockpit-project.org/blog/cockpit-294.html
- 0004-leap-gnu18-removal.patch: added support for Leap thanks to Lubos

==== cockpit-podman ====
Version update (70 -> 73)

- New version 73. Changes since 70 include,
  * show time of container's latest checkpoint
  * Bug fixes and translation updates
  * Add manifest condition for the Python bridge
- 1299.patch: included in release and deleted here

==== colord ====
Subpackages: colord-color-profiles colord-lang libcolord2 libcolorhug2

- Reduce memory constraints for riscv64

==== dracut ====
Version update (059+suse.476.g5e324584 -> 059+suse.488.g81715832)
Subpackages: dracut-ima

- Update to version 059+suse.488.g81715832:
  This is the 3rd backport of the most important fixes and features from the upstream master branch,
  while the release date of version 060 is still undefined.
  * fix(systemd-udevd): add missing override paths
  * fix(systemd-journald): add systemd-sysusers dependency
  * fix(base): correct handling of quiet in loginit
  * chore(suse): require gawk instead of awk
  * refactor(install): log about missing firmware only once
  * fix(integrity): do not require ls
  * fix(dracut-init.sh): `module_check` method ignores `forced` option
  * fix(man): add missing initrd-root-device.target to flow chart
  * fix(dracut-init.sh): use the local _ret variable
  * fix(dracut.sh): use gawk for strtonum
  * fix(man): remove duplicate entry

==== grub2 ====
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi

- Change the bash-completion directory (bsc#1213855)
  * grub2-change-bash-completion-dir.patch

==== ibus-m17n ====
Version update (1.4.19 -> 1.4.20)

- Update to 1.4.20
  * Reduce preedit flicker
  * Remove xml:lang="en" from the screenshot in appdata.xml
  * Use ibus_text_new_from_string (string) instead of ibus_text_new_from_static_string (string) in ibus_m17n_engine_commit_string()
  * Add missing g_free (buf) in ibus_m17n_mtext_to_utf8()

==== installation-images-MicroOS ====
Version update (17.90 -> 17.91)

- merge gh#openSUSE/installation-images#652
- add reset-rzg2l-usbphy-ctrl module (bsc#1213805)
- 17.91

==== libdnf ====
Version update (0.70.1 -> 0.70.2)
Subpackages: libdnf-repo-config-zypp libdnf2

- Update to 0.70.2:
  * Support "proxy=none" in main config (RhBug:2155713)
  * Fix #1558: Don't assume inclusion of cstdint
  * Disconnect monitors in dnf_repo_loader_finalize() (RhBug:2070153)

==== openssl-3 ====
Version update (3.1.1 -> 3.1.2)
Subpackages: libopenssl3

- Update to 3.1.2:
  * Fix excessive time spent checking DH q parameter value
    (bsc#1213853, CVE-2023-3817). The function DH_check() performs
    various checks on DH parameters. After fixing CVE-2023-3446 it
    was discovered that a large q parameter value can also trigger
    an overly long computation during some of these checks. A
    correct q value, if present, cannot be larger than the modulus
    p parameter, thus it is unnecessary to perform these checks if
    q is larger than p. If DH_check() is called with such q parameter
    value, DH_CHECK_INVALID_Q_VALUE return flag is set and the
    computationally intensive checks are skipped.
  * Fix DH_check() excessive time with over sized modulus
    (bsc#1213487, CVE-2023-3446). The function DH_check() performs
    various checks on DH parameters. One of those checks confirms
    that the modulus ("p" parameter) is not too large. Trying to use
    a very large modulus is slow and OpenSSL will not normally use
    a modulus which is over 10,000 bits in length. However the
    DH_check() function checks numerous aspects of the key or
    parameters that have been supplied. Some of those checks use the
    supplied modulus value even if it has already been found to be
    too large. A new limit has been added to DH_check of 32,768 bits.
    Supplying a key/parameters with a modulus over this size will
    simply cause DH_check() to fail.
  * Do not ignore empty associated data entries with AES-SIV
    (bsc#1213383, CVE-2023-2975). The AES-SIV algorithm allows for
    authentication of multiple associated data entries along with the
    encryption. To authenticate empty data the application has to call
    EVP_EncryptUpdate() (or EVP_CipherUpdate()) with NULL pointer as
    the output buffer and 0 as the input buffer length. The AES-SIV
    implementation in OpenSSL just returns success for such call
    instead of performing the associated data authentication operation.
    The empty data thus will not be authenticated. The fix changes the
    authentication tag value and the ciphertext for applications that
    use empty associated data entries with AES-SIV. To decrypt data
    encrypted with previous versions of OpenSSL the application has to
    skip calls to EVP_DecryptUpdate() for empty associated data entries.
  * When building with the enable-fips option and using the resulting
    FIPS provider, TLS 1.2 will, by default, mandate the use of an
    extended master secret (FIPS 140-3 IG G.Q) and the Hash and HMAC
    DRBGs will not operate with truncated digests (FIPS 140-3 IG G.R).
  * Update openssl.keyring with the OTC members that sign releases
  * Remove openssl-z16-s390x.patch fixed upstream in
    https://github.com/openssl/openssl/pull/21284
  * Remove security patches fixed upstream:
  - openssl-CVE-2023-2975.patch
  - openssl-CVE-2023-3446.patch
  - openssl-CVE-2023-3446-test.patch

==== openssl ====
Version update (3.1.1 -> 3.1.2)

- Update to 3.1.2

==== podman ====

- Discard outdated README.SUSE.SLES
- Recommend gvisor-tap-vsock, required for `podmand machine`

==== setools ====
Version update (4.4.2 -> 4.4.3)
Subpackages: python311-setools setools-console

- Update to version 4.4.3:
  * Fix compilation with Cython 3.0.0.
  * Improve man pages.
  * Remove neverallow options in sediff.
  * Add -r option to seinfoflow to get flows into the source type.
  * Reject a rule with no permissions as invalid policy.

==== tar ====
Subpackages: tar-lang tar-rmt

- Run testsuite also on qemu build

==== util-linux ====
Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 util-linux-lang

- Disable last and lastb for ALP, too.

==== util-linux-systemd ====

- Disable last and lastb for ALP, too.