Packages changed:
  MozillaFirefox (117.0 -> 117.0.1)
  cni-plugins (1.1.1 -> 1.3.0)
  curl (8.2.1 -> 8.3.0)
  gptfdisk
  javapackages-tools
  libwebp
  man
  mcelog (194 -> 195)
  multipath-tools
  openldap2
  openldap2-contrib-src
  patterns-microos
  polkit-default-privs (1550+20230829.1a9a761 -> 1550+20230912.0978001)
  qemu (8.0.4 -> 8.1.0)
  sudo (1.9.14p1 -> 1.9.14p3)

=== Details ===

==== MozillaFirefox ====
Version update (117.0 -> 117.0.1)
Subpackages: MozillaFirefox-translations-common

- Mozilla Firefox 117.0.1
  * Fix a bug causing extensions using an event page for long-
    running tasks to be terminated while running, causing
    unexpected behavior changes (bmo#1851373)
  * Temporarily revert an intentional behavior change preventing
    Javascript from changing URL.protocol (bmo#1850954).
  * Fix audio worklets not working for sites using WebAssembly
    exception handling (bmo#1851468)
  * Fix the Reopen all tabs option in the Recently closed tabs
    menu sometimes failing to open all tabs (bmo#1850856)
  * Fix the bookmarks menu sometimes remaining partially visible
    when minimizing Firefox (bmo#1843700)
  * Fix an issue causing incorrect time zones to be detected on
    some sites (bmo#1848615)
  * MFSA 2023-40 CVE-2023-4863 (boo#1215231)
    Heap buffer overflow in WebP

==== cni-plugins ====
Version update (1.1.1 -> 1.3.0)

- Update to version v1.3.0:
  * [sbr]: Ignore LinkNotFoundError during cmdDel
  * build(deps): bump github.com/Microsoft/hcsshim from 0.9.8 to 0.9.9
  * Bump to golang 1.20 to pick up go1.19.6 / go1.20.1 CVE fixes
  * Fix ValidateExpectedRoute with non default routes and nil GW
  * tuning: fix cmdCheck when using IFNAME
  * bridge, del: timeout after 55 secs of trying to list rules
  * bridge, spoofcheck: only read the prerouting chain on CNI delete
  * build: consume specific tables/chains via go-nft
  * bridge: add vlan trunk support
  * enable govet and unparam linters
  * build(deps): bump golang.org/x/sys from 0.6.0 to 0.7.0
  * Add parameter to disable default vlan
  * bridge, spoof check: remove drop rule index
  * go.mod: bump all deps
  * linter: fix ginkgolinter errors
  * Fix wastedassign linter errors
  * build(deps): bump actions/stale from 7 to 8
  * Fix revive linter errors
  * build(deps): bump actions/setup-go from 3 to 4
  * enable durationcheck,  predeclared, unconvert, unused and wastedassign linters
  * remove govet and gofmt from test_linux.sh
  * enable ginkgolinter linter
  * enable revive linter
  * enable gocritic linter
  * enable gosimple linter
  * enable  nonamedreturns linter
  * enable ineffassign linter
  * enable contextcheck linter
  * enable staticcheck linter
  * ci(lint): setup golangci-lint
  * ci(lint): setup yamllint linter Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
  * Fix overwritten error var in getMTUByName
  * Update tests to utilize ginkgo/v2
  * Update ginkgo to v2 in go.mod, go.sum, vendor
  * Tap plugin
  * build(deps): bump github.com/onsi/gomega from 1.24.2 to 1.26.0
  * build(deps): bump golang.org/x/sys from 0.4.0 to 0.5.0
  * Only check ipv6 when an IPv6 is configured
  * Add support for in-container master for macvlans
  * Add support for in-container master for ipvlan
  * Add support for in-container master for vlans
  * bridge: re-fetch mac address
  * Update Allocate method to reuse lease if present
  * build(deps): bump github.com/safchain/ethtool to v0.2.0
  * build(deps): bump golang.org/x/sys from 0.3.0 to 0.4.0
  * Add IPv6 support for AddDefaultRoute
  * build(deps): bump github.com/containernetworking/cni from 1.0.1 to 1.1.2
  * build(deps): bump github.com/coreos/go-systemd/v22 from 22.3.2 to 22.5.0
  * build(deps): bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5
  * build(deps): bump alpine in /.github/actions/retest-action
  * build(deps): bump github.com/godbus/dbus/v5 from 5.0.4 to 5.1.0
  * build(deps): bump github.com/vishvananda/netlink
  * build(deps): bump github.com/alexflint/go-filemutex from 1.1.0 to 1.2.0
  * build(deps): bump github.com/Microsoft/hcsshim from 0.8.20 to 0.9.6
  * build(deps): bump github.com/onsi/gomega from 1.15.0 to 1.24.2
  * Update dependabot.yml
  * build(deps): bump actions/checkout from 2 to 3
  * build(deps): bump actions/stale from 4 to 7
  * build(deps): bump actions/setup-go from 2 to 3
  * Update dependabot.yml
  * Update dependabot.yml
  * ci(deps): setup dependabot
  * Fix tuning path validation
  * Update email to gmail
  * Update portmap test's iptables error check
  * Remove references to io/ioutil package
  * fix bug on getting NextIP of addresses with first byte 0
  * Fix path substitution to enable setting sysctls on vlan interfaces
  * support masquerade all config
  * host-local: remove unused Release(ip) from type Store interface
  * Cleanup Socket and Pidfile on exit
  * dummy: Create a Dummy CNI plugin that creates a virtual interface.
  * Use the same options for acquiring, renewing lease
  * bridge: update vlanFiltering variable to make code more readable
  * ci: only rerun failed jobs on `/retest`
  * build: support riscv64
  * Check for duplicated sysctl keys
  * Update github.com/vishvananda/netlink to v1.2.0-beta
  * bridge: support IPAM DNS settings
  * Bump to go 1.18
  * V2 API support for win-overlay CNI
  * bug: return errors when iptables and ip6tables are unusable
  * github: ignore issues with "keep" label from stale closing
  * Make description for `static` plugin more exact
  * workflow: add something to auto-close stale PRs
  * ipam/dhcp: Fix client id in renew/release
  * call ipam.ExceDel after clean up device in netns fix #666
  * Add sysctl allowlist

==== curl ====
Version update (8.2.1 -> 8.3.0)
Subpackages: libcurl4

- Update to 8.3.0: [bsc#1215026, CVE-2023-38039]
  * Changes:
  - curl: make %output{} in -w specify a file to write to
  - gskit: remove
  - lib: --disable-bindlocal builds curl without local binding support
  - nss: remove support for this TLS library
  - tool: add "variable" support
  - trace: make tracing available in non-debug builds
  - url: change default value for CURLOPT_MAXREDIRS to 30
  - urlapi: CURLU_PUNY2IDN - convert from punycode to IDN name
  * Bugfixes:
  - altsvc: accept and parse IPv6 addresses in response headers
  - asyn-ares: reduce timeout to 2000ms
  - aws-sigv4: canonicalize the query
  - aws-sigv4: fix having date header twice in some cases
  - aws-sigv4: handle no-value user header entries
  - c-hyper: adjust the hyper to curlcode conversion
  - c-hyper: fix memory leaks in `Curl_http`
  - cf-haproxy: make CURLOPT_HAPROXY_CLIENT_IP set the *source* IP
  - cf-socket: log successful interface bind
  - cmake: add GnuTLS option
  - cmake: add support for `CURL_DEFAULT_SSL_BACKEND`
  - cmake: detect `SSL_set0_wbio` in OpenSSL
  - configure: trust pkg-config when it's used for zlib
  - configure: use the pkg-config --libs-only-l flag for libssh2
  - connect: stop halving the remaining timeout when less than 600 ms left
  - crypto: ensure crypto initialization works
  - digest: Use hostname to generate spn instead of realm
  - ftp: fix temp write of ipv6 address
  - headers: accept leading whitespaces on first response header
  - http2: fix in h2 proxy tunnel: progress in ingress on sending
  - http3/ngtcp2: shorten handshake, trace cleanup
  - http3: quiche, handshake optimization, trace cleanup
  - http: close the connection after a late 417 is received
  - http: fix sending of large requests
  - http: return error when receiving too large header set
  - lib: fix null ptr derefs and uninitialized vars (h2/h3)
  - lib: move mimepost data from ->req.p.http to ->state
  - list-only.d: mention SFTP as supported protocol
  - ngtcp2: fix handling of large requests
  - openssl: auto-detect `SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED`
  - openssl: clear error queue after SSL_shutdown
  - openssl: make aws-lc version support OCSP
  - openssl: Support async cert verify callback
  - openssl: switch to modern init for LibreSSL 2.7.0+
  - openssl: when CURLOPT_SSL_CTX_FUNCTION is registered, init x509 store before
  - quic: don't set SNI if hostname is an IP address
  - quiche: adjust quiche `QUIC_IDLE_TIMEOUT` to 60s
  - quiche: enable quiche to handle timeout events
  - resolve: use PF_INET6 family lookups when CURL_IPRESOLVE_V6 is set
  - schannel: verify hostname independent of verify cert
  - tool_filetime: make -z work with file dates before 1970
  - tool_operate: allow both SSL_CERT_FILE and SSL_CERT_DIR
  - tool_operate: make aws-sigv4 not require TLS to be used
  - transfer: also stop the sending on closed connection
  - urlapi: fix heap buffer overflow
  - urlapi: setting a blank URL ("") is not an ok URL

==== gptfdisk ====

- Add patch to fix UUID generation with util-linux >= 2.38:
  * gptfdisk-1.0.9-libuuid.patch

==== javapackages-tools ====
Subpackages: javapackages-filesystem

- Added patch:
  * 0004-Reproducible-builds-keep-order-of-aliases-and-depend.patch
    + make the aliases and dependencies lists so that the order is
    kept
- Added patch:
  * 0003-Reproducible-exclusions-order-in-maven-metadata.patch
    + sort exclusions in maven metadata

==== libwebp ====
Subpackages: libsharpyuv0 libwebp7 libwebpdemux2 libwebpmux3

- Add 0001-Fix-OOB-write-in-BuildHuffmanTable.patch
  [boo#1215231] [CVE-2023-4863]

==== man ====

- Add man-db-groff-1.23.0-warnings.patch
  * Fix build errors with groff 1.23.0

==== mcelog ====
Version update (194 -> 195)

- This contains following features:
  PED-6122
  [GNR] RAS: mcelog Add support for Granite Rapids (ALP)
  PED-6102
  [GNR] RAS: mcelog Add support for Granite Rapids (SLE 15 SP6)
  PED-6021
  [SRF] RAS: mcelog support for Sierra Forest (SLE 15 SP6)
  PED-6050
  [SRF] RAS: mcelog support for Sierra Forest (ALP)
- Change git repo in _service file from git to https url
- Update to version 195:
  * mcelog: Wire up model-specific decoding for Sierra Forest
  * mcelog: Add model-specific decoding for Granite Rapids
  * client.c: fix build w/ musl libc
  * mcelog: New model number for Arrowlake
  * mcelog: Don't overwrite model number when lookup fails
  * mcelog: Add Graniterapids, Grandridge and Sierraforest
  * mcelog: New model number for Lunarlake
  * mcelog: Add Emerald Rapids
  * Update PFA_test_howto
- Adopt to mainline:
  M email.patch

==== multipath-tools ====
Subpackages: kpartx libmpath0

- Configuration directory should be /etc/multipath/conf.d
  (broken since 0.9.4+68+suse.98559ea)

==== openldap2 ====
Subpackages: libldap-data libldap2 openldap2-client

- Disable SLP by default for Factory and ALP (bsc#1214884)

==== openldap2-contrib-src ====

- Disable SLP by default for Factory and ALP (bsc#1214884)

==== patterns-microos ====
Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap

- Install grub2-branding-openSUSE if grub2 will be used.
  (Added in base pattern).

==== polkit-default-privs ====
Version update (1550+20230829.1a9a761 -> 1550+20230912.0978001)

- Update to version 1550+20230912.0978001:
  * udisks2: add additional mount and NVME actions (bsc#1214897)

==== qemu ====
Version update (8.0.4 -> 8.1.0)

- Fix bsc#1211000:
  * [openSUSE] block: Add a thread-pool version of fstat (bsc#1211000)
  * [openSUSE] block: Convert qmp_query_block() to coroutine_fn (bsc#1211000)
  * [openSUSE] block: Don't query all block devices at hmp_nbd_server_start (bsc#1211000)
  * [openSUSE] block: Convert qmp_query_named_block_nodes to coroutine (bsc#1211000)
  * [openSUSE] block: Convert bdrv_block_device_info into co_wrapper (bsc#1211000)
  * [openSUSE] block: Convert bdrv_query_block_graph_info to coroutine (bsc#1211000)
  * [openSUSE] block: Temporarily mark bdrv_co_get_allocated_file_size as mixed (bsc#1211000)
  * [openSUSE] block: Allow the wrapper script to see functions declared in qapi.h (bsc#1211000)
  * [openSUSE] block: Remove unnecessary variable in bdrv_block_device_info (bsc#1211000)
  * [openSUSE] block: Remove bdrv_query_block_node_info (bsc#1211000)
- Fix bsc#1213210:
  * target/s390x: Fix the "ignored match" case in VSTRS (bsc#1213210)
- Update to version 8.1.0. Full list of changes are available at:
  https://wiki.qemu.org/ChangeLog/8.1
  Highlights:
  * VFIO: improved live migration support, no longer an experimental feature
  * GTK GUI now supports multi-touch events
  * ARM, PowerPC, and RISC-V can now use AES acceleration on host processor
  * PCIe: new QMP commands to inject CXL General Media events, DRAM
    events and Memory Module events
  * ARM: KVM VMs on a host which supports MTE (the Memory Tagging Extension)
    can now use MTE in the guest
  * ARM: emulation support for bpim2u (Banana Pi BPI-M2 Ultra) board and
    neoverse-v1 (Cortex Neoverse-V1) CPU
  * ARM: new architectural feature support for: FEAT_PAN3 (SCTLR_ELx.EPAN),
    FEAT_LSE2 (Large System Extensions v2), and experimental support for
    FEAT_RME (Realm Management Extensions)
  * Hexagon: new instruction support for v68/v73 scalar, and v68/v69 HVX
  * Hexagon: gdbstub support for HVX
  * MIPS: emulation support for Ingenic XBurstR1/XBurstR2 CPUs, and MXU
    instructions
  * PowerPC: TCG SMT support, allowing pseries and powernv to run with up
    to 8 threads per core
  * PowerPC: emulation support for Power9 DD2.2 CPU model, and perf
    sampling support for POWER CPUs
  * RISC-V: ISA extension support for BF16/Zfa, and disassembly support
    for Zcm*/Z*inx/XVentanaCondOps/Xthead
  * RISC-V: CPU emulation support for Veyron V1
  * RISC-V: numerous KVM/emulation fixes and enhancements
  * s390: instruction emulation fixes for LDER, LCBB, LOCFHR, MXDB, MXDBR,
    EPSW, MDEB, MDEBR, MVCRL, LRA, CKSM, CLM, ICM, MC, STIDP, EXECUTE, and
    CLGEBR(A)
  * SPARC: updated target/sparc to use tcg_gen_lookup_and_goto_ptr() for
    improved performance
  * Tricore: emulation support for TC37x CPU that supports ISA v1.6.2
    instructions
  * Tricore: instruction emulation of POPCNT.W, LHA, CRC32L.W, CRC32.B,
    SHUFFLE, SYSCALL, and DISABLE
  * x86: CPU model support for GraniteRapids
  * and lots more...
- This also (automatically) fixes:
  * bsc#1212850 (CVE-2023-3354)
  * bsc#1213001 (CVE-2023-3255)
  * bsc#1213925 (CVE-2023-3180)
  * bsc#1213414 (CVE-2023-3301)
  * bsc#1207205 (CVE-2023-0330)
  * bsc#1212968 (CVE-2023-2861)
  * bsc#1179993, bsc#1181740

==== sudo ====
Version update (1.9.14p1 -> 1.9.14p3)
Subpackages: sudo-plugin-python

- Update to 1.9.14p3:
  * Fixed a crash with Python 3.12 when the sudo Python python is unloaded.
    This only affects make check for the Python plugin.
  * Adapted the sudo Python plugin test output to match Python 3.12.
- Update to 1.9.14p2:
  * Fixed a crash on Linux systems introduced in version 1.9.14 when running a
    command with a NULL argv[0] if log_subcmds or intercept is enabled in
    sudoers.
  * Fixed a problem with "stair-stepped" output when piping or redirecting the
    output of a sudo command that takes user input when running a command in
    a pseudo-terminal.
  * Fixed a bug introduced in sudo 1.9.14 that affects matching sudoers rules
    containing a Runas_Spec with an empty Runas user. These rules should only
    match when sudo’s -g option is used but were matching even without the -g
    option. #290.