Packages changed:
  container-selinux (2.222.0 -> 2.228.0)
  gcc13 (13.2.1+git8109 -> 13.2.1+git8205)
  health-checker (1.10 -> 1.10+git20240111.cb84209)
  jasper (4.1.1 -> 4.1.2)
  kernel-source (6.6.10 -> 6.6.11)
  libgedit-amtk
  libjcat
  libstorage-ng (4.5.171 -> 4.5.172)
  linux-glibc-devel (6.6 -> 6.7)
  microos-tools (2.21+git5 -> 2.21+git9)
  pcr-oracle
  pipewire (1.0.0 -> 1.0.1)
  python-gevent
  python-greenlet (3.0.2 -> 3.0.3)
  python-tornado6
  python-urllib3
  samba (4.19.2+git.324.fa0b54b91b -> 4.19.4+git.339.acf1ccaa020)
  selinux-policy (20231124 -> 20240104)
  zstd

=== Details ===

==== container-selinux ====
Version update (2.222.0 -> 2.228.0)

- Update to version 2.228:
  * Allow container domains to watch fifo_files
  * container_engine_t: improve for podman in kubernetes case
  * Allow spc_t to transition to install_t domain
  * Default to allowing containers to use dri devices
  * Allow access to BPF Filesystems
  * Fix kubernetes transition rule
  * Label kubensenter as well as kubenswrapper
  * Allow container domains to execute container_runtime_tmpfs_t files
  * Allow container domains to ptrace themselves
  * Allow container domains to use container_runtime_tmpfs_t as an entrypoint
  * Add boolean to allow containers to use dri devices
  * Give containers access to pod resources endpoint
  * Label kubenswrapper kubelet_exec_t

==== gcc13 ====
Version update (13.2.1+git8109 -> 13.2.1+git8205)
Subpackages: cpp13 gcc13-locale libasan8 libatomic1 libgcc_s1 libgcc_s1-32bit libgccjit0 libgfortran5 libgomp1 libhwasan0 libitm1 liblsan0 libobjc4 libquadmath0 libstdc++6 libstdc++6-32bit libstdc++6-locale libstdc++6-pp libstdc++6-pp-32bit libtsan2 libubsan1

- Update to gcc-13 branch head, 36ddb5230f56a30317630a928, git8205

==== health-checker ====
Version update (1.10 -> 1.10+git20240111.cb84209)
Subpackages: health-checker-plugins-MicroOS

- Update to version 1.10+git20240111.cb84209:
  * Add missing rule for health-checker.service.8
  * Don't generate html documentation
  * Fixing some typo's and improving the UX of the health-checker output
  * Fix a typo in README.md

==== jasper ====
Version update (4.1.1 -> 4.1.2)

- Update to 4.1.2:
  * Fix invalid memory write bug (#367) (CVE-2023-51257).
  * Fix missing range check in the JPC encoder (#368).

==== kernel-source ====
Version update (6.6.10 -> 6.6.11)

- keys, dns: Fix size check of V1 server-list header (git-fixes).
- commit 05ae4ad
- Linux 6.6.11 (bsc#1012628).
- keys, dns: Fix missing size check of V1 server-list header
  (bsc#1012628).
- ALSA: hda/tas2781: do not use regcache (bsc#1012628).
- ALSA: hda/tas2781: move set_drv_data outside tasdevice_init
  (bsc#1012628).
- ALSA: hda/tas2781: remove sound controls in unbind
  (bsc#1012628).
- ALSA: hda/realtek: enable SND_PCI_QUIRK for hp pavilion
  14-ec1xxx series (bsc#1012628).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ZBook
  (bsc#1012628).
- ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook
  440 G6 (bsc#1012628).
- drm/amd/display: pbn_div need be updated for hotplug event
  (bsc#1012628).
- mptcp: prevent tcp diag from closing listener subflows
  (bsc#1012628).
- Revert "PCI/ASPM: Remove pcie_aspm_pm_state_change()"
  (bsc#1012628).
- drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV,
  G200SE (bsc#1012628).
- cifs: cifs_chan_is_iface_active should be called with chan_lock
  held (bsc#1012628).
- cifs: do not depend on release_iface for maintaining iface_list
  (bsc#1012628).
- KVM: x86/pmu: fix masking logic for MSR_CORE_PERF_GLOBAL_CTRL
  (bsc#1012628).
- accel/qaic: Fix GEM import path code (bsc#1012628).
- accel/qaic: Implement quirk for SOC_HW_VERSION (bsc#1012628).
- wifi: iwlwifi: pcie: don't synchronize IRQs from IRQ
  (bsc#1012628).
- drm/bridge: parade-ps8640: Never store more than msg->size
  bytes in AUX xfer (bsc#1012628).
- drm/bridge: ti-sn65dsi86: Never store more than msg->size
  bytes in AUX xfer (bsc#1012628).
- drm/bridge: ps8640: Fix size mismatch warning w/ len
  (bsc#1012628).
- netfilter: nf_tables: set transport offset from mac header
  for netdev/egress (bsc#1012628).
- nfc: llcp_core: Hold a ref to llcp_local->dev when holding a
  ref to llcp_local (bsc#1012628).
- octeontx2-af: Fix marking couple of structure as __packed
  (bsc#1012628).
- drm/i915/dp: Fix passing the correct DPCD_REV for
  drm_dp_set_phy_test_pattern (bsc#1012628).
- drm/i915/perf: Update handling of MMIO triggered reports
  (bsc#1012628).
- ice: Fix link_down_on_close message (bsc#1012628).
- ice: Shut down VSI with "link-down-on-close" enabled
  (bsc#1012628).
- i40e: Fix filter input checks to prevent config with invalid
  values (bsc#1012628).
- igc: Report VLAN EtherType matching back to user (bsc#1012628).
- igc: Check VLAN TCI mask (bsc#1012628).
- igc: Check VLAN EtherType mask (bsc#1012628).
- ASoC: fsl_rpmsg: Fix error handler with pm_runtime_enable
  (bsc#1012628).
- ASoC: mediatek: mt8186: fix AUD_PAD_TOP register and offset
  (bsc#1012628).
- mlxbf_gige: fix receive packet race condition (bsc#1012628).
- net: sched: em_text: fix possible memory leak in
  em_text_destroy() (bsc#1012628).
- r8169: Fix PCI error on system resume (bsc#1012628).
- net: Implement missing getsockopt(SO_TIMESTAMPING_NEW)
  (bsc#1012628).
- selftests: bonding: do not set port down when adding to bond
  (bsc#1012628).
- ARM: sun9i: smp: Fix array-index-out-of-bounds read in
  sunxi_mc_smp_init (bsc#1012628).
- sfc: fix a double-free bug in efx_probe_filters (bsc#1012628).
- net: bcmgenet: Fix FCS generation for fragmented skbuffs
  (bsc#1012628).
- netfilter: nf_nat: fix action not being set for all ct states
  (bsc#1012628).
- netfilter: nft_immediate: drop chain reference counter on error
  (bsc#1012628).
- net: Save and restore msg_namelen in sock_sendmsg (bsc#1012628).
- i40e: fix use-after-free in i40e_aqc_add_filters()
  (bsc#1012628).
- ASoC: meson: g12a-toacodec: Validate written enum values
  (bsc#1012628).
- ASoC: meson: g12a-tohdmitx: Validate written enum values
  (bsc#1012628).
- ASoC: meson: g12a-toacodec: Fix event generation (bsc#1012628).
- ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux
  (bsc#1012628).
- i40e: Restore VF MSI-X state during PCI reset (bsc#1012628).
- igc: Fix hicredit calculation (bsc#1012628).
- apparmor: Fix move_mount mediation by detecting if source is
  detached (bsc#1012628).
- virtio_net: avoid data-races on dev->stats fields (bsc#1012628).
- virtio_net: fix missing dma unmap for resize (bsc#1012628).
- net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues
  (bsc#1012628).
- net/smc: fix invalid link access in dumping SMC-R connections
  (bsc#1012628).
    ... changelog too long, skipping 110 lines ...
- commit f421cf4

==== libgedit-amtk ====
Subpackages: libgedit-amtk-5-0 libgedit-amtk-5-lang typelib-1_0-Amtk-5

- Update spec file to conclicts the legacy amtk-devel, which
  shipped the same file Amtk-%{api_ver}.gir as libgedit-amtk does.

==== libjcat ====

- Do not install test files: pass -Dtest=false to meson instead of
  Dtest=true (aids with reproducible build, boo#1218715).
- Add check section and run meson test.

==== libstorage-ng ====
Version update (4.5.171 -> 4.5.172)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1

- merge gh#openSUSE/libstorage-ng#978
- added get_linux_partition_id() taking Arch parameter
- make git ignore javascript in generated documentation
- coding style
- cleanup
- 4.5.172

==== linux-glibc-devel ====
Version update (6.6 -> 6.7)

- Update to kernel headers 6.7

==== microos-tools ====
Version update (2.21+git5 -> 2.21+git9)

- Update to version 2.21+git9:
  * Add man-online command
  * Drop support for sle15 builds
  * Add OBS CI workflow

==== pcr-oracle ====

- Add fix_efi_measure.patch to fix the measurement of EFI binaries

==== pipewire ====
Version update (1.0.0 -> 1.0.1)
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-lang pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools

- Update to version 1.0.1:
  * Highlights
  - Work around the buggy ALSA backend in libcanberra by forcing
    the pulse backend in module-x11-bell.
  - Fix a race in the device info updates in pulse-server.
  - Fix timing and rate matching in ALSA sequencer.
  - Improve timing information in JACK and from the ALSA driver.
  - More small fixes and improvements.
  * PipeWire
  - Fix a build issue when examples where disabled.
  - Avoid some compiler warnings.
  - Avoid some bitfield data races. (#3706)
  * Modules
  - Bump the PTP driver priority. (#3217)
  - Support the previous "allowed" permission in the access
    module.
  - Fix filename leak in module-filter-chain.
  - Work around the buggy ALSA backend in libcanberra by forcing
    the pulse backend in module-x11-bell. (#3688)
  - Fix a race in the device info updates in pulse-server.
  - Fix compatibility in RAOP. (#3698)
  * SPA
  - Handle ALSA picth control errors correctly
  - Clamp buffer-frames correctly. (#3000)
  - Fix timing and rate matching in ALSA sequencer. (#3657)
  - Revert a commit that could result in current time in the
    future in the timing updates.
  - Improve adapter state checks.
  - Remove the timer from the ALSA pcm.
  - Fix timeout in freewheel driver.
  * Pulse-server
  - Also handle active ports for monitor sources.
  - Fix zeroconf-publish format properties.
  * JACK
  - Improve timing and transport calculations.
  - Handle -ENOENT from the core and don't error out.
  * GStreamer
  - Handle node port removal in the device provider. (#3708)
  - Improve error handling while connecting.
  - Fix dts_offset.

==== python-gevent ====

- Clean obsolete old python and old distribution directives
  * Only 15.5+ with the sle15 python module and Tumbleweed have the
    required Python 3.8+
  * Drop fix-no-return-in-nonvoid-function.patch
- Update test suite execution
  * Use -u-network flag to disable network tests
  * Add gevent-opensuse-nocolor-tests.patch -- Avoid colorization
    of test output in obs runners
  * Add  gevent-fix-unittest-returncode-py312-c1.patch and
    gevent-fix-unittest-returncode-py312-c2.patch
    gh#gevent/gevent#2012

==== python-greenlet ====
Version update (3.0.2 -> 3.0.3)

- Update to 3.0.3
  * Python 3.12: Restore the full ability to walk the stack of a
    suspended greenlet; previously only the innermost frame was
    exposed. See issue 388. Fix by Joshua Oreman in PR 393.
- Disable building the docs: Now requires the furo theme, which is
  not available.

==== python-tornado6 ====

- Add patch openssl-3.2.patch gh#tornadoweb/tornado#3355

==== python-urllib3 ====

- Add upstream patch openssl-3.2.patch, to fix tests with opennssl
  3.2.0, gh#urllib3/urllib3#3271

==== samba ====
Version update (4.19.2+git.324.fa0b54b91b -> 4.19.4+git.339.acf1ccaa020)
Subpackages: libsamba-policy0-python3 samba-ad-dc-libs samba-client samba-client-32bit samba-client-libs samba-client-libs-32bit samba-gpupdate samba-ldb-ldap samba-libs samba-libs-python3 samba-python3 samba-winbind samba-winbind-libs samba-winbind-libs-32bit

- Remove -x from bash shebang update-apparmor-samba-profile;
  (bsc#1218431).
- Update to 4.19.4
  * net changesecretpw cannot set the machine account password if
    secrets.tdb is empty; (bso#13577).
  * For generating doc, take, if defined, env XML_CATALOG_FILES;
    (bso#15540).
  * Trivial C typo in nsswitch/winbind_nss_netbsd.c; (bso#15541).
  * vfs_linux_xfs is incorrectly named; (bso#15542).
  * systemd stumbled over copyright-message at smbd startup;
    (bso#15377).
  * Following intermediate abolute share-local symlinks is
    broken; (bso#15505).
  * ctdb RELEASE_IP causes a crash in release_ip if a connection
    to a non-public address disconnects first; (bso#15523).
  * shadow_copy2 broken when current fileset's directories are
    removed; (bso#15544).
  * smbd does not detect ctdb public ipv6 addresses for
    multichannel exclusion; (bso#15534).
  * 'force user = localunixuser' doesn't work if 'allow trusted
    domains = no' is set; (bso#15469).
  * smbget debug logging doesn't work; (bso#15525).
  * smget: username in the smburl and interactive password entry
    doesn't work; (bso#15532).
  * smbget auth function doesn't set values for password prompt
    correctly; (bso#15538).
  * Unable to copy and write files from clients to Ceph cluster
    via SMB Linux gateway with Ceph VFS module; (bso#15440).
  * Multichannel refresh network information; (bso#15547).
- Update to 4.19.3
  * sid_strings test broken by unix epoch > 1700000000;
    (bso#15520).
  * smbd crashes if asked to return full information on close of
    a stream handle with delete on close disposition set;
    (bso#15487).
  * smbd: fix close order of base_fsp and stream_fsp in
    smb_fname_fsp_destructor(); (bso#15521).
  * Improve logging for failover scenarios; (bso#15499).
  * Files without "read attributes" NFS4 ACL permission are not
    listed in directories; (bso#15093).
  * CVE-2018-14628 [SECURITY] Deleted Object tombstones visible
    in AD LDAP to normal users; (bso#13595).
  * Kerberos TGS-REQ with User2User does not work for normal
    accounts; (bso#15492).
  * vfs_gpfs stat calls fail due to file system permissions;
    (bso#15507).
  * Samba doesn't build with Python 3.12; (bso#15513).

==== selinux-policy ====
Version update (20231124 -> 20240104)
Subpackages: selinux-policy-targeted

- Update to version 20240104:
  * Allow keepalived_t read+write kernel_t pipes (bsc#1216060)
  * allow rebootmgr to read the system state (bsc#1205931)

==== zstd ====
Subpackages: libzstd1 libzstd1-32bit libzstd1-x86-64-v3

- Disable build of gzip for Leap 15.x to fix build error.