Packages changed:
  inkscape (1.3.2 -> 1.4)
  kvm_stat
  libxslt
  mozilla-nss (3.104 -> 3.105)
  openSUSE-release (20241028 -> 20241029)
  openssh
  openssl-3 (3.1.4 -> 3.1.7)
  openssl (3.1.4 -> 3.1.7)
  openvpn
  tigervnc

=== Details ===

==== inkscape ====
Version update (1.3.2 -> 1.4)
Subpackages: inkscape-extensions-extra inkscape-extensions-gimp inkscape-lang

- Update to version 1.4:
  + Filter Gallery
  + Modular grids & improved axonometric grids
  + Swatches dialog and palette file handling improved
  + Unified font browser preview
  + Customizable handles
  + Fast image clipping with the Shape Builder
  + Affinity Designer File Import
  + Support for internal links in exported PDF files
  + A whole new icon set
  + See the full release notes
    https://inkscape.org/release/inkscape-1.4
- Drop inkscape-poppler-24.03.0.patch, inkscape-libxml2.12.patch,
  inkscape-poppler-c++20.patch, inkscape-poppler-24.05.0.patch,
  inkscape-poppler-c++20-2.patch, inkscape_1.3.2_fix_tiff.patch, fixed upstream

==== kvm_stat ====

- Add a patch that makes it possible to use kvm_stat from scripts
  (it has been submitted upstream already):
  * Added patches:
    fix-termination-behavior-when-not-on-a-terminal.patch

==== libxslt ====
Subpackages: libexslt0 libxslt-tools libxslt1

- Add libxslt-reproducible.patch to make xml output deterministic (boo#1062303)

==== mozilla-nss ====
Version update (3.104 -> 3.105)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-sysinit mozilla-nss-tools

- update to NSS 3.105
  * bmo#1915792 - Allow importing PKCS#8 private EC keys missing public key
  * bmo#1909768 - UBSAN fix: applying zero offset to null pointer in sslsnce.c
  * bmo#1919577 - set KRML_MUSTINLINE=inline in makefile builds
  * bmo#1918965 - Don't set CKA_SIGN for CKK_EC_MONTGOMERY private keys
  * bmo#1918767 - override default definition of KRML_MUSTINLINE
  * bmo#1916525 - libssl support for mlkem768x25519
  * bmo#1916524 - support for ML-KEM-768 in softoken and pk11wrap
  * bmo#1866841 - Add Libcrux implementation of ML-KEM 768 to FreeBL
  * bmo#1911912 - Avoid misuse of ctype(3) functions
  * bmo#1917311 - part 2: run clang-format
  * bmo#1917311 - part 1: upgrade to clang-format 13
  * bmo#1916953 - clang-format fuzz
  * bmo#1910370 - DTLS client message buffer may not empty be on retransmit
  * bmo#1916413 - Optionally print config for TLS client and server
    fuzz target
  * bmo#1916059 - Fix some simple documentation issues in NSS.
  * bmo#1915439 - improve performance of NSC_FindObjectsInit when
    template has CKA_TOKEN attr
  * bmo#1912828 - define CKM_NSS_ECDHE_NO_PAIRWISE_CHECK_KEY_PAIR_GEN

==== openSUSE-release ====
Version update (20241028 -> 20241029)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd

- automatically generated by openSUSE-release-tools/pkglistgen

==== openssh ====
Subpackages: openssh-clients openssh-common openssh-server

- Don't force using gcc11 on SLFO/ALP which have a newer version.
- Add patches from upstream:
  - To fix a copy&paste oversight in an ifdef :
  * 0001-fix-utmpx-ifdef.patch
  - To fix a regression introduced when the "Match" criteria
    tokenizer was modified since it stopped supporting the
    "Match criteria=argument" format:
  * 0002-upstream-fix-regression-introduced-when-I-switched-the-Match.patch
  - To fix the previous patch which broke on negated Matches:
  * 0003-upstream-fix-previous-change-to-ssh_config-Match_-which-broken-on.patch
  - To fix the ML-KEM768x25519 kex algorithm on big-endian systems:
  * 0004-upstream-fix-ML-KEM768x25519-KEX-on-big-endian-systems-spotted-by.patch

==== openssl-3 ====
Version update (3.1.4 -> 3.1.7)
Subpackages: libopenssl3 libopenssl3-32bit libopenssl3-x86-64-v3

- Update to 3.1.7:
  * Major changes between OpenSSL 3.1.6 and OpenSSL 3.1.7 [3 Sep 2024]
  - Fixed possible denial of service in X.509 name checks (CVE-2024-6119)
  - Fixed possible buffer overread in SSL_select_next_proto()
    (CVE-2024-5535)
  * Major changes between OpenSSL 3.1.5 and OpenSSL 3.1.6 [4 Jun 2024]
  - Fixed potential use after free after SSL_free_buffers() is
    called (CVE-2024-4741)
  - Fixed an issue where checking excessively long DSA keys or
    parameters may be very slow (CVE-2024-4603)
  - Fixed unbounded memory growth with session handling in TLSv1.3
    (CVE-2024-2511)
  * Major changes between OpenSSL 3.1.4 and OpenSSL 3.1.5 [30 Jan 2024]
  - Fixed PKCS12 Decoding crashes (CVE-2024-0727)
  - Fixed Excessive time spent checking invalid RSA public keys
    [CVE-2023-6237)
  - Fixed POLY1305 MAC implementation corrupting vector registers
    on PowerPC CPUs which support PowerISA 2.07 (CVE-2023-6129)
  - Fix excessive time spent in DH check / generation with large
    Q parameter value (CVE-2023-5678)
  * Update openssl.keyring with BA5473A2B0587B07FB27CF2D216094DFD0CB81EF
  * Rebase patches:
  - openssl-Force-FIPS.patch
  - openssl-FIPS-embed-hmac.patch
  - openssl-FIPS-services-minimize.patch
  - openssl-FIPS-RSA-disable-shake.patch
  - openssl-CVE-2023-50782.patch
  * Remove patches fixed in the update:
  - openssl-Improve-performance-for-6x-unrolling-with-vpermxor-i.patch
  - openssl-CVE-2024-6119.patch openssl-CVE-2024-5535.patch
  - openssl-CVE-2024-4741.patch openssl-CVE-2024-4603.patch
  - openssl-CVE-2024-2511.patch openssl-CVE-2024-0727.patch
  - openssl-CVE-2023-6237.patch openssl-CVE-2023-6129.patch
  - openssl-CVE-2023-5678.patch
  - openssl-Enable-BTI-feature-for-md5-on-aarch64.patch
  - openssl-Fix-EVP_PKEY_CTX_add1_hkdf_info-behavior.patch
  - openssl-Handle-empty-param-in-EVP_PKEY_CTX_add1_hkdf_info.patch
  - reproducible.patch

==== openssl ====
Version update (3.1.4 -> 3.1.7)

- Update to 3.1.7

==== openvpn ====

- Fix multiple exit notifications from authenticated clients will
  extend the validity of a closing session (bsc#1227546 CVE-2024-28882)
  Patchname:openvpn-CVE-2024-28882.patch
- Enable Data-Channel-Offloading (DCO) for better performance (jsc#PED-8305)
  if libnl >= 3.4 is available

==== tigervnc ====
Subpackages: libXvnc1 xorg-x11-Xvnc xorg-x11-Xvnc-module

- Require /usr/bin/dbus-launch insted of dbus-1-x11: Do not rely on
  legacy dbus-1-x11 package, which is going away after moving to
  dbus-broker.