Packages changed:
  MozillaFirefox (131.0.2 -> 131.0.3)
  SDL2 (2.30.8 -> 2.30.9)
  SVT-AV1 (2.2.1 -> 2.3.0)
  apache-commons-logging (1.3.3 -> 1.3.4)
  apr-util
  bubblewrap (0.10.0 -> 0.11.0)
  cppcheck (2.15.0 -> 2.16.0)
  ghostscript
  glib2-branding-openSUSE
  gnome-control-center (47.1.1 -> 47.1.1+9)
  grub2
  gtk4 (4.16.3 -> 4.16.5)
  inkscape (1.3.2 -> 1.4)
  ipmitool
  java-21-openjdk (21.0.4.0 -> 21.0.5.0)
  kdump (2.0.9 -> 2.0.10+git0.g62142dd)
  kf6-kxmlgui
  kvm_stat
  libHX (4.23 -> 4.24)
  libarchive (3.7.6 -> 3.7.7)
  libcamera (0.3.1 -> 0.3.2)
  libfprint (1.94.7+tod1 -> 1.94.8+tod1)
  libgit2 (1.8.3 -> 1.8.4)
  libnftnl (1.2.7 -> 1.2.8)
  libnl3 (3.10.0 -> 3.11.0)
  libnvme (1.10+0.gdd51fa8 -> 1.11)
  libpng16 (1.6.43 -> 1.6.44)
  librsvg (2.59.1 -> 2.59.2)
  libtirpc (1.3.5 -> 1.3.6)
  libvirt (10.8.0 -> 10.9.0)
  libvisio
  libxslt
  libzip (1.10.1 -> 1.11.1)
  mc
  microos-tools (4.0+git1 -> 4.0+git2)
  mozilla-nss (3.104 -> 3.105)
  mpg123 (1.32.8 -> 1.32.9)
  mutter (47.1 -> 47.1+3)
  nbdkit
  nftables (1.0.9 -> 1.1.1)
  nvme-cli (2.10 -> 2.11)
  openSUSE-release (20241028 -> 20241103)
  openssh
  openssl-3 (3.1.4 -> 3.1.7)
  openssl (3.1.4 -> 3.1.7)
  openvpn
  patterns-base
  patterns-gnome
  python-Automat (22.10.0 -> 24.8.1)
  python-M2Crypto (0.42.0 -> 0.43.0)
  python-Twisted (24.7.0 -> 24.10.0)
  python-argcomplete (3.4.0 -> 3.5.1)
  python-httpcore (1.0.5 -> 1.0.6)
  python-libvirt-python (10.8.0 -> 10.9.0)
  python-mysqlclient (2.2.4 -> 2.2.5)
  python-pip (24.2 -> 24.3.1)
  python-pycups
  python-service_identity (24.1.0 -> 24.2.0)
  python-zope.interface (7.1.0 -> 7.1.1)
  python311
  python311-core
  qemu (9.1.0 -> 9.1.1)
  rasqal
  redland
  ruby-common
  rubygem-gem2rpm
  salt
  samba (4.21.1+git.367.e1da597d86e -> 4.21.1+git.372.cb50f2d0a68)
  schily
  seahorse (47.0.1 -> 47.0.1+6)
  selinux-policy (20241021 -> 20241031)
  snapper
  speech-dispatcher (0.12.0~rc3 -> 0.12.0~rc4)
  sqlite3 (3.46.0 -> 3.46.1)
  suitesparse (7.5.1 -> 7.8.3)
  system-users
  sysvinit (3.10 -> 3.11)
  tecla-keyboard-layout-viewer
  tigervnc
  update-bootloader (1.17 -> 1.18)
  virt-manager
  vlc
  xfce4-branding-openSUSE (4.18.0+git4.79f6d44 -> 4.18.0+git5.88e05bf)
  xkeyboard-config
  yaml-cpp
  yast2-trans (84.87.20240801.d54b6ae08f -> 84.87.20241029.4907c8ec47)

=== Details ===

==== MozillaFirefox ====
Version update (131.0.2 -> 131.0.3)

- Mozilla Firefox 131.0.3
  * some users could not access the Bill Pay portion of their
    bank's site (bmo#1923500)
  * some VR180 and 360 videos were not properly rendering on YouTube
    (bmo#1922278)
  * Fixed a crash that Windows users with Avast or AVG security
    software were experiencing when visiting certain sites. (bmo#1919678)
  * "List all tabs" button was not able to be moved from the toolbar
    (bmo#1918681)
  NFSA 2024-53
  * CVE-2024-9936 (bmo#1920381)
    Undefined behavior in selection node cache
- remove obsolete mozilla-rust-disable-future-incompat.patch

==== SDL2 ====
Version update (2.30.8 -> 2.30.9)

- Update to release 2.30.9
  * Fixed flicker when entering/exiting fullscreen or moving the
    window between scaled and non-scaled displays under Wayland.

==== SVT-AV1 ====
Version update (2.2.1 -> 2.3.0)

- Update to release 2.3.0
  * Improved fast-decode level 1 option to increase its AV1 software
    cycle reduction by ~10% while maintaining the same quality
    levels.
  * New fast-decode level 2 to allow for an average AV1 software
    cycle reduction of 25-50% vs fast-decode 0 with a 1-3% BD-Rate
    loss across the presets.
  * Improved --lp settings for high resolutions, with CRF gaining a
    ~4% improvement in speed and VBR gaining ~15%.
  * Further ARM-based optimizations improving the efficiency of
    previously written NEON implementations by an average of 30%.

==== apache-commons-logging ====
Version update (1.3.3 -> 1.3.4)

- Upgrade to 1.3.4
  * Bug fix:
    + LOGGING-192: Fix factory loading from context class
    loader #280, #281.

==== apr-util ====

- Fix dependency on libapr: in 2021, libapr1 was renamed to
  libapr1-0, conforming to the shared library packaging policy.
  requires_eq silently dropped the dependency, as the packahe name,
  libapr1, does not exist.

==== bubblewrap ====
Version update (0.10.0 -> 0.11.0)
Subpackages: bubblewrap-zsh-completion

- update to 0.11.0:
  * New --overlay, --tmp-overlay, --ro-overlay and --overlay-src
    options allow creation of overlay mounts. This feature is not
    available when bubblewrap is installed setuid.
  * New --level-prefix option produces output that can be parsed
    by tools like logger --prio-prefix and
    systemd-cat --level-prefix=1
  * bug fixes and developer visible changes
- add upstream signing key and validate source signature

==== cppcheck ====
Version update (2.15.0 -> 2.16.0)

- update to 2.16.0
  Improved checking:
  * constVariable; checking multidimensional arrays
  * constVariablePointer; nested array access
  * deallocuse
  Changed interface:
  * SARIF output. Use --output-format=sarif to activate this.
  * Add option --output-format=. Allowed formats are sarif and
    xml.
  Deprecations:
  * The previously deprecated support for Python 2.7 has been
    removed. Please use Python 3 instead.
  * The maximum value for --max-ctu-depth is currently capped
    at 10. This limitation will be removed in a future release.
  Other:
  * "missingInclude" is no longer implicitly enabled with
    "information" - you need to enable it explicitly now.
  * Fixed checkers report when --addon=misra.py or
  - -addon=misra.json is used.

==== ghostscript ====
Subpackages: ghostscript-x11

- Enhanced entry below dated "Wed Oct 23 08:54:59 UTC 2024"
  by adding the individual "bsc" numbers for each CVE, see
  https://bugzilla.suse.com/show_bug.cgi?id=1232173#c4
  and by adding the "IMPORTANT" change in Ghostscript 10.04.0
- spec file cleanup: removed the special cases for SLE12
  i.e. rely on "suse_version >= 1500" as given precondition
  (recent Ghostscript versions fail to build in SLE12 anyway)

==== glib2-branding-openSUSE ====

- Remove "picture-uri-dark" in schema "org.gnome.desktop.screensaver",
  there is no this key in schema currently.

==== gnome-control-center ====
Version update (47.1.1 -> 47.1.1+9)
Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-user-faces gnome-control-center-users

- Update to version 47.1.1+9:
  * wwan: Fix status pages
  * default-apps-row:
  - Fix auto_ptr usage causing leaks
  - Fix auto_ptr use-after-free
  * Updated translations.

==== grub2 ====
Subpackages: grub2-arm64-efi grub2-common grub2-snapper-plugin grub2-systemd-sleep-plugin

- Enable support of Radix, Xive and Radix_gtse on Power (jsc#PED-9881)
  * 0001-kern-ieee1275-init-Add-IEEE-1275-Radix-support-for-K.patch

==== gtk4 ====
Version update (4.16.3 -> 4.16.5)
Subpackages: gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0

- Update to version 4.16.5:
  + Clean up debug spew.
- Update to version 4.16.4:
  + GtkTextView:
  - Fix some missing CSS invalidation
  - Handle charsets in clipboard datatypes
  + GtkApplication: Respect GDK_DEBUG=no-portals
  + Printing:
  - Avoid warnings for avahi errors
  - Fix a segfault in the print dialog setup code
  + Accessibility: Handle NULL values in more places
  + Gdk:
  - vulkan: Fix validation errors
  - Fix 32bit build for the jpeg loader
  + Wayland: Fix a possible deadlock with high-priority sources
    triggering Wayland roundtrips
  + Updated translations.

==== inkscape ====
Version update (1.3.2 -> 1.4)
Subpackages: inkscape-extensions-extra inkscape-extensions-gimp

- Update to version 1.4:
  + Filter Gallery
  + Modular grids & improved axonometric grids
  + Swatches dialog and palette file handling improved
  + Unified font browser preview
  + Customizable handles
  + Fast image clipping with the Shape Builder
  + Affinity Designer File Import
  + Support for internal links in exported PDF files
  + A whole new icon set
  + See the full release notes
    https://inkscape.org/release/inkscape-1.4
- Drop inkscape-poppler-24.03.0.patch, inkscape-libxml2.12.patch,
  inkscape-poppler-c++20.patch, inkscape-poppler-24.05.0.patch,
  inkscape-poppler-c++20-2.patch, inkscape_1.3.2_fix_tiff.patch, fixed upstream

==== ipmitool ====

- Drop rcFOO symlinks (PED-266).
- To create rcipmievd, the service binary is required at
  build time. This binary is provided by aaa_base. Make sure this
  package is available during build.

==== java-21-openjdk ====
Version update (21.0.4.0 -> 21.0.5.0)
Subpackages: java-21-openjdk-headless

- Update to upstream tag jdk-21.0.5+13 (October 2024 CPU)
  * Security fixes
    + JDK-8307383: Enhance DTLS connections
    + JDK-8311208: Improve CDS Support
    + JDK-8328286, CVE-2024-21208, bsc#1231702: Enhance HTTP client
    + JDK-8328544, CVE-2024-21210, bsc#1231711: Improve handling of
    vectorization
    + JDK-8328726: Better Kerberos support
    + JDK-8331446, CVE-2024-21217, bsc#1231716: Improve
    deserialization support
    + JDK-8332644, CVE-2024-21235, bsc#1231719: Improve graph
    optimizations
    + JDK-8335713: Enhance vectorization analysis
  * Other changes
    + JDK-6355567: AdobeMarkerSegment causes failure to read valid
    JPEG
    + JDK-6967482: TAB-key does not work in JTables after selecting
    details-view in JFileChooser
    + JDK-7022325: TEST_BUG: test/java/util/zip/ZipFile/
    /ReadLongZipFileName.java leaks files if it fails
    + JDK-8051959: Add thread and timestamp options to
    java.security.debug system property
    + JDK-8073061: (fs) Files.copy(foo, bar, REPLACE_EXISTING)
    deletes bar even if foo is not readable
    + JDK-8166352: FilePane.createDetailsView() removes JTable TAB,
    SHIFT-TAB functionality
    + JDK-8170817: G1: Returning MinTLABSize from
    unsafe_max_tlab_alloc causes TLAB flapping
    + JDK-8211847: [aix] java/lang/ProcessHandle/InfoTest.java
    fails: "reported cputime less than expected"
    + JDK-8211854: [aix] java/net/ServerSocket/
    /AcceptInheritHandle.java fails: read times out
    + JDK-8222884: ConcurrentClassDescLookup.java times out
    intermittently
    + JDK-8238169: BasicDirectoryModel getDirectories and
    DoChangeContents.run can deadlock
    + JDK-8241550: [macOS] SSLSocketImpl/ReuseAddr.java failed due
    to "BindException: Address already in use"
    + JDK-8242564: javadoc crashes:: class cast exception
    com.sun.tools.javac.code.Symtab$6
    + JDK-8260633: [macos] java/awt/dnd/MouseEventAfterStartDragTest/
    /MouseEventAfterStartDragTest.html test failed
    + JDK-8261433: Better pkcs11 performance for
    libpkcs11:C_EncryptInit/libpkcs11:C_DecryptInit
    + JDK-8269428: java/util/concurrent/ConcurrentHashMap/
    /ToArray.java timed out
    + JDK-8269657: Test java/nio/channels/DatagramChannel/
    /Loopback.java failed: Unexpected message
    + JDK-8280120: [IR Framework] Add attribute to @IR to
    enable/disable IR matching based on the architecture
    + JDK-8280392: java/awt/Focus/NonFocusableWindowTest/
    /NonfocusableOwnerTest.java failed with "RuntimeException:
    Test failed."
    + JDK-8280988: [XWayland] Click on title to request focus test
    failures
    + JDK-8280990: [XWayland] XTest emulated mouse click does not
    bring window to front
    + JDK-8283223: gc/stringdedup/TestStringDeduplicationFullGC.java
    [#]Parallel failed with "RuntimeException: String verification
    failed"
    + JDK-8287325: AArch64: fix virtual threads with
  - XX:UseBranchProtection=pac-ret
    + JDK-8291809: Convert compiler/c2/cr7200264/TestSSE2IntVect.java
    to IR verification test
    + JDK-8294148: Support JSplitPane for instructions and test UI
    + JDK-8299058: AssertionError in sun.net.httpserver.ServerImpl
    when connection is idle
    + JDK-8299487: Test java/net/httpclient/whitebox/
    /SSLTubeTestDriver.java timed out
    + JDK-8299790: os::print_hex_dump is racy
    + JDK-8299813: java/nio/channels/DatagramChannel/Disconnect.java
    fails with jtreg test timeout due to lost datagram
    + JDK-8301686: TLS 1.3 handshake fails if server_name doesn't
    match resuming session
    + JDK-8303920: Avoid calling out to python in
    DataDescriptorSignatureMissing test
    + JDK-8305072: Win32ShellFolder2.compareTo is inconsistent
    + JDK-8305825: getBounds API returns wrong value resulting in
    multiple Regression Test Failures on Ubuntu 23.04
    + JDK-8307193: Several Swing jtreg tests use class.forName on
    L&F classes
    + JDK-8307352: AARCH64: Improve itable_stub
    + JDK-8307778: com/sun/jdi/cds tests fail with jtreg's Virtual
    test thread factory
    + JDK-8307788: vmTestbase/gc/gctests/LargeObjects/large003/
    /TestDescription.java timed out
    + JDK-8308286: Fix clang warnings in linux code
    + JDK-8308660: C2 compilation hits 'node must be dead' assert
    + JDK-8309067: gtest/AsyncLogGtest.java fails again in
    stderrOutput_vm
    + JDK-8309621: [XWayland][Screencast] screen capture failure
    with sun.java2d.uiScale other than 1
    + JDK-8309685: Fix -Wconversion warnings in assembler and
    register code
    + JDK-8309894: compiler/vectorapi/
    /VectorLogicalOpIdentityTest.java fails on SVE system with
    UseSVE=0
    + JDK-8310072: JComboBox/DisabledComboBoxFontTestAuto: Enabled
    and disabled ComboBox does not match in these LAFs: GTK+
    ... changelog too long, skipping 570 lines ...
    + JDK-8341989: [21u] Back out JDK-8327501 and JDK-8328366

==== kdump ====
Version update (2.0.9 -> 2.0.10+git0.g62142dd)

- upgrade to version 2.0.10
  * calibrate: don't add percentage margin on top of LUKS memory (bsc#1229207)

==== kf6-kxmlgui ====
Subpackages: libKF6XmlGui6

- Fix qt6-core-private-devel minimum version

==== kvm_stat ====

- Add a patch that makes it possible to use kvm_stat from scripts
  (it has been submitted upstream already):
  * Added patches:
    fix-termination-behavior-when-not-on-a-terminal.patch

==== libHX ====
Version update (4.23 -> 4.24)

- Update to release 4.24
  * io: resolve use-after-free and out-of-bounds writes in
    conjunction with ``HX_realpath``
  * io: add ``HX_getcwd`` function

==== libarchive ====
Version update (3.7.6 -> 3.7.7)

- Update to 3.7.7:
  * gzip: prevent a hang when processing a malformed gzip inside a gzip
  * tar: don't crash on truncated tar archives
  * tar: fix two leaks in tar header parsing
  * 7-zip: read/write symlink paths as UTF-8
  * cpio: exit with an error code if an entry could not be extracted
  * rar5: report encrypted entries
  * tar: fix truncation of entry pathnames in specific archives

==== libcamera ====
Version update (0.3.1 -> 0.3.2)
Subpackages: libcamera-base0_3 libcamera0_3

- Update to release 0.3.2
  * Add Sony IMX214 sensor properties

==== libfprint ====
Version update (1.94.7+tod1 -> 1.94.8+tod1)

- update to 1.94.8+tod1
  * build: Support building in non-linux unix environments (tested in FreeBSD)
  * egismoc: New PIDs 0x0583, 0x0586, 0x0587.
  * elanmoc: New PID 0x0C9F.
  * fpcmoc: New PIDs 0x9524, 0x9544.
  * goodixmoc: New PIDs 0x609A, 0x650A, 0x650C, 0x6512.
  * realtek: New PID 0x5816.
  * synaptics: New PIDs 0x00C4, 0x019D, 0x00C6.
  * fpcmoc: fix incorrect immobile handling during enrollment.
  * fpcmoc: fixed jumping to wrong state at end of custom enroll.
  * egismoc: various code cleanups.
- fix compilation error
  + label-can-only-be-part-of-a-statement.patch

==== libgit2 ====
Version update (1.8.3 -> 1.8.4)

- update to 1.8.4:
  * Actually includes the pre-1.8.0 commit constness behavior fix

==== libnftnl ====
Version update (1.2.7 -> 1.2.8)

- Update to release 1.2.8
  * Fixes for incorrect validation of dynset netlink attributes
    from the kernel

==== libnl3 ====
Version update (3.10.0 -> 3.11.0)
Subpackages: libnl-config libnl3-200

- Update to release 3.11
  * Add NLA_{SINT|UINT} attribute types
  * Add NLA functions for variable-length integers
  * link/bonding: add getters for attributes
  * lib/route: add support for bridge msti

==== libnvme ====
Version update (1.10+0.gdd51fa8 -> 1.11)
Subpackages: libnvme-mi1 libnvme1

- Update to version 1.11:
  * prefix: Use Request or Response Length in DLEN and DOFF for MI
  * types: Add ETPVDS and SSI fields of sanitize status log
  * json: do not escape strings when printing the configuration
  * tree: do no export tls keys when not provided by user
  * types: add struct nvme_id_ctrl_nvm ver and lbamqf member variables
  * types: add NVMe 2.1 get log page LIDs
  * type: Added enums for ANSAN and RGCNS bit of OAES field
  * linux: fixup PSK HMAC type '0' handling
  * util: added error code for ENOKEY
  * fabrics: fix map error level in __nvmf_add_ctrl
  * fabrics: add ctrl connect interface
  * fabrics: use hex numbers when generating command line options
  * fabrics: rename first argument for argument macros
  * linux: handle key import correctly
  * linux: export keys to config
  * tree: read tls_configured_key and tls_keyring from sysfs
  * tree: move dhchap and tls sysfs parser into separate functions
  * json: move keystore operations out of the JSON parser
  * tree: add getter/setters for TLS PSK
  * linux: add import/export function for TLS pre-shared keys
  * linux: only return the description of a key
  * linux: use ssize_t as return type for nvme_identity_len
  * linux: reorder variable declarations
  * types: Added enum for SMVES event of PEL log
  * libnvme: add lockdown log page support(LID : 0x14)
  * libnvme: add EMVS support to sanitize command
  * types: Add TP4159 PCIe Infrastructure for Live Migration definitions
  * types: add NVME_CTRL_OAES get macro definitions
  * types: add NVME_CTRL_OAES_TTHR definition
  * types: add NVME_CTRL_FNA definitions to get field values
  * types: add NVME_VAL() definition
  * tree: fix tls key mem leak (bsc#1231668)
  * tree: fix dhchap_ctrl_key mem leak (bsc#1231668)
  * tree: fix dhchap_key mem leak (bsc#1231668)
  * types: add NVME_CHECK() definition to check nvme register field value
  * types: add kv opcodes
  * types: added new fields in nvme_nvme_id_ns
  * types: Add enum for Completion Condition of Get LBA status command
  * ioctl: refactoring set_features
  * types: add new fields added in TP4142
  * mi: add control primitive command
  * linux: Correct error handling for derive_psk_digest (bsc#1228376)
  * types: Added new field CSER in enum as per TP4167
- build fix for OpenSSL 1.1
  * add 0001-linux-fix-derive_psk_digest-OpenSSL-1.1-version.patch

==== libpng16 ====
Version update (1.6.43 -> 1.6.44)

- version update to 1.6.44:
  * Hardened calculations in chroma handling to prevent overflows, and
    relaxed a constraint in cHRM validation to accomodate the standard
    ACES AP1 set of color primaries.
    (Contributed by John Bowler)
  * Removed the ASM implementation of ARM Neon optimizations and updated
    the build accordingly. Only the remaining C implementation shall be
    used from now on, thus ensuring the support of the PAC/BTI security
    features on ARM64.
    (Contributed by Ross Burton and John Bowler)
  * Fixed the pickup of the PNG_HARDWARE_OPTIMIZATIONS option in the
    CMake build on FreeBSD/amd64. This is an important performance fix
    on this platform.
  * Applied various fixes and improvements to the CMake build.
    (Contributed by Eric Riff, Benjamin Buch and Erik Scholz)
  * Added fuzzing targets for the simplified read API.
    (Contributed by Mikhail Khachayants)
  * Fixed a build error involving pngtest.c under a custom config.
    This was a regression introduced in a code cleanup in libpng-1.6.43.
    (Contributed by Ben Wagner)
  * Fixed and improved the config files for AppVeyor CI and Travis CI.
- Drop upstream patch:
  * 563.patch

==== librsvg ====
Version update (2.59.1 -> 2.59.2)
Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0

- Change license to LGPL-2.1-or-later AND MIT.
- Update to version 2.59.2:
  + Fix stack overflow due to unbounded recursion.  Now there is
    a hard limit on the number of nested layers that an SVG
    document may have.  This is not a hard limit on the amount of
    stack space consumed, but it is a general mitigation.
  + Fix regression when rendering paths with very flat elliptical
    arcs.  This bug was introduced in 2.59.1 as part of the
    mitigation for paths with coordinates that Cairo is unable to
    handle.
  + Fix centering and text-anchor in general for scaled text.
  + Fix building with Rust 1.82 on Windows (Christoph Reiter).
  + Make cancellation work for all the resource loading
    functions.
  + Add documentation for rsvg-bench to the development guide.
  + Slight improvement in memory consumption for language tags.
  + Many updates to the developer's documentation, for Outreachy
    interns.

==== libtirpc ====
Version update (1.3.5 -> 1.3.6)
Subpackages: libtirpc-netconfig libtirpc3

- update to 1.3.6:
  * http://sourceforge.net/projects/libtirpc/files/libtirpc/1.3.6/Release-1.3.6.txt
  * https://lore.kernel.org/linux-nfs/91ef3508-d0a6-48db-adfc-4f7831fba74e@redhat.com/
  * rpcbind config changes

==== libvirt ====
Version update (10.8.0 -> 10.9.0)
Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-qemu libvirt-libs

- Update to libvirt 10.9.0
  - jsc#PED-8909, jsc#9854, jsc#9855
  - Many incremental improvements and bug fixes, see
    https://libvirt.org/news.html#v10-9-0-2024-11-01

==== libvisio ====

- libvisio testsuite in combination with ICU 76.1 requires UTF-8
  locale during %check [boo#1232061]

==== libxslt ====
Subpackages: libexslt0 libxslt-tools libxslt1

- Add libxslt-reproducible.patch to make xml output deterministic (boo#1062303)

==== libzip ====
Version update (1.10.1 -> 1.11.1)

- version update to 1.11.1
  * Fix zipconf.h for version number with missing third component.
  * Stop searching after finding acceptable central directory, even if it contains inconsistencies.
  * Only write Zip64 EOCD if fields don't fit in normal EOCD. Previously libzip also wrote it when any directory entry required Zip64.
  * Allow bytes from 0x00-0x1F as UTF-8.
  * Add new error code ZIP_ER_TRUNCATED_ZIP for files that start with a valid local header signature.
  * `zipcmp`: add -T option for comparing timestamps.
  * `zip_file_replace` now removes the target's extra field information.

==== mc ====
Subpackages: mc-lang

- Added patch 4575-fix-wrapper.patch - fixes boo#1203617

==== microos-tools ====
Version update (4.0+git1 -> 4.0+git2)
Subpackages: selinux-autorelabel

- Update to version 4.0+git2:
  * Add RemainAfterExit=true to autorelabel services

==== mozilla-nss ====
Version update (3.104 -> 3.105)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-sysinit mozilla-nss-tools

- update to NSS 3.105
  * bmo#1915792 - Allow importing PKCS#8 private EC keys missing public key
  * bmo#1909768 - UBSAN fix: applying zero offset to null pointer in sslsnce.c
  * bmo#1919577 - set KRML_MUSTINLINE=inline in makefile builds
  * bmo#1918965 - Don't set CKA_SIGN for CKK_EC_MONTGOMERY private keys
  * bmo#1918767 - override default definition of KRML_MUSTINLINE
  * bmo#1916525 - libssl support for mlkem768x25519
  * bmo#1916524 - support for ML-KEM-768 in softoken and pk11wrap
  * bmo#1866841 - Add Libcrux implementation of ML-KEM 768 to FreeBL
  * bmo#1911912 - Avoid misuse of ctype(3) functions
  * bmo#1917311 - part 2: run clang-format
  * bmo#1917311 - part 1: upgrade to clang-format 13
  * bmo#1916953 - clang-format fuzz
  * bmo#1910370 - DTLS client message buffer may not empty be on retransmit
  * bmo#1916413 - Optionally print config for TLS client and server
    fuzz target
  * bmo#1916059 - Fix some simple documentation issues in NSS.
  * bmo#1915439 - improve performance of NSC_FindObjectsInit when
    template has CKA_TOKEN attr
  * bmo#1912828 - define CKM_NSS_ECDHE_NO_PAIRWISE_CHECK_KEY_PAIR_GEN

==== mpg123 ====
Version update (1.32.8 -> 1.32.9)
Subpackages: libmpg123-0 mpg123-openal

- Update to version 1.32.9
  libmpg123:
  * Increase the library patchlevel, as was forgotten on previous
    release. Now you can check for distversion >= 1.32.8 or
    mpg123 libversion >= 48 patchlevel 3 to see if you're
    vulnerable to CVE-2024-10573.

==== mutter ====
Version update (47.1 -> 47.1+3)

- Update to version 47.1+3:
  * wayland/pointer-constraints: Warp pointer after destroying
    resource
  * Updated translations.

==== nbdkit ====
Subpackages: nbdkit-basic-filters nbdkit-basic-plugins nbdkit-curl-plugin nbdkit-nbd-plugin nbdkit-python-plugin nbdkit-server nbdkit-ssh-plugin

- spec: Cleanup 'Provides' list for the nbdkit-basic-plugins and
  nbdkit-basic-filters subpackages

==== nftables ====
Version update (1.0.9 -> 1.1.1)
Subpackages: libnftables1 python311-nftables

- Update to release 1.1.1
  * Reduce netlink cache dependencies to speed up incremental
    updates.
  * Allow zero burst in byte ratelimiter expression.
  * Fix double-free when users call nft_ctx_clear_vars() followed
    by nft_ctx_free().
  * Document that the tproxy statement is non-terminal (unlike in
    iptables). This allows for tproxy+log and tproxy+mark combos,
    see man nft(8) for details.
  * Add egress support for the `list hooks` subcommand.
- Update to release 1.1.0
  * Restore compatibility set element dump with <= 0.9.8
  * Disallow empty interface names
  * Restore rule replace command
  * Search for group, rt_mark, rt_realms at
    /etc/iproute2, /usr/share/iproute2
  * Resolve some timezone issues
  * Support for variables in map expressions
  * VLAN support

==== nvme-cli ====
Version update (2.10 -> 2.11)
Subpackages: nvme-cli-bash-completion nvme-cli-zsh-completion

- Update to version 2.11:
  * docs: update check-tls-key arguments
  * nvme: add support to append TLS PSK to keyfile for check-tls-key
  * nvme: return correct error code in append_keyfile
  * docs: nvme-id-doman: dom{ia => ai}n
  * ocp: fix latency monitoring data structure entry endian
  * ocp: fix TCG configuration log endian
  * ocp: fix firmware activation history entry endian
  * docs: update gen-tls-key arguments
  * nvme: add support to add derive TLS PSK to keyfile
  * nvme: rename identity to version
  * nvme: set file permission for keyfile to owner only
  * nvme: export tls keys honoring version and hmac
  * nvmf-keys: add udev rule to import tls keys
  * docs: update TLS options
  * fabrics: add support to connect to accept a PSK command line
  * fabrics: add support to connect to accept a configuration
  * nvme: use unsigned char for hmac and identity
  * nvme-print: Add Sanitize Media Verification Event in PEL log
  * netapp-ontapdev: add err msg for no ontapdevices
  * netapp-smdev: add err msg for no smdevices
  * doc: Add sanitize command emvs option
  * ocp: combine to use GUID length definitions
  * nvme: update tls_key() handling
  * nvme-print-stdout: print VERS bit of SANICAP field
  * nvme: add EMVS support to sanitize command
  * ocp: remove callback function cast
  * doc: added commit conventions to contribution guidelines
  * ocp: fix ocp-print-stdout.c indentation error
  * ocp: fix ocp-nvme.c indentation errors
  * ocp: build ocp-nvme.c and ocp-telemetry-decode.c without json
  * ocp: split TCG configuration log print codes
  * ocp: split telemetry string log print codes
  * ocp: split device capabilities log print codes
  * ocp: split error recovery log print codes
  * ocp: split unsupported requirement log print codes
  * ocp: split latency monitor log print codes
  * ocp: move ocp telemetry log print function into ocp-print
  * ocp: split smart extended log print codes
  * ocp: split ocp-fw-activation-history print codes
  * plugins: update meson.build file to always build ocp plugin
  * ocp-print: move json code into separate files
  * nvme-print-json: display only verbose output
  * ocp-nvme: ocp plugin version update
  * nvme-print: print KV command set page header
  * doc: show where self-test results can be found
  * plugins/memblaze: fix a wrong id on smart-log-add
  * plugins/dapustor: smart-log-add fix
  * plugins/sed: add sid password change (bsc#1229677)
  * plugins/solidigm: Automatic retry smaller log chunk size.
  * ocp-nvme: Add LMDATA-37 for Latency Monitor Log
  * ocp-nvme: remove ocp log page version checking
  * wdc: Fix for Reading WDC C2 Vendor Unique Log Page
  * ocp: Fixes for OCP 2.5 Telemetry DA1 FIFO Event Parsing
  * nvme-print-json: update JSON verbose output for nvm-id-ctrl (bsc#1231668)
  * wdc: Add Support for SN5100S
  * nvme: Support show-regs for nvmeof
  * ocp: fix option handling in internal-log
  * Documentation: Added solidigm plugin commands
  * wdc: add support for SNTMP drive
  * nvme-print: print NSSES field of CAP register
  * ocp: fix GUID output
  * nvme-print-json: print controller register values in offset order
  * nvme-print-json: print CMBEBS and CMBSWTP in json format
  * nvme-print-stdout: update changed-ns-list-log output (bsc#1231668)
  * nvme: fix uninitialized value in error-log (bsc#1231668)
  * nvme: fix to convert metadata size to native byte order
  * nvme-print: fix error information log page endianness error
  * completions: add get-feature command changed option
  * doc: add get-feature command changed option
  * nvme: separate get NVME_GET_FEATURES_SEL_CHANGED definition
  * nvme: use NVME_GET_FEATURES_SEL definitions
  * nvme-print-stdout: use NVME_CTRL_OAES definitions
  * completion: add ocp set-telemetry-profile to zsh
  * completion: add solidgm work-tracker binding
  * plugins/solidigm: Added Workload Tracker Triggers and Wall Time
  * ocp: include util/types.h to use nvme_uint128_t
  * ocp: fix to set log data pointer allocated
  * nvme: use NVME_CHECK() to check get features select field value
  * ocp: split ocp-hwcomp log
  * completions: add ocp hardware-component-log command
  * doc: add ocp hardware-component-log command
  * ocp: add hwcomp log json output
  * ocp: add hwcomp log command list option
  * ocp: add hwcomp log command comp-id option
  * ocp: add hwcomp dummy definition
  * ocp: add support for hwcomp log page
  * nvme: use NVME_CTRL_FNA definitions
  * netapp-smdevices: print single device output too (bsc#1231668)
  * netapp-smdevices: segregate print routines (bsc#1231668)
  * Add Support for new SN655 PCI Device ID
  * nvme-print-json: extern json object add functions
  * ocp: add SMART / health information extended log page version 4
  * ocp: add error recovery log page version 3
  * ocp: add get-enable-ieee1667-silo command
  * fabrics: fix incorrect access filename check (bsc#1231668)
  * nvme: use NVME_GET_FEATURES_SEL_SUPPORTED definition
  * nvme-print-json: use _cleanup_free_
  * plugins/solidigm: fix use after free.
    ... changelog too long, skipping 32 lines ...
- Install 70-nvmf-keys.rules to the default udev rules directory

==== openSUSE-release ====
Version update (20241028 -> 20241103)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd

- automatically generated by openSUSE-release-tools/pkglistgen

==== openssh ====
Subpackages: openssh-clients openssh-common openssh-server

- Don't force using gcc11 on SLFO/ALP which have a newer version.
- Add patches from upstream:
  - To fix a copy&paste oversight in an ifdef :
  * 0001-fix-utmpx-ifdef.patch
  - To fix a regression introduced when the "Match" criteria
    tokenizer was modified since it stopped supporting the
    "Match criteria=argument" format:
  * 0002-upstream-fix-regression-introduced-when-I-switched-the-Match.patch
  - To fix the previous patch which broke on negated Matches:
  * 0003-upstream-fix-previous-change-to-ssh_config-Match_-which-broken-on.patch
  - To fix the ML-KEM768x25519 kex algorithm on big-endian systems:
  * 0004-upstream-fix-ML-KEM768x25519-KEX-on-big-endian-systems-spotted-by.patch

==== openssl-3 ====
Version update (3.1.4 -> 3.1.7)
Subpackages: libopenssl3

- Update to 3.1.7:
  * Major changes between OpenSSL 3.1.6 and OpenSSL 3.1.7 [3 Sep 2024]
  - Fixed possible denial of service in X.509 name checks (CVE-2024-6119)
  - Fixed possible buffer overread in SSL_select_next_proto()
    (CVE-2024-5535)
  * Major changes between OpenSSL 3.1.5 and OpenSSL 3.1.6 [4 Jun 2024]
  - Fixed potential use after free after SSL_free_buffers() is
    called (CVE-2024-4741)
  - Fixed an issue where checking excessively long DSA keys or
    parameters may be very slow (CVE-2024-4603)
  - Fixed unbounded memory growth with session handling in TLSv1.3
    (CVE-2024-2511)
  * Major changes between OpenSSL 3.1.4 and OpenSSL 3.1.5 [30 Jan 2024]
  - Fixed PKCS12 Decoding crashes (CVE-2024-0727)
  - Fixed Excessive time spent checking invalid RSA public keys
    [CVE-2023-6237)
  - Fixed POLY1305 MAC implementation corrupting vector registers
    on PowerPC CPUs which support PowerISA 2.07 (CVE-2023-6129)
  - Fix excessive time spent in DH check / generation with large
    Q parameter value (CVE-2023-5678)
  * Update openssl.keyring with BA5473A2B0587B07FB27CF2D216094DFD0CB81EF
  * Rebase patches:
  - openssl-Force-FIPS.patch
  - openssl-FIPS-embed-hmac.patch
  - openssl-FIPS-services-minimize.patch
  - openssl-FIPS-RSA-disable-shake.patch
  - openssl-CVE-2023-50782.patch
  * Remove patches fixed in the update:
  - openssl-Improve-performance-for-6x-unrolling-with-vpermxor-i.patch
  - openssl-CVE-2024-6119.patch openssl-CVE-2024-5535.patch
  - openssl-CVE-2024-4741.patch openssl-CVE-2024-4603.patch
  - openssl-CVE-2024-2511.patch openssl-CVE-2024-0727.patch
  - openssl-CVE-2023-6237.patch openssl-CVE-2023-6129.patch
  - openssl-CVE-2023-5678.patch
  - openssl-Enable-BTI-feature-for-md5-on-aarch64.patch
  - openssl-Fix-EVP_PKEY_CTX_add1_hkdf_info-behavior.patch
  - openssl-Handle-empty-param-in-EVP_PKEY_CTX_add1_hkdf_info.patch
  - reproducible.patch

==== openssl ====
Version update (3.1.4 -> 3.1.7)

- Update to 3.1.7

==== openvpn ====

- Fix multiple exit notifications from authenticated clients will
  extend the validity of a closing session (bsc#1227546 CVE-2024-28882)
  Patchname:openvpn-CVE-2024-28882.patch
- Enable Data-Channel-Offloading (DCO) for better performance (jsc#PED-8305)
  if libnl >= 3.4 is available

==== patterns-base ====
Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-transactional_base patterns-base-x11 patterns-base-x11_enhanced

- Agama does not install chrony, add it to the pattern like on all
  other products, so that it is always there, including on images.

==== patterns-gnome ====
Subpackages: patterns-gnome-gnome patterns-gnome-gnome_basic patterns-gnome-gnome_basis patterns-gnome-gnome_basis_opt patterns-gnome-gnome_games patterns-gnome-gnome_imaging patterns-gnome-gnome_internet patterns-gnome-gnome_multimedia patterns-gnome-gnome_office patterns-gnome-gnome_utilities patterns-gnome-gnome_x11 patterns-gnome-gnome_yast patterns-gnome-sw_management_gnome

- Drop file-roller Recommends, the built in support in nautilus is
  sufficient.
- Change console to gnome-console Recommends: Use the current app
  name.
- Drop nautilus-extension-terminal Recommends: nautilus supports
  gnome-console nativly.

==== python-Automat ====
Version update (22.10.0 -> 24.8.1)

- update to 24.8.1:
  * major new api
  * python 3.12/3.13

==== python-M2Crypto ====
Version update (0.42.0 -> 0.43.0)

- Update to 0.43.0:
  - feat[m2]: add m2.time_t_bits to checking for 32bitness.
  - fix[tests]: Use only X509_VERSION_1 (0) as version for CSR.
  - fix[EC]: raise ValueError when load_key_bio() cannot read the
    file (bsc#1231589).
  - ci: use -mpip wheel instead of -mbuild
  - fix: use PyMem_Malloc() instead of malloc()
  - fix[hints]: more work on conversion of type hints to the py3k ones
  - fix: make the package build even on Python 3.6
  - ci[local]: skip freezing local tests
  - fix[hints]: remove AnyStr type
  - test: add suggested test for RSA.{get,set}_ex_data
  - fix: implement interfaces for RSA_{get,set}_ex_new_{data,index}
  - fix: generate src/SWIG/x509_v_flag.h to overcome weaknesses of
    swig
  - fix: replace literal enumeration of all VERIFY_ constants by a
    cycle
  - test: unify various test cases in test_ssl related to ftpslib
  - fix: replace deprecated url keyword in setup.cfg with complete
    project_urls map

==== python-Twisted ====
Version update (24.7.0 -> 24.10.0)
Subpackages: python311-Twisted python311-Twisted-tls

- update to 24.10.0:
  * Python 3.13 is now supported.
  * twisted.internet.defer.succeed() is significantly faster, and
    awaiting Deferred has also been sped up.
  * twisted.python.failure.Failure creation no longer records the
    place where it was created. This reduces creation time by 60%
    at least, thereby speeding up Deferred error handling.
  * twisted.internet.defer.Deferred no longer removes the
    traceback object from Failures. This may result in more
    objects staying in memory if you don't clean up failed
    Deferreds, but it speeds up error handling and enables
    improvements to traceback reporting.
  * twisted.internet.defer APIs are 2%-4% faster in many cases.
  * twisted.internet.defer.Deferred runs callbacks with chained
    Deferreds a little faster.
  * The reactor now will use a little less CPU when events have
    been scheduled with callLater().
  * Creation of twisted.python.failure.Failure is now faster.
  * Fixed unreleased regression caused by PR 12109.
  * twisted.logger.eventAsText can now format the output having
    types/classes as input. This was a regression introduced in
    Twisted 24.3.0.
  * twisted.internet.endpoints.clientFromString for TLS endpoints
    with "bindAddress="  no longer crashes during connect.
    twisted.internet.endpoints.HostnameEndpoint() no longer
    crashes when given a bindAddress= argument that is just a
    string, and that argument now accepts either address strings
    or (address, port) tuples.
  * The URLs from README and pyproject.toml were updated.
  * #11236, #12060, #12062, #12099, #12219, #12290, #12296,
    [#12305], #12329, #12331, #12339
  * twisted.conch.ssh.keys.Key can now load public blob keys of
    type sk-ssh-ed25519@openssh.com and sk-ecdsa-
    sha2-nistp256@openssh.com.
  * twisted.conch tests no longer rely on OpenSSH supporting DSA
    keys, fixing compatibility with OpenSSH >= 9.8.
  * twisted.conch.ssh.SSHCiphers no longer supports the
    cast128-ctr, cast128-cbc, blowfish-ctr, and blowfish-cbc
    ciphers. The Blowfish and CAST5 ciphers were removed as they
    were deprecated by the Python cryptography library.
  * #12313
  * The twisted.web HTTP server and client now reject HTTP header
    names containing whitespace or other invalid characters by
    raising twisted.web.http_headers.InvalidHeaderName, improving
    compliance with RFC 9110. As a side effect, the server is
    slightly faster.
  * twisted.web.client and twisted.web.server now disable the
    Nagle algorithm (enable TCP_NODELAY), reducing the latency of
    small HTTP queries.
  * twisted.web.server is 1-2% faster in some cases.
  * twisted.web's HTTP/1.1 server now rejects header values
    containing a NUL byte with a 400 error, in compliance with
    RFC 9110.
  * twisted.internet.address no longer raises DeprecationWarning
    when used with attrs>=24.1.0.
  * twisted.web's HTTP/1.1 server now accepts '&' within tokens
    (methods, header field names, etc.), in compliance with RFC
    9110.
  * #9743, #12276
  * Trial's -j flag now accepts an auto keyword to spawn a number
    of workers based on the available CPUs.
- drop 12313-fix-test_manhole.patch: upstream

==== python-argcomplete ====
Version update (3.4.0 -> 3.5.1)

- Update to the version 3.5.1:
  - Restore compatibility with argparse in Python 3.12.7+
  - Use project.scripts instead of setuptools scripts
  - Test infrastructure improvements
- Remove upstreamed patches:
  - argparse-3_12_7.patch
- Add _multibuild (to make testing against fully installed package)

==== python-httpcore ====
Version update (1.0.5 -> 1.0.6)

- Update to 1.0.6
  * Relax `trio` dependency pinning.
  * Handle `trio` raising `NotImplementedError` on unsupported platforms.
  * Handle mapping `ssl.SSLError` to `httpcore.ConnectError`.
- Update Requires from pyproject.toml

==== python-libvirt-python ====
Version update (10.8.0 -> 10.9.0)

- Update to 10.9.0
  - Add all new APIs and constants in libvirt 10.9.0
  - jsc#PED-8909, jsc#9854, jsc#9855

==== python-mysqlclient ====
Version update (2.2.4 -> 2.2.5)

- update to 2.2.5:
  * (Windows wheel) Update MariaDB Connector/C to 3.4.1. #726
  * (Windows wheel) Build wheels for Python 3.13. #726

==== python-pip ====
Version update (24.2 -> 24.3.1)

- update to 24.3.1:
  * Allow multiple nested inclusions of the same requirements
    file again.
  * Deprecate wheel filenames that are not compliant with PEP
    440.
  * Detect recursively referencing requirements files and help
    users identify the source.
  * Support for PEP 730 iOS wheels.
  * Display a better error message when an already installed
    package has an invalid requirement.
  * Ignore PIP_TARGET and pip.conf global.target when preparing a
    build environment.
  * Restore support for macOS 10.12 and older (via truststore).
  * Allow installing pip in editable mode in a virtual
    environment on Windows.
  * Upgrade certifi to 2024.8.30
  * Upgrade distlib to 0.3.9
  * Upgrade truststore to 0.10.0
  * Upgrade urllib3 to 1.26.20

==== python-pycups ====

- fix_shebang on the postscript driver rpmhook

==== python-service_identity ====
Version update (24.1.0 -> 24.2.0)

- update to 24.2.0:
  * Python 3.13 is now officially supported.
  * pyOpenSSL's identity extraction has been reimplemented using
  * cryptography*'s primitives instead of deprecated pyOpenSSL
    APIs.
  * As a result, the oldest supported pyOpenSSL version is now
    17.1.0.

==== python-zope.interface ====
Version update (7.1.0 -> 7.1.1)

- Update to 7.1.1
  * Fix segmentation faults in `weakrefobject.c`
    on Python 3.12 and 3.13. (#323)
- Adjust upstream source name in spec file

==== python311 ====
Subpackages: python311-curses python311-dbm

- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
  path names provided when creating a virtual environment
  (bsc#1232241, CVE-2024-9287)
- Drop .pyc files from docdir for reproducible builds
  (bsc#1230906).

==== python311-core ====
Subpackages: libpython3_11-1_0 python311-base

- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
  path names provided when creating a virtual environment
  (bsc#1232241, CVE-2024-9287)
- Drop .pyc files from docdir for reproducible builds
  (bsc#1230906).

==== qemu ====
Version update (9.1.0 -> 9.1.1)
Subpackages: qemu-arm qemu-audio-spice qemu-block-curl qemu-block-nfs qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-img qemu-ipxe qemu-ksm qemu-pr-helper qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios

- Update to version 9.1.1:
  Full changelog here:
  https://lore.kernel.org/qemu-devel/7f0561ec-3564-4860-bacf-a98071a5ce52@tls.msk.ru/
  Some of the most notable features:
  * ui/dbus: fix filtering all update messages
  * ui/win32: fix potential use-after-free with dbus shared memory
  * ui/dbus: fix leak on message filtering
  * hw/audio/hda: fix memory leak on audio setup
  * hw/audio/hda: free timer on exit
  * hw/char/pl011: Use correct masks for IBRD and FBRD
  * hw/intc/arm_gicv3_cpuif: Add cast to match the documentation
  * hw/intc/arm_gicv3: Add cast to match the documentation
  * hw/intc/arm_gicv3: Add cast to match the documentation
  * meson: ensure -mcx16 is passed when detecting ATOMIC128
  * meson: define qemu_isa_flags
  * meson: fix machine option for x86_version
  * target/m68k: Always return a temporary from gen_lea_mode
  * tcg/ppc: Use TCG_REG_TMP2 for scratch index in prepare_host_addr
  * tcg/ppc: Use TCG_REG_TMP2 for scratch tcg_out_qemu_st
  * linux-user: Fix parse_elf_properties GNU0_MAGIC check
  * linux-user/flatload: Take mmap_lock in load_flt_binary()
  * vnc: fix crash when no console attached
  * testing: bump mips64el cross to bookworm and fix package list
  * hw/sd/sdcard: Fix handling of disabled boot partitions
  * target/arm: Avoid target_ulong for physical address lookups
  * block/reqlist: allow adding overlapping requests
  * util/timer: avoid deadlock when shutting down
  * hw/mips/jazz: fix typo in in-built NIC alias
  * tcg: Fix iteration step in 32-bit gvec operation
  * hw/loongarch/virt: Add description for virt machine type
  * migration/multifd: Fix p->iov leak in multifd-uadk.c
  * target/ppc: Fix migration of CPUs with TLB_EMB TLB type
  * target/hppa: Fix random 32-bit linux-user crashes
  * target/arm: Correct ID_AA64ISAR1_EL1 value for neoverse-v1
  * hw/char/stm32l4x5_usart.c: Enable USART ACK bit response
  * migration/multifd: Fix rb->receivedmap cleanup race
  * mac_dbdma: Remove leftover `dma_memory_unmap` calls
- Fix boo#1231166:
  * [openSUSE][RPM] The qemu translation is not being installed (boo#1231166)

==== rasqal ====

- Drop %requires_ge libraptor1: This has been a NOP for the last
  10 years, since we moved to raptor 2.x.

==== redland ====

- Remove the requires_ge against librasqal1: it's been 15 years
  that librasqal1 changed to librasqal2. Due to requires_ge simply
  ignoring the dep if the package cannot be found, this was
  effectively a NOP for the last 15 years - and as nobody seemed to
  miss it, the autodep of RPM seems good enough.

==== ruby-common ====

- update gem_packages.spec.erb by syncing with gem2rpm
  - drop group tag
  - only emit manual comments if we actually put out content
  - mark docs explicitely with the %doc tag
  - stop using deprecated PreReq for update-alternatives

==== rubygem-gem2rpm ====

- update suse.patch:
  handle ERB.new for older ruby versions
- update suse.patch and sync in ruby-common/gem_packages.spec.erb
- remove gem2rpm.yml.documentation as it is now in the git tree and
  therefor part of the suse.patch
- replaced all patches with suse.patch generated with
  update-suse-patch.sh
  0001-use-the-ID-from-os-release-to-use-the-proper-templat.patch
  0002-added-basic-config-file-support-to-gem2rpm-in-yaml-f.patch
  0003-new-opensuse-templates.-they-require-the-config-file.patch
  0004-added-example-gem2rpm.yml.patch
  0005-properly-shorten-description-and-summary.patch
  0006-Preserve-the-license-header-found-in-the-output-file.patch
  0007-fixes-for-the-opensuse-template.patch
  0008-do-not-use-not-.-not-supported-on-1.8-e.g.patch
  0009-No-longer-require-the-ruby-version-inside-the-subpac.patch
  0010-Try-to-load-rbconfigpackagingsupport-and-fail-gracef.patch
  0011-Add-support-for-scripts-pre-post-for-subpackages.patch
  0012-typo-in-gem2rpm.yml.documentation-custom_pkgs-instea.patch
  0013-Also-tag-LICENSE-MIT-as-docfile.patch
  0014-Refactor-into-multiple-lines.patch
  0015-Add-licence-to-the-list-of-license-files-as-well.patch
  0016-add-two-more-ways-to-express-changes.patch
  0017-.markdown-is-also-seen-in-the-wild.patch
  0018-Only-use-the-extensions-doc-dir-on-MRI-2.1.x.patch
  0019-Cleaner-solution-for-the-extensions-doc-dir.patch
  0020-Ruby-1.8-insists-on-the-for-the-parameter.patch
  0021-Fix-company-name-in-copyright-header.patch
  0022-add-the-touch-for-build-compare-to-the-template.patch
  0023-Also-tag-APACHE-LICENSE-2.0-as-docfile.patch
  0024-add-ability-to-provide-alternative-main-Source.patch
  0025-allow-running-commands-after-patching.patch
  0026-use-https-instead-of-http-for-rubygems.org.patch
  0027-quote-version_suffix-in-gem2rpm.yml.documentation-to.patch
  0028-add-binary_map-support.patch
  0029-Use-or-for-the-conditions-instead-of-and.patch
  0030-gem_package.spec.erb-sync-with-ruby-common.patch
  0031-use-template-opensuse-on-openSUSE-Tumbleweed-where-e.patch
  0032-Replace-no-rdoc-no-ri-with-no-document.patch
  0033-Use-File.exist-instead-of-File.exists-which-was-remo.patch
  0034-plugin-dir.patch
  0035-fix-patch-syntax.patch
  template_loader.patch

==== salt ====
Subpackages: python3-salt salt-master salt-minion salt-transactional-update

- Handle logger exception when flushing already closed file
- Include passlib as a recommended dependency
- Added:
  * handle-logger-flushing-already-closed-file-686.patch

==== samba ====
Version update (4.21.1+git.367.e1da597d86e -> 4.21.1+git.372.cb50f2d0a68)
Subpackages: libldb2 python3-ldb samba-ad-dc-libs samba-client samba-client-libs samba-dcerpc samba-gpupdate samba-ldb-ldap samba-libs samba-libs-python3 samba-python3 samba-winbind samba-winbind-libs

- Add placeholder changelog for sle15-sp7; (jsc#PED-11210).

==== schily ====
Subpackages: libcdrdeflt1_0 libdeflt1_0 libfile1_0 libfind4_0 librmt1_0 librscg1_0 libscg1_0 libscgcmd1_0 libschily2_0 mkisofs spax star

- Add 81.patch to not store the build host kernel version (boo#1232434)

==== seahorse ====
Version update (47.0.1 -> 47.0.1+6)
Subpackages: gnome-shell-search-provider-seahorse

- Update to version 47.0.1+6:
  * build:
  - Fix config.h target
  - Fix symbolic icon name
  * Updated translations.

==== selinux-policy ====
Version update (20241021 -> 20241031)
Subpackages: selinux-policy-targeted

- Update to version 20241031:
  * Label /var/livepatches as lib_t for ULP on micro (bsc#1228879)

==== snapper ====
Subpackages: libsnapper7 snapper-zypp-plugin

- generate dsc file for Ubuntu 24.10

==== speech-dispatcher ====
Version update (0.12.0~rc3 -> 0.12.0~rc4)
Subpackages: libspeechd2 python311-speechd speech-dispatcher-module-espeak

- Update to version 0.12.0~rc4:
  * audio: Fix logging from audio modules in server-side audio.
  * Sort Baratinoo engine higher.
  * espeak-ng-mbrola: Fix mbrola voices with rate different from
    22KHz
  * Add a run-spd-say script and make run-speechd and run-spd-say
    able to talk directly.
  * Add initial pipewire support.
- Drop speech-dispatcher-missing-return-vals.patch and
  speech-dispatcher-pulseaudio-samples.patch: fixed upstream.
- Add libpipewire-0.3 to BuildRequires to build Pipewire support.
- Package speechd_module library.
- Drop rcFOO symlinks (PED-266).

==== sqlite3 ====
Version update (3.46.0 -> 3.46.1)
Subpackages: libsqlite3-0 sqlite3-tcl

- Update to release 3.46.1:
  * Improved robustness while parsing the tokenize= arguments in
    FTS5.
  * Enhancements to covering index prediction in the query planner.
  * Do not let the number of terms on a VALUES clause be limited by
    SQLITE_LIMIT_COMPOUND_SELECT, even if the VALUES clause
    contains elements that appear to be variables due to
    double-quoted string literals.
  * Fix the window function version of group_concat() so that it
    returns an empty string if it has one or more empty string
    inputs.
  * In FTS5 secure-delete mode, fix false-positive integrity-check
    reports about corrupt indexes.
  * Syntax errors in ALTER TABLE should always return SQLITE_ERROR.
    In some cases, they were formerly returning SQLITE_INTERNAL.
  * Other minor fixes.

==== suitesparse ====
Version update (7.5.1 -> 7.8.3)
Subpackages: libamd3 libcamd3 libccolamd3 libcholmod5 libcolamd3 libsuitesparseconfig7 libumfpack6

- update to version 7.8.3
  * ParU 1.0.0: first stable release. No change since last version
- update to version 7.8.2
  * LAGraph 1.1.4: bug fix for LAGraph_MMWrite when matrix is dense
- update to version 7.8.1
  * GraphBLAS 9.3.1: bug fix in creation of JIT package
- update to version 7.8.0
  * ParU 0.2.0: many changes; nearing a stable release.
  * CHOLMOD 5.3.0: added cholmod_query, and #define's in cholmod.h,
    to query which Modules and features have been configured.
- update to version 7.7.0
  * SPEX 3.1.0: major revision to API, new methods.
    Added SPEX_Cholesky, SPEX_Backslash, and python interface.
  * Example 1.7.0: revised for change in SPEX API
  * GraphBLAS 9.1.0: revised defn of C11 complex type, bug fix
  * CXSparse 4.4.0: revise malloc/calloc/realloc/free wrappers
- update to version 7.6.1
  * GraphBLAS 9.0.3: performance bug fix (JIT kernels were not
    compiled with OpenMP, since v8.3.1), and fix to Makefile
    ("make static")
- update to version 7.6.0
  * CHOLMOD 5.2.0: bug fix (restore ABI compatibility with 5.0.x,
    i.e., 5.2.0 is ABI incompatible to 5.1.x)
  * SPQR 4.3.2: remove unused parameters

==== system-users ====
Subpackages: system-group-hardware system-group-kvm system-group-libvirt system-group-wheel system-user-bin system-user-daemon system-user-ftp system-user-lp system-user-mail system-user-man system-user-news system-user-nobody system-user-qemu system-user-tftp system-user-tss system-user-upsd system-user-uucp system-user-vscan system-user-wwwrun

- system-user-nobody: remove shell for user nobody, all packages
  should be meanwhile adjusted, no other distribution has a shell
  for this user.

==== sysvinit ====
Version update (3.10 -> 3.11)

- Update to sysvinit 3.11
  * Some escape characters were included in the inittab manual page,
    but not displayed by the "man" command because they were not
    (ironically) properly escaped. This has been fixed.
  * Enabled chaining commands together in the inittab file. This
    allows the admin to run commands like
    "task1 && task2" or "task2 || task2" from the inittab file.
  * Fix typoes in halt manual page. Fixes provided by Bjarni Ingi Gislason.
  * Fix typos/markdown in fstab-decode manual page.
    Patch provided by Bjarni Ingi Gislason.

==== tecla-keyboard-layout-viewer ====

- Update license to GPL-2.0-pr-later, conforming to the license
  declated in the source files.

==== tigervnc ====
Subpackages: libXvnc1 xorg-x11-Xvnc xorg-x11-Xvnc-module

- Require /usr/bin/dbus-launch insted of dbus-1-x11: Do not rely on
  legacy dbus-1-x11 package, which is going away after moving to
  dbus-broker.

==== update-bootloader ====
Version update (1.17 -> 1.18)

- merge gh#openSUSE/perl-bootloader#181
- explicitly use bash as shell (bsc#1231018)
- 1.18

==== virt-manager ====
Subpackages: virt-install virt-manager-common

- bsc#1231400 - Virt-manager is missing support for AMD sev-snp
  virtman-add-sev-memory-support.patch

==== vlc ====
Subpackages: libvlc5 libvlccore9 vlc-codec-gstreamer vlc-noX vlc-qt vlc-vdpau

- Drop the requres_ge libbluray1 statement, which was added as a
  hack due to a libbluray ABI brak at version 0.5. By now libbluray
  is at .so.2, so that statement was actually a NOP. as RPM simply
  ignored in-existing package dependencies.

==== xfce4-branding-openSUSE ====
Version update (4.18.0+git4.79f6d44 -> 4.18.0+git5.88e05bf)
Subpackages: libgarcon-branding-openSUSE libxfce4ui-branding-openSUSE thunar-volman-branding-openSUSE xfce4-notifyd-branding-openSUSE xfce4-panel-branding-openSUSE xfce4-power-manager-branding-openSUSE xfce4-session-branding-openSUSE xfce4-settings-branding-openSUSE xfdesktop-branding-openSUSE xfwm4-branding-openSUSE

- Updated Tumbleweed wallpaper symlinks

==== xkeyboard-config ====

- n_fi-kotoistus-metainfo.patch
  * add meta information for default variant of "fi" keyboard layout
    "kotoistus" needed for GNOME or other users of xkeyboard meta XML
    files (boo#1227420)

==== yaml-cpp ====

- Add baselibs.conf

==== yast2-trans ====
Version update (84.87.20240801.d54b6ae08f -> 84.87.20241029.4907c8ec47)
Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu

- Update to version 84.87.20241029.4907c8ec47:
  * Translated using Weblate (Swedish)
  * Translated using Weblate (Czech)
  * New POT for text domain 'control'.
  * Translated using Weblate (German)
  * Translated using Weblate (Dutch)
  * Translated using Weblate (Catalan)
  * Translated using Weblate (Japanese)
  * Translated using Weblate (French)
  * Translated using Weblate (Slovak)
  * Translated using Weblate (Slovenian)
  * Translated using Weblate (Slovenian)
  * New POT for text domain 'auth-client'.
  * Translated using Weblate (Slovenian)
  * Translated using Weblate (Slovenian)
  * Translated using Weblate (Slovenian)
  * Translated using Weblate (Slovenian)
  * Translated using Weblate (Slovenian)
  * Translated using Weblate (Slovenian)
  * Translated using Weblate (Slovenian)
  * Translated using Weblate (Slovenian)
  * Translated using Weblate (Slovenian)
  * Translated using Weblate (Slovenian)
  * Translated using Weblate (Slovenian)
  * Translated using Weblate (Slovenian)
  * Translated using Weblate (Slovenian)
  * Translated using Weblate (Slovenian)
  * Translated using Weblate (Slovenian)
  * Translated using Weblate (Slovenian)
  * Translated using Weblate (Slovenian)
  * Translated using Weblate (Galician)
  * Translated using Weblate (Czech)
  * Translated using Weblate (Spanish)
  * Translated using Weblate (Spanish)
  * Translated using Weblate (Spanish)
  * Translated using Weblate (Spanish)
  * Translated using Weblate (Spanish)
  * Translated using Weblate (Spanish)
  * Translated using Weblate (Spanish)
  * Translated using Weblate (Dutch)
  * Translated using Weblate (Slovak)
  * Translated using Weblate (French)
  * Translated using Weblate (Japanese)
  * Translated using Weblate (Arabic)
  * Translated using Weblate (Catalan)
  * New POT for text domain 'installation'.
  * Translated using Weblate (Spanish)
  * Translated using Weblate (Slovenian)
  * Translated using Weblate (Slovenian)
  * Translated using Weblate (Slovenian)
  * New POT for text domain 'security'.
  * New POT for text domain 'iscsi-client'.
  * Translated using Weblate (Lithuanian)
  * New POT for text domain 'registration'.
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
    ... changelog too long, skipping 407 lines ...
  * New POT for text domain 'firewall'.