Packages changed:
  389-ds (2.4.0~git126.5936946 -> 3.0.1~git1.1f95b57)
  AppStream (1.0.0 -> 1.0.1)
  MozillaFirefox
  alsa (1.2.10 -> 1.2.11)
  alsa-ucm-conf (1.2.10 -> 1.2.11)
  alsa-utils (1.2.10 -> 1.2.11)
  crypto-policies
  cups
  cups-filters (1.28.15 -> 1.28.17)
  drkonqi5
  emacs (29.1 -> 29.2)
  ffmpeg-4
  glibc (2.38 -> 2.39)
  gnome-remote-desktop
  gstreamer (1.22.8 -> 1.22.9)
  gstreamer-plugins-bad (1.22.8 -> 1.22.9)
  gstreamer-plugins-base (1.22.8 -> 1.22.9)
  gstreamer-plugins-good (1.22.8 -> 1.22.9)
  gstreamer-plugins-libav (1.22.8 -> 1.22.9)
  gstreamer-plugins-ugly (1.22.8 -> 1.22.9)
  inxi (3.3.31 -> 3.3.32)
  iproute2 (6.6 -> 6.7)
  kernel-firmware (20240126 -> 20240201)
  kio
  kio-extras5
  ksystemstats5
  kwin5
  libguestfs
  libksysguard5
  libusb-1_0 (1.0.26 -> 1.0.27)
  libzio (1.08 -> 1.09)
  mutter
  netpbm (11.2.0 -> 11.5.2)
  pam
  pam-full-src
  parted (3.5 -> 3.6)
  perl-gettext
  pipewire (1.0.1 -> 1.0.2)
  plasma5-addons
  plasma5-workspace
  pragha
  python-Twisted
  python-jmespath
  python-pip
  python-pytz (2023.3.post1 -> 2023.4)
  python-rpm
  python-setuptools (69.0.2 -> 69.0.3)
  salt
  sddm
  sendmail
  shim (15.7 -> 15.8)
  strace
  systemd-presets-common-SUSE
  timezone (2023d -> 2024a)
  timezone-java (2023d -> 2024a)
  transmission
  virt-v2v
  vlc
  wicked
  xdg-utils
  xen (4.18.0_04 -> 4.18.0_06)

=== Details ===

==== 389-ds ====
Version update (2.4.0~git126.5936946 -> 3.0.1~git1.1f95b57)
Subpackages: lib389 libsvrcore0

- Update to version 3.0.1~git1.1f95b57:
  * Issue 6061 - Certificate lifetime displayed as NaN
  * Bump version to 3.0.1
  * Issue 6043, 6044 - Enhance Rust and JS bundling and add SPDX licenses for both (#6045)
  * Issue 3555 - Remove audit-ci from dependencies (#6056)
  * Issue 6052 - Paged results test sets hostname to `localhost` on test collection
  * Issue 6051 - Drop unused pytest markers
  * Issue 6049 - lmdb - changelog is wrongly recreated by reindex task (#6050)
  * Issue 6047 - Add a check for tagged commits
  * Issue 6041 - dscreate ds-root - accepts relative path (#6042)
  * Switch default backend to lmdb and bump version to 3.0 (#6013)
  * Issue 6032 - Replication broken after backup restore (#6035)
  * Issue 6037 - Server crash at startup in vlvIndex_delete (#6038)
  * Issue 6034 - Change replica_id from str to int

==== AppStream ====
Version update (1.0.0 -> 1.0.1)
Subpackages: libAppStreamQt5-3 libappstream5

- Update to 1.0.1
  Bugfixes:
  * Fix lib name for Qt5 link target
  * meson: Pass -D_DARWIN_C_SOURCE on darwin
  * Fix macOS build
  * stemmer: Resolve potential issue where stemmer may never be
    initialized
  * cli: Don't fail what-provides if components were found
  * Fix query element order for what-provides queries
  * validator: Demote developer-name-tag-deprecated to info
    severity for now
  * content-rating: Fix missing or wrong value descriptions for
    rating IDs
  * curl: Add transfer speed timeouts for HTTP downloads
  * curl: Retry operations on potentially transient errors
    Miscellaneous:
  * validator: Improve hint for content-attribute-value-invalid
  * Allow building without zstd temporarily
- Drop patches, merged upstream:
  * 0001-validator-Demote-developer-name-tag-deprecated-to-in.patch
  * 0001-content-rating-Fix-missing-or-wrong-value-descriptio.patch
  * 0001-Fix-lib-name-for-Qt5-link-target.patch
- Switch to the latest GCC version available in Leap for packages
  that can't build with the default compiler

==== MozillaFirefox ====

- Recommend libfido2-udev on codestreams that exist, in order to try
  to get security keys (e.g. Yubikeys) work out of the box. (bsc#1184272)

==== alsa ====
Version update (1.2.10 -> 1.2.11)
Subpackages: libasound2 libatopology2

- Updated to alsa-lib 1.2.11:
  * auto-tools fixes, versioned symbol fixes
  * support dB TLVs for single controls
  * various PCM updates, including subformat extensions
  * UMP and sequencer API fixes
  For details, see:
    https://www.alsa-project.org/wiki/Changes_v1.2.10_v1.2.11#alsa-lib
- Dropped obsoleted patches:
  0001-control.h-Fix-ump-header-file-detection.patch
  0002-global.h-move-__STRING-macro-outside-PIC-ifdef-block.patch
  0003-pcm-Fix-segfault-with-32bit-libs.patch
  0004-reshuffle-included-files-to-include-config.h-as-firs.patch
  0005-seq-Fix-typos-in-symbol-version-definitions.patch
  0006-seq-Fix-invalid-sanity-check-in-snd_seq_set_input_bu.patch
  0007-mixer-simple-Support-dB-TLVs-for-CTL_SINGLE-controls.patch
  0008-seq-Clear-UMP-event-flag-for-legacy-apps.patch
  0009-seq-Simplify-snd_seq_extract_output.patch
  0010-seq-Check-protocol-compatibility-with-the-current-ve.patch

==== alsa-ucm-conf ====
Version update (1.2.10 -> 1.2.11)

- Update to version 1.2.11:
  * Qualcomm, Mediatek, SOF soundwire, and various USB-audio profiles
  For details, see:
    https://www.alsa-project.org/wiki/Changes_v1.2.10_v1.2.11#alsa-ucm-conf
- Drop obsoleted patch:
  0001-SplitPCM-Device-argument-may-not-be-set.patch

==== alsa-utils ====
Version update (1.2.10 -> 1.2.11)

- Update to alsa-utils 1.2.11:
  * alsactl buffer overflow fix
  * alsatplg updates, NHLT ACPI parser updates
  * use smaller periods for speaker-test
  * add bandwidth-limited pink noise for speaker-test
  * aplay updates, including subformat extensions
  * compile warning fixes
  For details, see:
    https://www.alsa-project.org/wiki/Changes_v1.2.10_v1.2.11#alsa-utils
- Drop obsoleted patches:
  0001-axfer-use-ATTRIBUTE_UNUSED-instead-remove-argument-n.patch
  0002-amidi-use-ATTRIBUTE_UNUSED-instead-remove-argument-n.patch
  0003-alsaloop-use-ATTRIBUTE_UNUSED-instead-remove-argumen.patch
  0004-bat-use-ATTRIBUTE_UNUSED-instead-remove-argument-nam.patch
  0005-seq-use-ATTRIBUTE_UNUSED-instead-remove-argument-nam.patch
  0006-alsaucm-use-ATTRIBUTE_UNUSED-instead-remove-argument.patch
  0007-topology-use-ATTRIBUTE_UNUSED-instead-remove-argumen.patch
  0008-topology-include-locale.h.patch
  0009-nhlt-dmic-info.c-include-sys-types.h.patch
  0010-topology-pre-processor-Add-support-for-enum-controls.patch
  0011-configure.ac-fix-UMP-support-detection.patch
  0012-bat-really-skip-analysis-of-the-first-period-and-upd.patch
  0013-topology-add-include-for-ENABLE_NLS-on-musl.patch
  0014-nhlt-use-stdint.h-types.patch
  0015-Revert-nhlt-dmic-info.c-include-sys-types.h.patch
  0016-aplay-use-stdint.h-types-instead-u_int-u_short-u_cha.patch
  0017-alsa-restore.rules-use-devnode-instead-number-atribu.patch
  0018-nhlt-Revert-SSP_ANALOG-device_type-field.patch
  0019-alsactl-fix-potential-buffer-overwrite.patch
  0020-aplay-fix-buffer-overflow-and-tainted-format-string.patch
  0021-misc-fix-incorrect-usages-of-strerror.patch
  0022-aplay-Add-option-for-specifying-subformat.patch
  0023-aplay-allow-to-compile-with-older-alsa-lib-subformat.patch
  0024-aplay-log-pcm-status-before-reporting-a-fatal-error.patch
  0025-aplay-enable-timestamps-by-default.patch
  0026-aplay-status-dumps-are-called-only-in-verbose-mode.patch
  0027-aplaymidi-Set-event-completely-for-tempo-event.patch

==== crypto-policies ====
Subpackages: crypto-policies-scripts

- avoid the cycle rpm/cmake/crypto-policies/python-rpm-macros:
  we only need python3-base here, we don't need the python
  macros as no module is being built

==== cups ====
Subpackages: cups-client cups-config libcups2 libcupsimage2

- Removed outdated ntadmin stuff from cups.spec (boo#1219503)

==== cups-filters ====
Version update (1.28.15 -> 1.28.17)

- Removed outdated and obsoleted "Requires: cups > 1.5.4"
  which was used to require a sufficient CUPS version
  at times when also CUPS <= 1.5.4 was available
  but it was not meant to require CUPS (boo#1216560)
- Version upgrade to 1.28.17
  See https://github.com/OpenPrinting/cups-filters/releases
  Bug fix release, to more reliably discover all printer
  capablities from driverless printers, especially borderless
  printing, and to preferably use Apple Raster instead of
  PWG Raster or PCLM.
  * libcupsfilters: In PPD generator create only one *cupsFilter2:
    line for raster. Only use the most desirable/reliable format,
    usually Apple Raster (Issue #498).
  * libcupsfilters: In get_printer_attributes() poll
    media-col-database separately if needed. On some printers
    one gets media-col-database only this way. Often it reveals
    important functionality, like for example borderless printing
    (Issue #492).
  * libcupsfilters: Let PPD generator also parse media-col-ready
    IPP attribute. media-col-ready lists the loaded media,
    in contrary to media-ready, as list of complete descriptions
    of the media (media-col data structure). This often lists also
    variants like borderless (it is the same physical paper).
    Especially useful when media-col-database is not available
    (Issue #492).
  * libcupsfilters: In generate_sizes() consider all
    margin alternatives. When generating the PPD file
    for a driverless printer, and in the
    media-{left,right,top,bottom}-margin-supported printer
    IPP attributes there was more than 1 value, the first value
    (which often was the 0 for borderless printing) was not
    considered, leaving the borderless functionality of many
    printers undiscovered (Issue #492).
  Issues are those at
  https://github.com/OpenPrinting/cups-filters/issues
- Version upgrade to 1.28.16
  See https://github.com/OpenPrinting/cups-filters/releases
  Bug fix release, to make images be printed in their original
  size with "print-scaling=none" and to not use deprecated data
  types for reading TIFF images.
  * imagetoraster, imagetopdf, libcupsfilters: Added support
    for reading the resolution of an image from its EXIF data
    when loading it. This way we get the image reproduced in
    its original size with "print-scaling=none" (Issue #362).
  * libcupsfilters: Replaced deprecated data types uint16 and
    uint32. The function to read TIFF image files via libtiff
    in cupsfilters/image-tiff.c uses the deprecated types
    uint16 and uint32. The replacements for these types are
    uint16_t and uint32_t.
  Issues are those at
  https://github.com/OpenPrinting/cups-filters/issues

==== drkonqi5 ====
Subpackages: drkonqi5-lang

- Switch to the latest GCC version available in Leap for packages
  that can't build with the default compiler

==== emacs ====
Version update (29.1 -> 29.2)
Subpackages: emacs-el emacs-eln emacs-info emacs-nox emacs-x11 etags

- Update to GNU Emacs version 29.2
  * Startup Changes in Emacs 29.2
  On GNU/Linux, Emacs is now the default application for 'org-protocol'.
  Org mode provides a way to quickly capture bookmarks, notes, and links
  using 'emacsclient':
    emacsclient "org-protocol://store-link?url=URL&title=TITLE"
  * This is a bug-fix release with no new features.
  * Changes in Specialized Modes and Packages in Emacs 29.2
  - Tramp
    New user option 'tramp-show-ad-hoc-proxies'.
    When non-nil, ad-hoc definitions are kept in remote file names instead
    of showing the shortcuts.
  * Incompatible Lisp Changes in Emacs 29.2
  'with-sqlite-transaction' rolls back changes if its BODY fails.
  If the BODY of the macro signals an error, or committing the results
  of the transaction fails, the changes will now be rolled back.
- Port patches mainly by correcting hunk offsets
  * emacs-24.1-ps-mule.patch
  * emacs-24.4-ps-bdf.patch
  * emacs-25.2-ImageMagick7.patch
  * emacs-27.1-Xauthority4server.patch
  * emacs-27.1-pdftex.patch
  * emacs-29.1.dif
  * pdump.patch

==== ffmpeg-4 ====
Subpackages: libavcodec58_134 libavformat58_76 libavutil56_70 libpostproc55_9 libswresample3_9 libswscale5_9

- drop support for libmfx, which is no longer supported upstream
  at all (boo#1219494)

==== glibc ====
Version update (2.38 -> 2.39)
Subpackages: glibc-devel glibc-extra glibc-locale glibc-locale-base nscd

- Update to glibc 2.39
  * A new tunable, glibc.cpu.plt_rewrite, can be used to enable PLT
    rewrite on x86-64
  * Sync with Linux kernel 6.6 shadow stack interface
  * struct statvfs now has an f_type member, equal to the f_type statfs
    member
  * On Linux, the functions posix_spawnattr_getcgroup_np and
    posix_spawnattr_setcgroup_np have been added, along with the
    POSIX_SPAWN_SETCGROUP flag
  * On Linux, the pidfd_spawn and pidfd_spawp functions have been added
  * On Linux, the pidfd_getpid function has been added
  * scanf-family functions now support the wN format length modifiers for
    arguments pointing to types intN_t, int_leastN_t, uintN_t or
    uint_leastN_t
  * A new tunable, glibc.mem.decorate_maps, can be used to add additional
    information on underlying memory allocated by the glibc
  * The <stdbit.h> header has been added from ISO C2X
  * On AArch64 new symbols were added to libmvec
  * The ldconfig program now skips file names containing ';' or ending in
    ".dpkg.tmp" or ".dpkg.new"
  * The dynamic linker calls the malloc and free functions in more cases
    during TLS access if a shared object with dynamic TLS is loaded and
    unloaded
- aarch64-rawmemchr-unwind.patch, cache-amd-legacy.patch,
  cache-intel-shared.patch, call-init-proxy-objects.patch,
  fstat-implementation.patch, gb18030-2022.patch,
  getaddrinfo-eai-memory.patch, getaddrinfo-memory-leak.patch,
  getcanonname-use-after-free.patch, iconv-error-verbosity.patch,
  intl-c-utf-8-like-c-locale.patch, ldconfig-process-elf-file.patch,
  libio-io-vtables.patch, libio-wdo-write.patch,
  no-aaaa-read-overflow.patch, posix-memalign-fragmentation.patch,
  ppc64-flock-fob64.patch, qsort-invalid-cmp.patch,
  sem-open-o-creat.patch, setxid-propagate-glibc-tunables.patch,
  syslog-buffer-overflow.patch, tls-modid-reuse.patch,
  tunables-string-parsing.patch: Removed
- syslog-buffer-overflow.patch: syslog: Fix heap buffer overflow in
  __vsyslog_internal (CVE-2023-6246, CVE-2023-6779, CVE-2023-6780,
  bsc#1218863, bsc#1218867, bsc#1218868)
- qsort-invalid-cmp.patch: qsort: handle degenerated compare function
  (bsc#1218866)
- Change minimum GCC to 13
- Split off libnsl.so.1 into a separate package

==== gnome-remote-desktop ====

- Explict require higher version of gcc on SLE/Leap.

==== gstreamer ====
Version update (1.22.8 -> 1.22.9)
Subpackages: gstreamer-utils libgstreamer-1_0-0 typelib-1_0-Gst-1_0

- Update to version 1.22.9:
  + Highlighted bugfixes in 1.22.9
  - More Security fixes for the AV1 video codec parser
  - va: fixes for Mesa Gallium drivers in Mesa versions older
    than v23.2
  - v4l2src: Consider framerate during caps selection
  - v4l2codec: decoder fixes
  - rtspsrc: multicast fixes
  - camerabin viewfinder fixes
  - various bug fixes, build fixes, memory leak fixes, and other
    stability and reliability improvements
  + gstreamer
  - aggregator: fix use-after-free in queries processing
  - multiqueue: Ignore queue fullness for most events
- Rebase reduce-required-meson.patch

==== gstreamer-plugins-bad ====
Version update (1.22.8 -> 1.22.9)
Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0

- Update to version 1.22.9:
  + av1parser: Fix potential stack overflow during tile list
    parsing (CVE-2024-0444, bsc#1219453, ZDI-CAN-22300)
  + camerabin: Correctly relink viewfinderbin_queue
  + GstPlay: Fix error details parsing
  + h264decoder: Handle malformed avc/avc3 packets
  + h264decoder: h265decoder: Align with wraparound fix
  + vp8decoder: vp9decoder: av1decoder: mpeg2decoder:
    Fix multiplication wraparound
  + vah264enc/vah264dec issues after recent upgrade to 1.22.8
    from 1.22.7
  + va: fixes for Mesa Gallium drivers in Mesa versions older
    than v23.2
  + vp9parse: Fix critical warning during caps negotiation
- Rebase reduce-required-meson.patch

==== gstreamer-plugins-base ====
Version update (1.22.8 -> 1.22.9)
Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0

- Update to version 1.22.9:
  + audiobasesink: Don't wait on gap events
  + audioconvert: change gst_audio_convert_get_unit_size() log
    levels
  + glcolorconvert: Correct transform_caps direction
  + gloverlay: Apply updated overlay coordinates correctly
  + videorate: keep pool if max_buffers is unlimited
- Rebase reduce-required-meson.patch

==== gstreamer-plugins-good ====
Version update (1.22.8 -> 1.22.9)
Subpackages: gstreamer-plugins-good-extra gstreamer-plugins-good-gtk gstreamer-plugins-good-jack gstreamer-plugins-good-qtqml

- Update to version 1.22.9:
  + rtpsession: Only warn once if configured latency needs to be
    known but isn't yet
  + rtphdrext-clientaudiolevel: Fix level value being written by
    the extension
  + rtspsrc: set multicast-iface on udpsinks and fix RTCP sink TTL
  + v4l2object: clear old fds when initializing poll during
    opening v4l2 device
  + v4l2src: Consider framerate during caps selection
  + vpxdec: Use appropriate domain and code for decoding errors
- Rebase reduce-required-meson.patch

==== gstreamer-plugins-libav ====
Version update (1.22.8 -> 1.22.9)

- Update to version 1.22.9:
  + No changes, stable bump only.
- Rebase reduce-required-meson.patch.

==== gstreamer-plugins-ugly ====
Version update (1.22.8 -> 1.22.9)

- Update to version 1.22.9:
  + No changes, stable bump only.
- Rebase reduce-required-meson.patch.

==== inxi ====
Version update (3.3.31 -> 3.3.32)

- - Updated to version 3.3.32:
  + /usr/share/doc/packages/inxi/inxi.changelog.

==== iproute2 ====
Version update (6.6 -> 6.7)
Subpackages: iproute2-bash-completion

- Update to release 6.7
  * devlink: Support setting port function ipsec_crypto cap and
    ipsec_packet cap
  * iplink: bridge: Add support for bridge FDB learning limits
  * bridge: fdb: support match on source VNI, nexthop ID,
    destination VNI, destination port, destination IP address and
    [no]router flag in the flush command
  * bridge: mdb: Add get support

==== kernel-firmware ====
Version update (20240126 -> 20240201)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network

- More update on version 20240201 (git commit 3677750467cb):
  * linux-firmware: wilc1000: update WILC1000 firmware to v16.1.2
  * rtl_nic: add firmware for RTL8126A (bsc#1217417)
  * qcom: Add Audio firmware for SM8550 HDK
- Update to version 20240201 (git commit 1b24d7d3379b):
  * linux-firmware: intel: Add IPU6 firmware binaries
  * ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.37
  * Revert "amdgpu: DMCUB updates for various AMDGPU ASICs"
  * amdgpu: update SMU 13.0.0 firmware
  * amdgpu: update PSP 13.0.0 firmware
  * amdgpu: update GC 11.0.0 firmware
  * brcm: Add brcmfmac43430-sdio.xxx.txt nvram for the Chuwi Hi8 (CWI509) tablet
  * amdgpu: DMCUB updates for various AMDGPU ASICs

==== kio ====
Subpackages: kio-core

- Switch to the latest GCC version available in Leap for packages
  that can't build with the default compiler

==== kio-extras5 ====
Subpackages: libkioarchive5

- Switch to the latest GCC version available in Leap for packages
  that can't build with the default compiler

==== ksystemstats5 ====

- Switch to the latest GCC version available in Leap for packages
  that can't build with the default compiler

==== kwin5 ====

- Switch to the latest GCC version available in Leap for packages
  that can't build with the default compiler

==== libguestfs ====
Subpackages: libguestfs-appliance libguestfs-xfs libguestfs0

- BuildRequire pkgconfig(libzstd) additionaly to zstd: we need the
  devel package. In the past, it was pulled in by indirect deps.

==== libksysguard5 ====
Subpackages: ksysguardsystemstats-data libKSysGuardSystemStats1 libksysguard5-imports libksysguard5-plugins

- Switch to the latest GCC version available in Leap for packages
  that can't build with the default compiler

==== libusb-1_0 ====
Version update (1.0.26 -> 1.0.27)

- Update to version 1.0.27
  * New libusb_init_context API to replace libusb_init
  * New libusb_get_max_alt_packet_size API
  * New libusb_get_platform_descriptor API (BOS)
  * Allow setting log callback with libusb_set_option/libusb_init_context
  * New WebAssembly + WebUSB backend using Emscripten
  * Fix regression in libusb_set_interface_alt_setting
  * Fix sync transfer completion race and use-after-free
  * Fix hotplug exit ordering
  * Linux: NO_DEVICE_DISCOVERY option set per context
- added signature and keyring. (key received via keyserver)

==== libzio ====
Version update (1.08 -> 1.09)

- Version 1.09: Allow to create files without suffix as well

==== mutter ====

- Drop mutter-SLE-bsc984738-grab-display.patch: It blocks non-CSD
  apps with GNOME 45, and the latest LTS Oracle Installer works
  fine without it, the original bug is not a problem (bsc#1218935).

==== netpbm ====
Version update (11.2.0 -> 11.5.2)
Subpackages: libnetpbm11

- version update to 11.5.2
  Release 11.05.02
  + ppmtowinicon: fix array overrun with 4 and 8 bits per pixel.
  Release 11.05.01
  Fix typo in ppmforge test case.
  Release 11.05.00
  + pnmpad: Add -color, -promote, -extend-edge, -detect-background .
  + pnmconvol: Restore ability of convolution matrix to be a
    pseudo-plain-PNM with samples that exceed the maxval.  Lost in
    10.30 (October 2005) because maxval-checking code was added to
    libnetpbm.  (Was fixed in 10.47.08 in November 2010, but only in
    the 10.47 series).
  + pnmindex: Improve failure mode when -size or -across is zero.
  + pnmindex: Make -plain work.
  + pnmpad: fix behavior with -left, -right, and -width together or
  - top, -bottom, -height together: ignores -width where it should
    fail.  Broken in Netpbm 10.72 (September 2015).
  + pamtosvg: fix "zero determinant" failure.  Introduced in
    Netpbm 11.04 (September 2023).
  + pjtoppm: fix crash based on uninitialized variable.
    Introduced in Netpbm 11.04 (September 2023).
  + ppmtopcxl: fix incorrect output with > 256 colors.  Always
    broken.  (Program was added in primordial Netpbm in 1990).
  + pbmtext: fix buffer overrun with insanely large input.
  + picttoppm: fix buffer overrun with insanely wide input.
  + ppmtoxpm: fix incorrect output with insanely large number of
    colors.
  + pnmscalefixed: fix incorrect output with really big image and
  - pixels option.
  + ppmdither: fix buffer overrun with insanely large dithering
    matrix.
  + pnmpad: no longer accept old-style options (e.g. -t50).
  + libnetpbm: Add pm_feed_from_file, pm_accept_to_files,
    pm_accept_to_filestream Standard Input feeder, Output accepter
    for pm_system.
  + libnetpbm, programs that use color maps: fix buffer overrun
    with insanely deep images.
  + merge build: Fix 'pnmcat'.  Introduced in Netpbm 11.00
    (September 2023).
  Release 11.04.00
  + pamaddnoise: add -salt.
  + pamaddnoise: reject options that aren't meaningful for the type
    of noise specified rather than just ignore them.
  + ppmtosixel: Add -7bit, so it works on more terminals, including
    xterms.  Thanks Scott Pakin.
  + g3topbm: Add -correctlong
  + pnmtojpeg: minor improvement to error messages about bad files.
  + pammixmulti: Remove disclaimer of patent license.
  + pamstack: Fix bug: acts like -firstmaxval specified when it
    wasn't.  Introduced in Netpbm 11.03 (June 2023).
  + pamstack: Fix -lcmmaxval: chooses wrong maxval.  Always
    broken (-lcmmaxval was new in Netpbm 11.03 (June 2023)).
  + pamstack: Fail gracefully when total number of planes is too
    large for unsigned integer.  Always broken (Pamstack was new in
    Netpbm 10.0 (June 2002).
  + pamtosvg: fix hang.
  + ppmfade: fix "file not found" crash for most fade modes.
    Introduced in Netpbm 10.98 (March 2022).
  + ppmfade: fix incorrect block mode fade.  Always broken
    (ppmfade was new in Netpbm 8.4 (April 2000)).
  + pamaddnoise: fix very incorrect noise added for all types.
    Introduced in Netpbm 10.94 (March 2021).
  + ppmrough: fix buffer overrun.  Always broken (Ppmrough was new
    in Netpbm 10.9 (September 2002).
    ppmrough: fix excessive roughness.  Introduced in Netpbm 10.94
    (March 2021).
  + pgmtexture: Fix buffer overflow with maxval > 255.  Always
    broken.  Maxvals > 255 were possible starting in Netpbm 9.0
    (April 2000).
  + pgmtexture: Fix bug: ignores -d.  Introduced in Netpbm 10.56
    (September 2011).
  + xwdtopnm Fix spurious output with really wide/deep rows.
  + imgtoppm: Fix spurious output with really wide/deep rows.
  + pbmtopgm: Fix error message for excessive -width.
  + pbmtoxbm: Fix spurious output with really wide rows.
  + tifftopnm: Fix incorrect output with insanely wide/deep rows.
  + thinkjettopbm: Fix incorrect output with insanely wide rows.
  + ybmtopbm: Fix incorrect output with insanely wide rows.
  + pjtoppm: Fix incorrect output with insanely large number of rows.
  + library: add check of maxval for computable size.
  + Build: Include LDFLAGS in link of shared library.
  * Release 11.03.00
  + pamstack: Add -firstmaxval, -lcmmaxval
  + pnmcolormap: make result independent of how system's qsort
    orders records with equal keys.  Affects pnmquant.
  + pamtopng: fix typo in error message about -chroma option.
  + pamtopng, pnmtopng, pngtopam: fix error message when something
    fails in libpng.  Always broken (the programs were new in Netpbm
    8.1 (March 2000)).
- modified patches
  % netpbm-gcc-warnings.patch (refreshed)
  % netpbm-security-code.patch (refreshed)

==== pam ====

- Enable pam_canonicalize_user.so

==== pam-full-src ====

- Enable pam_canonicalize_user.so

==== parted ====
Version update (3.5 -> 3.6)
Subpackages: libparted-fs-resize0 libparted2

- update to version 3.6:
  - Support GPT partition attribute bit 63 as no_automount flag
  - Add type commands to set type-id on MS-DOS and type-uuid on GPT
  - Add swap flag support to the dasd disklabel
  - Add display of GPT disk and partition UUIDs in JSON output
  refreshed patches:
  - parted-mac.patch
  - libparted-dasd-implicit-partition-disk-flag.patch
  - tests-disable.patch
  removed patches:
  - direct-handling-of-partition-type-id-and-uuid.patch
  - type-command.patch
  - libparted-dasd-improve-lvm-raid-flag-handling.patch
  - libparted-dasd-add-swap-flag-handling-for-DASD-CDL.patch

==== perl-gettext ====

- Run testsuite with locale LANG=en_US.UTF. It fails otherwise with
  glibc 2.39

==== pipewire ====
Version update (1.0.1 -> 1.0.2)
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools

- Update to version 1.0.2:
  * Highlights
  - Fix v4l2 enumeration with filter. This should fix negotiation
    in some GStreamer pipelines with capsfilter. Also probe for
    EXPBUF support before using it.
  - Fix max-latency property and Buffer param when dealing with
    small ALSA device buffers. This should fix stuttering with
    some AMD based soundcards.
  - More small cleanups an improvements.
  * Modules
  - Improve netjack2 channel positions.
  - Improve RAOP module state after suspend/resume. (#3778)
  - Avoid crash in some LV2 plugins by configuring the Atom
    ports. (#3815)
  * SPA
  - Bump libcamera requirements to 0.2.0.
  - Try to avoid unaligned load exceptions. (#3790)
  - Fix v4l2 enumeration with filter. (#1793)
  - Fix max-latency property and Buffer param when dealing with
    small ALSA device buffers. This should fix stuttering with
    some AMD based soundcards. (#3744,#3622)
  - Add a resync.ms option to node.driver to make it possible to
    resync fast to clock jumps.
  - Probe for EXPBUF support in v4l2 before using it. (#3821)
  * pulse-server
  - Also emit change events when the port list change.
  * Bluetooth
  - Log a more verbose explanation when other soundservers seem
    to be interfering with bluetooth.
  - Add quirks for Rockbox Brick. (#3786)
  - Add quirks for SoundCore mini2. (#2927)
  * JACK
  - Improve check for the running state of clients. (#3794)
- Drop patches already included by upstream:
  * 0001-spa-libcamera-use-CameraConfigurationorientation.patch
  * 0002-spa-libcamera-bump-minimum-supported-version-to-0.2.0.patch

==== plasma5-addons ====
Subpackages: plasma5-addons-lang

- Switch to the latest GCC version available in Leap for packages
  that can't build with the default compiler

==== plasma5-workspace ====
Subpackages: gmenudbusmenuproxy plasma5-session plasma5-session-wayland plasma5-workspace-libs xembedsniproxy

- Switch to the latest GCC version available in Leap for packages
  that can't build with the default compiler

==== pragha ====
Subpackages: pragha-lang pragha-plugins

- Fix build for Leap 15.6
  * Build with pkgconfig(gupnp-1.6) on 15.6

==== python-Twisted ====
Subpackages: python311-Twisted python311-Twisted-tls

- Add stop-using-3-arg-throw.patch:
  * Avoid 3-arg throw to fix a DeprecationWarning in Python 3.12.

==== python-jmespath ====

- switch to PEP517 / wheel build

==== python-pip ====

- Drop deprecated setup.py installmethod, bootstrap PEP517 with
  built-in pip instead
- python3XX-pip-wheel can now be a regular subpackage
- Drop obsolete python2 directives in specfile

==== python-pytz ====
Version update (2023.3.post1 -> 2023.4)

- update to 2023.4:
  * Update olson to 2023d

==== python-rpm ====

- buildrequire setuptools

==== python-setuptools ====
Version update (69.0.2 -> 69.0.3)

- update to 69.0.3:
  * Bugfixes - Retain valid names with underscores in egg_info.

==== salt ====
Subpackages: python3-salt salt-master salt-minion salt-transactional-update

- Prevent directory traversal when creating syndic cache directory
  on the master (CVE-2024-22231, bsc#1219430)
- Prevent directory traversal attacks in the master's serve_file
  method (CVE-2024-22232, bsc#1219431)
- Added:
  * fix-cve-2024-22231-and-cve-2024-22232-bsc-1219430-bs.patch

==== sddm ====
Subpackages: sddm-branding-openSUSE sddm-greeter-qt5

- Switch to the latest GCC version available in Leap for packages
  that can't build with the default compiler

==== sendmail ====
Subpackages: libmilter1_0

- Correct permisson files path to /usr/share/permissions/permissions.d/ (boo#1219339)
- Fix file provides of openssl and timeout
- Avoid error messages of chkstat as this tools does not
  accept slashes at the end of directory paths!
- Move sendmails permissions files to /usr/share/permissions/
- Work on certificates usage of smart and relay host
- Work on certificates for running sendmail

==== shim ====
Version update (15.7 -> 15.8)

-- Update to version 15.8
  - Various CVE fixes are already merged into this version
    mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546)
    avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547)
    Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548)
    Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549)
    pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550)
    pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551)
  - remove shim-Enable-the-NX-compatibility-flag-by-default.patch
    The codes in this patch are already existing in shim-15.8
    The NX flag is disable which is same as the default value of shim-15.8,
    hence, not need to enable it by this patch now.
  - Patches (git log --oneline --reverse 15.7..15.8)
    657b248 Make sbat_var.S parse right with buggy gcc/binutils
    7c76425 Enable the NX compatibility flag by default.
    89972ae CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc wrapper
    c7b3051 pe: Align section size up to page size for mem attrs
    e4f40ae pe: Add IS_PAGE_ALIGNED macro
    f23883c Don't loop forever in load_certs() with buggy firmware
    1f38cb3 Optionally allow to keep shim protocol installed
    102a658 Drop invalid calls to `CRYPTO_set_mem_functions`
    aae3df0 test-sbat: Fix exit code
    cca3933 Block Debian grub binaries with SBAT < 4
    cf59f34 Further improve load_certs() for non-compliant drivers/firmwares
    0601f44 SBAT-related documents formatting and spelling
    0640e13 Add a security contact email address in README.md
    0bfc397 Work around malformed path delimiters in file paths from DHCP
    a8b0b60 pe: only process RelocDir->Size of reloc section
    f7a4338 Skip testing msleep()
    549d346 Rename 'msecs' to 'usecs' to avoid potential confusion
    908c388 Change type of fallback_verbose_wait from int to unsigned long
    05eae92 Add SbatLevel_Variable.txt to document the various revocations
    243f125 Use -Wno-unused-but-set-variable for Cryptlib and OpenSSL
    89d25a1 Add a make rule for compile_commands.json
    118ff87 Add gnu-stack notes
    f132655 test: Make our fake dprintf be a statement.
    be00279 Remove CentOS 7 test builds.
    9964960 Split pe.c up even more.
    569270d Test (and fix) ImageAddress()
    61e9894 Verify signature before verifying sbat levels
    1578b55 Add libFuzzer support for csv.c
    a0673e3 Fix a 1-byte memory leak in .sbat parsing.
    e246812 Add libFuzzer support to the .sbat parser.
    fd43eda Work around ImageAddress() usage mistake
    1e985a3 Correctly free memory allocated in handle_image()
    dbbe3c8 mok: Avoid underflow in maximum variable size calculation
    04111d4 Make some of the static analysis tools a little easier to run
    7ba7440 compile_commands.json: remove stuff clang doesn't like
    66e6579 CVE-2023-40546 mok: fix LogError() invocation
    f271826 Add primitives for overflow-checked arithmetic operations.
    8372147 pe-relocate: Add a fuzzer for read_header()
    5a5147d CVE-2023-40551: pe-relocate: Fix bounds check for MZ binaries
    e912071 pe-relocate: make read_header() use checked arithmetic operations.
    93ce255 CVE-2023-40550 pe: Fix an out-of-bound read in verify_buffer_sbat()
    e7f5fdf pe-relocate: Ensure nothing else implements CVE-2023-40550
    afdc503 CVE-2023-40549 Authenticode: verify that the signature header is in bounds.
    96dccc2 CVE-2023-40548 Fix integer overflow on SBAT section size on 32-bit system
    dae82f6 Further mitigations against CVE-2023-40546 as a class
    ea0f9df Allow SbatLevel data from external binary
    b078ef2 Always clear SbatLevel when Secure Boot is disabled
    7dfb687 BS Variables for bootmgr revocations
    a967c0e shim should not self revoke
    577cedd Print message when refusing to apply SbatLevel
    e801b0d sbat revocations: check the full section name
    0226b56 CVE-2023-40547 - avoid incorrectly trusting HTTP headers
    6f0c8d2 Print errors when setting/clearing memory attrs
    57c0eed Updated Revocations for January 2024 CVEs
    49c6d95 Fix some minor ia32 build issues.
    be8ff7c post-process-pe: Don't set the NX_COMPAT flag by default after all.
    13abd9f pe-relocate: Avoid __builtin_add_overflow() on GCC < 5
    c46c975 Suppress "Failed to open <..>\revocations.efi" when file does not exist
    30a4f37 Rename "previous" revocations to "automatic"
    6f395c2 Build time selectable automatic SBATLevel revocations
    a23e2f0 netboot read_image() should not hardcode DEFAULT_LOADER
    993a345 Try to load revocations.efi even if directory read fails
    1770a03 gitmodules: use shim-15.8 for gnu-efi branch
    5914984 (HEAD -> main, tag: latest-release, tag: 15.8, origin/main, origin/HEAD) Bump version to 15.8

==== strace ====

- Enable SELinux Context Printing (--secontext).

==== systemd-presets-common-SUSE ====

- Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked
  (bsc#1200731 ltc#198485 https://github.com/ibm-power-utilities/powerpc-utils/pull/84)
  Support both the old and new service to avoid complex version interdependency.

==== timezone ====
Version update (2023d -> 2024a)

- Update to 2024a:
  * Kazakhstan unifies on UTC+5 beginning 2024-03-01
  * Palestine springs forward a week later after Ramadan
  * zic no longer pretends to support indefinite-past DST
  * localtime no longer mishandles Ciudad Juárez in 2422

==== timezone-java ====
Version update (2023d -> 2024a)

- Update to 2024a:
  * Kazakhstan unifies on UTC+5 beginning 2024-03-01
  * Palestine springs forward a week later after Ramadan
  * zic no longer pretends to support indefinite-past DST
  * localtime no longer mishandles Ciudad Juárez in 2422
- update to 2023d:
  * Ittoqqortoormiit, Greenland changes time zones on
    2024-03-31.
  * Vostok, Antarctica changed time zones on 2023-12-18.
  * Casey, Antarctica changed time zones five times since
    2020.
  * Code and data fixes for Palestine timestamps starting in
    2072.
  * A new data file zonenow.tab for timestamps starting now.
  * Fix predictions for DST transitions in Palestine in
    2072-2075, correcting a typo introduced in 2023a.
  * Vostok, Antarctica changed to +05 on 2023-12-18.  It had
    been at +07 (not +06) for years.
  * Change data for Casey, Antarctica to agree with
    timeanddate.com, by adding five time zone changes since 2020.
    Casey is now at +08 instead of +11.
  * Much of Greenland, represented by America/Nuuk, changed
    its standard time from -03 to -02 on 2023-03-25, not on
    2023-10-28.
  * localtime.c no longer mishandles TZif files that contain
    a single transition into a DST regime.  Previously,
    it incorrectly assumed DST was in effect before the transition
    too.
  * tzselect no longer creates temporary files.
  * tzselect no longer mishandles the following:
  * Spaces and most other special characters in BUGEMAIL,
    PACKAGE, TZDIR, and VERSION.
  * TZ strings when using mawk 1.4.3, which mishandles
    regular expressions of the form /X{2,}/.
  * ISO 6709 coordinates when using an awk that lacks the
    GNU extension of newlines in -v option-arguments.
  * Non UTF-8 locales when using an iconv command that
    lacks the GNU //TRANSLIT extension.
  * zic no longer mishandles data for Palestine after the
    year 2075.

==== transmission ====
Subpackages: transmission-common transmission-gtk

- Have transmission-daemon provide user(transmission) and
  group(transmission): the user/group are generated in the pre
  scriptlet using useradd/groupadd.

==== virt-v2v ====
Subpackages: virt-v2v-bash-completion

- Relax the openssh requirement. Options passed to scp are known
  by openssh 8.4
- Move autoreconf from prep to build, to simplify quilt setup.

==== vlc ====
Subpackages: libvlc5 libvlccore9 vlc-codec-gstreamer vlc-lang vlc-noX vlc-qt vlc-vdpau

- drop support for libmfx, which is no longer supported upstream
  at all (boo#1219494)

==== wicked ====
Subpackages: wicked-service

- ifreload: VLAN changes require device deletion (bsc#1218927)
  [+ 0009-ifreload-VLAN-changes-require-device-deletion-bsc-12.patch]
- ifcheck: fix config changed check (bsc#1218926)
  [+ 0008-ifcheck-fix-config-changed-check-bsc-1218926.patch]
- client: fix exit code for no-carrier status (bsc#1219265)
  [+ 0007-Fix-ifstatus-exit-code-for-NI_WICKED_ST_NO_CARRIER-s.patch]
- dhcp6: omit the SO_REUSEPORT option (bsc#1215692)
  [+ 0006-dhcp6-omit-the-SO_REUSEPORT-option-bsc-1215692.patch]
- duid: fix comment for v6time
  (https://github.com/openSUSE/wicked/pull/989)
  [+ 0005-duid-fix-comment-for-v6time.patch]
- rtnl: fix peer address parsing for non ptp-interfaces
  (https://github.com/openSUSE/wicked/pull/987,
  https://github.com/openSUSE/wicked/pull/988)
  [+ 0003-rtnl-pass-ifname-in-newaddr-parsing-and-logging.patch]
  [+ 0004-rtnl-parse-peer-address-on-non-ptp-interfaces.patch]
- system-updater: Parse updater format from XML configuration to
  ensure install calls can run.
  (https://github.com/openSUSE/wicked/pull/985)
  [+ 0002-system-updater-Parse-updater-format-from-XML-configu.patch]

==== xdg-utils ====

- Update to version 1.2.0+20240130:
  * xdg-icon-resource: unbreak syntax by removing stray grave accent
    (boo#1219420)

==== xen ====
Version update (4.18.0_04 -> 4.18.0_06)
Subpackages: xen-libs xen-tools-domU

- Upstream bug fixes (bsc#1027519)
  6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch
  6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch
  656ee5e1-x86emul-avoid-triggering-event-assertions.patch
  656ee602-cpupool-adding-offline-CPU.patch
  656ee6c3-domain_create-error-path.patch
  6571ca95-fix-sched_move_domain.patch
  6578598c-Arm-avoid-pointer-overflow-on-invalidate.patch
  65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch
  65a7a0a4-x86-Intel-GPCC-setup.patch
  65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch
  65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch
  65b29e91-x86-ucode-stability-of-raw-policy-rescan.patch
- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions
  assigned to incorrect contexts (XSA-449)
  65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch
- bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to
  quarantine devices in !HVM builds (XSA-450)
  65b8f9ab-VT-d-else-vs-endif-misplacement.patch
- Patches dropped / replaced by newer upstream versions
  xsa449.patch
  xsa450.patch
- bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to
  quarantine devices in !HVM builds (XSA-450)
  xsa450.patch
- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions
  assigned to incorrect contexts (XSA-449)
  xsa449.patch