Packages changed:
  MicroOS-release (20240418 -> 20240423)
  NetworkManager (1.44.2 -> 1.44.4)
  docker-buildx (0.13.1 -> 0.14.0)
  gcc14 (14.0.1+git9885 -> 14.0.1+git10008)
  gdk-pixbuf
  glib2
  glibc
  gtk2
  gtk4 (4.14.2 -> 4.14.3)
  kernel-firmware (20240322 -> 20240419)
  kernel-source (6.8.6 -> 6.8.7)
  kf6-solid
  libxml2 (2.11.6 -> 2.12.6)
  libzypp (17.32.4 -> 17.32.5)
  llvm18 (18.1.3 -> 18.1.4)
  mozjs115
  podman (5.0.1 -> 5.0.2)
  python-numpy (1.26.2 -> 1.26.4)
  python-pycparser (2.21 -> 2.22)
  python-pycups (2.0.1 -> 2.0.4)
  python311 (3.11.8 -> 3.11.9)
  python311-core (3.11.8 -> 3.11.9)
  setools (4.4.4 -> 4.5.0)
  transactional-update (4.6.5 -> 4.6.6)
  xfsprogs (6.6.0 -> 6.7.0)

=== Details ===

==== MicroOS-release ====
Version update (20240418 -> 20240423)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd

- automatically generated by openSUSE-release-tools/pkglistgen

==== NetworkManager ====
Version update (1.44.2 -> 1.44.4)
Subpackages: NetworkManager-bluetooth NetworkManager-wwan libnm0 typelib-1_0-NM-1_0

- Update to version 1.44.4:
  + Add the 'dns-change' dispatcher event.
  + Various fixed related to IPv4 duplicate address detection.
  + Fix support for OVS netdev datapath
  + Fix handling of IPv6 hop limit

==== docker-buildx ====
Version update (0.13.1 -> 0.14.0)

- Update to version 0.14.0:
  Notable changes
  * build: set record provenance in metadata file #2280
  * bake: add git authentication support for remote definitions
    [#2363]
  * driver: add ephemeral-storage and scheduler name options to
    kubernetes driver #2370 #2415
  * new default-load driver-opt can be set for container and k8s
    instances on buildx create to load build results to Docker by
    default #2259
  * build: printing with --print=lint uses BuildKit formatter #2404
    [#2406] #2417
  * build: allow status code responses for --print that set exit
    code for process #2408
  * bake: add indexof hcl func #2384
  * build: metrics now measure idle time, export image, run
    operations, image transfers for image source operations during
    build #2402 #2373 #2298 #2317 #2316 #2271
  * build: metrics to the docker context endpoint does not require
    experimental anymore #2344
  * compose spec support has been updated to v2.0.2 #2391
  * build: builds with --print are now marked as internal and don't
    get recorded in build history #2416
  * fix --load flag used together output definitions from file with
    bake #2336
  * fix build from stdin when experimental mode enabled #2394
  * fix possible issue where delegated traces could be duplicated
    [#2362]
  * fix JSON formatting for custom build --print commands #2374

==== gcc14 ====
Version update (14.0.1+git9885 -> 14.0.1+git10008)
Subpackages: libgcc_s1 libgfortran5 libgomp1 libstdc++6 libubsan1

- Update to trunk head, 7c2a9dbcc2c1cb1563774068c59d5e09e, git10008

==== gdk-pixbuf ====
Subpackages: gdk-pixbuf-query-loaders gdk-pixbuf-thumbnailer libgdk_pixbuf-2_0-0 typelib-1_0-GdkPixbuf-2_0

- Fix path to gdk-pixbuf-query-loader in pkg-config file: we rename
  the loader to be multi-arch compatible and thus also need to
  adjust the .pc file to have build-systems find it.

==== glib2 ====
Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 typelib-1_0-GLib-2_0 typelib-1_0-GModule-2_0 typelib-1_0-GObject-2_0 typelib-1_0-Gio-2_0

- require dbus-launch only if dbus-service is wanted. This helps
  with stripping down container-only builds

==== glibc ====
Subpackages: glibc-locale glibc-locale-base

- iconv-iso-2022-cn-ext.patch: iconv: ISO-2022-CN-EXT: fix out-of-bound
  writes when writing escape sequence (CVE-2024-2961, bsc#1222992)

==== gtk2 ====
Subpackages: gtk2-tools libgtk-2_0-0

- Do not recommend the variuos -immodule-*: they have locale based
  provides which makes zypper install them when the locales are
  requested.

==== gtk4 ====
Version update (4.14.2 -> 4.14.3)
Subpackages: gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0

- Update to version 4.14.3:
  + GtkShortcutManager: Track the propagation phase of added
    controllers.
  + Accessibility: Implement GtkAccessibleRange for scrollbars.
  + X11:
  - Fix some confusing debug messages
  - Drop a no-longer-relevant optimization that was interfering
    with getting the current window manager capabilities.
  + Tools: Support generating pdf in gtk4-rendernode-tool.
  + Updated translations.

==== kernel-firmware ====
Version update (20240322 -> 20240419)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network

- Update to version 20240419 (git commit 7eab37522984):
  * Montage: update firmware for Mont-TSSE
  * linux-firmware: Add tuning parameter configs for CS35L41 Firmware
  * linux-firmware: Fix firmware names for Laptop SSID 104316a3
  * linux-firmware: Add CS35L41 HDA Firmware for Lenovo Legion Slim 7 16ARHA7
  * linux-firmware: update firmware for mediatek bluetooth chip (MT7922)
  * linux-firmware: update firmware for MT7922 WiFi device
  * iwlwifi: add gl FW for core87-44 release
  * iwlwifi: add ty/So/Ma firmwares for core87-44 release
  * iwlwifi: update cc/Qu/QuZ firmwares for core87-44 release
  * nvidia: Update Tegra210 XUSB firmware to v50.29
  * amdgpu: update beige goby firmware
  * amdgpu: update dimgrey cavefish firmware
  * amdgpu: update psp 13.0.11 firmware
  * amdgpu: update gc 11.0.4 firmware
  * amdgpu: update navy flounder firmware
  * amdgpu: update renoir firmware
  * amdgpu: update vcn 4.0.2 firmware
  * amdgpu: update sdma 6.0.1 firmware
  * amdgpu: update psp 13.0.4 firmware
  * amdgpu: update gc 11.0.1 firmware
  * amdgpu: update sienna cichlid firmware
  * amdgpu: update vega20 firmware
  * amdgpu: update yellow carp firmware
  * amdgpu: update green sardine firmware
  * amdgpu: update vega12 firmware
  * amdgpu: update raven2 firmware
  * amdgpu: update vcn 4.0.4 firmware
  * amdgpu: update smu 13.0.7 firmware
  * amdgpu: update sdma 6.0.2 firmware
  * amdgpu: update ipsp 13.0.7 firmware
  * amdgpu: update gc 11.0.2 firmware
  * amdgpu: update vega10 firmware
  * amdgpu: update raven firmware
  * amdgpu: update navi14 firmware
  * amdgpu: update smu 13.0.10 firmware
  * amdgpu: update sdma 6.0.3 firmware
  * amdgpu: update psp 13.0.10 firmware
  * amdgpu: update gc 11.0.3 firmware
  * amdgpu: update vcn 3.1.2 firmware
  * amdgpu: update psp 13.0.5 firmware
  * amdgpu: update gc 10.3.6 firmware
  * amdgpu: update navi12 firmware
  * amdgpu: update arcturus firmware
  * amdgpu: update vangogh firmware
  * amdgpu: update navi10 firmware
  * amdgpu: update vcn 4.0.3 firmware
  * amdgpu: update smu 13.0.6 firmware
  * amdgpu: update psp 13.0.6 firmware
  * amdgpu: update gc 9.4.3 firmware
  * amdgpu: update vcn 4.0.0 firmware
  * amdgpu: update smu 13.0.0 firmware
  * amdgpu: update sdma 6.0.0 firmware
  * amdgpu: update psp 13.0.0 firmware
  * amdgpu: update gc 11.0.0 firmware
  * amdgpu: update  firmware
  * amdgpu: update aldebaran firmware
  * amdgpu: update psp 13.0.8 firmware
  * amdgpu: update gc 10.3.7 firmware
  * linux-firmware: mediatek: Update MT8173 VPU firmware to v1.1.9
  * ath10k: WCN3990: hw1.0: add qcm2290 firmware API file
  * ath10k: WCN3990: hw1.0: move firmware back from qcom/ location
  * i915: Add DG2 HuC 7.10.15
  * amdgpu: DMCUB updates for various AMDGPU ASICs
  * linux-firmware: update firmware for en8811h 2.5G ethernet phy
  * rtw89: 8852c: update fw to v0.27.56.14
  * rtw89: 8922a: add firmware v0.35.18.0
  * rtw88: Add RTL8703B firmware v11.0.0

==== kernel-source ====
Version update (6.8.6 -> 6.8.7)

- Linux 6.8.7 (bsc#1012628).
- drm/amd/display: fix disable otg wa logic in DCN316
  (bsc#1012628).
- drm/amd/display: always reset ODM mode in context when adding
  first plane (bsc#1012628).
- drm/amd/display: Return max resolution supported by DWB
  (bsc#1012628).
- drm/amd/display: Do not recursively call manual trigger
  programming (bsc#1012628).
- drm/amd/display: Set VSC SDP Colorimetry same way for MST and
  SST (bsc#1012628).
- drm/amd/display: Program VSC SDP colorimetry for all DP sinks >=
  1.4 (bsc#1012628).
- drm/amdgpu: differentiate external rev id for gfx 11.5.0
  (bsc#1012628).
- drm/amdgpu: fix incorrect number of active RBs for gfx11
  (bsc#1012628).
- drm/amdgpu: always force full reset for SOC21 (bsc#1012628).
- drm/amdgpu: Reset dGPU if suspend got aborted (bsc#1012628).
- drm/i915: Disable live M/N updates when using bigjoiner
  (bsc#1012628).
- drm/i915: Disable port sync when bigjoiner is used
  (bsc#1012628).
- drm/i915/psr: Disable PSR when bigjoiner is used (bsc#1012628).
- drm/i915/cdclk: Fix CDCLK programming order when pipes are
  active (bsc#1012628).
- commit a2ed3b5
-  x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with
  CONFIG_MITIGATION_SPECTRE_BHI (bsc#1012628 bsc#1217339
  CVE-2024-2201).
- Update config files.
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto
  (bsc#1012628).
- x86/bugs: Clarify that syscall hardening isn't a BHI mitigation
  (bsc#1012628).
- x86/bugs: Fix BHI handling of RRSBA (bsc#1012628).
- x86/bugs: Rename various 'ia32_cap' variables to
  'x86_arch_cap_msr' (bsc#1012628).
- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES
  (bsc#1012628).
- x86/bugs: Fix BHI documentation (bsc#1012628).
- x86/bugs: Fix return type of spectre_bhi_state() (bsc#1012628).
- kernfs: annotate different lockdep class for of->mutex of
  writable files (bsc#1012628).
- selftests: kselftest: Fix build failure with NOLIBC
  (bsc#1012628).
- irqflags: Explicitly ignore lockdep_hrtimer_exit() argument
  (bsc#1012628).
- x86/apic: Force native_apic_mem_read() to use the MOV
  instruction (bsc#1012628).
- selftests: kselftest: Mark functions that unconditionally call
  exit() as __noreturn (bsc#1012628).
- selftests: timers: Fix abs() warning in posix_timers test
  (bsc#1012628).
- selftests: timers: Fix posix_timers ksft_print_msg() warning
  (bsc#1012628).
- selftests/timers/posix_timers: Reimplement
  check_timer_distribution() (bsc#1012628).
- x86/cpu: Actually turn off mitigations by default for
  SPECULATION_MITIGATIONS=n (bsc#1012628).
- perf/x86: Fix out of range data (bsc#1012628).
- vhost: Add smp_rmb() in vhost_enable_notify() (bsc#1012628).
- vhost: Add smp_rmb() in vhost_vq_avail_empty() (bsc#1012628).
- arm64: dts: imx8-ss-dma: fix spi lpcg indices (bsc#1012628).
- arm64: dts: imx8-ss-lsio: fix pwm lpcg indices (bsc#1012628).
- arm64: dts: imx8-ss-dma: fix pwm lpcg indices (bsc#1012628).
- arm64: dts: imx8-ss-conn: fix usb lpcg indices (bsc#1012628).
- arm64: dts: imx8-ss-dma: fix adc lpcg indices (bsc#1012628).
- arm64: dts: imx8-ss-dma: fix can lpcg indices (bsc#1012628).
- arm64: dts: imx8qm-ss-dma: fix can lpcg indices (bsc#1012628).
- drm/amdgpu/umsch: reinitialize write pointer in hw init
  (bsc#1012628).
- drm/msm/dp: fix runtime PM leak on connect failure
  (bsc#1012628).
- drm/msm/dp: fix runtime PM leak on disconnect (bsc#1012628).
- drm/client: Fully protect modes[] with dev->mode_config.mutex
  (bsc#1012628).
- drm/panfrost: Fix the error path in
  panfrost_mmu_map_fault_addr() (bsc#1012628).
- drm/ast: Fix soft lockup (bsc#1012628).
- drm/amdkfd: Reset GPU on queue preemption failure (bsc#1012628).
- drm/i915/vrr: Disable VRR when using bigjoiner (bsc#1012628).
- drm/vmwgfx: Enable DMA mappings with SEV (bsc#1012628).
- accel/ivpu: Fix deadlock in context_xa (bsc#1012628).
- accel/ivpu: Return max freq for DRM_IVPU_PARAM_CORE_CLOCK_RATE
  (bsc#1012628).
- accel/ivpu: Put NPU back to D3hot after failed resume
  (bsc#1012628).
- accel/ivpu: Fix PCI D0 state entry in resume (bsc#1012628).
- accel/ivpu: Check return code of ipc->lock init (bsc#1012628).
- scsi: sg: Avoid race in error handling & drop bogus warn
  (bsc#1012628).
- scsi: sg: Avoid sg device teardown race (bsc#1012628).
- fs/proc: Skip bootloader comment if no embedded kernel
  parameters (bsc#1012628).
- fs/proc: remove redundant comments from /proc/bootconfig
  (bsc#1012628).
- kprobes: Fix possible use-after-free issue on kprobe
  registration (bsc#1012628).
    ... changelog too long, skipping 198 lines ...
- commit 5c0cf23

==== kf6-solid ====
Subpackages: libKF6Solid6

- Add patch to fix mounting encrypted drives (kde#485507, boo#1222980):
  * 0001-udisks-Return-empty-string-for-root-clearTextPath.patch

==== libxml2 ====
Version update (2.11.6 -> 2.12.6)
Subpackages: libxml2-2 libxml2-tools

- Update to version 2.12.6
  * Regressions
  - parser: Fix detection of duplicate attributes in XML namespace
  - xmlreader: Fix xmlTextReaderConstEncoding
  - html: Fix htmlCreatePushParserCtxt with encoding
  - xmllint: Return error code if XPath returns empty nodeset
- Update to version 2.12.5
  * Security
  - [CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking
  * Regressions
  - parser: Fix crash in xmlParseInNodeContext with HTML documents
- Update to version 2.12.4
  * Regressions
  - parser: Fix regression parsing standalone declarations
  - autotools: Readd --with-xptr-locs configuration option
  - parser: Fix build --without-output
  - parser: Don't grow or shrink pull parser memory buffers
  - io: Fix memory lifetime issue with input buffers
- Update to version 2.12.3
  * Regressions
  - parser: Fix namespaces redefined from default attributes
  * Build fixes
  - include: Rename XML_EMPTY helper macro
  - include: Move declaration of xmlInitGlobals
  - include: Add missing includes
  - include: Move globals from xmlsave.h to parser.h
  - include: Readd circular dependency between tree.h and parser.h
- Drop libxml2-CVE-2024-25062.patch as it is part of upstream

==== libzypp ====
Version update (17.32.4 -> 17.32.5)

- Don't try to refresh volatile media as long as raw metadata are
  present (bsc#1223094)
- version 17.32.5 (32)

==== llvm18 ====
Version update (18.1.3 -> 18.1.4)

- Update to version 18.1.4.
  * Fixes an issue with Arm64EC code generation where calls to some
    intrinsics implemented in compiler-rt used the wrong name
    mangling, eventually resulting in unresolved symbol errors
    during linking.
  * Fixed an incorrect poison-generating flag preservation in
    `InstSimplify`. It will fix a miscompilation on RISCV, which
    turns the incorrect `or disjoint` into an `add`.
  * Save/restore routines for RV32E/RV64E are added to compiler-rt.
  * Fix regressions introduced in LLVM 18.1.3 in MIPS atomicrmw
    min/max codegen.
- Include module files for libc++ in libc++-devel.
- Rebase llvm-do-not-install-static-libraries.patch.

==== mozjs115 ====

- Properly tag patches.

==== podman ====
Version update (5.0.1 -> 5.0.2)

- spec: Fix incorrect conditional that included TW while requiring the legacy
    network backend for podman, meant only for SP5 and below.
- Update to version 5.0.2:
  * Bump to v5.0.2
  * Update release notes for v5.0.2
  * Emergency fix (well, skip) for failing bud tests
  * swagger fix infinitive recursion on some types
  * install swagger from source
  * Update go-swagger version
  * [v5.0] Bump c/common to v0.58.2
  * fix "concurrent map writes" in network ls compat endpoint
  * Fix relabeling failures with Z/z volumes on Mac
  * Packit: Enable CentOS Stream 10 update job
  * Bump to v5.0.2-dev

==== python-numpy ====
Version update (1.26.2 -> 1.26.4)

- Update to 1.26.4
  * NumPy 1.26.4 is a maintenance release that fixes bugs and
    regressions discovered after the 1.26.3 release. The Python
    versions supported by this release are 3.9-3.12. This is the
    last planned release in the 1.26.x series.
  * BUG: Restore missing asstr import
  * MAINT: prepare 1.26.x for further development
  * BUG: numpy.array_api: fix linalg.cholesky upper decomp...
  * MAINT, BLD: Fix unused inline functions warnings on clang
  * TST: Fix test_numeric on riscv64
  * MAINT: add newaxis to __all__ in numpy.array_api
  * BUG: Use large file fallocate on 32 bit linux platforms
  * TST: Fix test_warning_calls on Python 3.12
  * TST: Bump pytz to 2023.3.post1
  * BUG: Fix AVX512 build flags on Intel Classic Compiler
  * BLD: fix potential issue with escape sequences in __config__.py
  * BLD: unvendor meson-python on 1.26.x and upgrade to
    meson-python...
  * MAINT: Include header defining backtrace
  * BUG: Fix np.quantile([Fraction(2,1)], 0.5) (#24711)
- Release 1.26.3
  [#]# Compatibility
  * f2py will no longer accept ambiguous -m and .pyf CLI
    combinations. When more than one .pyf file is passed, an error
    is raised. When both -m and a .pyf is passed, a warning is
    emitted and the -m provided name is ignored.
  [#]# Improvements
  * f2py now handles common blocks which have kind specifications
    from modules. This further expands the usability of intrinsics
    like iso_fortran_env and iso_c_binding.
  [#]# Pull requests merged
  * MAINT: prepare 1.26.x for further development
  * TYP: add None to __getitem__ in numpy.array_api
  * BLD,BUG: quadmath required where available [f2py]
  * BUG: alpha doesn't use REAL(10)
  * BUG: Fix FP overflow error in division when the divisor is
    scalar
  * MAINT: Pin scipy-openblas version.
  * BUG: Fix f2py to enable use of string optional inout argument
  * BUG: Fix -fsanitize=alignment issue in
    numpy/_core/src/multiarray/arraytypes.c.src
  * TST: Explicitly pass NumPy path to cython during tests (also...
  * BUG: fix issues with newaxis and linalg.solve in
    numpy.array_api
  * BUG: Disallow shadowed modulenames
  * BUG: Handle common blocks with kind specifications from modules
  * BUG: Fix moving compiled executable to root with f2py -c on
    Windows
  * BUG: Fix single to half-precision conversion on PPC64/VSX3
  * TST: f2py: fix issue in test skip condition
  * Revert "MAINT: Pin scipy-openblas version."
  * MAINT: do not use long type
  * TST: PyPy needs another gc.collect on latest versions
  * MAINT: Bump conda-incubator/setup-miniconda from 2.2.0 to 3.0.1
  * BLD: update vendored Meson for AIX shared library fix
  * MAINT: Init base in cpu_avx512_kn
  * BUG: Fix failing test_features on SapphireRapids
  * BUG: Fix non-contiguous memory load when ARM/Neon is enabled
  * MAINT,BUG: Never import distutils above 3.12 [f2py]
  * MAINT: make the import-time check for old Accelerate more
    specific
  * MAINT: Bump actions/setup-node and
    larsoner/circleci-artifacts-redirector-action
  * BUG: avoid seg fault from OOB access in RandomState.set_state()
  * BUG: Fix two errors related to not checking for failed
    allocations
  * BUG: Fix regression with f2py wrappers when modules and
    subroutines...
  * BUG: Fix build issues on SPR
  * BLD: fix uninitialized variable warnings from
    simd/neon/memory.h
  * BUG: Handle iso_c_type mappings more consistently
  * BUG: Fix module name bug in signature files [urgent] [f2py]
  * BUG: Handle .pyf.src and fix SciPy [urgent]
  * DOC: f2py rewrite with meson details
  * BUG: Add external library handling for meson [f2py]
  * MAINT: Run f2py's meson backend with the same python that
    ran...
  * MAINT: Update numpy/f2py/_backends from main.
  * MAINT: Easy updates of f2py/*.py from main.
  * MAINT: Update crackfortran.py and f2py2e.py from main

==== python-pycparser ====
Version update (2.21 -> 2.22)

- update to 2.22:
  * Add missing SCHAR limit defines
  * Use proper SPDX identifier
  * Add Python 3.11 as a supported version
  * Fix multi-pragma/single statement blocks (#479)
  * Add an encoding parameter to parse_file
  * Feature/add pragma support
  * Set up permissions to ci.yml
  * _build_tables: Invalidate cache before importing generated modules
  * Upgrade GitHub Actions
  * Create a Security Policy
  * New example to generate AST from scratch
  * Add support for Python 3.12
  * ply: Make generated lextab.py deterministic
- drop fix-lexer-build.patch (upstream)

==== python-pycups ====
Version update (2.0.1 -> 2.0.4)

- update to 2.0.4:
  * remove the install_requires from setup.py
  * removed shebang from example/cupstree.py
  * ignore driverless utilities for postscriptdriver tags
    creation (Fedora bug #1873385)
  * remove epydoc from Makefile (#27)
  * fix invalid delete of pointer (#11)
  * Makefile uses wrong Python (#32)
  * define PY_SSIZE_T_CLEAN in cupsipp.h - fixes traceback during
    IPPRequest.writeIO with Python 3.10
  * fix the test.py when there is no printer installed (#46)
  * Use PyObject_Call() instead of deprecated PyEval

==== python311 ====
Version update (3.11.8 -> 3.11.9)

- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with
  patched libexpat below 2.6.0 that doesn't update the version number,
  just in SLE.
- Remove not needed upstream patches:
  * libexpat260.patch
  * CVE-2023-6597-TempDir-cleaning-symlink.patch, bsc#1219666
- Update to 3.11.9:
  * Security
  - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
    (CVE-2023-52425,  bsc#1219559) by adding five new methods:
    xml.etree.ElementTree.XMLParser.flush()
    xml.etree.ElementTree.XMLPullParser.flush()
    xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
    xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
    xml.sax.expatreader.ExpatParser.flush()
  - gh-115399: Update bundled libexpat to 2.6.0
  - gh-115243: Fix possible crashes in collections.deque.index()
    when the deque is concurrently modified.
  - gh-114572: ssl.SSLContext.cert_store_stats() and
    ssl.SSLContext.get_ca_certs() now correctly lock access to the
    certificate store, when the ssl.SSLContext is shared across
    multiple threads.
  * Core and Builtins
  - gh-116296: Fix possible refleak in object.__reduce__() internal
    error handling.
  - gh-116034: Fix location of the error on a failed assertion.
  - gh-115823: Properly calculate error ranges in the parser when
    raising SyntaxError exceptions caused by invalid byte sequences.
    Patch by Pablo Galindo
  - gh-112087: For an empty reverse iterator for list will be
    reduced to reversed(). Patch by Donghee Na.
  - gh-115011: Setters for members with an unsigned integer type now
    support the same range of valid values for objects that has a
    __index__() method as for int.
  - gh-96497: Fix incorrect resolution of mangled class variables
    used in assignment expressions in comprehensions.
  * Library
  - gh-117310: Fixed an unlikely early & extra Py_DECREF triggered
    crash in ssl when creating a new _ssl._SSLContext if CPython was
    built implausibly such that the default cipher list is empty or
    the SSL library it was linked against reports a failure from its
    C SSL_CTX_set_cipher_list() API.
  - gh-117178: Fix regression in lazy loading of self-referential
    modules, introduced in gh-114781.
  - gh-117084: Fix zipfile extraction for directory entries with the
    name containing backslashes on Windows.
  - gh-117110: Fix a bug that prevents subclasses of typing.Any to
    be instantiated with arguments. Patch by Chris Fu.
  - gh-90872: On Windows, subprocess.Popen.wait() no longer calls
    WaitForSingleObject() with a negative timeout: pass 0 ms if the
    timeout is negative. Patch by Victor Stinner.
  - gh-116957: configparser: Don’t leave ConfigParser values in an
    invalid state (stored as a list instead of a str) after an
    earlier read raised DuplicateSectionError or
    DuplicateOptionError.
  - gh-90095: Ignore empty lines and comments in .pdbrc
  - gh-116764: Restore support of None and other false values in
    urllib.parse functions parse_qs() and parse_qsl(). Also, they
    now raise a TypeError for non-zero integers and non-empty
    sequences.
  - gh-116811: In PathFinder.invalidate_caches, delegate to
    MetadataPathFinder.invalidate_caches.
  - gh-116600: Fix repr() for global Flag members.
  - gh-116484: Change automatically generated tkinter.Checkbutton
    widget names to avoid collisions with automatically generated
    tkinter.ttk.Checkbutton widget names within the same parent
    widget.
  - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on
    opening named pipe.
  - gh-116143: Fix a race in pydoc _start_server, eliminating a
    window in which _start_server can return a thread that is
    “serving” but without a docserver set.
  - gh-116325: typing: raise SyntaxError instead of AttributeError
    on forward references as empty strings.
  - gh-90535: Fix support of interval values > 1 in
    logging.TimedRotatingFileHandler for when='MIDNIGHT' and
    when='Wx'.
  - gh-115978: Disable preadv(), readv(), pwritev(), and writev() on
    WASI.
  - Under wasmtime for WASI 0.2, these functions don’t pass
    test_posix
    (https://github.com/bytecodealliance/wasmtime/issues/7830).
  - gh-88352: Fix the computation of the next rollover time in the
    logging.TimedRotatingFileHandler handler. computeRollover() now
    always returns a timestamp larger than the specified time and
    works correctly during the DST change. doRollover() no longer
    overwrite the already rolled over file, saving from data loss
    when run at midnight or during repeated time at the DST change.
  - gh-87115: Set __main__.__spec__ to None when running a script
    with pdb
  - gh-76511: Fix UnicodeEncodeError in email.Message.as_string()
    that results when a message that claims to be in the ascii
    character set actually has non-ascii characters. Non-ascii
    characters are now replaced with the U+FFFD replacement
    character, like in the replace error handler.
  - gh-75988: Fixed unittest.mock.create_autospec() to pass the call
    through to the wrapped object to return the real result.
  - gh-115881: Fix issue where ast.parse() would incorrectly flag
    conditional context managers (such as with (x() if y else z()):
    ... changelog too long, skipping 156 lines ...
    64-bit platforms.

==== python311-core ====
Version update (3.11.8 -> 3.11.9)
Subpackages: libpython3_11-1_0 python311-base

- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with
  patched libexpat below 2.6.0 that doesn't update the version number,
  just in SLE.
- Remove not needed upstream patches:
  * libexpat260.patch
  * CVE-2023-6597-TempDir-cleaning-symlink.patch, bsc#1219666
- Update to 3.11.9:
  * Security
  - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
    (CVE-2023-52425,  bsc#1219559) by adding five new methods:
    xml.etree.ElementTree.XMLParser.flush()
    xml.etree.ElementTree.XMLPullParser.flush()
    xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
    xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
    xml.sax.expatreader.ExpatParser.flush()
  - gh-115399: Update bundled libexpat to 2.6.0
  - gh-115243: Fix possible crashes in collections.deque.index()
    when the deque is concurrently modified.
  - gh-114572: ssl.SSLContext.cert_store_stats() and
    ssl.SSLContext.get_ca_certs() now correctly lock access to the
    certificate store, when the ssl.SSLContext is shared across
    multiple threads.
  * Core and Builtins
  - gh-116296: Fix possible refleak in object.__reduce__() internal
    error handling.
  - gh-116034: Fix location of the error on a failed assertion.
  - gh-115823: Properly calculate error ranges in the parser when
    raising SyntaxError exceptions caused by invalid byte sequences.
    Patch by Pablo Galindo
  - gh-112087: For an empty reverse iterator for list will be
    reduced to reversed(). Patch by Donghee Na.
  - gh-115011: Setters for members with an unsigned integer type now
    support the same range of valid values for objects that has a
    __index__() method as for int.
  - gh-96497: Fix incorrect resolution of mangled class variables
    used in assignment expressions in comprehensions.
  * Library
  - gh-117310: Fixed an unlikely early & extra Py_DECREF triggered
    crash in ssl when creating a new _ssl._SSLContext if CPython was
    built implausibly such that the default cipher list is empty or
    the SSL library it was linked against reports a failure from its
    C SSL_CTX_set_cipher_list() API.
  - gh-117178: Fix regression in lazy loading of self-referential
    modules, introduced in gh-114781.
  - gh-117084: Fix zipfile extraction for directory entries with the
    name containing backslashes on Windows.
  - gh-117110: Fix a bug that prevents subclasses of typing.Any to
    be instantiated with arguments. Patch by Chris Fu.
  - gh-90872: On Windows, subprocess.Popen.wait() no longer calls
    WaitForSingleObject() with a negative timeout: pass 0 ms if the
    timeout is negative. Patch by Victor Stinner.
  - gh-116957: configparser: Don’t leave ConfigParser values in an
    invalid state (stored as a list instead of a str) after an
    earlier read raised DuplicateSectionError or
    DuplicateOptionError.
  - gh-90095: Ignore empty lines and comments in .pdbrc
  - gh-116764: Restore support of None and other false values in
    urllib.parse functions parse_qs() and parse_qsl(). Also, they
    now raise a TypeError for non-zero integers and non-empty
    sequences.
  - gh-116811: In PathFinder.invalidate_caches, delegate to
    MetadataPathFinder.invalidate_caches.
  - gh-116600: Fix repr() for global Flag members.
  - gh-116484: Change automatically generated tkinter.Checkbutton
    widget names to avoid collisions with automatically generated
    tkinter.ttk.Checkbutton widget names within the same parent
    widget.
  - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on
    opening named pipe.
  - gh-116143: Fix a race in pydoc _start_server, eliminating a
    window in which _start_server can return a thread that is
    “serving” but without a docserver set.
  - gh-116325: typing: raise SyntaxError instead of AttributeError
    on forward references as empty strings.
  - gh-90535: Fix support of interval values > 1 in
    logging.TimedRotatingFileHandler for when='MIDNIGHT' and
    when='Wx'.
  - gh-115978: Disable preadv(), readv(), pwritev(), and writev() on
    WASI.
  - Under wasmtime for WASI 0.2, these functions don’t pass
    test_posix
    (https://github.com/bytecodealliance/wasmtime/issues/7830).
  - gh-88352: Fix the computation of the next rollover time in the
    logging.TimedRotatingFileHandler handler. computeRollover() now
    always returns a timestamp larger than the specified time and
    works correctly during the DST change. doRollover() no longer
    overwrite the already rolled over file, saving from data loss
    when run at midnight or during repeated time at the DST change.
  - gh-87115: Set __main__.__spec__ to None when running a script
    with pdb
  - gh-76511: Fix UnicodeEncodeError in email.Message.as_string()
    that results when a message that claims to be in the ascii
    character set actually has non-ascii characters. Non-ascii
    characters are now replaced with the U+FFFD replacement
    character, like in the replace error handler.
  - gh-75988: Fixed unittest.mock.create_autospec() to pass the call
    through to the wrapped object to return the real result.
  - gh-115881: Fix issue where ast.parse() would incorrectly flag
    conditional context managers (such as with (x() if y else z()):
    ... changelog too long, skipping 156 lines ...
    64-bit platforms.

==== setools ====
Version update (4.4.4 -> 4.5.0)

- Fix build for 15.4 and 15.5:
  - Minimum required python version is 3.11, so building only for python311
  - Remove dependency for networkx: 0001-Make-networkx-optional-again-Fixes-125.patch
- Update to version 4.5.0:
  - User Visible Changes
  * Add graphical results for information flow analysis and domain
    transition analysis, available in apol, sedta, and seinfoflow.
  * Add tooltips, What's This?, and detail popups in apol to help
    cross-referencing query and analysis results along with
    context-sensitive help.
  - Under The Hood Changes
  * Rework apol to fully generate the UI programmatically.
  * Update apol to PyQt6
  * Replace deprecated uses of pkg_resources and distutils.
  * Begin adding unit tests for apol UI.
  - Updated Dependencies
    SETools now higher minimum versions of the following dependencies:
  * Python 3.10
  * NetworkX 2.6
  * PyQt6
  * Cython 0.29.14
  - New Dependencies
  * pygraphviz (for seinfoflow, sedta, apol)

==== transactional-update ====
Version update (4.6.5 -> 4.6.6)
Subpackages: dracut-transactional-update libtukit4 transactional-update-zypp-config tukit

- Version 4.6.6
  - soft-reboot: Fix inverted logic of soft-reboot detection
  - soft-reboot: Don't use D-Bus for snapper call - it may be
    shutting down already
  - soft-reboot: Remove unused variable
  - doc: Document configuration file snippets for tukit.conf
- Remove script to disable soft-reboot support - this is the
  default for now anyway

==== xfsprogs ====
Version update (6.6.0 -> 6.7.0)

- update to 6.7.0
  - xfsprogs: Several configure script updates
  - xfs_io: Use system's SEEK_DATA and SEEK_HOLE definition
  - xfsprogs: Remove platform_defs.h generation on build time
  - xfs_db: Fix metadata read error due hardcoded initialization of bb_count
  - xfsprogs: Request 64-bit time_t where possible
  - xfsprogs: Remove use of LFS64 interfaces