Packages changed:
  dav1d (1.0.0 -> 1.1.0)
  git (2.39.1 -> 2.39.2)
  gnutls (3.7.8 -> 3.7.9)
  grub2
  installation-images-MicroOS (17.75 -> 17.76)
  kernel-source (6.1.10 -> 6.1.12)
  keylime
  mozilla-nss (3.86 -> 3.87)
  mozjs102 (102.7.0 -> 102.8.0)
  patterns-microos
  plasma-branding-MicroOS (20230126 -> 20230214)
  plasma5-openSUSE
  python-SQLAlchemy (1.4.45 -> 1.4.46)
  tcl
  ucode-intel (20221108 -> 20230214)
  util-linux
  util-linux-systemd

=== Details ===

==== dav1d ====
Version update (1.0.0 -> 1.1.0)

- Update to version 1.1.0
  * New function dav1d_get_frame_delay to query the decoder
    frame delay
  * Numerous fixes for strict conformity to the specs and samples
  * NEON and AVX-512 misc fixes and improvements
  * Partial AVX2 12bpc transform implementations
  * AVX-512 high bit-depth cdef_filter, loopfilter, itx
  * NEON z1/z3 optimization for 8bpc
  * SSSE3 z1 optimization for 8bpc

==== git ====
Version update (2.39.1 -> 2.39.2)

- git 2.39.2:
  * CVE-2023-22490: Using a specially-crafted repository, Git can
    be tricked into using its local clone optimization even when
    using a non-local transport boo#1208027
  * CVE-2023-23946: a path outside the working tree can be
    overwritten as the user who is running "git apply" boo#1208028

==== gnutls ====
Version update (3.7.8 -> 3.7.9)

- Update to 3.7.9: [bsc#1208143, CVE-2023-0361]
  * libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key
    exchange. [GNUTLS-SA-2020-07-14, CVSS: medium][CVE-2023-0361]
  * Rebase gnutls-FIPS-140-3-references.patch

==== grub2 ====
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi

- Refresh 0003-tpm2-resend-the-command-on-TPM_RC_RETRY.patch to
  handle the TPM2 responseCode correctly.

==== installation-images-MicroOS ====
Version update (17.75 -> 17.76)

- merge gh#openSUSE/installation-images#628
- add patch to initrd
- remove license files from installation system
- 17.76

==== kernel-source ====
Version update (6.1.10 -> 6.1.12)

- Linux 6.1.12 (bsc#1012628).
- Documentation/hw-vuln: Add documentation for Cross-Thread
  Return Predictions (bsc#1012628).
- KVM: x86: Mitigate the cross-thread return address predictions
  bug (bsc#1012628).
- x86/speculation: Identify processors vulnerable to SMT RSB
  predictions (bsc#1012628).
- drm/i915: Fix VBT DSI DVO port handling (bsc#1012628).
- drm/i915: Initialize the obj flags for shmem objects
  (bsc#1012628).
- drm/i915: Move fd_install after last use of fence (bsc#1012628).
- drm/amd/display: fix cursor offset on rotation 180
  (bsc#1012628).
- drm/amd/display: properly handling AGP aperture in vm setup
  (bsc#1012628).
- drm/amdgpu/smu: skip pptable init under sriov (bsc#1012628).
- drm/amdgpu/fence: Fix oops due to non-matching drm_sched
  init/fini (bsc#1012628).
- drm/amd/pm: bump SMU 13.0.7 driver_if header version
  (bsc#1012628).
- drm/amdgpu: Add unique_id support for GC 11.0.1/2 (bsc#1012628).
- drm/amd/pm: bump SMU 13.0.0 driver_if header version
  (bsc#1012628).
- arm64: efi: Force the use of SetVirtualAddressMap() on eMAG
  and Altra Max machines (bsc#1012628).
- Fix page corruption caused by racy check in __free_pages
  (bsc#1012628).
- arm64: dts: meson-axg: Make mmc host controller interrupts
  level-sensitive (bsc#1012628).
- arm64: dts: meson-g12-common: Make mmc host controller
  interrupts level-sensitive (bsc#1012628).
- arm64: dts: meson-gx: Make mmc host controller interrupts
  level-sensitive (bsc#1012628).
- rtmutex: Ensure that the top waiter is always woken up
  (bsc#1012628).
- tracing: Fix TASK_COMM_LEN in trace event format file
  (bsc#1012628).
- drm/amdgpu: Use the TGID for trace_amdgpu_vm_update_ptes
  (bsc#1012628).
- powerpc/64s/interrupt: Fix interrupt exit race with security
  mitigation switch (bsc#1012628).
- riscv: kprobe: Fixup misaligned load text (bsc#1012628).
- riscv: Fixup race condition on PG_dcache_clean in
  flush_icache_pte (bsc#1012628).
- nvdimm: Support sizeof(struct page) > MAX_STRUCT_PAGE_SIZE
  (bsc#1012628).
- ceph: flush cap releases when the session is flushed
  (bsc#1012628).
- drm/amd/pm: add SMU 13.0.7 missing GetPptLimit message mapping
  (bsc#1012628).
- pinctrl: qcom: sm8450-lpass-lpi: correct swr_rx_data group
  (bsc#1012628).
- clk: ingenic: jz4760: Update M/N/OD calculation algorithm
  (bsc#1012628).
- cxl/region: Fix passthrough-decoder detection (bsc#1012628).
- cxl/region: Fix null pointer dereference for resetting decoder
  (bsc#1012628).
- usb: typec: altmodes/displayport: Fix probe pin assign check
  (bsc#1012628).
- usb: core: add quirk for Alcor Link AK9563 smartcard reader
  (bsc#1012628).
- btrfs: free device in btrfs_close_devices for a single device
  filesystem (bsc#1012628).
- btrfs: simplify update of last_dir_index_offset when logging
  a directory (bsc#1012628).
- selftests: mptcp: stop tests earlier (bsc#1012628).
- selftests: mptcp: allow more slack for slow test-case
  (bsc#1012628).
- mptcp: be careful on subflow status propagation on errors
  (bsc#1012628).
- mptcp: do not wait for bare sockets' timeout (bsc#1012628).
- net: USB: Fix wrong-direction WARNING in plusb.c (bsc#1012628).
- cifs: Fix use-after-free in rdata->read_into_pages()
  (bsc#1012628).
- pinctrl: intel: Restore the pins that used to be in Direct
  IRQ mode (bsc#1012628).
- pinctrl: aspeed: Revert "Force to disable the function's signal"
  (bsc#1012628).
- spi: dw: Fix wrong FIFO level setting for long xfers
  (bsc#1012628).
- pinctrl: single: fix potential NULL dereference (bsc#1012628).
- pinctrl: aspeed: Fix confusing types in return value
  (bsc#1012628).
- pinctrl: mediatek: Fix the drive register definition of some
  Pins (bsc#1012628).
- clk: microchip: mpfs-ccc: Use devm_kasprintf() for allocating
  formatted strings (bsc#1012628).
- ASoC: topology: Return -ENOMEM on memory allocation failure
  (bsc#1012628).
- ASoC: fsl_sai: fix getting version from VERID (bsc#1012628).
- ASoC: tas5805m: add missing page switch (bsc#1012628).
- ASoC: tas5805m: rework to avoid scheduling while atomic
  (bsc#1012628).
- arm64: dts: mediatek: mt8195: Fix vdosys* compatible strings
  (bsc#1012628).
- riscv: stacktrace: Fix missing the first frame (bsc#1012628).
- ALSA: pci: lx6464es: fix a debug loop (bsc#1012628).
- arm64: dts: rockchip: set sdmmc0 speed to sd-uhs-sdr50 on
  rock-3a (bsc#1012628).
    ... changelog too long, skipping 478 lines ...
- commit 82ff25b

==== keylime ====
Subpackages: keylime-config keylime-firewalld keylime-logrotate keylime-registrar keylime-tenant keylime-tpm_cert_store keylime-verifier python310-keylime

- Remove completely unnecessary dependency on python-simplejson.

==== mozilla-nss ====
Version update (3.86 -> 3.87)
Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs

- update to NSS 3.87
  * bmo#1803226 - NULL password encoding incorrect
  * bmo#1804071 - Fix rng stub signature for fuzzing builds
  * bmo#1803595 - Updating the compiler parsing for build
  * bmo#1749030 - Modification of supported compilers
  * bmo#1774654 - tstclnt crashes when accessing gnutls server
    without a user cert in the database.
  * bmo#1751707 - Add configuration option to enable source-based
    coverage sanitizer
  * bmo#1751705 - Update ECCKiila generated files.
  * bmo#1730353 - Add support for the LoongArch 64-bit architecture
  * bmo#1798823 - add checks for zero-length RSA modulus to avoid
    memory errors and failed assertions later
  * bmo#1798823 - Additional zero-length RSA modulus checks
- add man-pages to the tools package (boo#1208242)

==== mozjs102 ====
Version update (102.7.0 -> 102.8.0)

- Update to version 102.8.0:
  + Various security fixes.
  + CVE-2023-25728: Content security policy leak in violation
    reports using iframes.
  + CVE-2023-25730: Screen hijack via browser fullscreen mode.
  + CVE-2023-25743: Fullscreen notification not shown in Firefox
    Focus.
  + CVE-2023-0767: Arbitrary memory write via PKCS 12 in NSS.
  + CVE-2023-25735: Potential use-after-free from compartment
    mismatch in SpiderMonkey.
  + CVE-2023-25737: Invalid downcast in
    SVGUtils::SetupStrokeGeometry.
  + CVE-2023-25738: Printing on Windows could potentially crash
    Firefox with some device drivers.
  + CVE-2023-25739: Use-after-free in
    mozilla::dom::ScriptLoadContext::~ScriptLoadContext.
  + CVE-2023-25729: Extensions could have opened external schemes
    without user knowledge.
  + CVE-2023-25732: Out of bounds memory write from
    EncodeInputStream.
  + CVE-2023-25734: Opening local .url files could cause unexpected
    network loads.
  + CVE-2023-25742: Web Crypto ImportKey crashes tab.
  + CVE-2023-25744: Memory safety bugs fixed in Firefox 110 and
    Firefox ESR 102.8.
  + CVE-2023-25746: Memory safety bugs fixed in Firefox ESR 102.8.

==== patterns-microos ====
Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap

- Add kcm_flatpak to plasma default install (boo#1208256)

==== plasma-branding-MicroOS ====
Version update (20230126 -> 20230214)

- Reverted prior commit, will investigate alternate method.
  * https://build.opensuse.org/request/show/1065543
- 20230214
- Added kcm-about-distrorc (boo#1207873)
  * Changes kinfocenter "About" to display MicroOS logo and Link to
  MicroOS Desktop wiki, rather than Geeko and the main website.
- 20230202

==== plasma5-openSUSE ====
Subpackages: plasma5-defaults-openSUSE plasma5-theme-openSUSE plasma5-workspace-branding-openSUSE sddm-theme-openSUSE

- Require distribution-logos-openSUSE-icons

==== python-SQLAlchemy ====
Version update (1.4.45 -> 1.4.46)

- update to 1.4.46:
  * A new deprecation “uber warning” is now emitted at runtime the
    first time any SQLAlchemy 2.0 deprecation warning would
    normally be emitted, but the SQLALCHEMY_WARN_20 environment
    variable is not set.
  see https://docs.sqlalchemy.org/en/20/changelog/changelog_14.html#change-1.4.46

==== tcl ====

- bsc#1203982, tcl-interp-limit-time.patch: Fix a y2k38 problem
  in [interp limit -time] .

==== ucode-intel ====
Version update (20221108 -> 20230214)

- Updated to Intel CPU Microcode 20230214 release.
  Security issues fixed:
  - CVE-2022-38090: Security updates for [INTEL-SA-00767](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00767.html) (bsc#1208275)
  - CVE-2022-33196: Security updates for [INTEL-SA-00738](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html) (bsc#1208276)
  - CVE-2022-21216: Security updates for [INTEL-SA-00700](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00700.html) (bsc#1208277)
  New Platforms:
  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products
  |:---------------|:---------|:------------|:---------|:---------|:---------
  | SPR-SP         | E2       | 06-8f-05/87 |          | 2b000181 | Xeon Scalable Gen4
  | SPR-SP         | E3       | 06-8f-06/87 |          | 2b000181 | Xeon Scalable Gen4
  | SPR-SP         | E4       | 06-8f-07/87 |          | 2b000181 | Xeon Scalable Gen4
  | SPR-SP         | E5       | 06-8f-08/87 |          | 2b000181 | Xeon Scalable Gen4
  | SPR-HBM        | B3       | 06-8f-08/10 |          | 2c000170 | Xeon Max
  | RPL-P 6+8      | J0       | 06-ba-02/07 |          | 0000410e | Core Gen13
  | RPL-H 6+8      | J0       | 06-ba-02/07 |          | 0000410e | Core Gen13
  | RPL-U 2+8      | Q0       | 06-ba-02/07 |          | 0000410e | Core Gen13
  Updated Platforms:
  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products
  |:---------------|:---------|:------------|:---------|:---------|:---------
  | ADL            | C0       | 06-97-02/07 | 00000026 | 0000002c | Core Gen12
  | ADL            | C0       | 06-97-05/07 | 00000026 | 0000002c | Core Gen12
  | ADL            | C0       | 06-bf-02/07 | 00000026 | 0000002c | Core Gen12
  | ADL            | C0       | 06-bf-05/07 | 00000026 | 0000002c | Core Gen12
  | ADL            | L0       | 06-9a-03/80 | 00000424 | 00000429 | Core Gen12
  | ADL            | L0       | 06-9a-04/80 | 00000424 | 00000429 | Core Gen12
  | CLX-SP         | B0       | 06-55-06/bf | 04003302 | 04003303 | Xeon Scalable Gen2
  | CLX-SP         | B1       | 06-55-07/bf | 05003302 | 05003303 | Xeon Scalable Gen2
  | CPX-SP         | A1       | 06-55-0b/bf | 07002501 | 07002503 | Xeon Scalable Gen3
  | GLK            | B0       | 06-7a-01/01 | 0000003c | 0000003e | Pentium Silver N/J5xxx, Celeron N/J4xxx
  | GLK-R          | R0       | 06-7a-08/01 | 00000020 | 00000022 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
  | ICL-D          | B0       | 06-6c-01/10 | 01000201 | 01000211 | Xeon D-17xx, D-27xx
  | ICL-U/Y        | D1       | 06-7e-05/80 | 000000b6 | 000000b8 | Core Gen10 Mobile
  | ICX-SP         | D0       | 06-6a-06/87 | 0d000375 | 0d000389 | Xeon Scalable Gen3
  | JSL            | A0/A1    | 06-9c-00/01 | 24000023 | 24000024 | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105
  | LKF            | B2/B3    | 06-8a-01/10 | 00000031 | 00000032 | Core w/Hybrid Technology
  | RKL-S          | B0       | 06-a7-01/02 | 00000056 | 00000057 | Core Gen11
  | RPL-S          | S0       | 06-b7-01/32 | 0000010e | 00000112 | Core Gen13
  | SKX-SP         | B1       | 06-55-03/97 | 0100015e | 01000161 | Xeon Scalable

==== util-linux ====
Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 util-linux-lang

- Remove requires for adjtimex, which and time: this where wrongly
  implemented split provides we don't need anymore.
- Remove pam_lastlog, not Y2038 safe, will be removed upstream.
  Additional tools update the files themself.
- Readd hwclock.8 manual page.
- Move permissions pre-require to correct package.
- Remove install_info_prereq, we have no info pages.
- clean up spec file, tag all the %if-endif to make it easy to read the file
  and try to simplify a bit the if-endif logic grouping by core, systemd and
  python.

==== util-linux-systemd ====

- Remove requires for adjtimex, which and time: this where wrongly
  implemented split provides we don't need anymore.
- Remove pam_lastlog, not Y2038 safe, will be removed upstream.
  Additional tools update the files themself.
- Readd hwclock.8 manual page.
- Move permissions pre-require to correct package.
- Remove install_info_prereq, we have no info pages.
- clean up spec file, tag all the %if-endif to make it easy to read the file
  and try to simplify a bit the if-endif logic grouping by core, systemd and
  python.