Packages changed:
  aaa_base (84.87+git20230329.b39efbc -> 84.87+git20230815.cab7b44)
  busybox-links
  coreutils (9.3 -> 9.4)
  crypto-policies
  grep
  kdump
  kexec-tools (2.0.26.0 -> 2.0.27)
  lastlog2 (1.1.0 -> 1.2.0)
  libei (1.0.901 -> 1.1.0)
  multipath-tools (0.9.5+68+suse.d1b6a1c -> 0.9.6+71+suse.f07325e)
  open-vm-tools (12.2.0 -> 12.3.0)
  pam-config (2.5 -> 2.8)
  perl-Bootloader (1.6 -> 1.8)
  python-async_timeout (4.0.2 -> 4.0.3)
  python-click (8.1.6 -> 8.1.7)
  python-zope.event (4.6 -> 5.0)
  python311 (3.11.4 -> 3.11.5)
  python311-core (3.11.4 -> 3.11.5)
  shaderc (2023.4 -> 2023.6)
  sssd (2.9.1 -> 2.9.2)
  wireless-regdb (20230721 -> 20230901)

=== Details ===

==== aaa_base ====
Version update (84.87+git20230329.b39efbc -> 84.87+git20230815.cab7b44)
Subpackages: aaa_base-extras

- Update to version 84.87+git20230815.cab7b44:
  * Remove broken autocompletion overrides and restore default bash behavior
  * Add foot to DIR_COLORS
  * files/u/s/sysconf_addword: avoid bashism, fix shellcheck warnings
  * files/u/s/smart_agetty: replace shebang with /bin/sh
  * files/u/s/service: avoid bashism, fix shellcheck warnings
  * files/u/s/refresh_initrd: make POSIX compliant
  * files/u/b/safe-rm: make POSIX compliant
  * aaa_base.post: replace shebang with /usr/sh
  * files/u/b/old: make POSIX compliant

==== busybox-links ====
Subpackages: busybox-coreutils busybox-grep busybox-gzip busybox-hostname busybox-sed busybox-sendmail busybox-which busybox-xz

- Add conflict for coreutils-systemd, package got splitted

==== coreutils ====
Version update (9.3 -> 9.4)
Subpackages: coreutils-doc coreutils-lang

- Update to 9.4:
  Bug fixes:
  * b2sum --check will no longer read unallocated memory when
    presented with malformed checksum lines.
    [bug introduced in coreutils-9.2]
  * cp --parents again succeeds when preserving mode for absolute directories.
    Previously it would have failed with a "No such file or directory" error.
    [bug introduced in coreutils-9.1]
  * cp --sparse=never will avoid copy-on-write (reflinking) and copy offloading,
    to ensure no holes present in the destination copy.
    [bug introduced in coreutils-9.0]
  * cksum again diagnoses read errors in its default CRC32 mode.
    [bug introduced in coreutils-9.0]
  * cksum --check now ensures filenames with a leading backslash character
    are escaped appropriately in the status output.
    This also applies to the standalone checksumming utilities.
    [bug introduced in coreutils-8.25]
  * dd again supports more than two multipliers for numbers.
    Previously numbers of the form '1024x1024x32' gave "invalid number" errors.
    [bug introduced in coreutils-9.1]
  * factor, numfmt, and tsort now diagnose read errors on the input.
    [This bug was present in "the beginning".]
  * install --strip now supports installing to files with a leading hyphen.
    Previously such file names would have caused the strip process to fail.
    [This bug was present in "the beginning".]
  * ls now shows symlinks specified on the command line that can't be traversed.
    Previously a "Too many levels of symbolic links" diagnostic was given.
    [This bug was present in "the beginning".]
  * pr --length=1 --double-space no longer enters an infinite loop.
    [This bug was present in "the beginning".]
  * tac now handles short reads on its input.  Previously it may have exited
    erroneously, especially with large input files with no separators.
    [This bug was present in "the beginning".]
  * uptime no longer incorrectly prints "0 users" on OpenBSD,
    and is being built again on FreeBSD and Haiku.
    [bugs introduced in coreutils-9.2]
  * wc -l and cksum no longer crash with an "Illegal instruction" error
    on x86 Linux kernels that disable XSAVE YMM.  This was seen on Xen VMs.
    [bug introduced in coreutils-9.0]
  Changes in behavior:
  * cp -v and mv -v will no longer output a message for each file skipped
    due to -i, or -u.  Instead they only output this information with --debug.
    I.e., 'cp -u -v' etc. will have the same verbosity as before coreutils-9.3.
  * cksum -b no longer prints base64-encoded checksums.  Rather that
    short option is reserved to better support emulation of the standalone
    checksum utilities with cksum.
  * mv dir x now complains differently if x/dir is a nonempty directory.
    Previously it said "mv: cannot move 'dir' to 'x/dir': Directory not empty",
    where it was unclear whether 'dir' or 'x/dir' was the problem.
    Now it says "mv: cannot overwrite 'x/dir': Directory not empty".
    Similarly for other renames where the destination must be the problem.
    [problem introduced in coreutils-6.0]
- Enable systemd-logind support
- Add gnulib-readutmp.patch: Fix seg.fault of who, pinky, uptime [dgo#65617]
- Create -systemd flavor with binaries linked against libsystemd
- Drop coreutils-invalid-ids.patch to get consistent behavior, most tools
  where already removed from that patch.
- coreutils-misc.patch: adjust paths
- coreutils-skip-some-sort-tests-on-ppc.patch: adjust paths
- coreutils-test_without_valgrind.patch: adjust paths
- coreutils-i18n.patch: update from Fedora

==== crypto-policies ====
Subpackages: crypto-policies-scripts

- Tests: Fix pylint versioning for TW and fix the parsing of the
  policygenerators to account for the commented lines correctly.
  * Add crypto-policies-pylint.patch
  * Rebase crypto-policies-policygenerators.patch
- FIPS: Adapt the fips-mode-setup script to use the pbl command
  from the perl-Bootloader package to replace grubby. Add a note
  for transactional systems [jsc#PED-4578].
  * Rebase crypto-policies-FIPS.patch

==== grep ====
Subpackages: grep-lang

- export CONFIG_SHELL=/bin/sh before running configure: results in
  the shell script (egrep/fgrep) to receive a /bin/sh shebang
  instead of requiring bash (the local shell used to build).

==== kdump ====

- update calibrate values, newly added SLE15-SP6 values

==== kexec-tools ====
Version update (2.0.26.0 -> 2.0.27)

- update to 2.0.27:
  * ppc64: add --reuse-cmdline parameter support
  * kexec: make -a the default
  * x86: add devicetree support
  * ppc64: document elf-ppc64 options and --dt-no-old-root
  * LoongArch: kdump: set up kernel image segment
  * arm64: zboot support
- Disable Xen support in ALP

==== lastlog2 ====
Version update (1.1.0 -> 1.2.0)
Subpackages: liblastlog2-1

- Version 1.2.0
  - show_lastlogin: Don't read if no database
  - Fix -flto for clang
  - Documentation fixes

==== libei ====
Version update (1.0.901 -> 1.1.0)

- Update to release 1.1
  * Correct documentation for ei_touch_(get|set)_user_data

==== multipath-tools ====
Version update (0.9.5+68+suse.d1b6a1c -> 0.9.6+71+suse.f07325e)
Subpackages: kpartx libmpath0

- Update to version 0.9.6+71+suse.f07325e:
  * avoid changing SCSI timeouts in "multipath -d" (bsc#1213809)
- Update to version 0.9.6+70+suse.63925e8:
  Upstream feature additions and bug fixes:
  * ignore nvme devices by default if nvme native multipath is enabled
  * add "group_by_tpg" path_grouping_policy
  * add config options "detect_pgpolicy" and "detect_pgpolicy_use_tpg"
  * libmultipath: add ALUA tpg path wildcard "%A"
  * make prioritizer timeouts consistent with checker timeouts
  * fix dev_loss_tmo even if not set in configuration (bsc#1212440)
  * libmultipath: fix max_sectors_kb on adding path
  * fix warnings reported by udevadm verify

==== open-vm-tools ====
Version update (12.2.0 -> 12.3.0)
Subpackages: libvmtools0 open-vm-tools-desktop

- Update to 12.3.0 (build 22234872) (boo#1214850)
  - There are no new features in the open-vm-tools 12.3.0 release. This is
    primarily a maintenance release that addresses a few critical problems,
    including:
  - This release integrates CVE-2023-20900 without the need for a patch.
    For more information on this vulnerability and its impact on VMware
    products, see
    https://www.vmware.com/security/advisories/VMSA-2023-0019.html.
  - A tools.conf configuration setting is available to temporaily direct
    Linux quiesced snaphots to restore pre open-vm-tools 12.2.0 behavior
    of ignoring file systems already frozen.
  - Building of the VMware Guest Authentication Service (VGAuth) using
    "xml-security-c" and "xerces-c" is being deprecated.
  - A number of Coverity reported issues have been addressed.
  - A number of GitHub issues and pull requests have been handled.
    Please see the Resolves Issues section of the Release Notes.
  - For issues resolved in this release, see the Resolved Issues section
    of the Release Notes.
  - For complete details, see:
    https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.0
  - Release Notes are available at
    https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/ReleaseNotes.md
  - The granular changes that have gone into the 12.3.0 release are in the
    ChangeLog at
    https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/open-vm-tools/ChangeLog
- Fix (bsc#1205927) - hv_vmbus module is loaded unnecessarily in VMware guests
- jsc-PED-1344 - reinable building containerinfo plugin for SLES 15 SP4.
- Drop patch now contained in 12.3.0:
  + 0001-build-put-l-specifiers-into-LIBADD-not-LDFLAGS.patch
  + 0002-build-use-grpc-pkgconfig-to-retrieve-flags-libraries.patch
  + 2023-20867-Remove-some-dead-code.patch
  + CVE-20230-20900.patch

==== pam-config ====
Version update (2.5 -> 2.8)

- Update to version 2.8
  - Replace aad module with himmelblau
- Update to version 2.7
  - Add support for aad module
- Update to version 2.6
  - Remove pam_cracklib from config even if no successor is installed
- Run update in %posttrans after all other PAM modules got
  installed/removed
- Both are required for [bsc#1214885]

==== perl-Bootloader ====
Version update (1.6 -> 1.8)

- merge gh#openSUSE/perl-bootloader#158
- skip warning about unsupported options when in compat mode
- 1.8
- merge gh#openSUSE/perl-bootloader#156
- bootloader_entry script can have an optional 'force-default'
  argument (bsc#1215064)
- 1.7

==== python-async_timeout ====
Version update (4.0.2 -> 4.0.3)

- update to 4.0.3:
  * Fixed compatibility with asyncio.timeout() on Python 3.11+.
  * Added support for Python 3.11.
  * Dropped support for Python 3.6.

==== python-click ====
Version update (8.1.6 -> 8.1.7)

- update to 8.1.7:
  * Fix issue with regex flags in shell completion.
  * Bash version detection issues a warning instead of an
    error.
  * Fix issue with completion script for Fish shell.

==== python-zope.event ====
Version update (4.6 -> 5.0)

- update to 5.0:
  * Drop support for Python 2.7, 3.5, 3.6.

==== python311 ====
Version update (3.11.4 -> 3.11.5)
Subpackages: python311-curses python311-dbm

- Update to 3.11.5 (bsc#1214692):
  - Security
  - gh-108310: Fixed an issue where instances of ssl.SSLSocket were
    vulnerable to a bypass of the TLS handshake and included
    protections (like certificate verification) and treating sent
    unencrypted data as if it were post-handshake TLS encrypted data.
    Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
    Gregory P. Smith.
  - Core and Builtins
  - gh-104432: Fix potential unaligned memory access on C APIs
    involving returned sequences of char * pointers within the grp
    and socket modules. These were revealed using a
  - fsaniziter=alignment build on ARM macOS. Patch by Christopher
    Chavez.
  - gh-77377: Ensure that multiprocessing synchronization objects
    created in a fork context are not sent to a different process
    created in a spawn context. This changes a segfault into an
    actionable RuntimeError in the parent process.
  - gh-106092: Fix a segmentation fault caused by a use-after-free
    bug in frame_dealloc when the trashcan delays the deallocation
    of a PyFrameObject.
  - gh-106719: No longer suppress arbitrary errors in the
    __annotations__ getter and setter in the type and module types.
  - gh-106723: Propagate frozen_modules to multiprocessing spawned
    process interpreters.
  - gh-105979: Fix crash in _imp.get_frozen_object() due to improper
    exception handling.
  - gh-105840: Fix possible crashes when specializing function calls
    with too many __defaults__.
  - gh-105588: Fix an issue that could result in crashes when
    compiling malformed ast nodes.
  - gh-105375: Fix bugs in the builtins module where exceptions
    could end up being overwritten.
  - gh-105375: Fix bug in the compiler where an exception could end
    up being overwritten.
  - gh-105375: Improve error handling in
    PyUnicode_BuildEncodingMap() where an exception could end up
    being overwritten.
  - gh-105235: Prevent out-of-bounds memory access during
    mmap.find() calls.
  - gh-101006: Improve error handling when read marshal data.
  - Library
  - gh-105736: Harmonized the pure Python version of OrderedDict
    with the C version. Now, both versions set up their internal
    state in __new__. Formerly, the pure Python version did the set
    up in __init__.
  - gh-107963: Fix multiprocessing.set_forkserver_preload() to check
    the given list of modules names. Patch by Dong-hee Na.
  - gh-106242: Fixes os.path.normpath() to handle embedded null
    characters without truncating the path.
  - gh-107845: tarfile.data_filter() now takes the location of
    symlinks into account when determining their target, so it will
    no longer reject some valid tarballs with
    LinkOutsideDestinationError.
  - gh-107715: Fix doctest.DocTestFinder.find() in presence of class
    names with special characters. Patch by Gertjan van Zwieten.
  - gh-100814: Passing a callable object as an option value to a
    Tkinter image now raises the expected TclError instead of an
    AttributeError.
  - gh-106684: Close asyncio.StreamWriter when it is not closed by
    application leading to memory leaks. Patch by Kumar Aditya.
  - gh-107077: Seems that in some conditions, OpenSSL will return
    SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification
    verification has failed, but the error parameters will still
    contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are
    now detecting this situation and raising the appropiate
    ssl.SSLCertVerificationError. Patch by Pablo Galindo
  - gh-107396: tarfiles; Fixed use before assignment of
    self.exception for gzip decompression
  - gh-62519: Make gettext.pgettext() search plural definitions when
    translation is not found.
  - gh-83006: Document behavior of shutil.disk_usage() for
    non-mounted filesystems on Unix.
  - gh-106186: Do not report MultipartInvariantViolationDefect
    defect when the email.parser.Parser class is used to parse
    emails with headersonly=True.
  - gh-106831: Fix potential missing NULL check of d2i_SSL_SESSION
    result in _ssl.c.
  - gh-106774: Update the bundled copy of pip to version 23.2.1.
  - gh-106752: Fixed several bug in zipfile.Path in
    name/suffix/suffixes/stem operations when no filename is present
    and the Path is not at the root of the zipfile.
  - gh-106602: Add __copy__ and __deepcopy__ in enum
  - gh-106530: Revert a change to colorsys.rgb_to_hls() that caused
    division by zero for certain almost-white inputs. Patch by Terry
    Jan Reedy.
  - gh-106052: re module: fix the matching of possessive quantifiers
    in the case of a subpattern containing backtracking.
  - gh-106510: Improve debug output for atomic groups in regular
    expressions.
  - gh-105497: Fix flag mask inversion when unnamed flags exist.
  - gh-90876: Prevent multiprocessing.spawn from failing to import
    in environments where sys.executable is None. This regressed in
    3.11 with the addition of support for path-like objects in
    multiprocessing.
  - gh-106350: Detect possible memory allocation failure in the
    libtommath function mp_init() used by the _tkinter module.
  - gh-102541: Make pydoc.doc catch bad module ImportError when
    output stream is not None.
    ... changelog too long, skipping 124 lines ...
    data: *consumed was not set.

==== python311-core ====
Version update (3.11.4 -> 3.11.5)
Subpackages: libpython3_11-1_0 python311-base

- Update to 3.11.5 (bsc#1214692):
  - Security
  - gh-108310: Fixed an issue where instances of ssl.SSLSocket were
    vulnerable to a bypass of the TLS handshake and included
    protections (like certificate verification) and treating sent
    unencrypted data as if it were post-handshake TLS encrypted data.
    Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
    Gregory P. Smith.
  - Core and Builtins
  - gh-104432: Fix potential unaligned memory access on C APIs
    involving returned sequences of char * pointers within the grp
    and socket modules. These were revealed using a
  - fsaniziter=alignment build on ARM macOS. Patch by Christopher
    Chavez.
  - gh-77377: Ensure that multiprocessing synchronization objects
    created in a fork context are not sent to a different process
    created in a spawn context. This changes a segfault into an
    actionable RuntimeError in the parent process.
  - gh-106092: Fix a segmentation fault caused by a use-after-free
    bug in frame_dealloc when the trashcan delays the deallocation
    of a PyFrameObject.
  - gh-106719: No longer suppress arbitrary errors in the
    __annotations__ getter and setter in the type and module types.
  - gh-106723: Propagate frozen_modules to multiprocessing spawned
    process interpreters.
  - gh-105979: Fix crash in _imp.get_frozen_object() due to improper
    exception handling.
  - gh-105840: Fix possible crashes when specializing function calls
    with too many __defaults__.
  - gh-105588: Fix an issue that could result in crashes when
    compiling malformed ast nodes.
  - gh-105375: Fix bugs in the builtins module where exceptions
    could end up being overwritten.
  - gh-105375: Fix bug in the compiler where an exception could end
    up being overwritten.
  - gh-105375: Improve error handling in
    PyUnicode_BuildEncodingMap() where an exception could end up
    being overwritten.
  - gh-105235: Prevent out-of-bounds memory access during
    mmap.find() calls.
  - gh-101006: Improve error handling when read marshal data.
  - Library
  - gh-105736: Harmonized the pure Python version of OrderedDict
    with the C version. Now, both versions set up their internal
    state in __new__. Formerly, the pure Python version did the set
    up in __init__.
  - gh-107963: Fix multiprocessing.set_forkserver_preload() to check
    the given list of modules names. Patch by Dong-hee Na.
  - gh-106242: Fixes os.path.normpath() to handle embedded null
    characters without truncating the path.
  - gh-107845: tarfile.data_filter() now takes the location of
    symlinks into account when determining their target, so it will
    no longer reject some valid tarballs with
    LinkOutsideDestinationError.
  - gh-107715: Fix doctest.DocTestFinder.find() in presence of class
    names with special characters. Patch by Gertjan van Zwieten.
  - gh-100814: Passing a callable object as an option value to a
    Tkinter image now raises the expected TclError instead of an
    AttributeError.
  - gh-106684: Close asyncio.StreamWriter when it is not closed by
    application leading to memory leaks. Patch by Kumar Aditya.
  - gh-107077: Seems that in some conditions, OpenSSL will return
    SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification
    verification has failed, but the error parameters will still
    contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are
    now detecting this situation and raising the appropiate
    ssl.SSLCertVerificationError. Patch by Pablo Galindo
  - gh-107396: tarfiles; Fixed use before assignment of
    self.exception for gzip decompression
  - gh-62519: Make gettext.pgettext() search plural definitions when
    translation is not found.
  - gh-83006: Document behavior of shutil.disk_usage() for
    non-mounted filesystems on Unix.
  - gh-106186: Do not report MultipartInvariantViolationDefect
    defect when the email.parser.Parser class is used to parse
    emails with headersonly=True.
  - gh-106831: Fix potential missing NULL check of d2i_SSL_SESSION
    result in _ssl.c.
  - gh-106774: Update the bundled copy of pip to version 23.2.1.
  - gh-106752: Fixed several bug in zipfile.Path in
    name/suffix/suffixes/stem operations when no filename is present
    and the Path is not at the root of the zipfile.
  - gh-106602: Add __copy__ and __deepcopy__ in enum
  - gh-106530: Revert a change to colorsys.rgb_to_hls() that caused
    division by zero for certain almost-white inputs. Patch by Terry
    Jan Reedy.
  - gh-106052: re module: fix the matching of possessive quantifiers
    in the case of a subpattern containing backtracking.
  - gh-106510: Improve debug output for atomic groups in regular
    expressions.
  - gh-105497: Fix flag mask inversion when unnamed flags exist.
  - gh-90876: Prevent multiprocessing.spawn from failing to import
    in environments where sys.executable is None. This regressed in
    3.11 with the addition of support for path-like objects in
    multiprocessing.
  - gh-106350: Detect possible memory allocation failure in the
    libtommath function mp_init() used by the _tkinter module.
  - gh-102541: Make pydoc.doc catch bad module ImportError when
    output stream is not None.
    ... changelog too long, skipping 124 lines ...
    data: *consumed was not set.

==== shaderc ====
Version update (2023.4 -> 2023.6)

- Update to release 2023.6
  * Build system updates only

==== sssd ====
Version update (2.9.1 -> 2.9.2)
Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap

- Update to release 2.9.2
  * sssctl cert-show and cert-show cert-eval-rule can now be run as
    non-root user.
  * New option local_auth_policy is added to control which offline
    authentication methods will be enabled by SSSD.

==== wireless-regdb ====
Version update (20230721 -> 20230901)

- Update to version 20230901:
  * wireless-regdb: update regulatory database based on preceding changes
  * wireless-regdb: Update regulatory rules for Australia (AU) for June 2023