Packages changed:
  conmon (2.1.9 -> 2.1.10)
  discover
  dracut (059+suse.530.gba7b6a35 -> 059+suse.533.g5a7cf9fa)
  fwupd
  jbigkit
  jq (1.7 -> 1.7.1)
  kdump
  krb5 (1.21.1 -> 1.21.2)
  libpwquality
  libssh2_org
  libstorage-ng (4.5.162 -> 4.5.163)
  metamail
  mozilla-nss (3.94 -> 3.95)
  mutter
  open-vm-tools
  perl-Bootloader (1.9 -> 1.10)
  podman
  python-hiredis (2.2.2 -> 2.3.2)
  python-lark (1.1.5 -> 1.1.8)
  python311
  python311-core
  rsync
  sudo (1.9.15p2 -> 1.9.15p4)
  systemd
  vim (9.0.2146 -> 9.0.2181)
  vte (0.74.1 -> 0.74.2)
  wtmpdb (0.9.3 -> 0.10.0)
  zbar

=== Details ===

==== conmon ====
Version update (2.1.9 -> 2.1.10)

- New upstream release 2.1.10
  Bug fixes:
  * Fix incorrect free in conn_sock (removes fix-incorrect-free-in-conn_sock.patch)
  * logging: Respect log-size-max immediately after open

==== discover ====
Subpackages: discover-backend-flatpak discover-backend-fwupd discover-backend-packagekit discover-lang discover-notifier

- Update appstream build requirement for compatibility with 1.0.0
  (boo#1217047)
- Remove obsolete version checks

==== dracut ====
Version update (059+suse.530.gba7b6a35 -> 059+suse.533.g5a7cf9fa)
Subpackages: dracut-ima

- Update to version 059+suse.533.g5a7cf9fa:
  * feat(dracut.sh): protect `push_host_devs` function
  * fix(dracut.sh): do not add device if `find_block_device` returns an error

==== fwupd ====
Subpackages: fwupd-bash-completion fwupd-lang libfwupd2 typelib-1_0-Fwupd-2_0

- Own %{_modulesloaddir}: used to be present via udev-mini -> kmod
  - > suse-module-tools dependency before.

==== jbigkit ====

- security update
- added patches
  fix CVE-2022-1210 [bsc#1198146], Malicious file leads to a denial of service in TIFF File Handler
  + jbigkit-CVE-2022-1210.patch

==== jq ====
Version update (1.7 -> 1.7.1)
Subpackages: libjq1

- Update to version 1.7.1
  Security
  * Fix CVE-2023-50246 (boo#1218034)
    + Fix heap buffer overflow in jvp_literal_number_literal.
  * Fix CVE-2023-50268 (boo#1218038)
    fix stack-buffer-overflow if comparing nan with payload.
  CLI changes
  * Make the default background color more suitable for bright
    backgrounds.
  * Allow passing the inline jq script after --.
  * Fix possible uninitialised value dereference if jq_init() fails
  Language changes
  * Simplify paths/0 and paths/1.
  * Reject U+001F in string literals.
  * Remove unused nref accumulator in block_bind_library.
  * Remove a bunch of unused variables, and useless assignments.
  * main.c: Remove unused EXIT_STATUS_EXACT option.
  * Actually use the number correctly casted from double to int as
    index.
  * src/builtin.c: remove unnecessary jv_copy-s in
    type_error/type_error2.
  * Remove undefined behavior caught by LLVM 10 UBSAN.
  * Convert decnum to binary64 (double) instead of decimal64.
    This makes jq behave like the JSON specification suggests and
    more similar to other languages.
  * Fix memory leaks on invalid input for ltrimstr/1 and
    rtrimstr/1.
  * Fix memory leak on failed get for setpath/2.
  * Fix nan from json parsing also for nans with payload that
    start with 'n'.
  * Allow carriage return characters in comments.
  Documentation changes
  * Generate links in the man page.
  libjq
  * Add extern C for C++.

==== kdump ====

- Update calibrate values for riscv64

==== krb5 ====
Version update (1.21.1 -> 1.21.2)

- update to 1.21.2 (bsc#1218211, CVE-2023-39975):
  * Fix double-free in KDC TGS processing [CVE-2023-39975].

==== libpwquality ====
Subpackages: libpwquality-lang libpwquality-tools libpwquality1 pam_pwquality

- add: prereq "pam-config" in baselibs.conf
  * post scriptlet in pam_pwquality-32bit runs: pam-config

==== libssh2_org ====

- Security fix: [bsc#1218127, CVE-2023-48795]
  * Add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack"
  * Add libssh2_org-CVE-2023-48795.patch

==== libstorage-ng ====
Version update (4.5.162 -> 4.5.163)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1

- merge gh#openSUSE/libstorage-ng#970
- consistent (and original) naming of bcache operations
- coding style
- improved logging
- updated integration tests
- fixed typo
- 4.5.163

==== metamail ====

- Have fixed date in mgrep.1 (boo#1047218)

==== mozilla-nss ====
Version update (3.94 -> 3.95)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs

- update to NSS 3.95
  * bmo#1842932 - Bump builtins version number.
  * bmo#1851044 - Remove Email trust bit from Autoridad de Certificacion
    Firmaprofesional CIF A62634068 root cert.
  * bmo#1855318 - Remove 4 DigiCert (Symantec/Verisign) Root Certificates
  * bmo#1851049 - Remove 3 TrustCor Root Certificates from NSS.
  * bmo#1850982 - Remove Camerfirma root certificates from NSS.
  * bmo#1842935 - Remove old Autoridad de Certificacion Firmaprofesional
    Certificate.
  * bmo#1860670 - Add four Commscope root certificates to NSS.
  * bmo#1850598 - Add TrustAsia Global Root CA G3 and G4 root certificates.
  * bmo#1863605 - Include P-384 and P-521 Scalar Validation from HACL*
  * bmo#1861728 - Include P-256 Scalar Validation from HACL*.
  * bmo#1861265 - After the HACL 256 ECC patch, NSS incorrectly encodes
    256 ECC without DER wrapping at the softoken level
  * bmo#1837987 - Add means to provide library parameters to C_Initialize
  * bmo#1573097 - clang format
  * bmo#1854795 - add OSXSAVE and XCR0 tests to AVX2 detection.
  * bmo#1858241 - Typo in ssl3_AppendHandshakeNumber
  * bmo#1858241 - Introducing input check of ssl3_AppendHandshakeNumber
  * bmo#1573097 - Fix Invalid casts in instance.c

==== mutter ====
Subpackages: mutter-lang

- Add mutter-fix-text-input-delete-surrounding.patch: text-input-v3
  requrires byte based offset but Clutter uses char based offset
  for delete_surrounding_text, fix it by converting before passing
  arguments (glgo#GNOME/mutter#2146, glgo#GNOME/mutter!2712).

==== open-vm-tools ====
Subpackages: libvmtools0 open-vm-tools-desktop

- Own %{_modulesloaddir}: used to be present via udev-mini -> kmod
  - > suse-module-tools dependency before.

==== perl-Bootloader ====
Version update (1.9 -> 1.10)

- merge gh#openSUSE/perl-bootloader#160
- fix 'pbl --version' to show correct version number
- 1.10

==== podman ====

- Refactor network backend dependencies:
  * podman requires either netavark or cni-plugins. On ALP, require
    netavark, otherwise prefer netavark but don't force it.
  * This fixes missing cni-plugins in some scenarios
  * Default to netavark everywhere where it's available

==== python-hiredis ====
Version update (2.2.2 -> 2.3.2)

- update to 2.3.2:
  * Added Python 3.12 to test matrix and classifiers (#174)
  * Linking to Redis learning resources (#173)
  * Updating client license to clear, MIT (#170)
  * Integrating spellcheck into CI (#169)
  * hiredis 1.2.0 support, versioning as 2.3.0 (#168)
  * Fix including tests in sdist (#166)
  * Use absolute imports and remove __init__.py from tests.
  * Implement garbage collection support in Reader (#162) (#163)

==== python-lark ====
Version update (1.1.5 -> 1.1.8)

- update to 1.1.8:
  * Populate the `Token.end_*` fields for ignored tokens
  * Include .lark files in package data
  * Add an error message when using Lark.save() when
    parser!='lalr'
  * Add and improve docstrings
  * Small update to PR #1338
  * Fix 1345 attempt two
  * Earley now uses OrderedSet for better output stability
  * ContextualLexer now uses self.basic_lexer for easy
    extensibility (iss…
  * Improved typing around LALR and ParserState
  * Typing fixes. Mypy now produces 0 type errors
  * Standalone: Added support for interactive parser.
- update to 1.1.7:
  * Bugfix in propagate_positions (issue #1304)
- update to 1.1.6:
  * Added strict-mode, enabled by `strict=True`, implemented
    using interegular by @MegaIng
  * Read more here: https://lark-
    parser.readthedocs.io/en/latest/how_to_use.html#strict-mode
  * Cache: Replace md5 hashing with sha256.
  * Support for Python-style comments in Lark grammar
  * Updates to python.lark
  * Bugfixes and cleanup

==== python311 ====
Subpackages: python311-curses python311-dbm

- Refresh CVE-2023-27043-email-parsing-errors.patch to
  gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
- Thus we can remove Revert-gh105127-left-tests.patch, which is
  now useless.

==== python311-core ====
Subpackages: libpython3_11-1_0 python311-base

- Refresh CVE-2023-27043-email-parsing-errors.patch to
  gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
- Thus we can remove Revert-gh105127-left-tests.patch, which is
  now useless.

==== rsync ====

- Moved rsyncd.conf and rsyncd.secrets to /usr/etc.
  * Add rsync-usr-etc.patch

==== sudo ====
Version update (1.9.15p2 -> 1.9.15p4)
Subpackages: sudo-plugin-python

- For existing products (SLE15-SP* and older) keep using /etc and don't
  switch to /usr/etc. So only SLES16/ALP, Tumbleweed and newer products
  will use both /etc and /usr/etc locations.
- Update to 1.9.15p4:
  * Fixed a bug introduced in sudo 1.9.15 that could prevent a user’s
    privileges from being listed by sudo -l if the sudoers entry
    in /etc/nsswitch.conf contains [SUCCESS=return]. This did not affect the
    ability to run commands via sudo. Bug #1063.
- Update to 1.9.15p3:
  * Always disable core dumps when sudo sends itself a fatal signal. Fixes a
    problem where sudo could potentially dump core dump when it re-sends the
    fatal signal to itself. This is only an issue if the command   * received
    a signal that would normally result in a core dump but the command did
    not actually dump core.
  * Fixed a bug matching a command with a relative path name when the sudoers
    rule uses shell globbing rules for the path name. Bug #1062.
  * Permit visudo to be run even if the local host name is not set. GitHub
    issue #332.
  * Fixed an editing error introduced in sudo 1.9.15 that could prevent
    sudoreplay from replaying sessions correctly. GitHub issue #334.
  * Fixed a bug introduced in sudo 1.9.15 where sudo -l > /dev/null could hang
    on Linux systems. GitHub issue #335.
  * Fixed a bug introduced in sudo 1.9.15 where Solaris privileges specified
    in sudoers were not applied to the command being run.

==== systemd ====
Subpackages: libsystemd0 libudev1 systemd-boot systemd-coredump systemd-doc systemd-lang udev

- udev: only require kmod in the full flavor. udev-mini is only
  used inside OBS in a strictly defined setup and udev will never
  have to load device drivers there.
- Import commit 071ac409a0564863657d8f8a5a35e6a4f914695f
  071ac409a0 rules: set up tty permissions and group for /dev/hvc* nodes
  f693b3ed8a vconsole-setup: remember the correct error value when open_terminal() fails
  963d838bad vconsole-setup: handle the case where the vc is in KD_GRAPHICS mode more gracefully (bsc#1215282)
  6f53f71d2d vconsole-setup: simplify error handling

==== vim ====
Version update (9.0.2146 -> 9.0.2181)
Subpackages: vim-data vim-data-common vim-small xxd

- update to 9.0.2181:
  * Vim9: missing error messages
  * update helptags
  * POSIX function name in exarg causes issues
  * no filetype detection for execline scripts
  * reg_executing() wrong for :normal with range
  * Wrong cursor position when dragging out of window
  * Update Serbian messages translation
  * runtime(netrw): prevent E11 on FocusGained autocommand
  * Update Japanese translation
  * runtime(8th): updated 8th syntax
  * change dependabot prefix to "CI"
  * Update change.txt
  * Compile error with Motif UI + mouse support
  * Create Changelog until v9.0.2175
  * Update Italian translations
  * Update tmux syntax rules
  * Update Turkish translations
  * Compiler warning for uninitialized var
  * update fortran syntax rules and doc notes
  * Vim9: segfault when assigning to type
  * remove deprecation warning for gdefault
  * Vim9: crash when compiling for statement and non-existing type
  * Vim9: compiling :defer may fail
  * Updated Irish translation
  * Update Logtalk runtime files for the latest language spec
  * update Racket runtime files
  * Update colorschemes
  * The options[] array is still not sorted alphabetically
  * Vim9: no support for const/final class/objects vars
  * Vim9: builtin funcs may accept a non-value
  * Moving tabpages on :drop may cause an endless loop
  * sync runtime files with upstream
  * grammar & typo fixes
  * add Tbreak command
  * Vim9: not consistently using :var for declarations
  * Memory leak in Configure Script when checking GTK
  * Vim9: can simplify arg type checking code
  * Vim9: can use type a func arg/return value
  * escape curdir in BrowseUpDir
  * Vim9: type can be assigned to list/dict
  * Vim9: type documentation out-dated
  * Vim9: not able to use imported interfaces and classes
  * instanceof() should use varargs as second arg
  * Update syntax file, fix missing for highlight
  * screenpos() may crash with neg. column
  * [security]: use-after-free in check_argument_type
  * Vim9: incorrectly parses :def func definitions
  * Vim9: can use typealias in assignment
  * ft detection maybe wrong if 'fic' set for *.[CH]
  * re-generate helptags
  * do not set b:did_ftplugin before sourcing scala ftplugin(#13657)
  * Fix `w:netrw_bannercnt` ref error with `netrw_fastbrowse=2`
  * fix examples in comments for JSON formatting
  * Add json formating plugin (Issue #11426)
  * Update syntax file
  * link cmdline completion to to |wildcards| and fix typos
  * Update eval.txt
  * Vim9: type not kept when assigning vars
  * The option[] array is not sorted
  * unlet b:filetype_in_cpp_family for cpp & squirrel
  * fix typo in change.txt
  * update syntax and ftplugins
  * Update syntax file and syntax test
  * Sort options.txt alphabetically
  * update todo items
  * sort option-list alphabetically
  * no support to build on OpenVMS
  * Using type unknown for List/Dict containers
  * 'breakindent' is not drawn after diff filler lines
  * remove non-existent parameter in shift-command
  * Using int for errbuflen in option funcs
  * [security]: use-after-free in exec_instructions()
  * Vim does not detect pacman.log file
  * reference 'go-!' inside os_win32.txt for !start
  * Type check tests fail without the channel feature

==== vte ====
Version update (0.74.1 -> 0.74.2)
Subpackages: libvte-2_91-0 vte-lang

- Update to version 0.74.2:
  * lib,bidi: Work on the heap rather than the stack
  * stream: Fix a rare corruption when advancing the tail
  * widget: Fix initial cursor blink state
  * build: Post release version bump

==== wtmpdb ====
Version update (0.9.3 -> 0.10.0)
Subpackages: libwtmpdb0

- Update to version 0.10.0
  - last: support matching for username and/or tty

==== zbar ====

- security update:
  * CVE-2023-40889 [bsc#1214770]
    Fix heap based buffer overflow in qr_reader_match_centers()
    + zbar-CVE-2023-40889.patch
  * CVE-2023-40890 [bsc#1214771]
    Fix stack based buffer overflow in lookup_sequence()
    + zbar-CVE-2023-40890.patch