Removed rpms
============

 - libbpf0
 - libbpf0-32bit
 - libcamel-1_2-62
 - libcamel-1_2-62-32bit
 - libedataserver-1_2-24
 - libedataserver-1_2-24-32bit
 - libedataserverui-1_2-2
 - libedataserverui-1_2-2-32bit
 - liblmdb-0_9_17
 - liblmdb-0_9_17-32bit
 - qemu-doc
 - qemu-img
 - qemu-pr-helper
 - virtiofsd

Added rpms
==========

 - csp-billing-adapter-service
 - libetebase-devel
 - libetebase0
 - libmariadbd104-devel
 - liboqs-devel-32bit
 - liboqs3-32bit
 - libsybdb5-32bit
 - libtdsodbc0-32bit
 - mariadb104
 - mariadb104-bench
 - mariadb104-client
 - mariadb104-errormessages
 - mariadb104-galera
 - mariadb104-rpm-macros
 - mariadb104-test
 - mariadb104-tools
 - python3-csp-billing-adapter
 - python3-csp-billing-adapter-amazon
 - python3-csp-billing-adapter-local
 - python3-csp-billing-adapter-microsoft
 - qemu-sgabios
 - raspberrypi-firmware-config-camera
 - suma-amazon-adapter-config-llc
 - suma-amazon-adapter-config-ltd
 - suma-azure-adapter-config-llc

Package Source Changes
======================

GraphicsMagick
-- security update
+- revert to 1.3.40 [bsc#1214831]
+  https://sourceforge.net/p/graphicsmagick/news/2023/08/because-1341-is-discarded-i-has-been-published-2-builds-for-win32-architecture/
+- modified patches
+  % GraphicsMagick-disable-insecure-coders.patch (refreshed)
+- deleted patches
+  - GraphicsMagick-fix-regression-NULL-instead-of-empty-string.patch (not needed)
+  - GraphicsMagick-name-key-return-input-file-base-name.patch (not needed)
+
+- fix regression in 1.3.41
+  https://sourceforge.net/p/graphicsmagick/bugs/722/
-  fix CVE-2022-1270 [bsc#1198351], Heap buffer overflow when parsing MIFF
-  + GraphicsMagick-CVE-2022-1270.patch
+  fix 17179:91afa18a6161
+  + GraphicsMagick-fix-regression-NULL-instead-of-empty-string.patch
+  fix 17180:bb42cd90ce6f
+  + GraphicsMagick-name-key-return-input-file-base-name.patch
+
+- version update to 1.3.41
+  Bug fixes:
+  * Blob: Immediately reject attempts to write blobs to formats which
+    can not support blobs.
+  * TranslateTextEx(): An empty string argument should return an empty
+    string rather than a NULL string.
+  * SetImageAttribute(): Fix bounds issue when concatenating string.
+  * JPEG: Do not set image resolution if the values provided are outside
+    of the valid range.
+  * Fixes for NaN when reading formats based on floating point.
+  * HEIF: Fix reading images with rotation/transformation.
+  * BMP: Do not decode primaries or gamma unless colorspace is
+    LCS_CALIBRATED_RGB.  Add/correct bmp_info.size "biSize" logic which
+    decides if header chunks are present (or invalid).
+  * MNG: Fixes for resizing using X_method 5.
+  * GM command (convert, montage, mogrify): Many command-line parser
+    fixes/checks for invalid command line syntax which causes unexpected
+    behavior, or core dumps.
+  * TopoL: Given that a writer is now provided, issues found in the
+    reader (and writer) due to continual fuzz-testing have been fixed,
+    as encountered.
+  * GetImageClippingPathAttribute(): Check for and use clipping path
+    name (ID=2999) to get the real attribute name.
+  * ReadIPTCProfile(): Fix malformed IPTC data parsing.
+  New Features:
+  * TopoL: Now provides a writer.
+  * WPG: Now provides a writer.
+  * gm batch: Implement simple Test Anything Protocol (TAP) test
+    counting and "ok N"/"not ok N" messaging.
+  * TIFF: Support '-define tiff:photometric=minisblack' and '-define
+    tiff:photometric=miniswhite' to be able to adjust the sense used
+    when writing bilevel TIFF images.
+  * TIFF: Require that TIFFTAG_EXTRASAMPLES be used appropriately to
+    indicate the intention of extra channels.
+  * utilities/tests/gen-tiff-images/genimages: Script for writing (and
+    then reading) thousands (5568 permutations) of TIFF format variants.
+  * EXIF and PNG: Retrieve image orientation from EXIF (if present) and
+    store in image.
+  * HEIF: Retrieve image orientation from EXIF and store in image.
+  Behavior Changes:
+  * The ability to extend existing image attribute text by calling
+    SetImageAttribute() multiple times with the same key is now
+    deprecated, and will soon be removed.  In the mean time, the
+    annoying message "SetImageAttribute: Extending attribute value text
+    is deprecated!"  is printed to the standard error output to help
+    expose code which is using this feature.
+- modified patches
+  % GraphicsMagick-disable-insecure-coders.patch (refreshed)
+- deleted patches
+  - strlcpy-wrong-sizing.patch (upstreamed)
+
+- add strlcpy-wrong-sizing.patch: fix incorrect usages of
+  strlcpy and strlcat detected by glibc 2.38's fortify
+
+- clean up old conditionals
+
+- version update to 1.3.40
+  * GetMagickGeometry(): Fix a scaling issue where dimensions could be
+    scaled down to zero.
+  * PCD: Handle writing image with a dimension of 1.
+  * PNG: When writing, use lower-case raw profile identifiers (e.g. 'Raw
+    profile type xmp') because exiftool expects that.
+  * SUN: The sense of monochrome images was inverted.  Fix scanline size
+    calculation.
+  * WPG: Fix 20-year old bug in WPG header reading.
+  New Features:
+  * JXL: Decode and log extra channel information.  This information is
+    not yet used.
+  * PCX and DCX: Support writing uncompressed format (use -compress none
+    for no compression).
+  * Added IM1, IM8, and IM24 magick aliases for the Sun Raster format
+    since those are the historically correct extensions.
+  API Updates:
+  * AppendImageToList() now updates the image list pointer to be the
+    image which was just added.  Use GetFirstImageInList() when the
+    pointer to the first image in the list is needed.
+
+- version update to 1.3.39
+  Special Issues:
+  * GraphicsMagick really does need some additional productive
+    volunteers.  For several years now, the burden has entirely been on
+    me (Bob Friesenhahn).  I have been sheparding the project for 20
+    years already (and contributed to ImageMagick and GraphicsMagick
+    combined for 26 years already).  It is not reasonable to expect
+    someone with a full time job (and expecting to retire in a few
+    years) to do all of the work.
+  Security Fixes:
+  * GraphicsMagick is participating in Google's oss-fuzz project since
+    February 4 2018 due to the contributions and assistance of Alex
+    Gaynor and Paul Kehrer. The issues list is available at
+    https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
+    "graphicsmagick".  Issues are available for anyone to view and
+    duplicate if they have been in "Verified" status for 30 days, or if
+    they have been in "New" status for 90 days.  Please consult the
+    GraphicsMagick ChangeLog file, Mercurial repository commit log, and
+    the oss-fuzz issues list for details.
+  Security Fixes:
+  * oss-fuzz: Several security fixes originating from oss-fuzz testing.
+  * ALL: Replace strcpy() with strlcpy(), replace strcat() with
+    strlcat(), replace sprintf() with snprintf().  Prefer using bounded
+    string functions.  This change is made for the purpose of increasing
+    safety than to address any existing demonstrated concern.
+  Bug fixes:
+  * Coverity: Several fixes for issues found by Coverity to reduce the
+    number of reported issues back down to zero.
+  * Clang Analyzer 12: Fix most discovered issues.
+  * PNG: Fix possible use of uninitialized 'ping_num_trans' value in
+    ReadOnePNGImage().
+  * MinGW: Eliminate overwrite of existing _MSC_VER value in MinGW compile.
+  * MNG: Fix heap-use-after-free in CloseBlob.
+  * MNG: Fix indirect leak in MagickMallocCleared().
+  * PS: Assure that 'bounds' structure is initialized.
+  * EPT: Assure that 'bounds' structure is initialized.
+  * HEIF: If heif_image_handle_get_metadata_size() returns 0, then
+    carrying on with reading image data.
+  * configure.ac: Fix Bashism in maintainer-mode check.
+  * TGA: Remove a defective validation of comment length, which blocked
+    reading some sample TGA files from the "Encyclopedia Of Graphics
+    File Formats" book.  Monochromatic bilevel TGA can now be read and
+    written.  TGA "Footers" are now read and used when logging as well
+    as converted to Image attributes.
+  * WebP: Add configure.ac updates to check for libsharpyuv so that
+    builds with the development version work again.
+  * Visual Studio Build (VisualMagick): Fix project file generation.
+    Improve portability of code for configure.exe.
+  * Fixed mixed encoding (non-UTF-8) errors in text and source files.
+  * DrawPrimitive(): Fix composition using "0,0" for image size.  This
+    became broken in GraphicsMagick 1.3.36.
+  * Blob API: Fixed SEEK_END validation.  SEEK_END was not used before,
+    but now it is.
+  New Features:
+  * AVIF: Support reading AVIF via libheif if it supports decoding AVIF
+    (still no writer support).
+  * LOG: Added function IsEventLogged() to report if a particular event
+    will be logged.  Us this as much as possible throughout the software
+    to replace use of IsEventLogging().  This avoids a possible
+    performance hit if any logging is enabled at all and logging
+    statements are executed which are filtered and produce no output.
+  * FITS: Support storing multiple scenes in one file (non-standard
+    extension).
+  * JPEG: Optionally enable arithmetic coder in JPG images using
+    '-define jpeg:arithmetic-coding=true'.
+  * JPEG: Add support for reading deep gray images.
+  * HEIF: Support reading ICC color profiles.
+  * Produce ASCII armored ".asc" format GPG signature files.
+  * Support reading directly from .bz2, .gz, .svgz, and .Z files
+    (without creating a temporary file), if possible.
+  API Updates:
+  * Magick++: Provide a version of Image::colorMapSize() which is a
+    'const' method.  Continue to provide the non-const version in order
+    to avoid an ABI change.  The compiler should choose the appropriate
+    version.
+  Feature improvements:
+  * HTML documentation generation based on Docutils is significantly
+    updated and improved.
+  * PerlMagick: Added more sample input files and changed many reader
+    tests to use hash signature rather than comparison to reduce the
+    distribution size.
+  * Blob: The ReadBlobString() function has been re-written to perform
+    better when reading from files.
+  * JXL: The JXL coder is updated to compile with what will likely
+    become JXL 0.8.0.  Support for 16-bit 'short' samples, 16-bit
+    'float' samples, and 32-bit float samples added.  Support for
+    reading and writing ICC, EXIF, and XMP profiles added.
+  * MIME: GM "magick" to MIME mappings have been added for apng, avif,
+    bmp, ico, and webp (regardless of if they are supported).
+  * XPM: The XPM reader performance is dramatically improved and is
+    observed to be 32x faster when reading a medium-sized XPM file
+    (e.g. the GraphicsMagick logo).
+  * XPM: Support reading "deep" images with more pallete entries than
+    the maximum colormap size.
+  Windows Delegate Updates/Additions:
+  * Update bundled libjasper to version 1.900.26. Please note that 4.0.0
+    is the latest version at this time and fixes a great many security
+    and stability issues which are present in 1.900.26.
+  * Update bundled libjpeg to version 9e.
+  * Update bundled libtiff to version 4.5.0.
+  Build Changes:
+  * MSVC: Added porting function to emulate C'99 snprintf for MSVC older
+    than 2015.
+  * MSVC: Successfully compiles using Visual Studio 2008 and 2019.
+    Compiles successfully using Visual Studio 2022 if optimization is
+    disabled (otherwise there is an internal compiler error in effect.c).
+- Enable JPEG-XL on Tumbleweed.
+
+- version update to 1.3.38
+  Special Issues:
+  * The FTP site ftp.graphicsmagick.org is now shut down due to a lack
+    of bandwith, extremely abusive users (including from Google and
+    customers of Amazon Web Services), and a lack of support from the
+    user community.  Another factor is that FTP support has been removed
+    from popular web browsers.  This is very unfortunate since the site
+    served multiple usages, including providing a lot of historical data
+    (e.g. related to PNG) which may not be available elsewhere.
+  * GraphicsMagick really does need some additional productive
+    volunteers.  For several years now, the burden has entirely been on
+    me (Bob Friesenhahn).  I have been sheparding the project for 20
+    years already (and contributed to ImageMagick and GraphicsMagick
+    combined for 26 years already).  It is not reasonable to expect
+    someone with a full time job (and expecting to retire in a few
+    years) to do all of the work.
+  Security Fixes:
+  * GraphicsMagick is participating in Google's oss-fuzz project due to
+    the contributions and assistance of Alex Gaynor. Since February 4
+    2018, ??? issues have been opened by oss-fuzz and ?? issues remain
+    open.  The issues list is available at
+    https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
+    "graphicsmagick".  Issues are available for anyone to view and
+    duplicate if they have been in "Verified" status for 30 days, or if
+    they have been in "New" status for 90 days.  Please consult the
+    GraphicsMagick ChangeLog file, Mercurial repository commit log, and
+    the oss-fuzz issues list for details.
+  Bug fixes:
+  * Documentation: Generator scripts in 'doc' directory now produce
+    similar results using GNU sed and Solaris/Illumos sed and don't
+    produce warnings.
+  * JNG: Fixes to error handling to avoid temporary file leaks and
+    avoiding returning a broken image.
+  * JPEG: Always store embedded profiles in image, even if in 'ping'
+    mode.
+  * MAT: Change from using 'int' for sizes/offsets to using 'size_t' and
+    check all related calculations for overload.
+  * MIFF: Fix heap buffer overflow which may be provoked in builds with
+    BZLIB support.
+  * MogrifyImage() and Magick::Image::trim(): Trim requires
+    NorthWestGravity.
+  * PICT: Fixed a heap overflow.
+  * PerlMagick: Fix issue that image fill attribute had its opacity
+    reset to transparent so it could not be usefully set at image scope.
+  * Test Suite: Fixed portability issue related to 'sed' which broke
+    utilities/tests/convert.tap test script.
+  * WPG: Fix incorrect TrX and TrY elements in CTM.
+  New Features:
+  * Added support for a 'Read' resource limit (e.g. '-limit read 5mb').
+    This allows the user to specify a hard limit for how much data may
+    be read from a file, read from a pipe, or decompressed from a file
+    (e.g gzip or bzip2) before a hard error is reported.  This resource
+    limit is a useful alternative to completely disabling support for
+    compressed files using the --disable-compressed-files option and it
+    provides more protections as well.
+  * Added support for reading HEIF/HEIC format.
+  * Added support for reading and writing JPEG XL format.
+  * Support for JasPer 3.0.0 is completed.  Upgrading to JasPer 3.0.0 is
+    strongly recommended due to its many security fixes and integration
+    with GraphicsMagick's resource-limited memory allocator.
+  * PNG: Support the define png:chunk-malloc-max=limit in order to allow
+    reading PNG files which report "chunk data is too large" or to
+    reduce the default limit.
+  * compare: Added support for the '-compress' option.
+  * compare: Added support for the '-auto-orient' option.  This tries to
+    assure that the two images are right-side up before comparing.
+  API Updates:
+  * Magick++: Support the new 'ReadResource' enumeration.
+  Feature improvements:
+  * JPEG: Implement more efficient way to append JPEG profile chunks.
+  * Resource Limited Memory: The resource limited memory allocator now
+    maintains useful statistics such as a tally of the total number of
+    octets moved by realloc.
+  Windows Delegate Updates/Additions:
+  * None
+  Build Changes:
+  * In maintainer mode, the configure script searches for a GnuPG 'gpg'
+    program to use for signing snapshot releases and uses this to
+    support PGP-signed development snapshots.
+  Behavior Changes:
+  * None
+  * fixes CVE-2022-1270 [bsc#1198351]
+- modified patches
+  % GraphicsMagick-disable-insecure-coders.patch (refreshed)
+
+- version update to 1.3.37
+  * bug fix release, see NEWS.txt
+- modified patches
+  % GraphicsMagick-disable-insecure-coders.patch (refreshed)
+- added sources
+  + GraphicsMagick-1.3.37.tar.xz.sig
+
+- version update to 1.3.36
+  Security Fixes:
+  * fix issues found by oss-fuzz project
+  * WPG: Fixes for heap buffer overflow.
+  Bug fixes:
+  * ConstituteImage(): Set image depth appropriately based on the
+    storage size specified by StorageType and QuantumDepth.
+  * GetImageBoundingBox(): Fix problem that MagickTrimImage with extreme
+    fuzz values could produce an image with negative width.
+  * ImageToFile(): Improve error handling to avoid possible deferred
+    deletion of temporary files, causing unexpected excessive use of
+    temporary file space.
+  * JNG: Add validations for alpha compression method values and use
+    this information to enforce decoding using the appropriate
+    sub-format (rather than auto-detecting the format).  Also, address
+    memory leaks which may occur if the sub-decoder does something other
+    than was expected.
+  * MagickCondSignal(): Improvements to conditional signal handler
+    registration (which avoids over-riding signal handlers previously
+    registered by an API user).
+  * ModifyCache(): Fix memory leak.
+  * ReadCacheIndexes(): Don't blunder into accessing a null pointer if
+    the using code has ignored a previous error report bubled-up from
+    SetNexus().
+  * MNG: When doing image scaling and the image width or height is 1
+    then always use simple pixel replication as per the MNG
+    specification.
+  * MVG: Fixes to 'push clip-path foo' and 'pop clip-path foo' parsing
+    to eliminate a class of malign behavior.
+  * MVG: Place an aribrary limit on stroke dash polygon unit maximum
+    length in order to avoid possibly rendering "forever".
+  * PCL: No longer attempt to handle reading HP PCL format via the
+    external 'hp2xx' program since it seems worthless for that task.
+  * PS: Fix corrupt image when writing PseudoClass image with a colormap
+    larger than two entries as bilevel.
+  * SVG: Memory leak fixes.
+  * SVG reader: Now support 'ping' support so the identify command works
+    as expected.
+  * TIFF: WEBP compression only supports a depth of 8 so force that
+    value.
+  * Wand MagickSetSamplingFactors(): Correct formatting of sampling
+    factors string.
+    New Features:
+  * Logging is now fully programmable.
+  * DPX format: Support dpx:swap-samples-read define which behaves
+    similar to dpx:swap-samples, but is only applied when reading, as
+    well as dpx:swap-samples-write, which is only applied when
+    writing. This provides for use when there is both reading and
+    writing in the same operation (otherwise the final result was no
+    effect!).
+  API Updates:
+  * magick/api.h: Add "magick/enum_strings.h" to API headers.
+  * New log settings accessor C functions: SetLogDefaultFileName(),
+    SetLogDefaultFormat(), SetLogDefaultOutputType(),
+    SetLogDefaultLogMethod(), SetLogDefaultLimit(),
+    SetLogDefaultGenerations(), SetLogDefaultEventType().  These
+    functions allow a program to set the same parameters which may be
+    set by loading a "log.mgk" function.  If a default logging callback
+    was provided via SetLogDefaultLogMethod() such that MethodOutput is
+    used, then the search for a "log.mgk" is avoided entirely.
+  * New log settings accessor C++ functions: SetLogDefaultFileName(),
+    SetLogDefaultFormat(), SetLogDefaultOutputType(),
+    SetLogDefaultLogMethod(), SetLogDefaultLimit(),
+    SetLogDefaultGenerations(), SetLogDefaultEventType().  These C++
+    functions just pass through to the equivalent C functions and
+    provide the same benefits.
+  * A simple resource-limit respecting memory allocator has been
+    developed for internal use wherever arbitrarily-large amounts of
+    memory might be requested.  This will gradually be added wherever it
+    appears to be needed.  The memory resource limits are at the overall
+    process level.  The MVG/SVG rendering code is updated to use this
+    new allocator.  Almost all of the coders (image format
+    readers/writers) have now been updated to use this new allocator.
+    This means that '-limit memory 300MB' would be more complete and
+    meaningful now.  Temporary allocations by the image processing
+    algorithms (other than for the images themselves) are still not
+    accounted for in the resource limiting.
+  * MVG Renderer / DrawImage(): Use resource-limit respecting memory
+    allocators for remaining large memory allocations.
+  * PNG writer: Don't skip optional Exif identifier code if it isn't present.
+  * DPX reader/writer: decode/encode of 10-bit packed DPX is now twice
+    as fast due to code simplification.
+  * TIFF reader: Apply the same resource limits to TIFF tile sizes as
+    apply to the image itself.
+- deleted patches
+  - GraphicsMagick-CVE-2020-12672.patch (upstreamed)
LibVNCServer
+- version update to 0.9.14
+  [#]# Overall changes:
+  * Added more documentation (build system integration, repeater setup) and a legal FAQ.
+  * Added [contribution guidelines](CONTRIBUTING.md).
+  * Ported the TravisCI continous integration machinery to GitHub workflows.
+  [#]# LibVNCServer/LibVNCClient:
+  * Added [qemu extended key event].
+  * Fixed several potential multiplication overflows.
+  [#]# LibVNCClient:
+  * Fixes of several memory leaks and buffer overflows.
+  * Added UltraVNC's MSLogonII authentication scheme.
+  * Fixed TLS interoperability with GnuTLS servers.
+  * Fixed detection of newer UltraVNC and TightVNC servers.
+  * Added support for [SetDesktopSize].
+  * Added SSH tunneling example using libssh2.
+  * Added some extensions to VeNCrypt in order to be compatible with a wider range of servers.
+  [#]# LibVNCServer:
+  * Fixes to the multi-threaded server implementation which should be a lot more sound now.
+  * Fixed TightVNC-filetransfer file upload for 64-bit systems.
+  * Fixes of crashes in the zlib compression.
+  * Added support for [UTF8 clipboard data].
+  * Fixed visual artifacts in framebuffer on ARM platforms.
+  * Fixed several WebSockets bugs.
+  * Fixed the UltraVNC-style repeater example.
+  * Added support for larger framebuffers (two 4k screens possible now).
+  * Added support for timeouts for outbound connections (to repeaters for instance).
+  * Fixed out-of-bounds memory access in Tight encoding.
+- modified patches
+  % 0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch (refreshed)
+  % 0002-libvncserver-Add-channel-security-handlers.patch (refreshed)
+- deleted patches
+  - 0001-libvncserver-don-t-NULL-out-internal-of-the-default-.patch (upstreamed)
+  - 0003-libvncserver-auth-don-t-keep-security-handlers-from-.patch (upstreamed)
+  - 0004-zlib-Clear-buffer-pointers-on-cleanup-444.patch (upstreamed)
+  - LibVNCServer-CVE-2020-29260.patch (upstreamed)
+
MozillaFirefox
+- Mozilla Firefox ESR 115.3.1 ESR
+  MFSA 2023-44 (bsc#1215814)
+  * CVE-2023-5217: Heap buffer overflow in libvpx
+
+- Firefox Extended Support Release 115.3.0 ESR
+  Placeholder changelog-entry
+- Mozilla Firefox ESR 115.3
+  MFSA 2023-42 (bsc#1215575)
+  * CVE-2023-5168: (bmo#1846683)
+    Out-of-bounds write in FilterNodeD2D1
+  * CVE-2023-5169: (bmo#1846685)
+    Out-of-bounds write in PathOps
+  * CVE-2023-5171: (bmo#1851599)
+    Use-after-free in Ion Compiler
+  * CVE-2023-5174: (bmo#1848454)
+    Double-free in process spawning on Windows
+  * CVE-2023-5176: (bmo#1836353, bmo#1842674, bmo#1843824,
+    bmo#1843962, bmo#1848890, bmo#1850180, bmo#1850983,
+    bmo#1851195)
+    Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3,
+    and Thunderbird 115.3
+- Add patch mozilla-fix-broken-ffmpeg.patch to fix broken build
+  with newer binutils (bsc#1215309)
+
alsa
+- More upstream fix for incosistent compile conditions:
+  0004-reshuffle-included-files-to-include-config.h-as-firs.patch
+
+- Upstream fix backport:
+  0002-global.h-move-__STRING-macro-outside-PIC-ifdef-block.patch
+- Upstream fix for PCM segfault regression (bsc#1215167):
+  0003-pcm-Fix-segfault-with-32bit-libs.patch
+
+- Update to version 1.2.10 (jsc#PED-6566):
+  * MIDI 2.0 feature support
+  * build fixes for various platforms
+  * various documentation fixes
+  * misc topology fixes
+  * ucm fixes and cleanups
+  For details, see:
+    https://www.alsa-project.org/wiki/Changes_v1.2.9_v1.2.10#alsa-lib
+- Took upstream fix for possible build errors:
+  0001-control.h-Fix-ump-header-file-detection.patch
+
+- Update to version 1.2.9:
+  * Versioned symbol updates
+  * Various fixes for building on *BSD and Android
+  * Fixes and enhancements of auto silencing and playback drain
+  * Add SND_CTL_EINTR open mode at PCM
+  * Avoid endless loop in snd_pcm_sw_params_default()
+  * Fixes in PCM rate, route/softvol plugins
+  * Fixes in topology API parser, cleanups
+  * Enhancements in latency test program
+  * Minor code cleanup and memory leak fixes in UCM API
+  * emu10k1 config cleanup
+  For details, see:
+    https://www.alsa-project.org/wiki/Changes_v1.2.8_v1.2.9#alsa-lib
+
alsa-tools
+- Add tarball signature and keyring
+
+- Update to version 1.2.5 (jsc#PED-6566):
+  * hdspmixer: add output loopback buttons
+  * hdspmixer: enhance saving of presets
+
alsa-topology-conf
+- Update to version 1.2.5.1 (jsc#PED-6566):
+  * Version bump, source archive name fixed
+
alsa-ucm-conf
+- Update to version 1.2.10 (jsc#PED-6566):
+  * updates / fixes for various devices: mtk-rt5650, usb-audio, tegra
+    es8316, sof-essx8336, pinephone, Steinberg UR44C, AMD ACP RPL,
+    ACP63, sof-hda-dsp, etc
+  For details, see:
+  https://www.alsa-project.org/wiki/Changes_v1.2.9_v1.2.10#alsa-ucm-conf
+- Upstream regression fix:
+  0001-SplitPCM-Device-argument-may-not-be-set.patch
+
+- Update to version 1.2.9:
+  various profile updates for USB-audio, SOF and others.
+  For details, see:
+  https://www.alsa-project.org/wiki/Changes_v1.2.8_v1.2.9#alsa-ucm-conf
+
alsa-utils
+- Update to alsa-utils 1.2.10 (jsc#PED-6566):
+  * MIDI 2.0 / UMP support for sequencer programs
+  * nhlt: add nhlt-dmic-info utility
+  * Build fixes and cleanups
+  * speaker-test: allow large buffer and period time setup - up to 100 seconds
+  * various topology fixes
+  For details, see:
+  https://www.alsa-project.org/wiki/Changes_v1.2.9_v1.2.10#alsa-utils
+- Fix the builds with old gcc:
+  0001-axfer-use-ATTRIBUTE_UNUSED-instead-remove-argument-n.patch
+  0002-amidi-use-ATTRIBUTE_UNUSED-instead-remove-argument-n.patch
+  0003-alsaloop-use-ATTRIBUTE_UNUSED-instead-remove-argumen.patch
+  0004-bat-use-ATTRIBUTE_UNUSED-instead-remove-argument-nam.patch
+  0005-seq-use-ATTRIBUTE_UNUSED-instead-remove-argument-nam.patch
+  0006-alsaucm-use-ATTRIBUTE_UNUSED-instead-remove-argument.patch
+  0007-topology-use-ATTRIBUTE_UNUSED-instead-remove-argumen.patch
+
+- Update to alsa-utils 1.2.9:
+  BSD build fix, and various updates for alsactl, amidi, axfer,
+  alsa-info.sh, alsaloop, alsatplg, alsaucm, aplay, abat.
+  For details, see:
+  https://www.alsa-project.org/wiki/Changes_v1.2.8_v1.2.9#alsa-utils
+
apparmor
+- Fix pam_apparmor %post and %postun scripts to handle pam-config errors
+  (bsc#1215596)
+
apparmor:libapparmor
+- Fix pam_apparmor %post and %postun scripts to handle pam-config errors
+  (bsc#1215596)
+
attica-qt5
+- Update to 5.110.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.110.0
+- No code change since 5.109.0
+
+- Update to 5.109.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.109.0
+- Changes since 5.108.0:
+  * Add explicit moc includes to sources for moc-covered headers
+
+- Update to 5.108.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.108.0
+- Changes since 5.107.0:
+  * Remove qt6 CI builds
+
+- Update to 5.107.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.107.0
+- No code change since 5.106.0
+
+- Update to 5.106.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.106.0
+- No code change since 5.105.0
+
+- Update to 5.105.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.105.0
+- No code change since 5.104.0
+
+- Update to 5.104.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.104.0
+- No code change since 5.103.0
+
bind
+- Update to release 9.16.44
+  Bug Fixes:
+  * Processing already-queued queries received over TCP could cause
+    an assertion failure, when the server was reconfigured at the
+    same time or the cache was being flushed. This has been fixed.
+  Security Fixes:
+  * Previously, sending a specially crafted message over the
+    control channel could cause the packet-parsing code to run out
+    of available stack memory, causing named to terminate
+    unexpectedly. This has been fixed. (CVE-2023-3341)
+  [bsc#1215472]
+- Switch to pkgconfig(libprotobuf-c) since this now contains the
+  required protobuf-c binary
+
binutils
+- Update to version 2.41 [PED-5778]:
+  * The MIPS port now supports the Sony Interactive Entertainment Allegrex
+  processor, used with the PlayStation Portable, which implements the MIPS
+  II ISA along with a single-precision FPU and a few implementation-specific
+  integer instructions.
+  * Objdump's --private option can now be used on PE format files to display the
+  fields in the file header and section headers.
+  * New versioned release of libsframe: libsframe.so.1.  This release introduces
+  versioned symbols with version node name LIBSFRAME_1.0.  This release also
+  updates the ABI in an incompatible way: this includes removal of
+  sframe_get_funcdesc_with_addr API, change in the behavior of
+  sframe_fre_get_ra_offset and sframe_fre_get_fp_offset APIs.
+  * SFrame Version 2 is now the default (and only) format version supported by
+  gas, ld, readelf and objdump.
+  * Add command-line option, --strip-section-headers, to objcopy and strip to
+  remove ELF section header from ELF file.
+  * The RISC-V port now supports the following new standard extensions:
+  - Zicond (conditional zero instructions)
+  - Zfa (additional floating-point instructions)
+  - Zvbb, Zvbc, Zvkg, Zvkned, Zvknh[ab], Zvksed, Zvksh, Zvkn, Zvknc, Zvkng,
+    Zvks, Zvksc, Zvkg, Zvkt (vector crypto instructions)
+  * The RISC-V port now supports the following vendor-defined extensions:
+  - XVentanaCondOps
+  * Add support for Intel FRED, LKGS and AMX-COMPLEX instructions.
+  * A new .insn directive is recognized by x86 gas.
+  * Add SME2 support to the AArch64 port.
+  * The linker now accepts a command line option of --remap-inputs
+  <PATTERN>=<FILE> to relace any input file that matches <PATTERN> with
+  <FILE>.  In addition the option --remap-inputs-file=<FILE> can be used to
+  specify a file containing any number of these remapping directives.
+  * The linker command line option --print-map-locals can be used to include
+  local symbols in a linker map.  (ELF targets only).
+  * For most ELF based targets, if the --enable-linker-version option is used
+  then the version of the linker will be inserted as a string into the .comment
+  section.
+  * The linker script syntax has a new command for output sections: ASCIZ "string"
+  This will insert a zero-terminated string at the current location.
+  * Add command-line option, -z nosectionheader, to omit ELF section
+  header.
+- Removed obsolete patches: binutils-2.40-branch.diff.gz,
+  riscv-dynamic-tls-reloc-pie.patch, riscv-pr22263-1.patch,
+  extensa-gcc-4_3-fix.diff .
+- Add binutils-2.41-branch.diff.gz .
+- Add binutils-old-makeinfo.diff for SLE-12 and older.
+- Rebased aarch64-common-pagesize.patch and binutils-revert-rela.diff .
+- Contains fixes for these non-CVEs (not security bugs per upstreams
+  SECURITY.md):
+  * bsc#1209642 aka CVE-2023-1579 aka PR29988
+  * bsc#1210297 aka CVE-2023-1972 aka PR30285
+  * bsc#1210733 aka CVE-2023-2222 aka PR29936
+  * bsc#1213458 aka CVE-2021-32256 aka PR105039 (gcc)
+  * bsc#1214565 aka CVE-2020-19726 aka PR26240
+  * bsc#1214567 aka CVE-2022-35206 aka PR29290
+  * bsc#1214579 aka CVE-2022-35205 aka PR29289
+  * bsc#1214580 aka CVE-2022-44840 aka PR29732
+  * bsc#1214604 aka CVE-2022-45703 aka PR29799
+  * bsc#1214611 aka CVE-2022-48065 aka PR29925
+  * bsc#1214619 aka CVE-2022-48064 aka PR29922
+  * bsc#1214620 aka CVE-2022-48063 aka PR29924
+  * bsc#1214623 aka CVE-2022-47696 aka PR29677
+  * bsc#1214624 aka CVE-2022-47695 aka PR29846
+  * bsc#1214625 aka CVE-2022-47673 aka PR29876
+
+- This only existed only for a very short while in SLE-15, as the main
+  variant in devel:gcc subsumed this in binutils-revert-rela.diff.
+  Hence:
+- Remove binutils-disable-dt-relr.sh as subsumed.
+
+- riscv-dynamic-tls-reloc-pie.patch: Backport for PR ld/22263 and PR
+  ld/25694
+- riscv-pr22263-1.patch: Backport for PR ld/22263
+
+- Rebase branch patch (includes fix for PR30281).
+
+- Document fixed CVEs:
+  * bnc#1208037 aka CVE-2023-25588 aka PR29677
+  * bnc#1208038 aka CVE-2023-25587 aka PR29846
+  * bnc#1208040 aka CVE-2023-25585 aka PR29892
+  * bnc#1208409 aka CVE-2023-0687 aka PR29444
+
+- Enable bpf-none cross target and add bpf-none to the multitarget
+  set of supported targets.
+
+- Disable packed-relative-relocs for old codestreams.  They generate
+  buggy relocations when binutils-revert-rela.diff is active.
+  [bsc#1206556]
+
+- Disable ZSTD debug section compress by default.
+
+- Enable zstd compression algorithm (instead of zlib)
+  for debug info sections by default.
+
+- Pack libgprofng only for supported platforms.
+
+- Remove upstreamed patch binutils-maxpagesize.diff.
+
+- Rebase binutils-2.40-branch.diff.gz as it includes fix for PR30043.
+- Move libgprofng-related libraries to the proper locations (packages).
+- Add --without=bootstrap for skipping of bootstrap (faster testing
+  of the package).
+
+- Remove broken arm32-avoid-copyreloc.patch to fix [gcc#108515]
+
+- Update to version 2.40:
+  * Objdump has a new command line option --show-all-symbols which will make it
+  display all symbols that match a given address when disassembling.  (Normally
+  only the first symbol that matches an address is shown).
+  * Add --enable-colored-disassembly configure time option to enable colored
+  disassembly output by default, if the output device is a terminal.  Note,
+  this configure option is disabled by default.
+  * DCO signed contributions are now accepted.
+  * objcopy --decompress-debug-sections now supports zstd compressed debug
+  sections.  The new option --compress-debug-sections=zstd compresses debug
+  sections with zstd.
+  * addr2line and objdump --dwarf now support zstd compressed debug sections.
+  * The dlltool program now accepts --deterministic-libraries and
+  - -non-deterministic-libraries as command line options to control whether or
+  not it generates deterministic output libraries.  If neither of these options
+  are used the default is whatever was set when the binutils were configured.
+  * readelf and objdump now have a newly added option --sframe which dumps the
+  SFrame section.
+  * Add support for Intel RAO-INT instructions.
+  * Add support for Intel AVX-NE-CONVERT instructions.
+  * Add support for Intel MSRLIST instructions.
+  * Add support for Intel WRMSRNS instructions.
+  * Add support for Intel CMPccXADD instructions.
+  * Add support for Intel AVX-VNNI-INT8 instructions.
+  * Add support for Intel AVX-IFMA instructions.
+  * Add support for Intel PREFETCHI instructions.
+  * Add support for Intel AMX-FP16 instructions.
+  * gas now supports --compress-debug-sections=zstd to compress
+  debug sections with zstd.
+  * Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd}
+  that selects the default compression algorithm
+  for --enable-compressed-debug-sections.
+  * Add support for various T-Head extensions (XTheadBa, XTheadBb, XTheadBs,
+  XTheadCmo, XTheadCondMov, XTheadFMemIdx, XTheadFmv, XTheadInt, XTheadMemIdx,
+  XTheadMemPair, XTheadMac, and XTheadSync) from version 2.0 of the T-Head
+  ISA manual, which are implemented in the Allwinner D1.
+  * Add support for the RISC-V Zawrs extension, version 1.0-rc4.
+  * Add support for Cortex-X1C for Arm.
+  * New command line option --gsframe to generate SFrame unwind information
+  on x86_64 and aarch64 targets.
+  * The linker has a new command line option to suppress the generation of any
+  warning or error messages.  This can be useful when there is a need to create
+  a known non-working binary.  The option is -w or --no-warnings.
+  * ld now supports zstd compressed debug sections.  The new option
+  - -compress-debug-sections=zstd compresses debug sections with zstd.
+  * Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd}
+  that selects the default compression algorithm
+  for --enable-compressed-debug-sections.
+  * Remove support for -z bndplt (MPX prefix instructions).
+- Rebased patches: add-ulp-section.diff, ld-relro.diff, binutils-revert-plt32-in-branches.diff,
+  cross-avr-size.patch.
+- Removed patch: binutils-pr29482.diff.
+- New patch: extensa-gcc-4_3-fix.diff.
+- Includes fixes for these CVEs:
+  * bnc#1206080 aka CVE-2022-4285 aka PR29699
+- Enable by default: --enable-colored-disassembly.
+
+- fix build on x86_64_vX platforms
+- add arm32-avoid-copyreloc.patch for PR16177 (bsc#1200962)
+
bogofilter
-- Remove redundant tags/sections from specfile
-- Use %_smp_mflags for parallel build
-
-- Fix a heap corruption in base64 decoder on invalid input; CVE-2010-2494;
-  (bnc#619847).
-
-- fix build on non-arm
-
-- Update to version 1.2.1.
-  + Update configure to use "host" rather than "target", to match the
-    newer autotools cross-build semantics. Untested.
-    Developers changing the build system and users who build from SVN
-    will now need automake 1.9 and autoconf 2.60.
-  + Fix Christian Frommeyer's MIME decoding bug, Ubuntu/Launchpad Bug
-    [#320829]. As a side effect, also fixes misattribution of MIME bodies
-    as MIME headers with mime: tag.  Original bug report:
-    https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/320829
-    Before this fix, bogofilter did not properly MIME-decode the first
-    line in a body. This was especially bad with Christian's samples
-    where the whole body was only one long base64 line.
-  + Removed two scripts that are auto-built.
-  + Added test case for Stephen Davies' Q-P EOL problem (see below).
-  + Fixed EOL problem in quoted_printable text. Problem reported by
-    Stephen Davies and identified by Pavel Kankovsky
-  + Promoted to "stable"
-
-- Update to version 1.2.0.
-  + Flex-2.5.35 has fix for memory allocation problem in 2.5.4, 2.5.31, and
-    2.5.33, making bogofilter's flex patch obsolete.
-  + Bogofilter now uses listsort in place of qsort.
-  + Added token-count=n, token-count-min=n, and token-count-max=n options.
-  + Minor code cleanups.
-  + spamitarium.pl updated to version 0.3.0
-  + update bf_compact documentation by removing explicit Berkeley DB
-    references, as it has been fixed to work with other database drivers in
-    March 2008.
-  + bf_compact, bf_copy and bf_tar now support transformed program names
-  + Update sqlite3 adaptor to take advantage of sqlite3_prepare_v2() API
-    function that appeared in SQLite 3.3.9. The new _v2 interface allows for
-    more specific error messages when executing SQL statements.  Also enable
-    extended result codes for more precise error reporting.
-  + Update doc/integrating-with-postfix: the script now suggests sendmail -G
-  - i (where -G will be ignored by Postfix before 2.3) to tell Postfix it's a
-    gateway submission, not an original injection; the filter pipe(8) magic
-    for master.cf now suggests flags=Rq (was flags=R), as per Postfix's
-    FILTER_README.
-  + Drop support for systems that reverse setvbuf arguments. The last systems
-    to do that are reported to be shipped in 1987 by the autoconf manual, so
-    ditch them.
-
busybox
+-  Add ash-fix-segfault-d417193cf.patch: fix stack overflow vulnerability
+  in ash (CVE-2022-48174, bsc#1214538)
+
clamav-database
+- database refresh on 2023-10-02 (bsc#1084929)
+
combustion
+- Update to version 1.2+git7:
+  * Try the KIWI selfinstall .iso as fallback config source (jsc#PED-6587, jsc#SMO-271)
+
+- Update to version 1.2+git6:
+  * Fix failure if /sysroot not mounted and no config provided
+
+- Update to version 1.2+git5:
+  * Run combustion-prepare.service before ignition-enable-network.service
+  * Revert "Remove now obsolete workaround for ignition-mount.service ExecStop"
+  * Only attempt firstboot check on devices
+
+- Update to version 1.2+git2:
+  * Don't consider /var/lib/YaST2/reconfig_system for firstboot detection
+  * Use improved x-initrd.mount code in firstboot-detect as well
+
+- Update to version 1.2:
+  * Don't remove YaST reconfig_system marker if called from ignition
+  * Remove now obsolete workaround for ignition-mount.service ExecStop
+  * Set dasd_mod.dasd=autodetect in modprobe.d
+  * Omit combustion module in initrds for already configured systems
+  * New module to handle firstboot detection in the initrd (poo#127196,
+    jsc#PED-5843)
+  * Fixes for use with ignition-kargs-helper
+  * Improve x-initrd.mount handling
+  * Work around systemd issue with emergency.target at the root
+
+- Update to version 1.1+git0:
+  * Add option to run the script in the prepare phase as well
+  * Add compatibility for ignition-kargs-helper
+  * Populate /dev/shm/combustion/ in the --prepare stage
+  * Small README.md improvements
+  * combustion.rules: Match /module/qemu_fw_cfg instead of the namespace within
+
+- Update to version 1.0+git4:
+  * Handle uppercase filesystem labels in combustion.rules as well
+  * Update README.md to explain the current mechanism of firstboot_happened
+
cracklib
+- version update to 2.9.11
+  * Merge fedora patches and man pages
+  * Fix missing files in dist tarball, other automake fixes (Leandro Nini)
+  * Fix error handling during build of dictionary (yixiangzhike)
+  * Fix to localization support (A. Wilcox, nekopsykose)
+  * Fix to test utilities (Alexander Kanavin)
+  * Translation updates from weblate
+  * python: adjust include path for builddir by @thesamesam in #61
+  * Make buffer static and avoid returning stack-allocated memory by @drfiemost in #63
+- modified patches
+  % 0002-cracklib-2.9.2-visibility.patch (refreshed)
+
+- update to 2.9.8:
+  * rules: Drop using register keyword
+  * add exec perms
+  * translation updates
+  * Use what's in the build environment and use a current autoconf
+  * util/Makefile.am: fix link with lintl
+  * Force grep to treat the input as text when formatting word files
+
+- Drop --with-pic, as it has no effect with --disable-static.
+
curl
+- Security fix: [bsc#1215026, CVE-2023-38039]
+  * http: return error when receiving too large header
+  * Add curl-CVE-2023-38039.patch
+
double-conversion
+- update to 3.3.0:
+  * Fix some compile warnings in Visual Studio
+  * Set permissions for github workflows
+  * Add flags to control trailing decimal and zero in exponent
+    form when input has one significant digit
+
+- update to 3.2.1
+  * Disable quiet nan test on windows
+  * Test on all platforms.
+  * Fix warnings on Windows
+  * Run ctests first.
+  * Give shared-lib option and test install
+  * Install Windows debbuger (pdb) files.
+  * Add a cast to silence a signedness conversion warning.
+  * Issue #184 : Fixed all -Wzero-as-null-pointer-constant warnings
+
+- update to 3.2.0:
+  * Fix quiet NANs on MIPS* and PA-RISC architectures.
+
+- update to 3.1.7:
+  * Reintroduce macros, if DOUBLE_CONVERSION_NON_PREFIXED_MACROS is set
+  * Also add support for Synopsys ARC64 architecture
+
+- update to 3.1.6:
+  * Features some code cleanups.
+  * Adds the following new architectures: loongarch, xtensa, nios2, e2k.
+
-- Initial package, version 2.0.1
-
dtb-aarch64
+- x86/sev: Make enc_dec_hypercall() accept a size instead of
+  npages (bsc#1214635).
+- commit c11336f
+
+- Drop amdgpu patch causing spamming (bsc#1215523)
+  Deleted:
+  patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch.
+- commit 2351f50
+
+- USB: core: Change usb_get_device_descriptor() API (bsc#1213123
+  CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552).
+  Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk)
+  Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context)
+- commit be6100d
+
duperemove
-- Update to v0.11.3 (jsc#SLE-11306)
-  * Remove patch v0.11.beta4_to_git_f95e429.patch as the affected code has been
-    removed in the mean time.
+- build for 15
+
+- Update to 0.12:
+  * Duplication lookup is now based on extents. This leads to a
+    massive increase of the performances. Block-based lookup is
+    still possible via --dedupe-options=partial.
+  * Following that change, a new hashfile format has been introduced.
+    Previous hashfile format is still supported when extents lookup
+    are disabled, this is not recommended.
+  * Batching has been implemented. When enabled with the -B <batchsize>
+    option, duperemove will run the deduplication phase every <batchsize>
+    scanned files. This is meant to help running duperemove on large
+    dataset, with small blocksize, or on memory-constrained systems.
+  * All hash algorithm has been removed and replaced by xxh128. This
+    variant is as robust as murmur3 while being faster. Choosing a
+    hash function via the --hash option has been removed. Hashfiles
+    built with other algorithm must be removed.
+
+- Update to 0.11.3:
+  * Increase open file limit. (#269)
+  * Create hash database file with 600 permission for improved
+    security. (#262)
+  * Read more data per pread, for v2 hashfile format this reduces
+    the overall number of syscalls made which in turns results
+    in better performance.
+  * Fix truncated file handling, eliminating a an infinite
+    loop case. (#255)
+
+- Update to v0.11.2
+  - Improved detection of hyperthreading
+  - Multiple minor fixes and cleanups
+  - Updated xxhash algorithm to latest release
+  - Fixed extent collision handling
+  - Fix overflow scanning in extents
+
+- Fix building with gcc10
+
+- Use source tarball from github
+
+- Update to v0.11.1
+  - Add 'quiet' mode - duperemove will only print errors and a
+    short summary of any dedupe.
+  - Revert block dedupe default, it is causing excessive
+    fragmentation on users systems.
+
+- Update to v0.11
+  - Fix a minor fd leak in hyperthreading detection code
+  - Clean up some typos in documentation
+  - Some build fixes
+  - Removed patch: v0.11.beta4_to_git_f95e429.patch
evolution
+- Add evolution-height-miscalculation.patch: fix rendering of
+  calendar changes with WebKitGTK 2.40+ (boo#1213858
+  glgo#GNOME/evolution#2204).
+
+- Add evolution-frame-flattening.patch: handle frame flattening
+  change in WebKitGTK 2.40 (boo#1213858).
+
exempi
+- Add CVE-2020-18651.patch: fix a buffer overflow in ID3 support
+  (boo#1214486 CVE-2020-18651).
+
-- Update to version 2.2.0:
-  + New 'exempi' command line tool.
-  + Upgrade XMPCore to Adobe XMP 5.1.2
-  - Quicktime support now works without Quicktime.
-  - Reconciliation with ID3v2.
-  - "Blessed" 64-bits support (we already had it in exempi).
-  - Slight change in the way XMP are written for MWG compliance.
-  - Fixed a serious bug with RIFF.
-  - Change in the way local text encoding is dealt with.
-  - Alternative languages behave slightly differently by changing
-    how the default language property is managed.
-  - Probably a bunch of bugs fixed that I don't know about.
-  + Update unit tests.
-  - Refactor the fixtures.
-  + Use automake silent rules instead of shave. (build only)
-  + "make dist" generate a bzip2 archive as well. (build only)
-  + Remove some obsolete warning flags. (build only)
-  + Build xmpcommandtool
-  + Several new APIs.
-  + Bug fixes: fdo#37747.
-- Drop exempi-no-shave.patch: shave is not used upstream anymore.
-- Drop libtool BuildRequires, autoreconf call and
-  - -disable-silent-rules that were used because of patch above.
-- Create a tools subpackage for new exempi command line tool.
-- Change group of libexempi3 from "Development/Libraries/C and C++"
-  to System/Libraries.
-- Use V=1 during the build to get a verbose build.
-
extra-cmake-modules
+- Update to 5.110.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.110.0
+- Changes since 5.109.0:
+  * ECMSetupVersion: do not handle SOVERSION value "0" as not set at all
+  * Drop outdated check for POLICY CMP0048
+  * No longer explicitly include CMakeParseArguments
+  * KDEInstallDirs6: use kxmlgui5 subdir as before, not implementation specific
+
+- Update to 5.109.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.109.0
+- Changes since 5.108.0:
+  * KDEInstallDirs: fix description of KXMLGUIDIR & LOCALEDIR
+  * KDEGitCommitHooks: Allow passing in of custom scripts (kde#472361)
+  * qml-plasmoid techbase.kde.org/Projects/Plasma does not exist
+
+- Update to 5.108.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.108.0
+- Changes since 5.107.0:
+  * Remove qt6 CI builds
+
+- Update to 5.107.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.107.0
+- No code change since 5.106.0
+
+- Update to 5.106.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.106.0
+- Changes since 5.105.0:
+  * Query gradle plugin version from Qt
+  * ecm_process_po_files_as_qm: use own subdir ECMPoQm/ for build artifacts
+  * Fix generate_export_header tests failures with parallel jobs (kde#464348)
+  * ECMGenerateExportHeader: add USE_VERSION_HEADER arg (& related tune args)
+  * ECMGenerateExportHeader: avoid helper C++ macro shared across gen. headers
+
+- Update to 5.105.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.105.0
+- Changes since 5.104.0:
+  * KDE_INSTALL_TARGETS_DEFAULT_ARGS (KF6): drop KDE_INSTALL_INCLUDEDIR
+  * KF_INSTALL_TARGETS_DEFAULT_ARGS: drop KDE_INSTALL_INCLUDEDIR_KF
+
+- Update to 5.104.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.104.0
+- Changes since 5.103.0:
+  * Load translations for application-specific language also on Win and Mac
+  * ECMGenerateExportHeader: fix duplicated addition of deprecation macros code
+  * Find wayland.xml from wayland-scanner.pc
+
extra-cmake-modules:doc
+- Update to 5.110.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.110.0
+- Changes since 5.109.0:
+  * ECMSetupVersion: do not handle SOVERSION value "0" as not set at all
+  * Drop outdated check for POLICY CMP0048
+  * No longer explicitly include CMakeParseArguments
+  * KDEInstallDirs6: use kxmlgui5 subdir as before, not implementation specific
+
+- Update to 5.109.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.109.0
+- Changes since 5.108.0:
+  * KDEInstallDirs: fix description of KXMLGUIDIR & LOCALEDIR
+  * KDEGitCommitHooks: Allow passing in of custom scripts (kde#472361)
+  * qml-plasmoid techbase.kde.org/Projects/Plasma does not exist
+
+- Update to 5.108.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.108.0
+- Changes since 5.107.0:
+  * Remove qt6 CI builds
+
+- Update to 5.107.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.107.0
+- No code change since 5.106.0
+
+- Update to 5.106.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.106.0
+- Changes since 5.105.0:
+  * Query gradle plugin version from Qt
+  * ecm_process_po_files_as_qm: use own subdir ECMPoQm/ for build artifacts
+  * Fix generate_export_header tests failures with parallel jobs (kde#464348)
+  * ECMGenerateExportHeader: add USE_VERSION_HEADER arg (& related tune args)
+  * ECMGenerateExportHeader: avoid helper C++ macro shared across gen. headers
+
+- Update to 5.105.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.105.0
+- Changes since 5.104.0:
+  * KDE_INSTALL_TARGETS_DEFAULT_ARGS (KF6): drop KDE_INSTALL_INCLUDEDIR
+  * KF_INSTALL_TARGETS_DEFAULT_ARGS: drop KDE_INSTALL_INCLUDEDIR_KF
+
+- Update to 5.104.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.104.0
+- Changes since 5.103.0:
+  * Load translations for application-specific language also on Win and Mac
+  * ECMGenerateExportHeader: fix duplicated addition of deprecation macros code
+  * Find wayland.xml from wayland-scanner.pc
+
ffmpeg
+- Add ffmpeg-CVE-2021-28429.patch: Fix Integer overflow
+  vulnerability in av_timecode_make_string in libavutil/timecode.c
+  (bsc#1214246, CVE-2021-28429).
+
freetds
+- version update to 1.3.20
+  * Allows to specify separate date and/or time format.
+  * Add "date only format" and "time only format" to locales.conf
+    configuration.
+  * Better logs for iconv initialization
+  * Report more verbose and helpful logs if tds_iconv_init fails.
+
+- version update to 1.3.18
+  * Fix redirect with Azure
+- modified patches
+  % configure-return-void-fix.patch (refreshed)
+
+- update to 1.3.17:
+  * Update dblib.c - _get_printable_size
+  * Added more types to _get_printable_size based on /misc/types.csv
+
+- update to 1.3.16:
+  * tds_close_socket and tds_connection_close could have been called
+    while reading/writing TLS sockets so calling tds_ssl_deinit
+    cause some used structure to be released while used.
+
+- update to 1.3.15:
+  * odbc: Fix some issues with SQLCopyDesc
+  * Do not change sql_desc_alloc_type copying descriptors.
+  * odbc: Return size from SQLGetDescField for integers
+
+- update to 1.3.13:
+  - Generic:
+  - Support UTF-8 columns using MSSQL 2019;
+  - Do not accept TDS protocol versions "4.6" (never really supported) and
+    "8.0";
+  - Minor portability issues;
+  - Fix log elision for login;
+  - Detect some possible minor memory failure in application;
+  - Support long (more than 64k) SSPI packets (never encountered but you
+    never know);
+  - Fix unicode columns for ASA database;
+  - Avoid using BCP with old protocols;
+  - (*) Fix bulk copy using big endian machines;
+  - (*) Fix Sybase uni(var)char and unsigned types for big endian machines;
+  - (*) Do not send nullable data during bulk copy if type is not nullable;
+  - ODBC:
+  - Added "Timeout" setting;
+  - Applications:
+  - Improve defncopy utility:
+  - Fix some declaration;
+  - Fix Sybase support;
+  - (*) Fix datacopy and freebcp logging;
+  - CT-Library:
+  - Minor fix for variant type;
+  - Better support for timeout setting;
+  - (*) Support some missing types (like nullable unsigned integers) for
+    Sybase;
+  - DB-library:
+  - Unify date format (all systems can use the same syntax);
+  - (*) Allows to pass 0 as type for bcp_bind;
+  - (*) Fix DBSETLSERVERPRINCIPAL macro;
+  - (*) Do not limit queries length for bcp using Sybase;
+  - (*) Add KEEP_NULLS to BCP hints.
+
+- remove stale _service and fix Source url
+
+- update to 1.2.21:
+  * minor bug fixes
+  * Support some missing types like nullable unsigned smallint
+- add baselibs.conf to allow building of i586 libraries (necessary
+  to use the driver for programs running under wine)
+
+- update to 1.2.18:
+- Sybase server:
+  - All strings are now converted as MSSQL;
+  - Support kerberos login;
+  - DB-Library: add DBSETNETWORKAUTH, DBSETMUTUALAUTH, DBSETDELEGATION and
+    DBSETSERVERPRINCIPAL;
+  - CT-Library: add CS_SEC_NETWORKAUTH, CS_SEC_NETWORKAUTH,
+    CS_SEC_NETWORKAUTH and CS_SEC_NETWORKAUTH;
+- Bulk copies:
+  - DB-Library: fix trim of unicode fields;
+  - Apply character conversion for Sybase, like MSSQL;
+  - Ignore computed columns;
+  - Properly support multibyte strings in column names;
+  - DB-Library: stop correctly on BCPMAXERRS setting;
+  - DB-Library: do not try to convert skipped rows reading file allowing
+    for instance to load CVS files;
+- CT-Library: added CS_DATABASE property to allows to connect correctly
+  to Azure servers;
+- Improve support for MS XML columns for both DB-Library and CT-Library;
+- Fix some issues with MSSQL server redirection (used for instance in
+  Azure);
+- Change SQL_DESC_OCTET_LENGTH value for wise character columns;
+- Better support for SQL_VARIANT:
+  - Better column checks;
+  - CT-Library: now supported, columns are returned as CS_CHAR_TYPE;
+- Some updates to server part:
+  - Set correctly initial state;
+  - IPv6 support;
+  - Fix TDS 7.2 logins;
+- Support extended character using domain logins under Unix;
+- Improve MARS:
+  - Less memory copies;
+  - Remove possible deadlock;
+  - Handle wrapping sequence/window numbers;
+  - Make sure we sent the wanted packet;
+- Support UTF-16 surrogate pairs in odbc_wide2utf and odbc_set_string_flag
+  fixing some character encoding support;
+- Fix multiple queries, used by ODBC to optimize data load;
+- Improve emulated parameter queries, fixing minor issues and reducing
+  memory usage;
+- Support DBVERSION_UNKNOWN in dbsetlversion (will use automatic detection);
+- CT-Library: define CS_MIN_SYBTYPE and CS_MAX_SYBTYPE;
+- CT-Library: fix cs_will_convert accepting library constants, not libTDS.
+
gfs2-utils
+- Update to version 3.5.1 (jsc#PED-6362)
+  * Don't use char arrays as temporary buffers
+  * libgfs2: Separate gfs and gfs2 code in lgfs2_sb_out()
+  * Re-enable -Wstrict-aliasing
+  * gfs2_convert: Clean up strict-aliasing warnings
+  * libgfs2: Fix strict-aliasing warning in lgfs2_rgrp_bitbuf_alloc
+  * gfs2_jadd: Fix format string warnings on 32-bit
+  * gfs2_edit: Fix savemeta test failures in 32-bit environments
+- Back port bugfix patch after tag 3.5.1
+  + 0001-fsck.gfs2-Tighten-offset-check-in-check_eattr_entrie.patch
+  + 0002-fsck.gfs2-Fix-max-xattr-record-length-check.patch
+  + 0003-fsck.gfs2-Fix-xattr-offset-checks-in-p1_check_eattr_.patch
+- Update rpm build file
+  * _service
+  * _servicedata
+
+- Update to version 3.5.0:
+  * Update translation template
+  * Fix uninitialized memory coverity warnings
+  * gfs2_grow: Don't free rgs when it's NULL
+  * libgfs2: Fix potential NULL deref in lgfs2_lookupi()
+  * libgfs2: Add lgfs2_bfree(), lgfs2_inode_free()
+  * Free per_node in build_per_node error paths
+  * fsck.gfs2: Fix wrong entry used in dentry comparison
+  * added unit tests
+  * Remove lgfs2_breadm()
+  * libgfs2: Make sure block_alloc() fails when out of space
+  * Remove dependency on linux/limits.h
+  * mkfs.gfs2: Improve journal write error reporting
+  * mkfs.gfs2: Add -U UUID option
+
ghostscript
+- CVE-2023-43115.patch is derived for Ghostscript-9.52 from
+  https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5
+  that fixes CVE-2023-43115 "remote code execution
+  via crafted PostScript documents in gdevijs.c"
+  see https://bugs.ghostscript.com/show_bug.cgi?id=707051
+  (bsc#1215466)
+
git
+- Downgrade openssh dependency to recommends (bsc#1215533)
+
glibc
+- gb18030-2022.patch: add GB18030-2022 charmap (jsc#PED-4908, BZ #30243)
+
+- nscd-netlink-cache-invalidation.patch: nscd: Fix netlink cache
+  invalidation if epoll is used (bsc#1212910, BZ #29415)
+
+- nss-files-hosts-v4mapped.patch: Restore lookup of IPv4 mapped addresses
+  in files database (bsc#1212819, BZ #25457)
+
+- remove-excessive-p-align-check.patch: elf: Remove excessive p_align
+  check on PT_LOAD segments (bsc#1211829, BZ #28688)
+- segment-align.patch: elf: Properly align PT_LOAD segments (bsc#1211829,
+  BZ #28676)
+- ld-so-always-use-map-copy.patch: ld.so: Always use MAP_COPY to map the
+  first segment (BZ #30452)
+
golang-github-lusitaniae-apache_exporter
+- Fix apparmor profile for SLE 12
+
+- Do not build with apparmor profile for SLE 12
+
+- Upgrade to version 1.0.0 (jsc#PED-5405)
+  * Improved flag parsing
+  * Added support for custom headers
+- Build with Go 1.19
+- Build using promu
+- Add _service file
+- Fix sandboxing options
+- Upgrade to version 0.13.4
+  * Fix denial of service vulnerability
+    (CVE-2022-32149, bsc#1204501)
+- Upgrade to version 0.13.3
+  * Fix uncontrolled resource consumption
+    (CVE-2022-41723, bsc#1208270)
+- Upgrade to version 0.13.1
+  * Fix panic caused by missing flagConfig options
+- Upgrade to version 0.13.0
+  * Fix authentication bypass vulnarability
+    (CVE-2022-46146, bsc#1208046)
+
+- corrected comment in AppArmor profile
+
+- added AppArmor profile
+- added sandboxing options to systemd service unit
+
+- Exclude s390 architecture (gh#SUSE/spacewalk#19050)
+
+- Add support for RedHat 8
+  + Adjust dependencies on spec file
+  + Disable dwarf compression in go build
+
+- Add support for Red Hat
+
gsl
+- module package must not be noarch, so that %{_lib} is expanded
+  correctly
+
+- update to gsl 2.6: (jsc#SLE-8495)
+  * add BLAS calls for multiple functions
+  * Algorithm and implementation updates
+  * deprecation of multiple functions
+  * removal of multiple previously deprecated functions
+  * add binary search tree module (gsl_bst); based on GNU libavl
+  * remove -u flag to gsl-histogram
+  * updated spmatrix module
+  * add routines for banded Cholesky decomposition
+- drop upstreamed patches:
+  * gsl-1.6-initvars.diff
+  * gsl-wrap.diff
+  * gsl-fsf_address.patch
+
+- gsl 2.5:
+  * doc bug fix in binomial distribution figure
+  * added Wishart distribution
+  * added new module for digital filtering (gsl_filter); current
+    filters include:
+    Gaussian filter
+    median filter
+    recursive median filter
+    impulse detection filter
+  * added new module for moving window statistics (gsl_movstat)
+  * added statistics functions:
+    gsl_stats_median()
+    gsl_stats_select()
+    gsl_stats_mad()
+    gsl_stats_mad0()
+    gsl_stats_Sn_from_sorted_data()
+    gsl_stats_Qn_from_sorted_data()
+    gsl_stats_gastwirth_from_sorted_data()
+    gsl_stats_trmean_from_sorted_data()
+  * added Romberg integration (gsl_integration_romberg)
+  * bug fix in deprecated functions gsl_multifit_wlinear_svd and
+    gsl_multifit_wlinear_usvd (reported by Vlad Koli)
+  * documention corrected to state that gsl_sf_legendre functions
+    do not include Condon-Shortley phase by default
+  * bug fix in exponential fitting example when using larger number
+    of points
+  * changed internal workspace inside gsl_spmatrix to a union to
+    avoid casting
+  * bug fixes in ode-initval2 for very rare solver crashing cases
+  * add histogram2d figure to manual
+  * bug fix in gsl_spmatrix_add for duplicate input arguments
+  * add support for negative arguments nu in gsl_sf_bessel_Jnu and
+    gsl_sf_bessel_Ynu (Konrad Griessinger)
+  * better texinfo documentation for gsl_sf_hyperg functions
+  * fix vector and matrix fread/fwrite testing on windows systems
+    when tmpfile() fails
+- drop rstat_test.patch, is upstream
+
iperf
-- add CVE-2023-38403.patch (bsc#1213430, CVE-2023-38403):
-  * integer overflow leading to heap buffer overflow
+- update to 3.15 (bsc#1215662, ESNET-SECADV-2023-0002):
+  * Several bugs that could allow the iperf3 server to hang waiting
+    for input on the control connection has been fixed
+    (ESnet Software Security Advisory ESNET-SECADV-2023-0002)
+  * A bug that caused garbled output with UDP tests on 32-bit hosts
+    has been fixed (PR #1554, PR #1556). This bug was introduced in
+    iperf-3.14.
+  * A bug in counting UDP messages has been fixed
+
+- update to 3.14 (bsc#1213430, CVE-2023-38403):
+  * fixes a memory allocation hazard that allowed a remote user to
+    crash an iperf3 process
+  * see
+    https://downloads.es.net/pub/iperf/esnet-secadv-2023-0001.txt.asc
+  * obsoletes CVE-2023-38403.patch in older dists
+
+- update to 3.13:
+  * Added missing bind_dev getter and setter.
+  * a fix for A resource leak bug in function iperf_create_pidfile (#1443)
+  * doc: Fix copy-and-paste error leading to wrong error message
+  * Fix crash on rcv-timeout with JSON logfile
+
+- update to 3.12:
+  * cJSON has been updated to version 1.7.15 (#1383).
+  * The --bind <host>%<dev> option syntax now works properly (#1360 /
+  * A server-side file descriptor leak with the --logfile option has
+    been fixed (#1369 / #1360 / #1369 / #1389 / #1393).
+  * A bug that caused some large values from TCP_INFO to be misprinted
+    as negative numbers has been fixed (#1372).
+  * Using the -k or -n flags with --reverse no longer leak into future
+    tests (#1363 / #1364).
+  * There are now various debug level options available with the
+  - -debug option. These can be used to adjust the amount of
+    debugging output (#1327).
+  * A new --snd-timeout option has been added to set a termination
+    timeout for idle TCP connections (#1215 / #1282).
+  * iperf3 is slightly more robust to out-of-order packets during UDP
+    connection setup in --reverse mode (#914 / #1123 / #1182 / #1212 /
+  * iperf3 will now use different ports for each direction when the
+  - -cport and --bdir options are set (#1249 / #1259).
+  * The iperf3 server will now exit if it can't open its log file
+  * Various help message and output fixes have been made (#1299 /
+  * Various compiler warnings have been fixed (#1211 / #1316).
+  * Operation of bootstrap.sh has been fixed and simplified (#1335 /
+  * Flow label support / compatibility under Linux has been improved
+  * Various minor memory leaks have been fixed (#1332 / #1333).
+  * A getter/setter has been added for the bind_port parameter
+    (--cport option). (#1303, #1305)
+  * Various internal documentation improvements (#1265 / #1285 / #1304).
+
+- update to 3.11:
+  * Update links to Discussions in documentation
+  * Fix DSCP so that TOS = DSCP * 4 (#1162)
+  * Fix --bind-dev for TCP streams (#1153)
+  * Fix interface specification so doesn't overlap with IPv6 link-local addresses for -c and -B (#1157, #1180)
+  * Add get/set test_unit_format function declaration to iperf_api.h
+  * Auto adjustment of test-end condition for file transfers (-F), if no end condition is set, it will automatically adjust it to file size in bytes
+  * Exit if idle time expires waiting for a connection in one-off mode (#1187, #1197)
+  * Support zerocopy by reverse mode (#1204)
+  * Update help and manpage text for #1157, support bind device
+  * Consistently print target_bandwidth in JSON start section (#1177)
+  * Test bitrate added to JSON output (#1168)
+  * Remove fsync call after every write to receiving --file (#1176, #1159)
+  * Update documentation for -w (#1175)
+  * Fix for #952, different JSON object names for bidir reverse channel
+
+- update to 3.10.1:
+  * Fixed a problem with autoconf scripts that made builds fail in
+    some environments (#1154 / #1155).
+  * GNU autoconf 2.71 or newer is now required to regenerate iperf3's
+    configure scripts.
+
+- update to 3.10:
+  * Fix a bug where some --reverse tests didn't terminate (#982 /
+    [#1054]).
+  * Responsiveness of control connections is slightly improved (#1045
+    / #1046 / #1063).
+  * The allowable clock skew when doing authentication between client
+    and server is now configurable with the new --time-skew-threshold
+    (#1065 / #1070).
+  * Bitrate throttling using the -b option now works when a burst size
+    is specified (#1090).
+  * A bug with calculating CPU utilization has been fixed (#1076 /
+    [#1077]).
+  * A --bind-dev option to support binding sockets to a given network
+    interface has been added to make iperf3 work better with
+    multi-homed machines and/or VRFs (#817 / #1089 / #1097).
+  * --pidfile now works with --client mode (#1110).
+  * The server is now less likely to get stuck due to network errors
+    (#1101, #1125), controlled by the new --rcv-timeout option.
+  * Fixed a few bugs in termination conditions for byte or
+    block-limited tests (#1113, #1114, #1115).
+  * Added tcp_info.snd_wnd to JSON output (#1148).
+  * Some bugs with garbled JSON output have been fixed (#1086, #1118,
+    [#1143] / #1146).
+  * Support for setting the IPv4 don't-fragment (DF) bit has been
+    added with the new --dont-fragment option (#1119).
+  * A failure with not being able to read the congestion control
+    algorithm under WSL1 has been fixed (#1061 / #1126).
+  * Error handling and error messages now make more sense in cases
+    where sockets were not successfully opened (#1129 / #1132 /
+    [#1136], #1135 / #1138, #1128 / #1139).
+  * Some buffer overflow hazards were fixed (#1134).
+  * It is now possible to use the API to set/get the congestion
+    control algorithm (#1036 / #1112).
+
+- update to 3.9:
+  * A --timestamps flag has been added, which prepends a timestamp to
+    each output line.  An optional argument to this flag, which is a
+    format specification to strftime(3), allows for custom timestamp
+    formats (#909, #1028).
+  * A --server-bitrate-limit flag has been added as a server-side
+    command-line argument.  It allows a server to enforce a maximum
+    throughput rate; client connections that specify a higher bitrate
+    or exceed this bitrate during a test will be terminated.  The
+    bitrate is expressed in bits per second, with an optional trailing
+    slash and integer count that specifies an averaging interval over
+    which to enforce the limit (#999).
+  * A bug that caused increased CPU usage with the --bidir option has
+    been fixed (#1011).
+  * Fixed various minor memory leaks (#1023).
+
+- update to 3.8.1
+  * Minor bugfixes and enhancements
+- don't apply the profiling patch any more
+  (removed iperf-disable-profiling.patch)
+
+- update to 3.7
+  * Support for simultaneous bidirectional tests with the --bidir flag
+  * Use POSIX standard clock_gettime(3) interface for timekeeping where
+    available
+  * Passwords for authentication can be provided via environment
+    variable
+  * Specifying --repeating-payload and --reverse now works
+  * Failed authentication doesn't count for --one-off
+  * Several memory leaks related to authenticated use were fixed
+  * The delay for tearing down the control connection for the default
+    timed tests has been increased, to more gracefully handle
+    high-delay paths
+  * Various improvements to the libiperf APIs
+  * Fixed build behavior when OpenSSL is absent
+  * Portability fixes
+- spec file cleanup
+
+- update to 3.6
+  * A new --extra-data option can be used to fill in a user-defined
+    string field that appears in JSON output.
+  * A new --repeating-payload option makes iperf3 use a payload pattern
+    similar to that used by iperf2, which could help in recreating
+    results that might be affected by payload entropy (for example,
+    compression).
+  * -B now works properly with SCTP tests.
+  * A compile fix for Solaris 10 was added.
+  * Some minor bug fixes for JSON output.  In particular, warnings for
+    debug and/or verbose modes with --json output and a fix for
+    JSON output on CentOS 6
kernel-64kb
+- x86/sev: Make enc_dec_hypercall() accept a size instead of
+  npages (bsc#1214635).
+- commit c11336f
+
+- Drop amdgpu patch causing spamming (bsc#1215523)
+  Deleted:
+  patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch.
+- commit 2351f50
+
+- USB: core: Change usb_get_device_descriptor() API (bsc#1213123
+  CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552).
+  Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk)
+  Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context)
+- commit be6100d
+
kernel-debug
+- x86/sev: Make enc_dec_hypercall() accept a size instead of
+  npages (bsc#1214635).
+- commit c11336f
+
+- Drop amdgpu patch causing spamming (bsc#1215523)
+  Deleted:
+  patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch.
+- commit 2351f50
+
+- USB: core: Change usb_get_device_descriptor() API (bsc#1213123
+  CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552).
+  Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk)
+  Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context)
+- commit be6100d
+
kernel-default
+- x86/sev: Make enc_dec_hypercall() accept a size instead of
+  npages (bsc#1214635).
+- commit c11336f
+
+- Drop amdgpu patch causing spamming (bsc#1215523)
+  Deleted:
+  patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch.
+- commit 2351f50
+
+- USB: core: Change usb_get_device_descriptor() API (bsc#1213123
+  CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552).
+  Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk)
+  Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context)
+- commit be6100d
+
kernel-docs
+- x86/sev: Make enc_dec_hypercall() accept a size instead of
+  npages (bsc#1214635).
+- commit c11336f
+
+- Drop amdgpu patch causing spamming (bsc#1215523)
+  Deleted:
+  patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch.
+- commit 2351f50
+
+- USB: core: Change usb_get_device_descriptor() API (bsc#1213123
+  CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552).
+  Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk)
+  Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context)
+- commit be6100d
+
kernel-kvmsmall
+- x86/sev: Make enc_dec_hypercall() accept a size instead of
+  npages (bsc#1214635).
+- commit c11336f
+
+- Drop amdgpu patch causing spamming (bsc#1215523)
+  Deleted:
+  patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch.
+- commit 2351f50
+
+- USB: core: Change usb_get_device_descriptor() API (bsc#1213123
+  CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552).
+  Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk)
+  Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context)
+- commit be6100d
+
kernel-obs-build
+- x86/sev: Make enc_dec_hypercall() accept a size instead of
+  npages (bsc#1214635).
+- commit c11336f
+
+- Drop amdgpu patch causing spamming (bsc#1215523)
+  Deleted:
+  patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch.
+- commit 2351f50
+
+- USB: core: Change usb_get_device_descriptor() API (bsc#1213123
+  CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552).
+  Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk)
+  Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context)
+- commit be6100d
+
kernel-obs-qa
+- x86/sev: Make enc_dec_hypercall() accept a size instead of
+  npages (bsc#1214635).
+- commit c11336f
+
+- Drop amdgpu patch causing spamming (bsc#1215523)
+  Deleted:
+  patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch.
+- commit 2351f50
+
+- USB: core: Change usb_get_device_descriptor() API (bsc#1213123
+  CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552).
+  Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk)
+  Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context)
+- commit be6100d
+
kernel-rt
+- x86/sev: Make enc_dec_hypercall() accept a size instead of
+  npages (bsc#1214635).
+- commit 1e4ccee
+
+- Drop amdgpu patch causing spamming (bsc#1215523)
+  Deleted:
+  patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch.
+- commit c753869
+
+- USB: core: Change usb_get_device_descriptor() API (bsc#1213123
+  CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552).
+  Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk)
+  Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context)
+- commit 988a527
+
+- Rename colliding patches before merging SLE15-SP4
+- commit 6493f7c
+
+- blacklist.conf: Append 'Revert "fbcon: Use kzalloc() in fbcon_prepare_logo()"'
+- commit 501bd2e
+
+- blacklist.conf: Append 'video/aperture: Only remove sysfb on the default vga pci device'
+- commit bfaaaff
+
+- blacklist.conf: Append 'parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory()'
+- commit 30a9db6
+
+- blacklist.conf: Append 'parisc/agp: Annotate parisc agp init functions with __init'
+- commit 9eb45cc
+
+- ata: libata: disallow dev-initiated LPM transitions to
+  unsupported states (git-fixes).
+- i2c: aspeed: Reset the i2c controller when timeout occurs
+  (git-fixes).
+- selftests: tracing: Fix to unmount tracefs for recovering
+  environment (git-fixes).
+- drm/amd/display: fix the white screen issue when >= 64GB DRAM
+  (git-fixes).
+- drm: gm12u320: Fix the timeout usage for usb_bulk_msg()
+  (git-fixes).
+- commit 1f4e814
+
+- btrfs: don't hold CPU for too long when defragging a file
+  (bsc#1214988).
+- commit 9b89645
+
+- 9p/xen : Fix use after free bug in xen_9pfs_front_remove due
+  to race condition (bsc#1215206, CVE-2023-1859).
+- commit f333aa7
+
+- netfilter: nftables: exthdr: fix 4-byte stack OOB write
+  (CVE-2023-4881 bsc#1215221).
+- commit 0de26c1
+
+- sctp: leave the err path free in sctp_stream_init to
+  sctp_stream_free (CVE-2023-2177 bsc#1210643).
+- commit 337b7d8
+
+- s390/ipl: add loadparm parameter to eckd ipl/reipl data
+  (jsc#PED-2023).
+- commit 364a30d
+
+- s390/ipl: add DEFINE_GENERIC_LOADPARM() (jsc#PED-2023).
+- commit cd6d27a
+
+- s390/ipl: use octal values instead of S_* macros (jsc#PED-2023).
+- commit db2ef83
+
+- kabi: hide changes in enum ipl_type and struct sclp_info
+  (jsc#PED-2023 jsc#PED-2025).
+- commit b6fb6b6
+
+- s390/ipl: add eckd dump support (jsc#PED-2025).
+- commit 0961d1f
+
+- platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events
+  (git-fixes).
+- platform/mellanox: mlxbf-pmc: Fix potential buffer overflows
+  (git-fixes).
+- platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes).
+- platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more
+  descriptors (git-fixes).
+- kselftest/runner.sh: Propagate SIGTERM to runner child
+  (git-fixes).
+- commit 495d04f
+
+- s390/ipl: add eckd support (jsc#PED-2023).
+- commit 21b5156
+
+- Delete patches.suse/genksyms-add-override-flag.diff.
+  Unncessary after KBUILD_OVERRIDE removed.
+- commit 870adc7
+
+- s390/dasd: fix command reject error on ESE devices (LTC#203630
+  bsc#1215123 git-fixes).
+- commit 5862ca2
+
+- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
+- commit 5daff0f
+
+- rpm/kernel-binary.spec.in: Drop use of KBUILD_OVERRIDE=1
+  Genksyms has functionality to specify an override for each type in
+  a symtypes reference file. This override is then used instead of an
+  actual type and allows to preserve modversions (CRCs) of symbols that
+  reference the type. It is kind of an alternative to doing kABI fix-ups
+  with '#ifndef __GENKSYMS__'. The functionality is hidden behind the
+  genksyms --preserve option which primarily tells the tool to strictly
+  verify modversions against a given reference file or fail.
+  Downstream patch patches.suse/genksyms-add-override-flag.diff which is
+  present in various kernel-source branches separates the override logic.
+  It allows it to be enabled with a new --override flag and used without
+  specifying the --preserve option. Setting KBUILD_OVERRIDE=1 in the spec
+  file is then a way how the build is told that --override should be
+  passed to all invocations of genksyms. This was needed for SUSE kernels
+  because their build doesn't use --preserve but instead resulting CRCs
+  are later checked by scripts/kabi.pl.
+  However, this override functionality was not utilized much in practice
+  and the only use currently to be found is in SLE11-SP1-LTSS. It means
+  that no one should miss this option and KBUILD_OVERRIDE=1 together with
+  patches.suse/genksyms-add-override-flag.diff can be removed.
+  Notes for maintainers merging this commit to their branches:
+  * Downstream patch patches.suse/genksyms-add-override-flag.diff can be
+  dropped after merging this commit.
+  * Branch SLE11-SP1-LTSS uses the mentioned override functionality and
+  this commit should not be merged to it, or needs to be reverted
+  afterwards.
+- commit 4aa02b8
+
+- s390/dasd: fix hanging device after request requeue (git-fixes
+  LTC#203629 bsc#1215124).
+- commit 96b18bb
+
+- blacklist.conf: Add ef73dcaa3121 ("powerpc: xmon: remove unused variables")
+- commit 78179fa
+
+- powerpc/iommu: Fix notifiers being shared by PCI and VIO buses
+  (bsc#1065729).
+- powerpc/xics: Remove unnecessary endian conversion
+  (bsc#1065729).
+- word-at-a-time: use the same return type for has_zero regardless
+  of endianness (bsc#1065729).
+- commit bde8063
+
+- mlx4: Delete custom device management logic (bsc#1187236).
+- mlx4: Connect the infiniband part to the auxiliary bus
+  (bsc#1187236).
+- mlx4: Connect the ethernet part to the auxiliary bus
+  (bsc#1187236).
+- mlx4: Register mlx4 devices to an auxiliary virtual bus
+  (bsc#1187236).
+- mlx4: Avoid resetting MLX4_INTFF_BONDING per driver
+  (bsc#1187236).
+- mlx4: Move the bond work to the core driver (bsc#1187236).
+- mlx4: Get rid of the mlx4_interface.activate callback
+  (bsc#1187236).
+- mlx4: Replace the mlx4_interface.event callback with a notifier
+  (bsc#1187236).
+- commit 0aba257
+
+- mlx4: Use 'void *' as the event param of mlx4_dispatch_event()
+  (bsc#1187236).
+- mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236).
+- mlx4: Get rid of the mlx4_interface.get_dev callback
+  (bsc#1187236).
+- net/mlx4: Remove many unnecessary NULL values (bsc#1187236).
+- kabi/severities: ignore mlx4 internal symbols
+- tracing: Fix race issue between cpu buffer write and swap
+  (git-fixes).
+- tracing: Remove extra space at the end of hwlat_detector/mode
+  (git-fixes).
+- tracing: Remove unnecessary copying of tr->current_trace
+  (git-fixes).
+- bpf: Clear the probe_addr for uprobe (git-fixes).
+- commit 47e9584
+
+- x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes).
+- commit 74c2613
+
+- x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes).
+- commit a8877f3
+
+- x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes).
+- commit 670fb4d
+
+- x86/resctrl: Fix task CLOSID/RMID update race (git-fixes).
+- commit 9871c87
+
+- x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes).
+- commit 3949a2b
+
+- x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes).
+- commit 4534667
+
+- x86/sgx: Reduce delay and interference of enclave release (git-fixes).
+- commit ef6d157
+
+- x86/rtc: Remove __init for runtime functions (git-fixes).
+- commit 4511d93
+
+- x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes).
+- commit cb39678
+
+- x86/mce: Retrieve poison range from hardware (git-fixes).
+- commit c9f1ddb
+
+- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes).
+- commit 96d9365
+
+- x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes).
+- commit 12a2933
+
+- x86/resctl: fix scheduler confusion with 'current' (git-fixes).
+- commit 0d855b9
+
+- x86/purgatory: remove PGO flags (git-fixes).
+- commit 9d8ada6
+
+- x86/ioapic: Don't return 0 from arch_dynirq_lower_bound() (git-fixes).
+- commit ea0772f
+
+- x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes).
+- commit c1031f1
+
+- x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes).
+- commit bbfad26
+
+- x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes).
+- commit bf6d064
+
+- x86/cpu: Add Lunar Lake M (git-fixes).
+- commit 7ecc64d
+
+- x86/bugs: Reset speculation control settings on init (git-fixes).
+- commit 2a6dd8e
+
+- x86/boot/e820: Fix typo in e820.c comment (git-fixes).
+- commit ac06968
+
+- x86/alternative: Fix race in try_get_desc() (git-fixes).
+- commit d841323
+
+- uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes).
+- commit 11f0960
+
+- KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes).
+- commit cae635f
+
+- KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes).
+- commit 2a03ef8
+
+- Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset"
+  (git-fixes).
+- PCI: Free released resource after coalescing (git-fixes).
+- ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes).
+- ntb: Drop packets when qp link is down (git-fixes).
+- ntb: Clean up tx tail index on link down (git-fixes).
+- idr: fix param name in idr_alloc_cyclic() doc (git-fixes).
+- commit a1c9c68
+
+- x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (bsc#1206453).
+- arm64/hyperv: Use CPUHP_AP_HYPERV_ONLINE state to fix CPU online sequencing (bsc#1206453).
+- x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline (bsc#1206453).
+- commit 665fc14
+
+- ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42
+  codecs (git-fixes).
+- arm64: csum: Fix OoB access in IP checksum code for negative
+  lengths (git-fixes).
+- commit f43b75b
+
+- patches.suse/ovl-remove-privs-in-ovl_copyfile.patch:(git-fixes).
+- commit daa1815
+
+- s390/qeth: Don't call dev_close/dev_open (DOWN/UP) (bsc#1214873
+  git-fixes).
+- commit b0dc76c
+
+- s390/zcrypt: don't leak memory if dev_set_name() fails
+  (git-fixes bsc#1215148).
+- commit 62bce52
+
+- drm/amd/display: enable cursor degamma for DCN3+ DRM legacy
+  gamma (git-fixes).
+- drm/amd/display: Remove wait while locked (git-fixes).
+- drm/amd/display: Add smu write msg id fail retry process
+  (git-fixes).
+- drm/amd/display: register edp_backlight_control() for DCN301
+  (git-fixes).
+- drm/i915/gvt: Put the page reference obtained by KVM's
+  gfn_to_pfn() (git-fixes).
+- drm/i915/gvt: Verify pfn is "valid" before dereferencing
+  "struct page" (git-fixes).
+- commit 5618424
+
+- drm/amd/display: prevent potential division by zero errors
+  (git-fixes).
+- drm/i915: mark requests for GuC virtual engines to avoid
+  use-after-free (git-fixes).
+- net: phy: micrel: Correct bit assignments for phy_device flags
+  (git-fixes).
+- pwm: lpc32xx: Remove handling of PWM channels (git-fixes).
+- i3c: master: svc: fix probe failure when no i3c device exist
+  (git-fixes).
+- drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt()
+  (git-fixes).
+- commit 3aa0807
+
+- blacklist.conf: kABI
+- commit fe6afec
+
+- blacklist.conf: kABI
+- commit b1fabe7
+
+- blacklist.conf: kABI
+- commit c50e08f
+
+- Input: tca6416-keypad - fix interrupt enable disbalance
+  (git-fixes).
+- commit de27518
+
+- fs: do not update freeing inode i_io_list (bsc#1214813).
+- fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE
+  (bsc#1214813).
+- commit 2c1c38b
+
+- watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load
+  (git-fixes).
+- backlight: gpio_backlight: Drop output GPIO direction check
+  for initial power state (git-fixes).
+- USB: serial: option: add FOXCONN T99W368/T99W373 product
+  (git-fixes).
+- USB: serial: option: add Quectel EM05G variant (0x030e)
+  (git-fixes).
+- tcpm: Avoid soft reset when partner does not support get_status
+  (git-fixes).
+- usb: typec: tcpci: clear the fault status bit (git-fixes).
+- ARM: pxa: remove use of symbol_get() (git-fixes).
+- Bluetooth: btsdio: fix use after free bug in btsdio_remove
+  due to race condition (git-fixes).
+- usb: typec: tcpci: move tcpci.h to include/linux/usb/
+  (git-fixes).
+- commit 72d5b0f
+
+- blacklist.conf: add git-fix to ignore
+  this one removes unused kABI functions, but
+  just leave them in
+- commit 8007015
+
+- scsi: snic: Fix double free in snic_tgt_create() (git-fixes).
+- commit 1ed2b1b
+
+- blacklist.conf: 9011e49d54dc ("modules: only allow symbol_get of
+  EXPORT_SYMBOL_GPL modules") is not really fixing any existing bug.
+- commit 550f5fc
+
+- Move upstreamed pinctrl patch into sorted section
+- commit 38f70f2
+
+- Update References tag
+  patches.suse/Bluetooth-L2CAP-Fix-use-after-free-in-l2cap_sock_rea.patch
+  (git-fixes bsc#1214233 CVE-2023-40283).
+- commit 731b49d
+
+- ata: pata_falcon: fix IO base selection for Q40 (git-fixes).
+- ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes).
+- ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes).
+- kconfig: fix possible buffer overflow (git-fixes).
+- commit 4a140a1
+
+- scsi: qedf: Fix firmware halt over suspend and resume
+  (git-fixes).
+- scsi: qedi: Fix firmware halt over suspend and resume
+  (git-fixes).
+- scsi: snic: Fix possible memory leak if device_add() fails
+  (git-fixes).
+- scsi: core: Fix possible memory leak if device_add() fails
+  (git-fixes).
+- scsi: core: Fix legacy /proc parsing buffer overflow
+  (git-fixes).
+- scsi: 53c700: Check that command slot is not NULL (git-fixes).
+- scsi: fnic: Replace return codes in fnic_clean_pending_aborts()
+  (git-fixes).
+- scsi: scsi_debug: Remove dead code (git-fixes).
+- scsi: 3w-xxxx: Add error handling for initialization failure
+  in tw_probe() (git-fixes).
+- scsi: qedf: Fix NULL dereference in error handling (git-fixes).
+- commit f8c12c2
+
+- cifs: Fix UAF in cifs_demultiplex_thread() (bsc#1208995
+  CVE-2023-1192).
+- commit 542332a
+
+- blacklist.conf: add git-fix that breaks kabi
+- commit 8b9578b
+
+- scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE
+  (git-fixes).
+- scsi: lpfc: Modify when a node should be put in device recovery
+  mode during RSCN (git-fixes).
+- scsi: lpfc: Remove reftag check in DIF paths (git-fixes).
+- commit 8c191d2
+
+- scsi: qla2xxx: Remove unused variables in
+  qla24xx_build_scsi_type_6_iocbs() (bsc#1214928).
+- scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928).
+- Revert "scsi: qla2xxx: Fix buffer overrun" (bsc#1214928).
+- scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit()
+  (bsc#1214928).
+- scsi: qla2xxx: Remove unsupported ql2xenabledif option
+  (bsc#1214928).
+- scsi: qla2xxx: Error code did not return to upper layer
+  (bsc#1214928).
+- scsi: qla2xxx: Add logs for SFP temperature monitoring
+  (bsc#1214928).
+- scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928).
+- scsi: qla2xxx: Flush mailbox commands on chip reset
+  (bsc#1214928).
+- scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928).
+- scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928).
+- scsi: qla2xxx: Remove unused declarations (bsc#1214928).
+- commit 1dd6a86
+
+- series: update meta data
+  Move qla2xxx, lpcf, powerpc, net anc cpu patches into main section.
+- commit b5aafc0
+
kernel-rt_debug
+- x86/sev: Make enc_dec_hypercall() accept a size instead of
+  npages (bsc#1214635).
+- commit 1e4ccee
+
+- Drop amdgpu patch causing spamming (bsc#1215523)
+  Deleted:
+  patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch.
+- commit c753869
+
+- USB: core: Change usb_get_device_descriptor() API (bsc#1213123
+  CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552).
+  Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk)
+  Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context)
+- commit 988a527
+
+- Rename colliding patches before merging SLE15-SP4
+- commit 6493f7c
+
+- blacklist.conf: Append 'Revert "fbcon: Use kzalloc() in fbcon_prepare_logo()"'
+- commit 501bd2e
+
+- blacklist.conf: Append 'video/aperture: Only remove sysfb on the default vga pci device'
+- commit bfaaaff
+
+- blacklist.conf: Append 'parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory()'
+- commit 30a9db6
+
+- blacklist.conf: Append 'parisc/agp: Annotate parisc agp init functions with __init'
+- commit 9eb45cc
+
+- ata: libata: disallow dev-initiated LPM transitions to
+  unsupported states (git-fixes).
+- i2c: aspeed: Reset the i2c controller when timeout occurs
+  (git-fixes).
+- selftests: tracing: Fix to unmount tracefs for recovering
+  environment (git-fixes).
+- drm/amd/display: fix the white screen issue when >= 64GB DRAM
+  (git-fixes).
+- drm: gm12u320: Fix the timeout usage for usb_bulk_msg()
+  (git-fixes).
+- commit 1f4e814
+
+- btrfs: don't hold CPU for too long when defragging a file
+  (bsc#1214988).
+- commit 9b89645
+
+- 9p/xen : Fix use after free bug in xen_9pfs_front_remove due
+  to race condition (bsc#1215206, CVE-2023-1859).
+- commit f333aa7
+
+- netfilter: nftables: exthdr: fix 4-byte stack OOB write
+  (CVE-2023-4881 bsc#1215221).
+- commit 0de26c1
+
+- sctp: leave the err path free in sctp_stream_init to
+  sctp_stream_free (CVE-2023-2177 bsc#1210643).
+- commit 337b7d8
+
+- s390/ipl: add loadparm parameter to eckd ipl/reipl data
+  (jsc#PED-2023).
+- commit 364a30d
+
+- s390/ipl: add DEFINE_GENERIC_LOADPARM() (jsc#PED-2023).
+- commit cd6d27a
+
+- s390/ipl: use octal values instead of S_* macros (jsc#PED-2023).
+- commit db2ef83
+
+- kabi: hide changes in enum ipl_type and struct sclp_info
+  (jsc#PED-2023 jsc#PED-2025).
+- commit b6fb6b6
+
+- s390/ipl: add eckd dump support (jsc#PED-2025).
+- commit 0961d1f
+
+- platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events
+  (git-fixes).
+- platform/mellanox: mlxbf-pmc: Fix potential buffer overflows
+  (git-fixes).
+- platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes).
+- platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more
+  descriptors (git-fixes).
+- kselftest/runner.sh: Propagate SIGTERM to runner child
+  (git-fixes).
+- commit 495d04f
+
+- s390/ipl: add eckd support (jsc#PED-2023).
+- commit 21b5156
+
+- Delete patches.suse/genksyms-add-override-flag.diff.
+  Unncessary after KBUILD_OVERRIDE removed.
+- commit 870adc7
+
+- s390/dasd: fix command reject error on ESE devices (LTC#203630
+  bsc#1215123 git-fixes).
+- commit 5862ca2
+
+- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
+- commit 5daff0f
+
+- rpm/kernel-binary.spec.in: Drop use of KBUILD_OVERRIDE=1
+  Genksyms has functionality to specify an override for each type in
+  a symtypes reference file. This override is then used instead of an
+  actual type and allows to preserve modversions (CRCs) of symbols that
+  reference the type. It is kind of an alternative to doing kABI fix-ups
+  with '#ifndef __GENKSYMS__'. The functionality is hidden behind the
+  genksyms --preserve option which primarily tells the tool to strictly
+  verify modversions against a given reference file or fail.
+  Downstream patch patches.suse/genksyms-add-override-flag.diff which is
+  present in various kernel-source branches separates the override logic.
+  It allows it to be enabled with a new --override flag and used without
+  specifying the --preserve option. Setting KBUILD_OVERRIDE=1 in the spec
+  file is then a way how the build is told that --override should be
+  passed to all invocations of genksyms. This was needed for SUSE kernels
+  because their build doesn't use --preserve but instead resulting CRCs
+  are later checked by scripts/kabi.pl.
+  However, this override functionality was not utilized much in practice
+  and the only use currently to be found is in SLE11-SP1-LTSS. It means
+  that no one should miss this option and KBUILD_OVERRIDE=1 together with
+  patches.suse/genksyms-add-override-flag.diff can be removed.
+  Notes for maintainers merging this commit to their branches:
+  * Downstream patch patches.suse/genksyms-add-override-flag.diff can be
+  dropped after merging this commit.
+  * Branch SLE11-SP1-LTSS uses the mentioned override functionality and
+  this commit should not be merged to it, or needs to be reverted
+  afterwards.
+- commit 4aa02b8
+
+- s390/dasd: fix hanging device after request requeue (git-fixes
+  LTC#203629 bsc#1215124).
+- commit 96b18bb
+
+- blacklist.conf: Add ef73dcaa3121 ("powerpc: xmon: remove unused variables")
+- commit 78179fa
+
+- powerpc/iommu: Fix notifiers being shared by PCI and VIO buses
+  (bsc#1065729).
+- powerpc/xics: Remove unnecessary endian conversion
+  (bsc#1065729).
+- word-at-a-time: use the same return type for has_zero regardless
+  of endianness (bsc#1065729).
+- commit bde8063
+
+- mlx4: Delete custom device management logic (bsc#1187236).
+- mlx4: Connect the infiniband part to the auxiliary bus
+  (bsc#1187236).
+- mlx4: Connect the ethernet part to the auxiliary bus
+  (bsc#1187236).
+- mlx4: Register mlx4 devices to an auxiliary virtual bus
+  (bsc#1187236).
+- mlx4: Avoid resetting MLX4_INTFF_BONDING per driver
+  (bsc#1187236).
+- mlx4: Move the bond work to the core driver (bsc#1187236).
+- mlx4: Get rid of the mlx4_interface.activate callback
+  (bsc#1187236).
+- mlx4: Replace the mlx4_interface.event callback with a notifier
+  (bsc#1187236).
+- commit 0aba257
+
+- mlx4: Use 'void *' as the event param of mlx4_dispatch_event()
+  (bsc#1187236).
+- mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236).
+- mlx4: Get rid of the mlx4_interface.get_dev callback
+  (bsc#1187236).
+- net/mlx4: Remove many unnecessary NULL values (bsc#1187236).
+- kabi/severities: ignore mlx4 internal symbols
+- tracing: Fix race issue between cpu buffer write and swap
+  (git-fixes).
+- tracing: Remove extra space at the end of hwlat_detector/mode
+  (git-fixes).
+- tracing: Remove unnecessary copying of tr->current_trace
+  (git-fixes).
+- bpf: Clear the probe_addr for uprobe (git-fixes).
+- commit 47e9584
+
+- x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes).
+- commit 74c2613
+
+- x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes).
+- commit a8877f3
+
+- x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes).
+- commit 670fb4d
+
+- x86/resctrl: Fix task CLOSID/RMID update race (git-fixes).
+- commit 9871c87
+
+- x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes).
+- commit 3949a2b
+
+- x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes).
+- commit 4534667
+
+- x86/sgx: Reduce delay and interference of enclave release (git-fixes).
+- commit ef6d157
+
+- x86/rtc: Remove __init for runtime functions (git-fixes).
+- commit 4511d93
+
+- x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes).
+- commit cb39678
+
+- x86/mce: Retrieve poison range from hardware (git-fixes).
+- commit c9f1ddb
+
+- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes).
+- commit 96d9365
+
+- x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes).
+- commit 12a2933
+
+- x86/resctl: fix scheduler confusion with 'current' (git-fixes).
+- commit 0d855b9
+
+- x86/purgatory: remove PGO flags (git-fixes).
+- commit 9d8ada6
+
+- x86/ioapic: Don't return 0 from arch_dynirq_lower_bound() (git-fixes).
+- commit ea0772f
+
+- x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes).
+- commit c1031f1
+
+- x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes).
+- commit bbfad26
+
+- x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes).
+- commit bf6d064
+
+- x86/cpu: Add Lunar Lake M (git-fixes).
+- commit 7ecc64d
+
+- x86/bugs: Reset speculation control settings on init (git-fixes).
+- commit 2a6dd8e
+
+- x86/boot/e820: Fix typo in e820.c comment (git-fixes).
+- commit ac06968
+
+- x86/alternative: Fix race in try_get_desc() (git-fixes).
+- commit d841323
+
+- uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes).
+- commit 11f0960
+
+- KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes).
+- commit cae635f
+
+- KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes).
+- commit 2a03ef8
+
+- Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset"
+  (git-fixes).
+- PCI: Free released resource after coalescing (git-fixes).
+- ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes).
+- ntb: Drop packets when qp link is down (git-fixes).
+- ntb: Clean up tx tail index on link down (git-fixes).
+- idr: fix param name in idr_alloc_cyclic() doc (git-fixes).
+- commit a1c9c68
+
+- x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (bsc#1206453).
+- arm64/hyperv: Use CPUHP_AP_HYPERV_ONLINE state to fix CPU online sequencing (bsc#1206453).
+- x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline (bsc#1206453).
+- commit 665fc14
+
+- ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42
+  codecs (git-fixes).
+- arm64: csum: Fix OoB access in IP checksum code for negative
+  lengths (git-fixes).
+- commit f43b75b
+
+- patches.suse/ovl-remove-privs-in-ovl_copyfile.patch:(git-fixes).
+- commit daa1815
+
+- s390/qeth: Don't call dev_close/dev_open (DOWN/UP) (bsc#1214873
+  git-fixes).
+- commit b0dc76c
+
+- s390/zcrypt: don't leak memory if dev_set_name() fails
+  (git-fixes bsc#1215148).
+- commit 62bce52
+
+- drm/amd/display: enable cursor degamma for DCN3+ DRM legacy
+  gamma (git-fixes).
+- drm/amd/display: Remove wait while locked (git-fixes).
+- drm/amd/display: Add smu write msg id fail retry process
+  (git-fixes).
+- drm/amd/display: register edp_backlight_control() for DCN301
+  (git-fixes).
+- drm/i915/gvt: Put the page reference obtained by KVM's
+  gfn_to_pfn() (git-fixes).
+- drm/i915/gvt: Verify pfn is "valid" before dereferencing
+  "struct page" (git-fixes).
+- commit 5618424
+
+- drm/amd/display: prevent potential division by zero errors
+  (git-fixes).
+- drm/i915: mark requests for GuC virtual engines to avoid
+  use-after-free (git-fixes).
+- net: phy: micrel: Correct bit assignments for phy_device flags
+  (git-fixes).
+- pwm: lpc32xx: Remove handling of PWM channels (git-fixes).
+- i3c: master: svc: fix probe failure when no i3c device exist
+  (git-fixes).
+- drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt()
+  (git-fixes).
+- commit 3aa0807
+
+- blacklist.conf: kABI
+- commit fe6afec
+
+- blacklist.conf: kABI
+- commit b1fabe7
+
+- blacklist.conf: kABI
+- commit c50e08f
+
+- Input: tca6416-keypad - fix interrupt enable disbalance
+  (git-fixes).
+- commit de27518
+
+- fs: do not update freeing inode i_io_list (bsc#1214813).
+- fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE
+  (bsc#1214813).
+- commit 2c1c38b
+
+- watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load
+  (git-fixes).
+- backlight: gpio_backlight: Drop output GPIO direction check
+  for initial power state (git-fixes).
+- USB: serial: option: add FOXCONN T99W368/T99W373 product
+  (git-fixes).
+- USB: serial: option: add Quectel EM05G variant (0x030e)
+  (git-fixes).
+- tcpm: Avoid soft reset when partner does not support get_status
+  (git-fixes).
+- usb: typec: tcpci: clear the fault status bit (git-fixes).
+- ARM: pxa: remove use of symbol_get() (git-fixes).
+- Bluetooth: btsdio: fix use after free bug in btsdio_remove
+  due to race condition (git-fixes).
+- usb: typec: tcpci: move tcpci.h to include/linux/usb/
+  (git-fixes).
+- commit 72d5b0f
+
+- blacklist.conf: add git-fix to ignore
+  this one removes unused kABI functions, but
+  just leave them in
+- commit 8007015
+
+- scsi: snic: Fix double free in snic_tgt_create() (git-fixes).
+- commit 1ed2b1b
+
+- blacklist.conf: 9011e49d54dc ("modules: only allow symbol_get of
+  EXPORT_SYMBOL_GPL modules") is not really fixing any existing bug.
+- commit 550f5fc
+
+- Move upstreamed pinctrl patch into sorted section
+- commit 38f70f2
+
+- Update References tag
+  patches.suse/Bluetooth-L2CAP-Fix-use-after-free-in-l2cap_sock_rea.patch
+  (git-fixes bsc#1214233 CVE-2023-40283).
+- commit 731b49d
+
+- ata: pata_falcon: fix IO base selection for Q40 (git-fixes).
+- ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes).
+- ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes).
+- kconfig: fix possible buffer overflow (git-fixes).
+- commit 4a140a1
+
+- scsi: qedf: Fix firmware halt over suspend and resume
+  (git-fixes).
+- scsi: qedi: Fix firmware halt over suspend and resume
+  (git-fixes).
+- scsi: snic: Fix possible memory leak if device_add() fails
+  (git-fixes).
+- scsi: core: Fix possible memory leak if device_add() fails
+  (git-fixes).
+- scsi: core: Fix legacy /proc parsing buffer overflow
+  (git-fixes).
+- scsi: 53c700: Check that command slot is not NULL (git-fixes).
+- scsi: fnic: Replace return codes in fnic_clean_pending_aborts()
+  (git-fixes).
+- scsi: scsi_debug: Remove dead code (git-fixes).
+- scsi: 3w-xxxx: Add error handling for initialization failure
+  in tw_probe() (git-fixes).
+- scsi: qedf: Fix NULL dereference in error handling (git-fixes).
+- commit f8c12c2
+
+- cifs: Fix UAF in cifs_demultiplex_thread() (bsc#1208995
+  CVE-2023-1192).
+- commit 542332a
+
+- blacklist.conf: add git-fix that breaks kabi
+- commit 8b9578b
+
+- scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE
+  (git-fixes).
+- scsi: lpfc: Modify when a node should be put in device recovery
+  mode during RSCN (git-fixes).
+- scsi: lpfc: Remove reftag check in DIF paths (git-fixes).
+- commit 8c191d2
+
+- scsi: qla2xxx: Remove unused variables in
+  qla24xx_build_scsi_type_6_iocbs() (bsc#1214928).
+- scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928).
+- Revert "scsi: qla2xxx: Fix buffer overrun" (bsc#1214928).
+- scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit()
+  (bsc#1214928).
+- scsi: qla2xxx: Remove unsupported ql2xenabledif option
+  (bsc#1214928).
+- scsi: qla2xxx: Error code did not return to upper layer
+  (bsc#1214928).
+- scsi: qla2xxx: Add logs for SFP temperature monitoring
+  (bsc#1214928).
+- scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928).
+- scsi: qla2xxx: Flush mailbox commands on chip reset
+  (bsc#1214928).
+- scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928).
+- scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928).
+- scsi: qla2xxx: Remove unused declarations (bsc#1214928).
+- commit 1dd6a86
+
+- series: update meta data
+  Move qla2xxx, lpcf, powerpc, net anc cpu patches into main section.
+- commit b5aafc0
+
kernel-source
+- x86/sev: Make enc_dec_hypercall() accept a size instead of
+  npages (bsc#1214635).
+- commit c11336f
+
+- Drop amdgpu patch causing spamming (bsc#1215523)
+  Deleted:
+  patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch.
+- commit 2351f50
+
+- USB: core: Change usb_get_device_descriptor() API (bsc#1213123
+  CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552).
+  Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk)
+  Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context)
+- commit be6100d
+
kernel-source-rt
+- x86/sev: Make enc_dec_hypercall() accept a size instead of
+  npages (bsc#1214635).
+- commit 1e4ccee
+
+- Drop amdgpu patch causing spamming (bsc#1215523)
+  Deleted:
+  patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch.
+- commit c753869
+
+- USB: core: Change usb_get_device_descriptor() API (bsc#1213123
+  CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552).
+  Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk)
+  Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context)
+- commit 988a527
+
+- Rename colliding patches before merging SLE15-SP4
+- commit 6493f7c
+
+- blacklist.conf: Append 'Revert "fbcon: Use kzalloc() in fbcon_prepare_logo()"'
+- commit 501bd2e
+
+- blacklist.conf: Append 'video/aperture: Only remove sysfb on the default vga pci device'
+- commit bfaaaff
+
+- blacklist.conf: Append 'parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory()'
+- commit 30a9db6
+
+- blacklist.conf: Append 'parisc/agp: Annotate parisc agp init functions with __init'
+- commit 9eb45cc
+
+- ata: libata: disallow dev-initiated LPM transitions to
+  unsupported states (git-fixes).
+- i2c: aspeed: Reset the i2c controller when timeout occurs
+  (git-fixes).
+- selftests: tracing: Fix to unmount tracefs for recovering
+  environment (git-fixes).
+- drm/amd/display: fix the white screen issue when >= 64GB DRAM
+  (git-fixes).
+- drm: gm12u320: Fix the timeout usage for usb_bulk_msg()
+  (git-fixes).
+- commit 1f4e814
+
+- btrfs: don't hold CPU for too long when defragging a file
+  (bsc#1214988).
+- commit 9b89645
+
+- 9p/xen : Fix use after free bug in xen_9pfs_front_remove due
+  to race condition (bsc#1215206, CVE-2023-1859).
+- commit f333aa7
+
+- netfilter: nftables: exthdr: fix 4-byte stack OOB write
+  (CVE-2023-4881 bsc#1215221).
+- commit 0de26c1
+
+- sctp: leave the err path free in sctp_stream_init to
+  sctp_stream_free (CVE-2023-2177 bsc#1210643).
+- commit 337b7d8
+
+- s390/ipl: add loadparm parameter to eckd ipl/reipl data
+  (jsc#PED-2023).
+- commit 364a30d
+
+- s390/ipl: add DEFINE_GENERIC_LOADPARM() (jsc#PED-2023).
+- commit cd6d27a
+
+- s390/ipl: use octal values instead of S_* macros (jsc#PED-2023).
+- commit db2ef83
+
+- kabi: hide changes in enum ipl_type and struct sclp_info
+  (jsc#PED-2023 jsc#PED-2025).
+- commit b6fb6b6
+
+- s390/ipl: add eckd dump support (jsc#PED-2025).
+- commit 0961d1f
+
+- platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events
+  (git-fixes).
+- platform/mellanox: mlxbf-pmc: Fix potential buffer overflows
+  (git-fixes).
+- platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes).
+- platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more
+  descriptors (git-fixes).
+- kselftest/runner.sh: Propagate SIGTERM to runner child
+  (git-fixes).
+- commit 495d04f
+
+- s390/ipl: add eckd support (jsc#PED-2023).
+- commit 21b5156
+
+- Delete patches.suse/genksyms-add-override-flag.diff.
+  Unncessary after KBUILD_OVERRIDE removed.
+- commit 870adc7
+
+- s390/dasd: fix command reject error on ESE devices (LTC#203630
+  bsc#1215123 git-fixes).
+- commit 5862ca2
+
+- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
+- commit 5daff0f
+
+- rpm/kernel-binary.spec.in: Drop use of KBUILD_OVERRIDE=1
+  Genksyms has functionality to specify an override for each type in
+  a symtypes reference file. This override is then used instead of an
+  actual type and allows to preserve modversions (CRCs) of symbols that
+  reference the type. It is kind of an alternative to doing kABI fix-ups
+  with '#ifndef __GENKSYMS__'. The functionality is hidden behind the
+  genksyms --preserve option which primarily tells the tool to strictly
+  verify modversions against a given reference file or fail.
+  Downstream patch patches.suse/genksyms-add-override-flag.diff which is
+  present in various kernel-source branches separates the override logic.
+  It allows it to be enabled with a new --override flag and used without
+  specifying the --preserve option. Setting KBUILD_OVERRIDE=1 in the spec
+  file is then a way how the build is told that --override should be
+  passed to all invocations of genksyms. This was needed for SUSE kernels
+  because their build doesn't use --preserve but instead resulting CRCs
+  are later checked by scripts/kabi.pl.
+  However, this override functionality was not utilized much in practice
+  and the only use currently to be found is in SLE11-SP1-LTSS. It means
+  that no one should miss this option and KBUILD_OVERRIDE=1 together with
+  patches.suse/genksyms-add-override-flag.diff can be removed.
+  Notes for maintainers merging this commit to their branches:
+  * Downstream patch patches.suse/genksyms-add-override-flag.diff can be
+  dropped after merging this commit.
+  * Branch SLE11-SP1-LTSS uses the mentioned override functionality and
+  this commit should not be merged to it, or needs to be reverted
+  afterwards.
+- commit 4aa02b8
+
+- s390/dasd: fix hanging device after request requeue (git-fixes
+  LTC#203629 bsc#1215124).
+- commit 96b18bb
+
+- blacklist.conf: Add ef73dcaa3121 ("powerpc: xmon: remove unused variables")
+- commit 78179fa
+
+- powerpc/iommu: Fix notifiers being shared by PCI and VIO buses
+  (bsc#1065729).
+- powerpc/xics: Remove unnecessary endian conversion
+  (bsc#1065729).
+- word-at-a-time: use the same return type for has_zero regardless
+  of endianness (bsc#1065729).
+- commit bde8063
+
+- mlx4: Delete custom device management logic (bsc#1187236).
+- mlx4: Connect the infiniband part to the auxiliary bus
+  (bsc#1187236).
+- mlx4: Connect the ethernet part to the auxiliary bus
+  (bsc#1187236).
+- mlx4: Register mlx4 devices to an auxiliary virtual bus
+  (bsc#1187236).
+- mlx4: Avoid resetting MLX4_INTFF_BONDING per driver
+  (bsc#1187236).
+- mlx4: Move the bond work to the core driver (bsc#1187236).
+- mlx4: Get rid of the mlx4_interface.activate callback
+  (bsc#1187236).
+- mlx4: Replace the mlx4_interface.event callback with a notifier
+  (bsc#1187236).
+- commit 0aba257
+
+- mlx4: Use 'void *' as the event param of mlx4_dispatch_event()
+  (bsc#1187236).
+- mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236).
+- mlx4: Get rid of the mlx4_interface.get_dev callback
+  (bsc#1187236).
+- net/mlx4: Remove many unnecessary NULL values (bsc#1187236).
+- kabi/severities: ignore mlx4 internal symbols
+- tracing: Fix race issue between cpu buffer write and swap
+  (git-fixes).
+- tracing: Remove extra space at the end of hwlat_detector/mode
+  (git-fixes).
+- tracing: Remove unnecessary copying of tr->current_trace
+  (git-fixes).
+- bpf: Clear the probe_addr for uprobe (git-fixes).
+- commit 47e9584
+
+- x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes).
+- commit 74c2613
+
+- x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes).
+- commit a8877f3
+
+- x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes).
+- commit 670fb4d
+
+- x86/resctrl: Fix task CLOSID/RMID update race (git-fixes).
+- commit 9871c87
+
+- x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes).
+- commit 3949a2b
+
+- x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes).
+- commit 4534667
+
+- x86/sgx: Reduce delay and interference of enclave release (git-fixes).
+- commit ef6d157
+
+- x86/rtc: Remove __init for runtime functions (git-fixes).
+- commit 4511d93
+
+- x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes).
+- commit cb39678
+
+- x86/mce: Retrieve poison range from hardware (git-fixes).
+- commit c9f1ddb
+
+- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes).
+- commit 96d9365
+
+- x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes).
+- commit 12a2933
+
+- x86/resctl: fix scheduler confusion with 'current' (git-fixes).
+- commit 0d855b9
+
+- x86/purgatory: remove PGO flags (git-fixes).
+- commit 9d8ada6
+
+- x86/ioapic: Don't return 0 from arch_dynirq_lower_bound() (git-fixes).
+- commit ea0772f
+
+- x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes).
+- commit c1031f1
+
+- x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes).
+- commit bbfad26
+
+- x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes).
+- commit bf6d064
+
+- x86/cpu: Add Lunar Lake M (git-fixes).
+- commit 7ecc64d
+
+- x86/bugs: Reset speculation control settings on init (git-fixes).
+- commit 2a6dd8e
+
+- x86/boot/e820: Fix typo in e820.c comment (git-fixes).
+- commit ac06968
+
+- x86/alternative: Fix race in try_get_desc() (git-fixes).
+- commit d841323
+
+- uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes).
+- commit 11f0960
+
+- KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes).
+- commit cae635f
+
+- KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes).
+- commit 2a03ef8
+
+- Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset"
+  (git-fixes).
+- PCI: Free released resource after coalescing (git-fixes).
+- ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes).
+- ntb: Drop packets when qp link is down (git-fixes).
+- ntb: Clean up tx tail index on link down (git-fixes).
+- idr: fix param name in idr_alloc_cyclic() doc (git-fixes).
+- commit a1c9c68
+
+- x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (bsc#1206453).
+- arm64/hyperv: Use CPUHP_AP_HYPERV_ONLINE state to fix CPU online sequencing (bsc#1206453).
+- x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline (bsc#1206453).
+- commit 665fc14
+
+- ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42
+  codecs (git-fixes).
+- arm64: csum: Fix OoB access in IP checksum code for negative
+  lengths (git-fixes).
+- commit f43b75b
+
+- patches.suse/ovl-remove-privs-in-ovl_copyfile.patch:(git-fixes).
+- commit daa1815
+
+- s390/qeth: Don't call dev_close/dev_open (DOWN/UP) (bsc#1214873
+  git-fixes).
+- commit b0dc76c
+
+- s390/zcrypt: don't leak memory if dev_set_name() fails
+  (git-fixes bsc#1215148).
+- commit 62bce52
+
+- drm/amd/display: enable cursor degamma for DCN3+ DRM legacy
+  gamma (git-fixes).
+- drm/amd/display: Remove wait while locked (git-fixes).
+- drm/amd/display: Add smu write msg id fail retry process
+  (git-fixes).
+- drm/amd/display: register edp_backlight_control() for DCN301
+  (git-fixes).
+- drm/i915/gvt: Put the page reference obtained by KVM's
+  gfn_to_pfn() (git-fixes).
+- drm/i915/gvt: Verify pfn is "valid" before dereferencing
+  "struct page" (git-fixes).
+- commit 5618424
+
+- drm/amd/display: prevent potential division by zero errors
+  (git-fixes).
+- drm/i915: mark requests for GuC virtual engines to avoid
+  use-after-free (git-fixes).
+- net: phy: micrel: Correct bit assignments for phy_device flags
+  (git-fixes).
+- pwm: lpc32xx: Remove handling of PWM channels (git-fixes).
+- i3c: master: svc: fix probe failure when no i3c device exist
+  (git-fixes).
+- drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt()
+  (git-fixes).
+- commit 3aa0807
+
+- blacklist.conf: kABI
+- commit fe6afec
+
+- blacklist.conf: kABI
+- commit b1fabe7
+
+- blacklist.conf: kABI
+- commit c50e08f
+
+- Input: tca6416-keypad - fix interrupt enable disbalance
+  (git-fixes).
+- commit de27518
+
+- fs: do not update freeing inode i_io_list (bsc#1214813).
+- fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE
+  (bsc#1214813).
+- commit 2c1c38b
+
+- watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load
+  (git-fixes).
+- backlight: gpio_backlight: Drop output GPIO direction check
+  for initial power state (git-fixes).
+- USB: serial: option: add FOXCONN T99W368/T99W373 product
+  (git-fixes).
+- USB: serial: option: add Quectel EM05G variant (0x030e)
+  (git-fixes).
+- tcpm: Avoid soft reset when partner does not support get_status
+  (git-fixes).
+- usb: typec: tcpci: clear the fault status bit (git-fixes).
+- ARM: pxa: remove use of symbol_get() (git-fixes).
+- Bluetooth: btsdio: fix use after free bug in btsdio_remove
+  due to race condition (git-fixes).
+- usb: typec: tcpci: move tcpci.h to include/linux/usb/
+  (git-fixes).
+- commit 72d5b0f
+
+- blacklist.conf: add git-fix to ignore
+  this one removes unused kABI functions, but
+  just leave them in
+- commit 8007015
+
+- scsi: snic: Fix double free in snic_tgt_create() (git-fixes).
+- commit 1ed2b1b
+
+- blacklist.conf: 9011e49d54dc ("modules: only allow symbol_get of
+  EXPORT_SYMBOL_GPL modules") is not really fixing any existing bug.
+- commit 550f5fc
+
+- Move upstreamed pinctrl patch into sorted section
+- commit 38f70f2
+
+- Update References tag
+  patches.suse/Bluetooth-L2CAP-Fix-use-after-free-in-l2cap_sock_rea.patch
+  (git-fixes bsc#1214233 CVE-2023-40283).
+- commit 731b49d
+
+- ata: pata_falcon: fix IO base selection for Q40 (git-fixes).
+- ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes).
+- ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes).
+- kconfig: fix possible buffer overflow (git-fixes).
+- commit 4a140a1
+
+- scsi: qedf: Fix firmware halt over suspend and resume
+  (git-fixes).
+- scsi: qedi: Fix firmware halt over suspend and resume
+  (git-fixes).
+- scsi: snic: Fix possible memory leak if device_add() fails
+  (git-fixes).
+- scsi: core: Fix possible memory leak if device_add() fails
+  (git-fixes).
+- scsi: core: Fix legacy /proc parsing buffer overflow
+  (git-fixes).
+- scsi: 53c700: Check that command slot is not NULL (git-fixes).
+- scsi: fnic: Replace return codes in fnic_clean_pending_aborts()
+  (git-fixes).
+- scsi: scsi_debug: Remove dead code (git-fixes).
+- scsi: 3w-xxxx: Add error handling for initialization failure
+  in tw_probe() (git-fixes).
+- scsi: qedf: Fix NULL dereference in error handling (git-fixes).
+- commit f8c12c2
+
+- cifs: Fix UAF in cifs_demultiplex_thread() (bsc#1208995
+  CVE-2023-1192).
+- commit 542332a
+
+- blacklist.conf: add git-fix that breaks kabi
+- commit 8b9578b
+
+- scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE
+  (git-fixes).
+- scsi: lpfc: Modify when a node should be put in device recovery
+  mode during RSCN (git-fixes).
+- scsi: lpfc: Remove reftag check in DIF paths (git-fixes).
+- commit 8c191d2
+
+- scsi: qla2xxx: Remove unused variables in
+  qla24xx_build_scsi_type_6_iocbs() (bsc#1214928).
+- scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928).
+- Revert "scsi: qla2xxx: Fix buffer overrun" (bsc#1214928).
+- scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit()
+  (bsc#1214928).
+- scsi: qla2xxx: Remove unsupported ql2xenabledif option
+  (bsc#1214928).
+- scsi: qla2xxx: Error code did not return to upper layer
+  (bsc#1214928).
+- scsi: qla2xxx: Add logs for SFP temperature monitoring
+  (bsc#1214928).
+- scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928).
+- scsi: qla2xxx: Flush mailbox commands on chip reset
+  (bsc#1214928).
+- scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928).
+- scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928).
+- scsi: qla2xxx: Remove unused declarations (bsc#1214928).
+- commit 1dd6a86
+
+- series: update meta data
+  Move qla2xxx, lpcf, powerpc, net anc cpu patches into main section.
+- commit b5aafc0
+
kernel-syms
+- x86/sev: Make enc_dec_hypercall() accept a size instead of
+  npages (bsc#1214635).
+- commit c11336f
+
+- Drop amdgpu patch causing spamming (bsc#1215523)
+  Deleted:
+  patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch.
+- commit 2351f50
+
+- USB: core: Change usb_get_device_descriptor() API (bsc#1213123
+  CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552).
+  Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk)
+  Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context)
+- commit be6100d
+
kernel-syms-rt
+- x86/sev: Make enc_dec_hypercall() accept a size instead of
+  npages (bsc#1214635).
+- commit 1e4ccee
+
+- Drop amdgpu patch causing spamming (bsc#1215523)
+  Deleted:
+  patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch.
+- commit c753869
+
+- USB: core: Change usb_get_device_descriptor() API (bsc#1213123
+  CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552).
+  Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk)
+  Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context)
+- commit 988a527
+
+- Rename colliding patches before merging SLE15-SP4
+- commit 6493f7c
+
+- blacklist.conf: Append 'Revert "fbcon: Use kzalloc() in fbcon_prepare_logo()"'
+- commit 501bd2e
+
+- blacklist.conf: Append 'video/aperture: Only remove sysfb on the default vga pci device'
+- commit bfaaaff
+
+- blacklist.conf: Append 'parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory()'
+- commit 30a9db6
+
+- blacklist.conf: Append 'parisc/agp: Annotate parisc agp init functions with __init'
+- commit 9eb45cc
+
+- ata: libata: disallow dev-initiated LPM transitions to
+  unsupported states (git-fixes).
+- i2c: aspeed: Reset the i2c controller when timeout occurs
+  (git-fixes).
+- selftests: tracing: Fix to unmount tracefs for recovering
+  environment (git-fixes).
+- drm/amd/display: fix the white screen issue when >= 64GB DRAM
+  (git-fixes).
+- drm: gm12u320: Fix the timeout usage for usb_bulk_msg()
+  (git-fixes).
+- commit 1f4e814
+
+- btrfs: don't hold CPU for too long when defragging a file
+  (bsc#1214988).
+- commit 9b89645
+
+- 9p/xen : Fix use after free bug in xen_9pfs_front_remove due
+  to race condition (bsc#1215206, CVE-2023-1859).
+- commit f333aa7
+
+- netfilter: nftables: exthdr: fix 4-byte stack OOB write
+  (CVE-2023-4881 bsc#1215221).
+- commit 0de26c1
+
+- sctp: leave the err path free in sctp_stream_init to
+  sctp_stream_free (CVE-2023-2177 bsc#1210643).
+- commit 337b7d8
+
+- s390/ipl: add loadparm parameter to eckd ipl/reipl data
+  (jsc#PED-2023).
+- commit 364a30d
+
+- s390/ipl: add DEFINE_GENERIC_LOADPARM() (jsc#PED-2023).
+- commit cd6d27a
+
+- s390/ipl: use octal values instead of S_* macros (jsc#PED-2023).
+- commit db2ef83
+
+- kabi: hide changes in enum ipl_type and struct sclp_info
+  (jsc#PED-2023 jsc#PED-2025).
+- commit b6fb6b6
+
+- s390/ipl: add eckd dump support (jsc#PED-2025).
+- commit 0961d1f
+
+- platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events
+  (git-fixes).
+- platform/mellanox: mlxbf-pmc: Fix potential buffer overflows
+  (git-fixes).
+- platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes).
+- platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more
+  descriptors (git-fixes).
+- kselftest/runner.sh: Propagate SIGTERM to runner child
+  (git-fixes).
+- commit 495d04f
+
+- s390/ipl: add eckd support (jsc#PED-2023).
+- commit 21b5156
+
+- Delete patches.suse/genksyms-add-override-flag.diff.
+  Unncessary after KBUILD_OVERRIDE removed.
+- commit 870adc7
+
+- s390/dasd: fix command reject error on ESE devices (LTC#203630
+  bsc#1215123 git-fixes).
+- commit 5862ca2
+
+- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
+- commit 5daff0f
+
+- rpm/kernel-binary.spec.in: Drop use of KBUILD_OVERRIDE=1
+  Genksyms has functionality to specify an override for each type in
+  a symtypes reference file. This override is then used instead of an
+  actual type and allows to preserve modversions (CRCs) of symbols that
+  reference the type. It is kind of an alternative to doing kABI fix-ups
+  with '#ifndef __GENKSYMS__'. The functionality is hidden behind the
+  genksyms --preserve option which primarily tells the tool to strictly
+  verify modversions against a given reference file or fail.
+  Downstream patch patches.suse/genksyms-add-override-flag.diff which is
+  present in various kernel-source branches separates the override logic.
+  It allows it to be enabled with a new --override flag and used without
+  specifying the --preserve option. Setting KBUILD_OVERRIDE=1 in the spec
+  file is then a way how the build is told that --override should be
+  passed to all invocations of genksyms. This was needed for SUSE kernels
+  because their build doesn't use --preserve but instead resulting CRCs
+  are later checked by scripts/kabi.pl.
+  However, this override functionality was not utilized much in practice
+  and the only use currently to be found is in SLE11-SP1-LTSS. It means
+  that no one should miss this option and KBUILD_OVERRIDE=1 together with
+  patches.suse/genksyms-add-override-flag.diff can be removed.
+  Notes for maintainers merging this commit to their branches:
+  * Downstream patch patches.suse/genksyms-add-override-flag.diff can be
+  dropped after merging this commit.
+  * Branch SLE11-SP1-LTSS uses the mentioned override functionality and
+  this commit should not be merged to it, or needs to be reverted
+  afterwards.
+- commit 4aa02b8
+
+- s390/dasd: fix hanging device after request requeue (git-fixes
+  LTC#203629 bsc#1215124).
+- commit 96b18bb
+
+- blacklist.conf: Add ef73dcaa3121 ("powerpc: xmon: remove unused variables")
+- commit 78179fa
+
+- powerpc/iommu: Fix notifiers being shared by PCI and VIO buses
+  (bsc#1065729).
+- powerpc/xics: Remove unnecessary endian conversion
+  (bsc#1065729).
+- word-at-a-time: use the same return type for has_zero regardless
+  of endianness (bsc#1065729).
+- commit bde8063
+
+- mlx4: Delete custom device management logic (bsc#1187236).
+- mlx4: Connect the infiniband part to the auxiliary bus
+  (bsc#1187236).
+- mlx4: Connect the ethernet part to the auxiliary bus
+  (bsc#1187236).
+- mlx4: Register mlx4 devices to an auxiliary virtual bus
+  (bsc#1187236).
+- mlx4: Avoid resetting MLX4_INTFF_BONDING per driver
+  (bsc#1187236).
+- mlx4: Move the bond work to the core driver (bsc#1187236).
+- mlx4: Get rid of the mlx4_interface.activate callback
+  (bsc#1187236).
+- mlx4: Replace the mlx4_interface.event callback with a notifier
+  (bsc#1187236).
+- commit 0aba257
+
+- mlx4: Use 'void *' as the event param of mlx4_dispatch_event()
+  (bsc#1187236).
+- mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236).
+- mlx4: Get rid of the mlx4_interface.get_dev callback
+  (bsc#1187236).
+- net/mlx4: Remove many unnecessary NULL values (bsc#1187236).
+- kabi/severities: ignore mlx4 internal symbols
+- tracing: Fix race issue between cpu buffer write and swap
+  (git-fixes).
+- tracing: Remove extra space at the end of hwlat_detector/mode
+  (git-fixes).
+- tracing: Remove unnecessary copying of tr->current_trace
+  (git-fixes).
+- bpf: Clear the probe_addr for uprobe (git-fixes).
+- commit 47e9584
+
+- x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes).
+- commit 74c2613
+
+- x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes).
+- commit a8877f3
+
+- x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes).
+- commit 670fb4d
+
+- x86/resctrl: Fix task CLOSID/RMID update race (git-fixes).
+- commit 9871c87
+
+- x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes).
+- commit 3949a2b
+
+- x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes).
+- commit 4534667
+
+- x86/sgx: Reduce delay and interference of enclave release (git-fixes).
+- commit ef6d157
+
+- x86/rtc: Remove __init for runtime functions (git-fixes).
+- commit 4511d93
+
+- x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes).
+- commit cb39678
+
+- x86/mce: Retrieve poison range from hardware (git-fixes).
+- commit c9f1ddb
+
+- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes).
+- commit 96d9365
+
+- x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes).
+- commit 12a2933
+
+- x86/resctl: fix scheduler confusion with 'current' (git-fixes).
+- commit 0d855b9
+
+- x86/purgatory: remove PGO flags (git-fixes).
+- commit 9d8ada6
+
+- x86/ioapic: Don't return 0 from arch_dynirq_lower_bound() (git-fixes).
+- commit ea0772f
+
+- x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes).
+- commit c1031f1
+
+- x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes).
+- commit bbfad26
+
+- x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes).
+- commit bf6d064
+
+- x86/cpu: Add Lunar Lake M (git-fixes).
+- commit 7ecc64d
+
+- x86/bugs: Reset speculation control settings on init (git-fixes).
+- commit 2a6dd8e
+
+- x86/boot/e820: Fix typo in e820.c comment (git-fixes).
+- commit ac06968
+
+- x86/alternative: Fix race in try_get_desc() (git-fixes).
+- commit d841323
+
+- uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes).
+- commit 11f0960
+
+- KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes).
+- commit cae635f
+
+- KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes).
+- commit 2a03ef8
+
+- Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset"
+  (git-fixes).
+- PCI: Free released resource after coalescing (git-fixes).
+- ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes).
+- ntb: Drop packets when qp link is down (git-fixes).
+- ntb: Clean up tx tail index on link down (git-fixes).
+- idr: fix param name in idr_alloc_cyclic() doc (git-fixes).
+- commit a1c9c68
+
+- x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (bsc#1206453).
+- arm64/hyperv: Use CPUHP_AP_HYPERV_ONLINE state to fix CPU online sequencing (bsc#1206453).
+- x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline (bsc#1206453).
+- commit 665fc14
+
+- ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42
+  codecs (git-fixes).
+- arm64: csum: Fix OoB access in IP checksum code for negative
+  lengths (git-fixes).
+- commit f43b75b
+
+- patches.suse/ovl-remove-privs-in-ovl_copyfile.patch:(git-fixes).
+- commit daa1815
+
+- s390/qeth: Don't call dev_close/dev_open (DOWN/UP) (bsc#1214873
+  git-fixes).
+- commit b0dc76c
+
+- s390/zcrypt: don't leak memory if dev_set_name() fails
+  (git-fixes bsc#1215148).
+- commit 62bce52
+
+- drm/amd/display: enable cursor degamma for DCN3+ DRM legacy
+  gamma (git-fixes).
+- drm/amd/display: Remove wait while locked (git-fixes).
+- drm/amd/display: Add smu write msg id fail retry process
+  (git-fixes).
+- drm/amd/display: register edp_backlight_control() for DCN301
+  (git-fixes).
+- drm/i915/gvt: Put the page reference obtained by KVM's
+  gfn_to_pfn() (git-fixes).
+- drm/i915/gvt: Verify pfn is "valid" before dereferencing
+  "struct page" (git-fixes).
+- commit 5618424
+
+- drm/amd/display: prevent potential division by zero errors
+  (git-fixes).
+- drm/i915: mark requests for GuC virtual engines to avoid
+  use-after-free (git-fixes).
+- net: phy: micrel: Correct bit assignments for phy_device flags
+  (git-fixes).
+- pwm: lpc32xx: Remove handling of PWM channels (git-fixes).
+- i3c: master: svc: fix probe failure when no i3c device exist
+  (git-fixes).
+- drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt()
+  (git-fixes).
+- commit 3aa0807
+
+- blacklist.conf: kABI
+- commit fe6afec
+
+- blacklist.conf: kABI
+- commit b1fabe7
+
+- blacklist.conf: kABI
+- commit c50e08f
+
+- Input: tca6416-keypad - fix interrupt enable disbalance
+  (git-fixes).
+- commit de27518
+
+- fs: do not update freeing inode i_io_list (bsc#1214813).
+- fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE
+  (bsc#1214813).
+- commit 2c1c38b
+
+- watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load
+  (git-fixes).
+- backlight: gpio_backlight: Drop output GPIO direction check
+  for initial power state (git-fixes).
+- USB: serial: option: add FOXCONN T99W368/T99W373 product
+  (git-fixes).
+- USB: serial: option: add Quectel EM05G variant (0x030e)
+  (git-fixes).
+- tcpm: Avoid soft reset when partner does not support get_status
+  (git-fixes).
+- usb: typec: tcpci: clear the fault status bit (git-fixes).
+- ARM: pxa: remove use of symbol_get() (git-fixes).
+- Bluetooth: btsdio: fix use after free bug in btsdio_remove
+  due to race condition (git-fixes).
+- usb: typec: tcpci: move tcpci.h to include/linux/usb/
+  (git-fixes).
+- commit 72d5b0f
+
+- blacklist.conf: add git-fix to ignore
+  this one removes unused kABI functions, but
+  just leave them in
+- commit 8007015
+
+- scsi: snic: Fix double free in snic_tgt_create() (git-fixes).
+- commit 1ed2b1b
+
+- blacklist.conf: 9011e49d54dc ("modules: only allow symbol_get of
+  EXPORT_SYMBOL_GPL modules") is not really fixing any existing bug.
+- commit 550f5fc
+
+- Move upstreamed pinctrl patch into sorted section
+- commit 38f70f2
+
+- Update References tag
+  patches.suse/Bluetooth-L2CAP-Fix-use-after-free-in-l2cap_sock_rea.patch
+  (git-fixes bsc#1214233 CVE-2023-40283).
+- commit 731b49d
+
+- ata: pata_falcon: fix IO base selection for Q40 (git-fixes).
+- ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes).
+- ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes).
+- kconfig: fix possible buffer overflow (git-fixes).
+- commit 4a140a1
+
+- scsi: qedf: Fix firmware halt over suspend and resume
+  (git-fixes).
+- scsi: qedi: Fix firmware halt over suspend and resume
+  (git-fixes).
+- scsi: snic: Fix possible memory leak if device_add() fails
+  (git-fixes).
+- scsi: core: Fix possible memory leak if device_add() fails
+  (git-fixes).
+- scsi: core: Fix legacy /proc parsing buffer overflow
+  (git-fixes).
+- scsi: 53c700: Check that command slot is not NULL (git-fixes).
+- scsi: fnic: Replace return codes in fnic_clean_pending_aborts()
+  (git-fixes).
+- scsi: scsi_debug: Remove dead code (git-fixes).
+- scsi: 3w-xxxx: Add error handling for initialization failure
+  in tw_probe() (git-fixes).
+- scsi: qedf: Fix NULL dereference in error handling (git-fixes).
+- commit f8c12c2
+
+- cifs: Fix UAF in cifs_demultiplex_thread() (bsc#1208995
+  CVE-2023-1192).
+- commit 542332a
+
+- blacklist.conf: add git-fix that breaks kabi
+- commit 8b9578b
+
+- scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE
+  (git-fixes).
+- scsi: lpfc: Modify when a node should be put in device recovery
+  mode during RSCN (git-fixes).
+- scsi: lpfc: Remove reftag check in DIF paths (git-fixes).
+- commit 8c191d2
+
+- scsi: qla2xxx: Remove unused variables in
+  qla24xx_build_scsi_type_6_iocbs() (bsc#1214928).
+- scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928).
+- Revert "scsi: qla2xxx: Fix buffer overrun" (bsc#1214928).
+- scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit()
+  (bsc#1214928).
+- scsi: qla2xxx: Remove unsupported ql2xenabledif option
+  (bsc#1214928).
+- scsi: qla2xxx: Error code did not return to upper layer
+  (bsc#1214928).
+- scsi: qla2xxx: Add logs for SFP temperature monitoring
+  (bsc#1214928).
+- scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928).
+- scsi: qla2xxx: Flush mailbox commands on chip reset
+  (bsc#1214928).
+- scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928).
+- scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928).
+- scsi: qla2xxx: Remove unused declarations (bsc#1214928).
+- commit 1dd6a86
+
+- series: update meta data
+  Move qla2xxx, lpcf, powerpc, net anc cpu patches into main section.
+- commit b5aafc0
+
kernel-zfcpdump
+- x86/sev: Make enc_dec_hypercall() accept a size instead of
+  npages (bsc#1214635).
+- commit c11336f
+
+- Drop amdgpu patch causing spamming (bsc#1215523)
+  Deleted:
+  patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch.
+- commit 2351f50
+
+- USB: core: Change usb_get_device_descriptor() API (bsc#1213123
+  CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552).
+  Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk)
+  Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context)
+- commit be6100d
+
latex2html
+- version update to 2023.2
+  * DONT_INCLUDE now affects \usepackage but not \input
+  * support \usepackage[xindy]{imakeidx} for sorting accents
+  * support babel main language option
+  * support hyphenat package
+
+- update to 2023:
+  * update for latest pdftocairo
+
+- update to 2022.2:
+  * spacing of eqnarray and align
+  * check for preview.sty in config.pl
+  * check for failure of pdflatex run
+  * newline after footnote should give space
+  * fix ref to label inside float
+  * add sidewaysfigure, sidewaystable
+  * fix eqnarray*
+- drop latex2html-binmode.diff.
+  latex2html-dest-dir.diff, latex2html-perl-bindir.diff
+
+- Update to version 2022
+  * fix cropped figures
+  * revert PreviewBorder to 0.5bp
+  * support download attribute for <A> tag
+  * remove meta tags for distribution, etc
+  * allow input filename with no extension
+- Remove outdated manual latex2html-manual.tar.bz2,
+  build up-to-date manual from source as part of the build process.
+- Drop latex2html-backref-workaround.diff, was a workaround for
+  perl 5.18 not used in any supported openSUSE version anymore.
+
+- do not package test logs (WARNINGS in this case) [bsc#1188918]
+
+- update to 2021.2:
+  * latex2html -long_titles   fix duplicate file names
+  * latex2html -long_titles 5 -title "Title"
+  * correct link from index.html
+  * pnmquant -norandom    for reproducible builds
+  * treat cygwin as unix
+  * $WORDS_IN_INDEX configurable
+  * fix image size for multline, subequations
+  * remove extra <SPAN> after subequations
+  * equation numbering for multline
+  * close bold, etc, at end of environment
+  * implement memoir document class
+  * fix scanning of latex comments
+  * fix subequation numbering
+  * babel should not set character encoding of input file
+  * package nomencl.sty
+  * package nameref.sty
+  * options -cut_ref_num -add_ref_name
+
+- update to 2021:
+  * implement listings package
+  * support for \hyperref (hyperref.sty and html.sty syntax)
+  * \multirow with automatic width (*)
+  * support for length units em and ex in &convert_length
+  * support for font-, page- and minipage-relative length units
+  * support for specifying image size in wrapfigure
+  * support for commands: \; \, \quad \qquad inside \textsc
+  * \itemize[], \enumerate[], \description[] (discard argument)
+  * &convert_to_unicode in style &#8221; for chars > 255
+  * correct several special symbols for koi8-r encoding
+  * repair \htmladdimg and user scaling in \includegraphics
+  * repair scaling for undefined environments in use_dvipng mode
+  * correct placement of the $\degree$ symbol in use_dvipng mode
+  * repair scaling in nouse_dvipng mode
+  * 256-color gif dithering via png16m followed by ppmquant
+  * correct transparent color specification (for the $\_$ symbol)
+  * correct Makefile for building manual
+  * adjust spacing for eqnarray
+  * fix alignment of eq numbers for safari
+  * fix infinite loop on empty itemize env
+  * make link to correct bibliography if there is more than one
+  * "References" by default, "Bibliography" for book
+
+- update to 2020.2:
+  - gs 9.50: -dNOSAFER to write to tmp dir
+  - css fix: put caption below figure
+  - fix bug with gif with >256 colors
+  - fix eqnarray*
+  - fix "make test"
+  - fix false matches when reusing images for long environments.
+  - fork on \include, not on \input
+  - fix figure size with png
+  - allow verbatim in figure
+  - output height with displaymath, center displaymath
+  - enable -nouse_pdftex -image_type svg
+  - fall back to unicode combining characters for accents
+  - generate higher numbered UTF8 chars
+
+- fix url
+
+- texlive-preview was mistakenly added as build dependency, it
+  should have been runtime dependency [bsc#1150208]
+
+- Drop log files to make package build reproducible (boo#1047218)
+
+- version update to 2019.2
+  * format author block consistently
+    https://bugs.debian.org/223565
+  * simplify build of manual
+    https://bugs.debian.org/639708
+  * convert -- to &ndash; and --- to &mdash;
+    If you want "--", use "-{}-", even inside \texttt{}
+    Behavior of \textt{--} in latex depends on font encoding.
+    https://bugs.debian.org/75416
+  * fix unicode in -html_version 5.0,math
+  * fix -notop_navigation (had no effect)
+  * remove obsolete "table" option
+    https://bugs.debian.org/276037
+  * fix "make test"
+  * ppmtopng syntax works with all versions of ppmtopng
+  * respect ./configure --with-perl=/bin/perl
+  * fallback for unknown column types, such as those
+    introduced by \newcolumntype.
+    https://bugs.debian.org/899306
+  * fix \sffamily
+    https://bugs.debian.org/111441
+  * produce svg images using pdftocairo
+  * use latex preview package to produce cropped images.pdf
+  * pdflatex by default
+  * dvipng by default
+  * html 5
+  * unicode input and output by default
+  * Support for packages luainputenc and polyglossia
+  * Support for picture generation via pdflatex, lualatex
+    or dvilualatex (options -use_pdftex, -use_luatex,
+  * use_luadvi correspondingly)
+  * perl 5.26: unescaped brace
+  * polski.perl: no translation until \prefixing command
+- use native `make test`
+- use latex2html.1 from tarball
+- deleted patches
+  - latex2html-perl526.patch (upstreamed)
+- deleted sources
+  - latex2html-README.SUSE (not needed)
+  - local.pm (not needed)
+  - testfile.tex (not needed)
+- added required texlive-preview
+
+- updated to 2018
+  * config: avoid warning "untie attempted"
+  * Handle . not in @INC for images.pl and internals.pl
+  * fix \graphicspath with relative path in preamble
+    https://github.com/latex2html/latex2html/issues/40
+  * \providecommand should not redefine existing command
+  * Picture generation via dvipng
+  * KOI8-R, CP1251 and UTF-8 support for Russian
+  * default to white background for rendering images.
+    if $LATEX_COLOR set, pass as transparency color to pstoimg.
+    https://bugs.debian.org/188024
+  * usepackage xcolor.  uses rgb black rather than cmyk black.
+    fixes eqns appearing as dark grey rather than black.
+  * Fix stray comment mark: Issue #19
+- altered patches
+  % latex2html-perl-bindir.diff
+  % latex2html-perl526.patch
+
-- Remove BuildRequires on xorg-x11-*, noarch package
-  does not require devel headers/libraries.
-
-- fixed url
-
-- updated to version 2012:
-  * fix warnings in perl 5.14
-  * build fixes
-- latex2html-2008.diff was split to share-dir.patch, local.pm
-  (source) and latex2html.1 (source)
-- buildroot.diff was renamed to dest-dir.diff and that was extended
-  to install icons properly
-- fix-defined.patch was removed (upstreamed)
-- manual.ps.gz was removed
-
-- Use kpsepath to determine texmf main location
-
-- use \g syntax for \8 and \9 regexp backrefs to work around
-  a bug in perl-5.18
-
-- add latex2html-fix-defined.patch from debian bug tracker to avoid
-  a warning
-- add apparmor's tex docu for better %check: testfile.tex
-
-- Added url as source.
-  Please see http://en.opensuse.org/SourceUrls
-
-- update license to new format
-
-- stopped using deprecated multiline matching (bnc#417982)
-
-- updated patches to apply with fuzz=0
-
libX11
+- U_0001-CVE-2023-43785-out-of-bounds-memory-access-in-_XkbRe.patch
+  U_0002-CVE-2023-43786-stack-exhaustion-from-infinite-recurs.patch
+  U_0003-XPutImage-clip-images-to-maximum-height-width-allowe.patch
+  U_0004-XCreatePixmap-trigger-BadValue-error-for-out-of-rang.patch
+  U_0005-CVE-2023-43787-Integer-overflow-in-XCreateImage-lead.patch
+  * CVE-2023-43785 libX11: out-of-bounds memory access in
+    _XkbReadKeySyms() (boo#1215683)
+  * CVE-2023-43786 libX11: stack exhaustion from infinite recursion
+  in PutSubImage() (boo#1215684)
+  * CVE-2023-43787 libX11: integer overflow in XCreateImage()
+    leading to a heap overflow (boo#1215685)
+
libXpm
+- U_0000-test-Add-unit-tests-using-glib-framework.patch
+  U_0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch
+  U_0002-test-Add-test-case-for-CVE-2023-43789-corrupt-colorm.patch
+  U_0003-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch
+  * fixes CVE-2023-43788 libXpm: out of bounds read in
+    XpmCreateXpmImageFromBuffer() (boo#1215686)
+  * fixes CVE-2023-43789 libXpm: out of bounds read on XPM with
+    corrupted colormap (boo#1215687)
+- U_0004-test-Add-test-case-for-CVE-2023-43786-stack-exhausti.patch
+  U_0005-Avoid-CVE-2023-43786-stack-exhaustion-in-XPutImage.patch
+  U_0006-test-Add-test-case-for-CVE-2023-43787-integer-overfl.patch
+  U_0007-Avoid-CVE-2023-43787-integer-overflow-in-XCreateImag.patch
+  * avoids to trigger CVE-2023-43786,CVE-2023-43787 (boo#1215684,
+    boo#1215685); see changelog in libX11 update ...
+
-- bumped version number to 7.6
-
libcacard
+- Update to version 2.8.1
+  * Unbreak RAW deciphering emulation using RSA-PKCS1 method
+  * Use g_memdup2 to avoid deprecation warnings with new glib2
+
+- Update to v2.8.0. Changes include:
+  * Improve project documentation
+  * Bump minimal glib version to 2.32 and remove old compatibility functions
+  * Introduce meson build system in addition to existing autotools
+  * Create and run fuzzer drivers to improve stability
+  * Introduce a new API vcard_emul_finalize() to clean up allocated resources
+  * Remove key caching to avoid issues with some PKCS #11 modules
+  * Prevent logging critical errors on unknown instruction
+- Remove empty libcacard package, and also drop the rpm provided
+  symbol qemu-tools:/usr/bin/vscclient, both assumed unused by now
+
+- Update to v2.7.0. Changes include:
+  * Improve compatibility with Windows guests, particularly with
+  ActivClient Windows drivers.
+  * Implement Microsoft PnP applet used by Windows for card detection
+  * Fill several structures returned by Global Platform applet to
+  mimic behavior of real cards.
+  * Implement API for creation of serial number used to uniquely
+  identify a emulated card.
+  * More verbose debug logs
+  * Fix the VERIFY semantics, which can be used for login status
+  check
+  * Add clang and csbuild CI targets
+  * Use ATR from official CAC card to improve card detection under
+  Windows
+
+- Update to v2.6.1
+  * various bug fixes (memory corruption issues which would cause
+  crashes in spice-gtk)
+
+- Update to v2.6.0
+  * provides implementation of GSC-IS 2.1 (aka CAC version 2) to improve
+  interoperability with guest software using the emulated or shared
+  smart cards. The previously implemented CACv1 specification is no
+  longer supported by any other application so the old code is gone
+  and any application depending on this old standard will not work
+  anymore.
+  * vscclient is no longer installed, as it is not an end-user supported
+  solution
+  * various bug & leak fixes
+
libeconf
+- Additional info for version 0.5.2:
+  * Fixed a stack-buffer-overflow vulnerability in "econf_writeFile"
+    function. (CVE-2023-30078, CVE-2023-32181, bsc#1211078)
+  * Fixed a stack-buffer-overflow vulnerability in "read_file"
+    function. (CVE-2023-30079, CVE-2023-22652, bsc#1211078)
+
+- Update to version 0.5.2:
+  * Fixed build for aarch64 and gcc13.
+  * Making the output verbose when a test fails.
+  * Fixed a stack-buffer-overflow vulnerability in "econf_writeFile"
+    function.
+  * Fixed a stack-buffer-overflow vulnerability in "read_file"
+    function.
+  * Added new feature: econf_set_conf_dirs (const char **dir_postfix_list)
+    Sets a list of directory structures (with order) which describes
+    the directories in which the files have to be parsed.
+    E.G. with the given list: {"/conf.d/", ".d/", "/", NULL} files in following
+    directories will be parsed:
+    "<default_dirs>/<project_name>.<suffix>.d/"
+    "<default_dirs>/<project_name>/conf.d/"
+    "<default_dirs>/<project_name>.d/"
+    "<default_dirs>/<project_name>/"
+    The entry "<default_dirs>/<project_name>.<suffix>.d/" will be added
+    automatically.
+  * General code cleanup.
+
+- Update to version 0.5.1:
+  * Reading files in /usr/_vendor_/_example_._suffix_.d/* regardless
+    there is a /etc/_example_._suffix_ file. (#175)
+
+- Update to version 0.5.0:
+  * API calls econf_read*WithCallback supporting a general (void *)
+    argument for user defined data with which the callback function is
+    called.
+  * Tagged following functions deprecated:
+    econf_requireOwner, econf_requireGroup, econf_requirePermissions,
+    econf_followSymlinks, econf_reset_security_settings
+    Use one of the econf_read*WithCallback functions instead.
+
+- Update to version 0.4.9:
+  * libeconf.h: added missing sys/types.h header (#171)
+  * new API calls: econf_readFileWithCallback,
+    econf_readDirsWithCallback, econf_readDirsHistoryWithCallback (#172)
+  * Checking NULL comment parameter in the parsing functions.
+
+- Update to version 0.4.8+git20221114.7ff7704:
+  * Parsing files which are containing keys only (#170)
+    All delimiters are allowed now : "", " =", " ", "=". But the
+    user should use "" in order to be distinct.
+  * /usr/etc/shells.d/<file_name> will not be parsed if
+    /etc/shells.d/<file_name> is defined too.
+  * Lto build fixed (#168)
+  * New calls: econf_comment_tag, econf_delimiter_tag, econf_set_comment_tag,
+    econf_set_delimiter_tag
+  * Checking UID,GroupID, permissions,... of the parsed files (#165)
+    New calls: econf_requireOwner, econf_requireGroup, econf_requirePermissions,
+    econf_followSymlinks
+  * Ignoring Group without brackets; Do not hold brackets in the internal data structure. (#164)
+  * Error handling improved for nums and booleans (#163)
+
libjpeg-turbo
+- merge two spec files into one
+
+- Add _multibuild to define 2nd spec file as additional flavor.
+  Eliminates the need for source package links in OBS.
+
+- Build AVX2 enabled hwcaps library for x86_64-v3
+
+- update to 2.1.5.1:
+  * Fixed a regression introduced by 2.0 beta1[15] that caused a buffer
+    overrun in the progressive Huffman encoder when attempting to transform
+    a specially-crafted malformed 12-bit-per-component JPEG image into a
+    progressive 12-bit-per-component JPEG image using a 12-bit-per-component
+    build of libjpeg-turbo.
+  * Fixed an issue whereby, when using a 12-bit-per-component build of
+    libjpeg-turbo (-DWITH_12BIT=1), passing samples with values greater than 4095
+    or less than 0 to jpeg_write_scanlines() caused a buffer overrun or
+    underrun in the RGB-to-YCbCr color converter.
+  * Fixed a floating point exception that occurred when attempting to use
+    the jpegtran -drop and -trim options to losslessly transform a
+    specially-crafted malformed JPEG image.
+  * Fixed an issue in tjBufSizeYUV2() whereby it returned a bogus result,
+    rather than throwing an error, if the align parameter was not a power of 2.
+  * Fixed a similar issue in tjCompressFromYUV() whereby it generated a corrupt
+    JPEG image in certain cases, rather than throwing an error,
+    if the align parameter was not a power of 2.
+  * Fixed an issue whereby tjDecompressToYUV2(), which is a wrapper for
+    tjDecompressToYUVPlanes(), used the desired YUV image dimensions
+    rather than the actual scaled image dimensions when computing the plane
+    pointers and strides to pass to tjDecompressToYUVPlanes().
+    This caused a buffer overrun and subsequent segfault if the desired
+    image dimensions exceeded the scaled image dimensions.
+  * Fixed an issue whereby, when decompressing a 12-bit-per-component JPEG
+    image (-DWITH_12BIT=1) using an alpha-enabled output color space such as
+    JCS_EXT_RGBA, the alpha channel was set to 255 rather than 4095.
+  * Fixed an issue whereby the Java version of TJBench did not accept a range
+    of quality values.
+  * Fixed an issue whereby, when -progressive was passed to TJBench,
+    the JPEG input image was not transformed into a progressive JPEG image
+    prior to decompression.
+
+- Add explicit provides for jpegtran, so it can be installed easier
+
+- update to 2.1.4:
+  * Fixed a regression introduced in 2.1.3 that caused build failures with
+    Visual Studio 2010.
+  * The tjDecompressHeader3() function in the TurboJPEG C API and the
+    TJDecompressor.setSourceImage() method in the TurboJPEG Java API now
+    accept "abbreviated table specification" (AKA "tables-only") datastreams,
+    which can be used to prime the decompressor with quantization and Huffman
+    tables that can be used when decompressing subsequent "abbreviated image"
+    datastreams.
+  * libjpeg-turbo now performs run-time detection of AltiVec instructions on
+    OS X/PowerPC systems if AltiVec instructions are not enabled at compile
+    time. This allows both AltiVec-equipped (PowerPC G4 and G5) and
+    non-AltiVec-equipped (PowerPC G3) CPUs to be supported using the same
+    build of libjpeg-turbo.
+  * Fixed an error ("Bogus virtual array access") that occurred when
+    attempting to decompress a progressive JPEG image with a height less than
+    or equal to one iMCU (8 * the vertical sampling factor) using
+    buffered-image mode with interblock smoothing enabled. This was a
+    regression introduced by 2.1 beta1[6(b)].
+  * Fixed two issues that prevented partial image decompression from working
+    properly with buffered-image mode:
+  * Attempting to call jpeg_crop_scanline() after jpeg_start_decompress()
+    but before jpeg_start_output() resulted in an error ("Improper call to
+    JPEG library in state 207".)
+  * Attempting to use jpeg_skip_scanlines() resulted in an error ("Bogus
+    virtual array access") under certain circumstances.
+
+- Add requires between baselibs
+
+- Use nasm instead of yasm, the latter has not released any update
+  in 7 years.
+
+- update to 2.1.3:
+  * Fixed a regression introduced by 2.0 beta1[7] whereby cjpeg compressed PGM
+    input files into full-color JPEG images unless the `-grayscale` option was
+    used.
+  * cjpeg now automatically compresses GIF and 8-bit BMP input files into
+    grayscale JPEG images if the input files contain only shades of gray.
+  * The build system now enables the intrinsics implementation of the AArch64
+    (Arm 64-bit) Neon SIMD extensions by default when using GCC 12 or later.
+  * Fixed a segfault that occurred while decompressing a 4:2:0 JPEG image using
+    the merged (non-fancy) upsampling algorithms (that is, with
+    `cinfo.do_fancy_upsampling` set to `FALSE`) along with `jpeg_crop_scanline()`.
+    Specifically, the segfault occurred if the number of bytes remaining in the
+    output buffer was less than the number of bytes required to represent one
+    uncropped scanline of the output image.  For that reason, the issue could only
+    be reproduced using the libjpeg API, not using djpeg.
+
+- update to 2.1.2:
+  * Fixed a regression introduced by 2.1 beta1[13] that caused the remaining
+    GAS implementations of AArch64 (Arm 64-bit) Neon SIMD functions (which are used
+    by default with GCC for performance reasons) to be placed in the `.rodata`
+    section rather than in the `.text` section.  This caused the GNU linker to
+    automatically place the `.rodata` section in an executable segment, which
+    prevented libjpeg-turbo from working properly with other linkers and also
+    represented a potential security risk.
+  * Fixed an issue whereby the `tjTransform()` function incorrectly computed the
+    MCU block size for 4:4:4 JPEG images with non-unary sampling factors and thus
+    unduly rejected some cropping regions, even though those regions aligned with
+    8x8 MCU block boundaries.
+  * Fixed a regression introduced by 2.1 beta1[13] that caused the build system
+    to enable the Arm Neon SIMD extensions when targetting Armv6 and other legacy
+    architectures that do not support Neon instructions.
+  * libjpeg-turbo now performs run-time detection of AltiVec instructions on
+    FreeBSD/PowerPC systems if AltiVec instructions are not enabled at compile
+    time.  This allows both AltiVec-equipped and non-AltiVec-equipped CPUs to be
+    supported using the same build of libjpeg-turbo.
+  * cjpeg now accepts a `-strict` argument similar to that of djpeg and
+    jpegtran, which causes the compressor to abort if an LZW-compressed GIF input
+    image contains incomplete or corrupt image data.
+
libostree
+- Add patch from upstream to fix corrupted files when using a large
+  fs with 64-bit inodes (boo#1214708):
+  * 0001-commit-fix-ostree-deployment-on-64-bit-inode-fs.patch
+
libqb
+- log: Fix potential overflow with long log messages (CVE-2023-39976, bsc#1214066)
+  * bsc#1214066-0001-fix-potential-overflow-with-long-log-messages.patch
+
libraw
+  fix CVE-2020-22628 [bsc#1215308], stretch() function in libraw/src/postprocessing/aspect_ratio.cpp
+  + libraw-CVE-2020-22628.patch
+
+- security update
+- added patches
libvpx
+- Fixing CVE-2023-5217 heap buffer overflow (boo#1215778)
+  added CVE-2023-5217.patch
+
libzip
+- version update to 1.10.1
+  * Add `ZIP_LENGTH_TO_END` and `ZIP_LENGTH_UNCHECKED`. Unless
+    `ZIP_LENGTH_UNCHECKED` is used as `length`, it is an error
+    for a file to shrink between the time when the source is
+    created and when its data is read.
+
+- version update to 1.10.0
+  * Make support for layered sources public.
+  * Add `zip_source_zip_file` and `zip_source_zip_file_create`, deprecate `zip_source_zip` and `zip_source_zip_create`.
+  * Allow reading changed file data.
+  * Fix handling of files of size 4294967295.
+  * `zipmerge`: copy extra fields.
+  * `zipmerge`: add option to keep files uncompressed.
+  * Switch test framework to use nihtest instead of Perl.
+  * Fix reading/writing compressed data with buffers > 4GiB.
+  * Restore support for torrentzip.
+  * Add warnings when using deprecated functions.
+  * Allow keeping files for empty archives.
+  * Support mbedTLS>=3.3.0.
+  * Support OpenSSL 3.
+  * Use ISO C secure library functions, if available.
+
+- libzip 1.9.2:
+  * Fix version number in header file.
+  * Fix zip_file_is_seekable().
+  * Add zip_file_is_seekable().
+  * Improve compatibility with WinAES.
+  * Fix encoding handling in zip_name_locate().
+  * Add option to zipcmp to output summary of changes.
+  * Various bug fixes and documentation improvements.
+
lz4
+- Build AVX2 enabled hwcaps library for x86_64-v3
+
+- Update to release 1.9.4
+  * Decompression speed on high-end ARM64 platform is improved,
+    by ~+20%.
+  * For the specific scenario of data compressed with -BD4
+    setting (small blocks, <= 64 KB, linked) decompressed
+    block-by-block into a flush buffer (like lz4 CLI does),
+    decompression speed is improved ~+70%.
+  * For compressed data employing the lz4frame format (native
+    format of lz4 CLI), it's possible to ignore checksum
+    validation during decompression, resulting in speed
+    improvements of ~+40% . This capability is exposed at both
+    CLI (see --no-crc) and library levels.
+
man-pages
-- install kernel_lockdown.7 man page [bsc#1185534]
-- added sources
-  + kernel_lockdown.7
+- update to 6.04:
+  * Newly documented interfaces in existing pages
+  * proc.5
+    KPF_PGTABLE                     (Linux 4.18)
+  * landlock.7
+    LANDLOCK_ACCESS_FS_REFER        (Linux 5.19)
+  * udp.7
+    UDP_GRO                         (Linux 5.0)
+    UDP_SEGMENT                     (Linux 4.18)
+  * Changes to individual pages
+
+- Update to version 6.00
+  * Updated manual pages and interface documentation
+  * Move definitions of types to separate pages in man2type/ and
+    man3type/.  Previously, they were spread (and duplicated) in other
+    pages, or in system_data_types.7 (with links in man3/).
+  * Add man3head/ for pages that document header files.
+  * Add man3const/ for pages that document constants.
+  * Improve consistency of man(7) source
+  * Manual pages sections:
+  * Title (.TH):
+  * Remove 5th argument to TH (middle-header).
+  * Specify "Linux man-pages" and the version in the 4th argument
+    (left-footer).
+  * Add the LIBRARY section.  This section standardizes a way to
+    document the library that provides a given interface.
+  * Add the CAVEATS section.  BUGS and NOTES were serving that purpose
+    before, but CAVEATS is more appropriate.
+  * Rename the CONFORMING TO section to STANDARDS for consistency with
+    other projects, such as the BSDs.
+  * SYNOPSIS:  Add the ISO C2X [[deprecated]] attribute for functions
+    that have been deprecated or removed.
+  * EXAMPLES:  Improve consistency of C source code.  Also, reduce the
+    number of warnings that several linting tools emit.
+  * COLOPHON:  Remove section (its purpose is now served by the title).
+- Update to version 6.01
+  * Updated interface documentation
+  * Manual pages' sections:
+  * Title (.TH):
+  * Remove the hardcoded date (TH 3rd argument), and replace it by a
+    placeholder that should be changed when creating the tarball.
+    This removes the need for a tstamp commit before each release.
+- Update to version 6.02
+  * Updated manual pages and interface documentation, noteable:
+  * copy_file_range.2: Fix wrong kernel version information
+  * process_madvise.2: Fix capability and ptrace requirements
+  * madvise.2: Update Transparent Huge Pages file/shmem documentation
+    for Linux 5.4+.
+  * Use correct letter case in manual page titles, instead of uppercase.
+  * Use \" t comments when appropriate (Lintian needs this).
+  * SYNOPSIS:
+  * Add _Nullable for functions that receive NULL as a meaningful
+    input.
+  * Use VLA syntax to clarify the meaning of size parameters, rather
+    than hiding it in possibly-confusing text.
+  * Use [[noreturn]] instead of noreturn, which will be deprecated
+    soon.
+- Rebased man-pages-tcp_fack.patch
+- Added keyring and signed source
+
+- version update to 5.13 [bsc#1189908]
+  http://linux-man-pages.blogspot.com/2021/06/man-pages-512-released.html
+
+- do not package man5/motd.5, it is provided by pam package
+  [bsc#1188724]
+
+- version update to 5.12
+  http://linux-man-pages.blogspot.com/2021/06/man-pages-512-released.html
+- deleted patches
+  - man-pages-tty_ioctl.patch (upstreamed)
+
+- version update to 5.11
+  http://linux-man-pages.blogspot.com/2021/03/man-pages-511-is-released.html
+- modified patches
+  % man-pages-tty_ioctl.patch (refreshed)
+
+- version update to 5.10
+  * added documentation of the faccessat2() system call
+  * added a new subsection to the signal(7) manual page that provides
+    a "big picture" of what happens when a signal handler is executed
+- deleted patches
+  - man-pages-openat2.h-location.patch (upstreamed)
+
+- version update to 5.09
+  http://linux-man-pages.blogspot.com/2020/11/man-pages-509-is-released.html
+- modified patches
+  % man-pages-openat2.h-location.patch (refreshed)
+- [bsc#1185534]
+
+- version update to 5.08
+  Newly documented interfaces in existing pages
+  - --------------------------------------------
+  prctl.2
+    Dave Martin
+    Add SVE prctls (arm64)
+    Add documentation for the the PR_SVE_SET_VL and PR_SVE_GET_VL
+    prctls added in Linux 4.15 for arm64.
+    Dave Martin  [Catalin Marinas]
+    Add tagged address ABI control prctls (arm64)
+    Add documentation for the the PR_SET_TAGGED_ADDR_CTRL and
+    PR_GET_TAGGED_ADDR_CTRL prctls added in Linux 5.4 for arm64.
+  setns.2
+    Michael Kerrisk
+    Document the use of PID file descriptors with setns()
+    Starting with Linux 5.8, setns() can take a PID file descriptor as
+    an argument, and move the caller into or more of the namespaces of
+    the thread referred to by that descriptor.
+  capabilities.7
+    Michael Kerrisk
+    Document CAP_BPF
+    Michael Kerrisk
+    Add CAP_PERFMON
+  symlink.7
+    Aleksa Sarai
+    Document magic links more completely
+  etc. see Changes
+- modified patches
+  % man-pages-openat2.h-location.patch (refreshed)
+
+- added patches
+  fix [bsc#1173382]
+  + man-pages-openat2.h-location.patch
+
+- version update to 5.07
+  New and rewritten pages
+  - ----------------------
+  ioctl_fslabel.2
+    New page documenting filesystem get/set label ioctl(2) operations
+  Removed pages
+  - ------------
+  ioctl_list.2
+    This page was first added more than 20 years ago. Since
+    that time it has seen hardly any update, and is by now
+    very much out of date, as reported by Heinrich Schuchardt
+    and confirmed by Eugene Syromyatnikov.
+  Newly documented interfaces in existing pages
+  - --------------------------------------------
+  adjtimex.2
+    Document clock_adjtime(2)
+  clock_getres.2
+    Explain dynamic clocks
+  clone.2
+    Document the clone3() CLONE_INTO_CGROUP flag
+  mremap.2
+    Document MREMAP_DONTUNMAP
+  open.2
+    Document fs.protected_fifos and fs.protected_regular
+  prctl.2
+    Add PR_SPEC_INDIRECT_BRANCH for SPECULATION_CTRL prctls
+    Add PR_SPEC_DISABLE_NOEXEC for SPECULATION_CTRL prctls
+    Add PR_PAC_RESET_KEYS (arm64)
+  ptrace.2
+    Document PTRACE_SET_SYSCALL
+  proc.5
+    Document /proc/sys/fs/protected_regular
+    Document /proc/sys/fs/protected_fifos
+    Document /proc/sys/fs/aio-max-nr and /proc/sys/fs/aio-nr
+- deleted patches
+  - man-pages-remove-ioctl_list-reference.patch (upstreamed)
+- jsc#SLE-16566 jsc#SLE-15188
+
+- version update to 5.06
+  New and rewritten pages
+  - ----------------------
+  * openat2.2
+  * pidfd_getfd.2
+  * select.2
+  * select_tut.2
+  * sysvipc.7
+  * time_namespaces.7
+  Newly documented interfaces in existing pages
+  - --------------------------------------------
+    arch_prctl.2
+    Add ARCH_SET_CPUID subcommand
+    clock_getres.2
+    Document CLOCK_TAI
+    Add CLOCK_REALTIME_ALARM and CLOCK_BOOTTIME_ALARM
+    prctl.2
+    Document PR_SETIO_FLUSHER/GET_IO_FLUSHER
+    setns.2
+    Document CLONE_NEWTIME
+    statx.2
+    Document STATX_ATTR_VERITY
+    unshare.2
+    Document CLONE_NEWTIME
+    socket.7
+    Add description of SO_SELECT_ERR_QUEUE
+    Document SO_TIMESTAMPNS
+  etc., see Changes
+
+- version update to 5.05
+  * Newly documented interfaces in existing pages
+    clone.2
+    Add clone3() set_tid information
+    Document CLONE_CLEAR_SIGHAND
+    fcntl.2
+    Update manpage with new memfd F_SEAL_FUTURE_WRITE seal
+    memfd_create.2
+    Update manpage with new memfd F_SEAL_FUTURE_WRITE seal
+    loop.4
+    Document LOOP_SET_BLOCK_SIZE
+    Document LOOP_SET_DIRECT_IO
+    proc.5
+    Document /proc/sys/vm/unprivileged_userfaultfd
+- deleted patches
+  - man-pages-somaxconn-default-value.patch (upstreamed)
-- Add PR_PAC_RESET_KEYS for arm64 (jsc#SLE-16566 jsc#SLE-15188).
-  + prctl.2-Add-PR_PAC_RESET_KEYS-arm64.patch
-  + prctl.2-Fixes-to-Dave-Martin-s-patch.patch
+  [bsc#1162464]
+  + man-pages-somaxconn-default-value.patch
+
+- do not install man7/bpf-helpers.7 as it is already part of
+  bpftool package
+
+- don't use alternatives for man.7, just move it to a different directory
+  (boo#1160568)
+- use packageand to supplement the documentation pattern instead of
+  unconditionally hooking on man.
-- move man.7 man mdoc.7 to a separate directory to avoid conflicts
-  with mandoc which is a light-weight man alternative for small
-  systems (boo#1160568).
+- Set up %{_mandir}/man7/man.7%{?ext_man} as an alternative for
+  the man-page specific document. The other package providing
+  this man page is mandoc, which is meant as an alternative
+  lightweight faster replacement for man-pages package. It does
+  not have that many dependencies, it is written in C, see
+  http://mandoc.bsd.lv/ for more.
-- correct documentation of tcp_fack, document tcp_recovery
+- version update to 5.04
+  * clone.2
+    Document clone3()
+  * wait.2
+    Add P_PIDFD for waiting on a child referred to by a PID file descriptor
+  * bpf-helpers.7
+    Refresh against kernel v5.4-rc7
+  * see Changes for other changes
+
+- tcp.7: correct documentation of tcp_fack, document tcp_recovery
+- version update to 5.03
+  * New and rewritten pages
+    pidfd_open.2
+    pidfd_send_signal.2
+    pivot_root.2
+    ipc_namespaces.7
+    uts_namespaces.7
+  * Newly documented interfaces in existing pages
+    clone.2
+    Document CLONE_PIDFD
+    fanotify_mark.2
+    Document FAN_MOVE_SELF
+    ptrace.2
+    Document PTRACE_GET_SYSCALL_INFO
+    regex.3
+    Document REG_STARTEND
+  * see Changes for other changes
+
+- version update to 5.02
+  * Newly documented interfaces in existing pages
+    fanotify.7
+    fanotify_init.2
+    fanotify_mark.2
+    Matthew Bobrowski  [Amir Goldstein, Jan Kara]
+    Document FAN_REPORT_FID and directory modification events
+    vdso.7
+    Tobias Klauser  [Palmer Dabbelt]
+    Document vDSO for RISCV
+  * see Changes for more details
+
+- version update to 5.01
+  * Newly documented interfaces in existing pages
+    tsearch.3
+    Document the twalk_r() function added in glibc 2.30
+  * see Changes for more details
+
+- update to 5.00:
+  * new or rewritten pages:
+    s390_guarded_storage.2
+    address_families.7
+    bpf-helpers.7
+  * newly documented interfaces:
+    fanotify_init.2
+    fanotify.7
+    Document FAN_REPORT_TID
+    fanotify_init.2: add new flag FAN_REPORT_TID
+    fanotify.7: update description of member pid in
+    struct fanotify_event_metadata
+    Document FAN_MARK_FILESYSTEM
+    Monitor fanotify events on the entire filesystem.
+    Document FAN_OPEN_EXEC and FAN_OPEN_EXEC_PERM
+    io_submit.2
+    Document IOCB_FLAG_IOPRIO
+    msgctl.2
+    semctl.2
+    shmctl.2
+    Document STAT_ANY commands
+    prctl.2
+    Document PR_SET_SPECULATION_CTRL and PR_GET_SPECULATION_CTRL
+    sched_setattr.2
+    Document SCHED_FLAG_DL_OVERRUN and SCHED_FLAG_RECLAIM
+    socket.2
+    Document AF_XDP
+    Document AF_XDP added in Linux 4.18.
+    inotify.7
+    Document IN_MASK_CREATE
+    unix.7
+    Document SO_PASSSEC
+    Document SCM_SECURITY ancillary data
+
mcelog
+- This contains following features:
+  PED-6122
+  [GNR] RAS: mcelog Add support for Granite Rapids (ALP)
+  PED-6102
+  [GNR] RAS: mcelog Add support for Granite Rapids (SLE 15 SP6)
+  PED-6021
+  [SRF] RAS: mcelog support for Sierra Forest (SLE 15 SP6)
+  PED-6050
+  [SRF] RAS: mcelog support for Sierra Forest (ALP)
+- Change git repo in _service file from git to https url
+- Update to version 195:
+  * mcelog: Wire up model-specific decoding for Sierra Forest
+  * mcelog: Add model-specific decoding for Granite Rapids
+  * client.c: fix build w/ musl libc
+  * mcelog: New model number for Arrowlake
+  * mcelog: Don't overwrite model number when lookup fails
+  * mcelog: Add Graniterapids, Grandridge and Sierraforest
+  * mcelog: New model number for Lunarlake
+  * mcelog: Add Emerald Rapids
+  * Update PFA_test_howto
+- Adopt to mainline:
+  M email.patch
+
mtools
+- update to 4.0.43:
+  * Fix root directory test in mattrib
+  * -b BiosDisk flag for mformat to allow setting physdrive to
+    a user-specified value
+  * Clearer error message in mformat when trying to mformat a
+    disk whose total size is not known
+  * Make recursive copy more consistent
+  * Trailing slash now always implies target should be a directory
+
+- update to 4.0.42:
+  * Added postcmd attribute in drive description to allow to
+    execute "device release" code automatically at end of
+    command
+  * Code cleanup, signedness cleanup about directory entries
+
+- update to 4.0.41:
+  * Support FAT32 with less than 0xfff5 clusters
+  * Make FAT32 entries 0 and 1 match what what Windows 10 does
+
+- fix build
+- deleted patches
+  - mtools-prototypes.diff (not needed)
+
+- update to 4.0.40:
+  * Better compatibility with legacy platforms
+
+- update to 4.0.39:
+  * Rename strtoi to strosi (string to signed int). The strtoi
+    function on BSD does something else (returns an intmax, not
+    an int)
+
+- update to 4.0.38:
+  * Make sure case byte is cleared when making the special
+    directory entries "." and ".."
+  * In mattrib man page, replace "attribute flags" with "attribute
+    bits"
+
+- update to 4.0.37:
+  * Removed mclasserase commands, which doesn't fit the coding
+    structure of the rest of mtools
+  * Add support to -i option to mcd
+  * Document -i in mtools.1
+  * Fix a missing commad error in floppyd_io.c
+
+- update to 4.0.36:
+  * Fix error status of recursive listing of empty root directory
+  * If recursive listing, also show matched files at level one
+  * Use "seekless" reads & write internally, where possible
+  * Text mode conversion refactoring
+  * Misc refactoring
+- remove mtools-aliasing.diff (obsolete)
+
mutt
+- Add upstream commits as patches
+  * CVE-2023-4874-part1.patch (bsc#1215189 for CVE-2023-4874)
+  * CVE-2023-4874-part2.patch (bsc#1215189 for CVE-2023-4874)
+  * CVE-2023-4875.patch (bsc#1215191 for CVE-2023-4875)
+
nethogs
+- update to 0.8.7:
+  * Adding ppc64le architecture support on travis-ci by @kishorkunal-raj in #198
+  * Issue: #62 - UDP support by @takeoverjp in #199
+  * Update man page with the latest help message. by @takeoverjp in #200
+  * Issue: #102 - Show screenshot in README. by @takeoverjp in #201
+  * Add links to other network traffic monitoring tools. by @takeoverjp in #202
+  * Issue: #96 - Garbage collect inodeproc on each ui refresh. by @takeoverjp in #203
+  * Fix compilation error with [-Werror=format-security] by @kretcheu in #210
+  * Added BusyTasks link to the list by @unknown-spirit in #212
+  * Add bandwhich and sniffer links by @chenjiandongx in #213
+  * Disable capability check, handle failure better by @ncfavier in #215
+  * feat: Add basename support #155 by @sgtcortez in #216
+  * Use "--tags" parameter to get the correct git-tag by @schuellerf in #221
+  * Add process filter by @sgtcortez in #218
+  * Add python bindings by @jimmylomro in #222
+  * Improve performance with many connections by @CyberShadow in #223
+
+- update to 0.8.6:
+  * fix: Expose to_ms / packet buffer timeout to libnethogs
+  * Add MB/s and GB/s view modes
+  * Fix libnethogs handle memory leak
+  * add support for pcap capture filters
+  * Add "how to run without root" (capabilities note) to README
+  * Remove confusing 'waiting for first packet' message
+
nfs-utils
+- Add 0032-exportfs-Ingnore-export-failures-in-nfs-server.seriv.patch
+  Inconsistencies in /etc/exports shouldn't be fatal.
+  (bsc#1212594)
+
+- Add 0030-systemd-use-correct-modprobe-d-directory
+  SLE15-SP5 an earlier don't use /usr/lib/modprobe.d
+  (bsc#1200710)
+- Add 0031-mountd-don-t-advertise-krb5-for-v4root-when-not-conf.patch
+  Avoid unhelpful warning if rpcsec_gss_krb5.ko not installed
+
+- Add 0028-mount.nfs-always-include-mountpoint-or-spec-if-error.patch
+  boo#1157881
+- Add 0029-nfsd.man-fix-typo-in-section-on-scope.patch
+  bsc#1209859
+- Allow scope to be set in sysconfig: NFSD_SCOPE
+
nghttp2
+- Fixes memory leak that happens when PUSH_PROMISE or HEADERS frame cannot be
+  sent, and nghttp2_on_stream_close_callback fails with a fatal error.
+  [CVE-2023-35945 bsc#1215713]
+  + nghttp2-CVE-2023-35945.patch
+
nodejs20
+- Update to 20.7.0:
+  * src: support multiple --env-file declarations
+  * deps: upgrade npm to 10.1.0
+  * doc: move and rename loaders section
+  * lib: add api to detect whether source-maps are enabled
+  * src,permission: add multiple allow-fs-* flags
+  * test_runner: expose location of tests
+- z13.patch: upstreamed
+
+- Update to 20.6.1:
+  * f0ff63fbc32ea55f3d92c5c89fdb91ec47786859.patch: removed, upstreamed
+
+- f0ff63fbc32ea55f3d92c5c89fdb91ec47786859.patch: fixes issues with
+  Angular and other software that tries to load ECM modules in
+  somewhat circular fashion ending up with multiple executions.
+
+- Update to 20.6.0:
+  * add support for .env files to configure envrionment variables
+  * import.meta.resolve unflagged
+  * deps: npm updated to 9.8.1
+- nodejs.keyring: updated to include current upstream releasers
+
ocfs2-tools
+- Update from 1.8.7 to 1.8.8 (jsc#PED-6362)
+  * Upstream only marked a new tag, there is no new feature in this upgrade.
+  * remove patch
+  - ocfs2-tools-kernel33.patch
+  - fixed-mounted.ocfs2-output-when-some-devices-are-Not.patch
+  - update-mounted.ocfs2-mounted.c.patch
+  - libocfs2-roll-back-when-dir_index-creation-fails.patch
+  - fsck.ocfs2-do-not-try-locking-after-replaying-journa.patch
+  - bug-1203166-dump_fs_locks-support-v4.patch
+
open-vm-tools
+- Update to 12.3.0 (build 22234872) (boo#1214850)
+  - There are no new features in the open-vm-tools 12.3.0 release. This is
+    primarily a maintenance release that addresses a few critical problems,
+    including:
+  - This release integrates CVE-2023-20900 without the need for a patch.
+    For more information on this vulnerability and its impact on VMware
+    products, see
+    https://www.vmware.com/security/advisories/VMSA-2023-0019.html.
+  - A tools.conf configuration setting is available to temporaily direct
+    Linux quiesced snaphots to restore pre open-vm-tools 12.2.0 behavior
+    of ignoring file systems already frozen.
+  - Building of the VMware Guest Authentication Service (VGAuth) using
+    "xml-security-c" and "xerces-c" is being deprecated.
+  - A number of Coverity reported issues have been addressed.
+  - A number of GitHub issues and pull requests have been handled.
+    Please see the Resolves Issues section of the Release Notes.
+  - For issues resolved in this release, see the Resolved Issues section
+    of the Release Notes.
+  - For complete details, see:
+    https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.0
+  - Release Notes are available at
+    https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/ReleaseNotes.md
+  - The granular changes that have gone into the 12.3.0 release are in the
+    ChangeLog at
+    https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/open-vm-tools/ChangeLog
+- Fix (bsc#1205927) - hv_vmbus module is loaded unnecessarily in VMware guests
+- jsc-PED-1344 - reinable building containerinfo plugin for SLES 15 SP4.
+- Drop patch now contained in 12.3.0:
+  + 0001-build-put-l-specifiers-into-LIBADD-not-LDFLAGS.patch
+  + 0002-build-use-grpc-pkgconfig-to-retrieve-flags-libraries.patch
+  + 2023-20867-Remove-some-dead-code.patch
+  + CVE-20230-20900.patch
+
+- limit to protobuf < 22 for now until build failures have been fixed
+
php-composer2
-- security update
-- added patches
-  fix CVE-2022-24828 [bsc#1198494], Code injection vulnerability
-  + php-composer2-CVE-2022-24828.patch
+- Update to version 2.5.8
+  * Fixed regression in edge cases where root package gets added to a repository already during the install process (#11495)
+  * Fixed EventDispatcher on windows picking bat files when using "@php binary" (#11490)
+  * Fixed ICU CLDR version parsing failing the whole process when ICU cannot initialize the resource bundle (#11492)
+  * Fixed type declarations on ClassLoader (#11500)
+- Update to version 2.5.7
+  * Fixed regression preventing autoloading the dependencies of metapackages when running --no-dev (#11481)
+- Update to version 2.5.6
+  * BC Warning: Installers and InstallationManager::getInstallPath will now return null instead of an empty string for metapackages' paths. This may have adverse effects on plugin code using this expecting always a string but it is unlikely (#11455)
+  * Fixed metapackages showing their install path as the root package's path instead of empty (#11455)
+  * Fixed lock file verification on install to deal better with replace/provide (#11475)
+  * Fixed lock file having a more recent modification time than the vendor dir when require guesses the constraint after resolution (#11405)
+  * Fixed numeric default branches with a v prefix being treated as non-numeric ones and receiving an alias like e.g. dev-main would (e51d755a08)
+  * Fixed binary proxies not being transparent when included by another PHP process and returning a value (#11454)
+  * Fixed support for plugin classes being marked as readonly (#11404)
+  * Fixed getmypid being required as it is not always available (#11401)
+  * Fixed authentication issue when downloading several files from private Bitbucket in parallel (#11464)
+
+- Update to version 2.5.5
+  * Fixed basic auth failures resulting in infinite retry loop (#11320)
+  * Fixed GitHub rate limit reporting (#11366)
+  * Fixed InstalledVersions error in Composer 1 compatibility edge case (#11304)
+  * Fixed issue displaying solver problems with branch names containing `%` signs (#11359)
+  * Fixed race condition in cache validity detection when running Composer highly concurrently (#11375)
+  * Fixed various minor config command issues (#11353, #11302)
+
+- Update to version 2.5.4
+  * Fixed extra.plugin-optional support in PluginInstaller when doing pre-install checks (#11318)
+- Update to version 2.5.3
+  * Added extra.plugin-optional support for allow auto-disabling unknown plugins which are not critical when running non-interactive (#11315)
+
+- Update to version 2.5.2
+  * Added warning when `require` auto-selects a feature branch as that is probably not desired (#11270)
+  * Fixed `self.version` requirements reporting lock file integrity errors when changing branches (#11283)
+  * Fixed `require` regression which broke the --fixed flag (#11247)
+  * Fixed security audit reports loading when exclude/only filter rules are used on a repository (#11281)
+  * Fixed autoloading regression on PHP 5.6 (#11285)
+  * Fixed archive command including an existing archive into itself if run repeatedly (#11239)
+  * Fixed dev package prompt in `require` not appearing in some conditions (#11287)
+
+- Update to version 2.5.1
+  * Fixed ClassLoader regression which made it fail if serialized (e.g. within PHPUnit process isolation) (#11237)
+  * Fixed preg type error in svn version guessing (#11231)
+
+- Update to version 2.5.0
+  * BC Warning: To prevent abuse of our includeFile() function it is now gone, it was not part of the official API but may still cause issues if some code incorrectly relied on it (#11015)
+  * Improved version guessing of `require` command to use the dependency resolution result instead of using the latest available version (except if you run with --no-update) (#11160)
+  * Improved version selection in `archive` command (#11230)
+  * Added autocompletion of config option names in the `config` command (#11130)
+  * Added support for writing [custom commands as Command classes](https://getcomposer.org/doc/articles/scripts.md#writing-custom-commands) (#11151)
+  * Added hard failure when installing from a lock file which does not satisfy the composer.json requirements (#11195)
+  * Added warning when the outdated command rejects a new package due to unmet platform requirements (#11113)
+  * Added support for `bump` command to bump `>=x` to `>=installed-version` (#11179)
+  * Added `--download-only` flag to `install` command to only download and prime the cache with the package archives (#11041)
+  * Added autoconfiguration of `github-domains`/`gitlab-domains` when GitHub/GitLab credentials are configured for a custom domain (#11062)
+  * Added hard failure (throw) if COMPOSER_AUTH is present and malformed JSON (#11085)
+  * Added interactive prompt to `run-script` and `exec` commands if run without any argument (#11157)
+  * Added interactive prompt where to store credentials when a project-local auth.json exists (#11188)
+  * Fixed full disk warning to be shown when less than 100MiB is available (#11190)
+  * Fixed cache keys to allow `_` to avoid conflicts between package names like `a-b` and `a_b` (#11229)
+  * Fixed docker compatibility by making paths more portable even if the project is installed at `/` (#11169)
+
+- Update to version 2.4.4
+  * Added extra debug output when a zip extraction fails while on
+    GitHub Actions (#11148)
+  * Fixed cache write failures when the cache dir gets removed during
+    a composer run (#11076)
+  * Fixed 2.4.3 regression in loading Composer on SMB/network shares
+    (#11077)
+  * Fixed --dry-run flag missing from bump command (#11047)
+  * Fixed status command reporting differences when the source ref is
+    a tag (#11155)
+  * Fixed outdated command outputting legend on stdout instead of stderr
+  * Fixed URL sanitizer to handle new GitHub personal access tokens
+    format (#11137)
+- Update to version 2.4.3
+  * BC Break: The json format of audit command now has reportedAt as an
+    RFC3339 string instead of an object which was a mistake (#11120)
+  * Fixed json format of audit command which was missing affectedVersions
+    (#11120)
+  * Fixed plugin commands not being loaded during bash completions
+    (#11074)
+  * Fixed parsing of inline aliases within complex constraints with
+    || or , (#11086)
+  * Fixed min-php version check in autoload.php to avoid crashing sites
+    running on PHP 5.5 or below silently with a 200 (#11091)
+  * Fixed JsonFile reading files without checking if they are readable
+    first (#11077)
+  * Fixed require command with --dry-run failing when requiring a package
+    requiring stability flag extraction (#11112)
+
+- Update to version 2.4.2
+  * Fixed bash completion hanging when running as root without
+    COMPOSER_ALLOW_SUPERUSER set (#11024)
+  * Fixed handling of plugin activation when running as root without
+    COMPOSER_ALLOW_SUPERUSER set so it always happens after prompting,
+    or does not happen if input is non-interactive
+  * Fixed package filter on bump command (#11053)
+  * Fixed handling of --ignore-platform-req with upper-bound ignores
+    to not apply to conflict rules (#11037)
+  * Fixed handling of COMPOSER_DISCARD_CHANGES when set to 0
+  * Fixed handling of zero-major versions in outdated command with
+  - -major-only (#11032)
+  * Fixed show --platform regression since 2.4.0 when running in a
+    directory without composer.json (#11046)
+  * Fixed a few strict type errors
+- Update to version 2.4.1
+  * Added a COMPOSER_NO_AUDIT env var to easily apply the new --no-audit
+    flag in CI (#10998)
+  * Fixed show command showing packages in two sections, this was only
+    meant for the outdated command (#11000)
+  * Fixed local git repos being copied to cache unnecessarily (#11001)
+  * Fixed git cache invalidation issue when a git tag gets created after
+    the cache has loaded a given reference (#11004)
+- Update to version 2.4.0
+  * Added bash completions for Composer commands, package names, etc
+    (see how to setup) (#10320)
+  * Added bump command to bump requirements to the currently installed
+    version (#10829)
+  * Added audit command to check for known security vulnerabilities in
+    installed packages (#10798, #10898)
+  * Added automatic auditing of security vulnerabilities after update
+    is done, can be overridden with --no-audit (#10798, #10898)
+  * Added --audit to install command to also do an audit (#10798, #10898)
+  * Added json format output to the check-platform-reqs command (#10979)
+  * Added GitLab 15+ token refresh support (#10988)
+  * Added r alias to require command (#10953)
+  * Added composer/class-map-generator dependency to replace
+    Composer\Autoload\ClassMapGenerator which is now deprecated (#10885)
+  * Added --locked to depends/prohibits commands (#10834)
+  * Added --strict-psr flag to dump-autoload command to fail the process
+    if PSR violations were detected, useful for CI (#10886)
+  * Added COMPOSER_PREFER_STABLE and COMPOSER_PREFER_LOWEST env vars
+    to turn on --prefer-stable/--prefer-lowest on update and require
+    command, useful for CI (#10919)
+  * Added support for temporary update constraints on all packages
+    (now also including non-root dependencies) (#10773)
+  * Added --major-only flag to the outdated command to show only
+    packages with major version updates (#10827)
+  * Added sections for direct and transitive deps in outdated command
+    output (#10779)
+  * Added ability for cache GC to clean up vcs and repo caches (#10826)
+  * Added --gc flag to clear-cache to only trigger a garbage collection
+    instead of clearing everything (#10826)
+  * Added signal (SIGINT, SIGTERM, SIGHUP) handling to ensure we wait
+    for the child process to exit before Composer exits to avoid
+    dropping output (#10958)
+  * Added prompt suggesting using --dev when requiring packages with
+    dev/testing/static analysis keywords present (#10960)
+  * Added warning in require, init and create-project commands when
+    the latest version of a package cannot be used due to platform
+    requirements (#10896)
+  * Fixed COMPOSER_NO_DEV so it also works with require and remove's
+  - -update-no-dev (#10995)
+
+- Update to version 2.3.10
+  * Fixed plugins from CWD/vendor being loaded in some cases like
+    create-project or validate even though the target directory is
+    outside of CWD (#10935)
+  * Fixed support for legacy (Composer 1.x, e.g. hirak/prestissimo)
+    plugins which will not warn/error anymore if not in allow-plugins,
+    as they are anyway not loaded (#10928)
+  * Fixed pre-install check for allowed plugins not taking --no-plugins
+    into account (#10925)
+  * Fixed support for disable_functions containing disk_free_space
+    (#10936)
+  * Fixed RootPackageRepository usages to always clone the root package
+    to avoid interoperability issues with plugins (#10940)
+- Update to version  2.3.9
+  * Fixed non-interactive behavior of allow-plugins to throw instead
+    of continue with a warning to avoid broken installs (#10920)
+  * Fixed allow-plugins BC mode to ensure old lock files created pre-2.2
+    can be installed with only a warning but plugins fully loaded (#10920)
+  * Fixed deprecation notice (#10921)
+  * Fixed type errors (#10924)
+
+- Update to version 2.3.8
+  * Fixed support for cache-read-only where the filesystem is not writable (#10906)
+  * Fixed type error when using allow-plugins: true (#10909)
+  * Fixed @putenv scripts receiving arguments passed to the command (#10846)
+  * Fixed support for spaces in paths with binary proxies on Windows (#10836)
+  * Fixed type error in GitDownloader if branches cannot be listed (#10888)
+  * Fixed RootPackageInterface issue on PHP 5.3.3 (#10895)
+  * Fixed type errors (#10904, #10897)
+
+- Update to version 2.3.7
+  * Fixed a few PHPStan ConfigReturnTypeExtension bugs
+  * Fixed Config default for auth configs to be empty arrays instead
+    of null, fixes issues with diagnose command (#10814)
+  * Fixed handling of broken symlinks when checking whether a package
+    is still installed (#6708)
+  * Fixed bin proxies to allow a proxy to include another one safely
+    (#10823)
+  * Fixed openssl 3.x version parsing as it is now semver compliant
+  * Fixed type error when a json file cannot be read (#10818)
+  * Fixed parsing of multi-line arrays in funding.yml (#10784)
+
+- Update to version 2.3.6
+  * Added Composer\PHPStan\ConfigReturnTypeExtension to improve return
+    types of Config::get() which you can also use in plugins CI (#10635)
+  * Fixed name validation regex in schema causing issues with JS IDEs
+    like VS Code (#10811)
+  * Fixed unnecessary HTTP request in BitbucketDriver (#10729)
+  * Fixed invalid credentials loop when setting up GitLab token (#10748)
+  * Fixed PHP 8.2 deprecations (#10766)
+  * Fixed lock file changes being output even when the lock file creation
+    is disabled
+  * Fixed race condition when multiple requests asking for auth on the
+    same hostname fired concurrently (#10763)
+  * Fixed quoting of commas on Windows (#10775)
+  * Fixed issue installing path repos with a disabled symlink function
+    (#10786)
+  * Fixed various type errors (#10753, #10739, #10751)
+
+- Update to version 2.3.5
+  * Security: Fixed command injection vulnerability in
+    HgDriver/GitDriver: CVE-2022-24828
+  * Added warning when downloading a file with verify_peer[_name] disabled
+  * Fixed curl downloader not retrying when a DNS resolution failure occurs
+  * Fixed composer.lock file still being used/read when the lock
+    config option is disabled
+  * Fixed validate command checking the lock file even if the lock
+    option is disabled
+  * Fixed detection of default branch name when it changed since a
+    git repo was mirrored in cache dir
+- Update to version 2.3.4
+  * Fixed the generated autoload.php to support running on PHP 5.6+
+    (down from 7.0+) and warn clearly on older PHP versions
+  * Fixed run-script --list flag regression
+  * Fixed curl downloader handling of DNS resolution failures to do
+    an automatic retry
+  * Fixed various type errors
+  * [bsc#1198494]
+
+- Update to version 2.3.3
+  * Added --2.2 flag to `self-update` to pin the Composer version to
+    the 2.2 LTS range (#10682)
+  * Added missing config.bitbucket-oauth in composer-schema.json
+  * Fixed type errors in SvnDriver (#10681)
+  * Fixed --version output to match the pre-2.3 one (#10684)
+  * Fixed config/auth.json files not being validated against the
+    composer-schema.json (#10685)
+  * Fixed generation of autoload crashing if a package has a broken
+    path (#10688)
+  * Fixed GitDriver state issue when reusing old cache dirs and the
+    default branch was renamed (#10687)
+  * Updated semver, jsonlint deps for minor fixes
+  * Removed dev-master=>dev-main alias from #10372 as it does not
+    work when reloading from lock file and extracting dev deps (#10651)
+- Update to version 2.3.2
+  * Fixed type error when running `exec` command (#10672)
+  * Fixed endless loop in plugin activation prompt when input is not
+    fully interactive yet appears to be (#10648)
+  * Fixed type error in ComposerRepository (#10675)
+  * Fixed issues loading platform packages where the version of a
+    library cannot be established (#10631)
+- Update to version 2.3.1
+  * Fixed type error when HOME env var is not set (#10670)
+- Update to version 2.3.0
+  * Fixed many strict types errors (#10646, #10642, #10647, #10658,
+    [#10656], #10665, #10660, #10663, #10662)
+  * Fixed invalid return value in ComposerRepository::findPackage
+    (#10622)
+  * Fixed many `show` command issues due to a flipped condition
+    (#10623)
+  * Fixed `phpversion()` handling when it returns false due to an
+    extension defining no version (#10631)
+  * Fixed `remove` command failing when no `allow-plugin` is defined
+    in config (#10629)
+  * Performance improvement in Composer bootstrapping (version guessing)
+    when on a feature branch (#10632)
+  * BC Break: the minimum PHP version is now 7.2.5+, use the
+    [Composer 2.2 LTS](https://github.com/composer/composer/issues/10340)
+    if you are stuck with an older PHP (#10343)
+  * BC Break: added native parameter & return types to many internal
+    APIs, we explicitly left the most extended/implemented symbols
+    untouched but if this causes problems nonetheless please report
+    it ASAP (#10547, #10561)
+  * BC Break: added visibility to all constants, a few internal ones
+    have been made private/protected, if this causes problems please
+    report it ASAP (#10550)
+  * BC Break: the minimum supported Symfony components version is
+    now 5.4, this only affects you if you are requiring composer/
+    composer directly however, which is generally frowned upon
+  * Bumped `composer-plugin-api` to `2.3.0`
+  * Bumped bundled Symfony components from 2.8 to 5.4 🥳
+  * Added `declare(strict_types=1)` to all the classes, which for
+    sure could cause regressions in edge cases, please report with
+    stack traces (#10567)
+  * Added `--patch-only` to the `outdated` command to only show
+    updates to patch versions and ignore new major/minor versions
+    (#10589)
+  * Added clickable links to various commands for terminals which
+    support it (#10430)
+  * Added ProcessExecutor ability to receive commands as arrays by
+    (internals/plugin change only) (#10435)
+  * Added abandoned flag to `show`/`outdated` commands JSON-formatted
+    output (#10485)
+  * Added config.reference option to `path` repositories to configure
+    the way the reference is generated, and possibly reduce composer.lock
+    conflicts (#10488)
+  * Added automatic removal of allow-plugins rules when removing a
+    plugin via the `remove` command (#10615)
+  * Added COMPOSER_IGNORE_PLATFOR_REQ & COMPOSER_IGNORE_PLATFOR_REQS
+    env vars to configure the equivalent flags (#10616)
+  * Added support for Symfony 6.0 components
+  * Added support for psr/log 3.x (#10454)
+  * Fixed symlink creation in linux VM guest filesystems to be
+    recognized by Windows (#10592)
+  * Performance improvement in pool optimization step (#10585)
+
+- Update to version 2.2.7
+  * Fixed support for packages with no licenses in licenses
+    command output
+  * Fixed handling of allow-plugins: false which kept warning
+  * Fixed enum parsing in classmap generation when the enum keyword
+    is not lowercased
+  * Fixed author parsing in init command requiring an email whereas
+    the schema allows a name only
+  * Fixed issues in require command when requiring packages which
+    do not exist (but are provided by something else you require)
+  * Performance improvement in pool optimization step
+
+- Update to version 2.2.6
+  * BC Break: due to an oversight, the COMPOSER_BIN_DIR env var for
+    binaries added in Composer 2.2.2 had to be renamed to
+    COMPOSER_RUNTIME_BIN_DIR (#10512)
+  * Fixed enum parsing in classmap generation with syntax like enum
+    foo:string without space after : (#10498)
+  * Fixed package search not urlencoding the input (#10500)
+  * Fixed reinstall command not firing pre-install-cmd/post-install-cmd
+    events (#10514)
+  * Fixed edge case in path repositories where a symlink: true option
+    would be ignored on old Windows and old PHP combos (#10482)
+  * Fixed test suite compatibility with latest symfony/console
+    releases (#10499)
+  * Fixed some error reporting edge cases (#10484, #10451, #10493)
+- Update to version 2.2.5
+  * Disabled composer/package-versions-deprecated by default as it
+    can function using Composer\InstalledVersions at runtime (#10458)
+  * Fixed artifact repositories crashing if a phar file was present
+    in the directory (#10406)
+  * Fixed binary proxy issue on PHP <8 when fseek is used on the
+    proxied binary path (#10468)
+  * Fixed handling of non-string versions in package repositories
+    metadata (#10470)
+- Update to version 2.2.4
+  * Fixed handling of process timeout when running async processes
+    during installation
+  * Fixed GitLab API handling when projects have a repository
+    disabled (#10440)
+  * Fixed reading of environment variables (e.g. APPDATA) containing
+    unicode characters to workaround a PHP bug on Windows (#10434)
+  * Fixed partial update issues with path repos missing if a path
+    repo is required by a path repo (#10431)
+  * Fixed support for sourcing binaries via the new bin proxies (#10389)
+  * Fixed messaging when GitHub tokens need SSO authorization (#10432)
+
+- PHP Composer 2 requires PHP 7.2.5 at least
+
+- php is not required for build
pmix
+- Fix a potential vulnerability where a `chown` may follow a
+  user-created link:
+  Fix-a-potential-vulnerability-which-allows-chown-on-user-created-links.patch
+  (CVE-2023-41915, bsc#1215190).
+
+- Install pmix-plugin-munge if munge is installed.
+- Use correct prerequisite name: pmix-plugin-munge not pmix-plugins-munge
postfix
+- postfix: config.postfix causes too tight permission on main.cf
+  (bsc#1215372)
+
postfix-bdb
+- postfix: config.postfix causes too tight permission on main.cf
+  (bsc#1215372)
+
python-brotlipy
+- Fix CVE-2020-8927, integer overflow when input chunk is larger than 2GiB,
+  bsc#1175825
+  * CVE-2020-8927.patch
+
python-linux-procfs
+- update to 0.7.1:
+  * Correct VERSION number in procfs.py
+  * Use f-strings
+  * Add missing open in with statement
+  * Use sys.exit and add some docstrings
+  * Add tar.xz and asc files to gitignore
+  * Fix traceback with non-utf8 chars in the /proc/PID/cmdline
+  * Propagate error to user if a pid is completed
+  * pflags: Handle pids that completed
+  * Makefile: Add ctags
+  * Remove procfs/sysctl.py
+  * Various clean-ups
+  * Fix UnicodeDecodeError
+  * Fix more spacing problems with procfs.py
+  * procfs.py: Simplify is_s390
+  * procfs.py: Fix a few more style problems
+  * clean-ups for recent python formating regarding spacing, tabs, etc
+  * Fix to parse the number of cpus correctly on s390(x)
+
+- %python3_only -> %python_alternative
+
python-minidb
+- Update to 2.0.7
+  Test against Python 3.10
+  YAML syntax and me
+  Only pass special keyword args to model __init__
+  Add delete_all() and count_rows()
+
+- Update to  minidb 2.0.6
+  * Add vacuum_on_close option and Store.vacuum()
+
+- Use GitHub tarball (for tests and README.md).
+
+- Update to 2.0.5
+  * Clean up things and set up CI (#16)
+  * Don't use ported_eq function
+- Drop patches for issues fixed upstream
+  * no_ported_eq.patch
+- Rename README to README.md in %files section
+
+- Update to 2.0.4:
+  - switch to pytest
+- Rename 0001-switch-to-pytest.patch to no_ported_eq.patch as the
+  previous patch was upstreamed, and now is just a small cleanup
+  (gh#thp/minidb#15).
+
python-reportlab
+- (CVE-2019-19450, bsc#1215560) Add
+  CVE-2019-19450-code-inj-paraparser.patch to avoid code
+  injection in paraparser.py allowing code execution.
+
python3
+- Add CVE-2023-40217-avoid-ssl-pre-close.patch fixing
+  gh#python/cpython#108310, backport from upstream patch
+  gh#python/cpython#108315
+  (bsc#1214692, CVE-2023-40217)
+
python311
+- Update to 3.11.5 (bsc#1214692):
+  - Security
+  - gh-108310: Fixed an issue where instances of ssl.SSLSocket were
+    vulnerable to a bypass of the TLS handshake and included
+    protections (like certificate verification) and treating sent
+    unencrypted data as if it were post-handshake TLS encrypted data.
+    Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
+    Gregory P. Smith.
+  - Core and Builtins
+  - gh-104432: Fix potential unaligned memory access on C APIs
+    involving returned sequences of char * pointers within the grp
+    and socket modules. These were revealed using a
+  - fsaniziter=alignment build on ARM macOS. Patch by Christopher
+    Chavez.
+  - gh-77377: Ensure that multiprocessing synchronization objects
+    created in a fork context are not sent to a different process
+    created in a spawn context. This changes a segfault into an
+    actionable RuntimeError in the parent process.
+  - gh-106092: Fix a segmentation fault caused by a use-after-free
+    bug in frame_dealloc when the trashcan delays the deallocation
+    of a PyFrameObject.
+  - gh-106719: No longer suppress arbitrary errors in the
+    __annotations__ getter and setter in the type and module types.
+  - gh-106723: Propagate frozen_modules to multiprocessing spawned
+    process interpreters.
+  - gh-105979: Fix crash in _imp.get_frozen_object() due to improper
+    exception handling.
+  - gh-105840: Fix possible crashes when specializing function calls
+    with too many __defaults__.
+  - gh-105588: Fix an issue that could result in crashes when
+    compiling malformed ast nodes.
+  - gh-105375: Fix bugs in the builtins module where exceptions
+    could end up being overwritten.
+  - gh-105375: Fix bug in the compiler where an exception could end
+    up being overwritten.
+  - gh-105375: Improve error handling in
+    PyUnicode_BuildEncodingMap() where an exception could end up
+    being overwritten.
+  - gh-105235: Prevent out-of-bounds memory access during
+    mmap.find() calls.
+  - gh-101006: Improve error handling when read marshal data.
+  - Library
+  - gh-105736: Harmonized the pure Python version of OrderedDict
+    with the C version. Now, both versions set up their internal
+    state in __new__. Formerly, the pure Python version did the set
+    up in __init__.
+  - gh-107963: Fix multiprocessing.set_forkserver_preload() to check
+    the given list of modules names. Patch by Dong-hee Na.
+  - gh-106242: Fixes os.path.normpath() to handle embedded null
+    characters without truncating the path (bsc#1214693,
+    CVE-2023-41105).
+  - gh-107845: tarfile.data_filter() now takes the location of
+    symlinks into account when determining their target, so it will
+    no longer reject some valid tarballs with
+    LinkOutsideDestinationError.
+  - gh-107715: Fix doctest.DocTestFinder.find() in presence of class
+    names with special characters. Patch by Gertjan van Zwieten.
+  - gh-100814: Passing a callable object as an option value to a
+    Tkinter image now raises the expected TclError instead of an
+    AttributeError.
+  - gh-106684: Close asyncio.StreamWriter when it is not closed by
+    application leading to memory leaks. Patch by Kumar Aditya.
+  - gh-107077: Seems that in some conditions, OpenSSL will return
+    SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification
+    verification has failed, but the error parameters will still
+    contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are
+    now detecting this situation and raising the appropiate
+    ssl.SSLCertVerificationError. Patch by Pablo Galindo
+  - gh-107396: tarfiles; Fixed use before assignment of
+    self.exception for gzip decompression
+  - gh-62519: Make gettext.pgettext() search plural definitions when
+    translation is not found.
+  - gh-83006: Document behavior of shutil.disk_usage() for
+    non-mounted filesystems on Unix.
+  - gh-106186: Do not report MultipartInvariantViolationDefect
+    defect when the email.parser.Parser class is used to parse
+    emails with headersonly=True.
+  - gh-106831: Fix potential missing NULL check of d2i_SSL_SESSION
+    result in _ssl.c.
+  - gh-106774: Update the bundled copy of pip to version 23.2.1.
+  - gh-106752: Fixed several bug in zipfile.Path in
+    name/suffix/suffixes/stem operations when no filename is present
+    and the Path is not at the root of the zipfile.
+  - gh-106602: Add __copy__ and __deepcopy__ in enum
+  - gh-106530: Revert a change to colorsys.rgb_to_hls() that caused
+    division by zero for certain almost-white inputs. Patch by Terry
+    Jan Reedy.
+  - gh-106052: re module: fix the matching of possessive quantifiers
+    in the case of a subpattern containing backtracking.
+  - gh-106510: Improve debug output for atomic groups in regular
+    expressions.
+  - gh-105497: Fix flag mask inversion when unnamed flags exist.
+  - gh-90876: Prevent multiprocessing.spawn from failing to import
+    in environments where sys.executable is None. This regressed in
+    3.11 with the addition of support for path-like objects in
+    multiprocessing.
+  - gh-106350: Detect possible memory allocation failure in the
+    libtommath function mp_init() used by the _tkinter module.
+  - gh-102541: Make pydoc.doc catch bad module ImportError when
+    output stream is not None.
+  - gh-106263: Fix crash when calling repr with a manually
+    constructed SignalDict object. Patch by Charlie Zhao.
+  - gh-105375: Fix a bug in _Unpickler_SetInputStream() where an
+    exception could end up being overwritten in case of failure.
+  - gh-105375: Fix bugs in sys where exceptions could end up being
+    overwritten because of deferred error handling.
+  - gh-105605: Harden pyexpat error handling during module
+    initialisation to prevent exceptions from possibly being
+    overwritten, and objects from being dereferenced twice.
+  - gh-105375: Fix bug in decimal where an exception could end up
+    being overwritten.
+  - gh-105375: Fix bugs in _datetime where exceptions could be
+    overwritten in case of module initialisation failure.
+  - gh-105375: Fix bugs in _ssl initialisation which could lead to
+    leaked references and overwritten exceptions.
+  - gh-105375: Fix a bug in array.array where an exception could end
+    up being overwritten.
+  - gh-105375: Fix bugs in _ctypes where exceptions could end up
+    being overwritten.
+  - gh-105375: Fix a bug in the posix module where an exception
+    could be overwritten.
+  - gh-105375: Fix bugs in _elementtree where exceptions could be
+    overwritten.
+  - gh-105375: Fix bugs in zoneinfo where exceptions could be
+    overwritten.
+  - gh-105375: Fix bugs in pickle where exceptions could be
+    overwritten.
+  - gh-105497: Fix flag inversion when alias/mask members exist.
+  - gh-105375: Fix bugs in pickle where exceptions could be
+    overwritten.
+  - gh-103171: Revert undocumented behaviour change with
+    runtime-checkable protocols decorated with typing.final() in
+    Python 3.11. The behaviour change had meant that objects would
+    not be considered instances of these protocols at runtime unless
+    they had a __final__ attribute. Patch by Alex Waygood.
+  - gh-105375: Fix a bug in sqlite3 where an exception could be
+    overwritten in the collation callback.
+  - gh-105332: Revert pickling method from by-name back to by-value.
+  - gh-104554: Add RTSPS scheme support in urllib.parse
+  - gh-100061: Fix a bug that causes wrong matches for regular
+    expressions with possessive qualifier.
+  - gh-102541: Hide traceback in help() prompt, when import failed.
+  - gh-99203: Restore following CPython <= 3.10.5 behavior of
+    shutil.make_archive(): do not create an empty archive if
+    root_dir is not a directory, and, in that case, raise
+    FileNotFoundError or NotADirectoryError regardless of format
+    choice. Beyond the brought-back behavior, the function may now
+    also raise these exceptions in dry_run mode.
+  - gh-94777: Fix hanging multiprocessing ProcessPoolExecutor when a
+    child process crashes while data is being written in the call
+    queue.
+  - bpo-18319: Ensure gettext(msg) retrieve translations even if a
+    plural form exists. In other words: gettext(msg) ==
+    ngettext(msg, '', 1).
+  - Documentation
+  - gh-107008: Document the curses module variables LINES and COLS.
+  - gh-106948: Add a number of standard external names to
+    nitpick_ignore.
+  - gh-54738: Add documentation on how to localize the argparse
+    module.
+  - Tests
+  - gh-105776: Fix test_cppext when the C compiler command -std=c11
+    option: remove -std= options from the compiler command. Patch by
+    Victor Stinner.
+  - gh-107237: test_logging: Fix test_udp_reconnection() by
+    increasing the timeout from 100 ms to 5 minutes (LONG_TIMEOUT).
+    Patch by Victor Stinner.
+  - gh-101634: When running the Python test suite with -jN option,
+    if a worker stdout cannot be decoded from the locale encoding
+    report a failed testn so the exitcode is non-zero. Patch by
+    Victor Stinner.
+  - Build
+  - gh-107814: When calling find_python.bat with -q it did not
+    properly silence the output of nuget. That is now fixed.
+  - gh-106881: Check for linux/limits.h before including it in
+    Modules/posixmodule.c.
+  - gh-104692: Include commoninstall as a prerequisite for
+    bininstall
+  - This ensures that commoninstall is completed before bininstall
+    is started when parallel builds are used (make -j install), and
+    so the python3 symlink is only installed after all standard
+    library modules are installed.
+  - gh-100340: Allows -Wno-int-conversion for wasm-sdk 17 and
+    onwards, thus enables building WASI builds once against the
+    latest sdk.
+  - Windows
+  - gh-106242: Fixes realpath() to behave consistently when passed a
+    path containing an embedded null character on Windows. In strict
+    mode, it now raises OSError instead of the unexpected
+    ValueError, and in non-strict mode will make the path absolute.
+  - gh-106844: Fix integer overflow in _winapi.LCMapStringEx() which
+    affects ntpath.normcase().
+  - gh-99079: Update Windows build to use OpenSSL 3.0.9
+  - gh-105436: Ensure that an empty environment block is terminated
+    by two null characters, as is required by Windows.
+  - macOS
+  - gh-107565: Update macOS installer to use OpenSSL 3.0.10.
+  - gh-99079: Update macOS installer to use OpenSSL 3.0.9.
+  - Tools/Demos
+  - gh-107565: Update multissltests and GitHub CI workflows to use
+    OpenSSL 1.1.1v, 3.0.10, and 3.1.2.
+  - gh-95065: Argument Clinic now supports overriding automatically
+    generated signature by using directive @text_signature. See How
+    to override the generated signature.
+  - gh-106970: Fix bugs in the Argument Clinic destination <name>
+    clear command; the destination buffers would never be cleared,
+    and the destination directive parser would simply continue to
+    the fault handler after processing the command. Patch by Erlend
+    E. Aasland.
+  - C API
+  - gh-107916: C API functions PyErr_SetFromErrnoWithFilename(),
+    PyErr_SetExcFromWindowsErrWithFilename() and
+    PyErr_SetFromWindowsErrWithFilename() save now the error code
+    before calling PyUnicode_DecodeFSDefault().
+  - gh-107915: Such C API functions as PyErr_SetString(),
+    PyErr_Format(), PyErr_SetFromErrnoWithFilename() and many others
+    no longer crash or ignore errors if it failed to format the
+    error message or decode the filename. Instead, they keep a
+    corresponding error.
+  - gh-107226: PyModule_AddObjectRef() is now only available in the
+    limited API version 3.10 or later.
+  - gh-105375: Fix a bug in PyErr_WarnExplicit() where an exception
+    could end up being overwritten if the API failed internally.
+  - gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only
+    data: *consumed was not set.
+
+- restrict PEP668 to ALP/Tumbleweed
+
+- add externally_managed.in to label this build as PEP-668 managed
+
+- IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED!
+- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941)
+  partially reverting CVE-2023-27043-email-parsing-errors.patch,
+  because of the regression in gh#python/cpython#106669.
+- (bsc#1210638, CVE-2023-27043) Add
+  CVE-2023-27043-email-parsing-errors.patch, which detects email
+  address parsing errors and returns empty tuple to indicate the
+  parsing error (old API). (The patch is faulty,
+  gh#python/cpython#106669, but upstream decided not to just
+  revert it).
+
qemu
-- Fix bsc#1215311:
-  * roms/ipxe: Backport 0aa2e4ec9635, in preparation of binutils 2.41 (bsc#1215311)
-
-- Fix the build for SLE/Leap:
-  * [openSUSE][RPM] Make the package buildable on SLE/Leap 15.x
-
-- Fix bsc#1211000:
-  * [openSUSE] block: Add a thread-pool version of fstat (bsc#1211000)
-  * [openSUSE] block: Convert qmp_query_block() to coroutine_fn (bsc#1211000)
-  * [openSUSE] block: Don't query all block devices at hmp_nbd_server_start (bsc#1211000)
-  * [openSUSE] block: Convert qmp_query_named_block_nodes to coroutine (bsc#1211000)
-  * [openSUSE] block: Convert bdrv_block_device_info into co_wrapper (bsc#1211000)
-  * [openSUSE] block: Convert bdrv_query_block_graph_info to coroutine (bsc#1211000)
-  * [openSUSE] block: Temporarily mark bdrv_co_get_allocated_file_size as mixed (bsc#1211000)
-  * [openSUSE] block: Allow the wrapper script to see functions declared in qapi.h (bsc#1211000)
-  * [openSUSE] block: Remove unnecessary variable in bdrv_block_device_info (bsc#1211000)
-  * [openSUSE] block: Remove bdrv_query_block_node_info (bsc#1211000)
-- Fix bsc#1213210:
-  * target/s390x: Fix the "ignored match" case in VSTRS (bsc#1213210)
-
-- Update to version 8.1.0. Full list of changes are available at:
-  https://wiki.qemu.org/ChangeLog/8.1
-  Highlights:
-  * VFIO: improved live migration support, no longer an experimental feature
-  * GTK GUI now supports multi-touch events
-  * ARM, PowerPC, and RISC-V can now use AES acceleration on host processor
-  * PCIe: new QMP commands to inject CXL General Media events, DRAM
-    events and Memory Module events
-  * ARM: KVM VMs on a host which supports MTE (the Memory Tagging Extension)
-    can now use MTE in the guest
-  * ARM: emulation support for bpim2u (Banana Pi BPI-M2 Ultra) board and
-    neoverse-v1 (Cortex Neoverse-V1) CPU
-  * ARM: new architectural feature support for: FEAT_PAN3 (SCTLR_ELx.EPAN),
-    FEAT_LSE2 (Large System Extensions v2), and experimental support for
-    FEAT_RME (Realm Management Extensions)
-  * Hexagon: new instruction support for v68/v73 scalar, and v68/v69 HVX
-  * Hexagon: gdbstub support for HVX
-  * MIPS: emulation support for Ingenic XBurstR1/XBurstR2 CPUs, and MXU
-    instructions
-  * PowerPC: TCG SMT support, allowing pseries and powernv to run with up
-    to 8 threads per core
-  * PowerPC: emulation support for Power9 DD2.2 CPU model, and perf
-    sampling support for POWER CPUs
-  * RISC-V: ISA extension support for BF16/Zfa, and disassembly support
-    for Zcm*/Z*inx/XVentanaCondOps/Xthead
-  * RISC-V: CPU emulation support for Veyron V1
-  * RISC-V: numerous KVM/emulation fixes and enhancements
-  * s390: instruction emulation fixes for LDER, LCBB, LOCFHR, MXDB, MXDBR,
-    EPSW, MDEB, MDEBR, MVCRL, LRA, CKSM, CLM, ICM, MC, STIDP, EXECUTE, and
-    CLGEBR(A)
-  * SPARC: updated target/sparc to use tcg_gen_lookup_and_goto_ptr() for
-    improved performance
-  * Tricore: emulation support for TC37x CPU that supports ISA v1.6.2
-    instructions
-  * Tricore: instruction emulation of POPCNT.W, LHA, CRC32L.W, CRC32.B,
-    SHUFFLE, SYSCALL, and DISABLE
-  * x86: CPU model support for GraniteRapids
-  * and lots more...
-- This also (automatically) fixes:
-  * bsc#1212850 (CVE-2023-3354)
-  * bsc#1213001 (CVE-2023-3255)
-  * bsc#1213925 (CVE-2023-3180)
-  * bsc#1213414 (CVE-2023-3301)
-  * bsc#1207205 (CVE-2023-0330)
-  * bsc#1212968 (CVE-2023-2861)
-  * bsc#1179993, bsc#1181740, bsc#1211697
-
-- perl-Text-Markdown is not available in all distros and for all
-  arch-es. Use discount instead
-- Patches added:
-  * [openSUSE][spec] Use discount instead of perl-Text-Markdown
-
-- Update to version 8.0.4:
-  * Official changelog not released on the mailing list yet
-  * Security issues fixed:
-  - bsc#1212850 (CVE-2023-3354)
-  - bsc#1213001 (CVE-2023-3255)
-  - bsc#1213925 (CVE-2023-3180)
-  - bsc#1207205 (CVE-2023-0330)
-
-- Fix bsc#1179993, bsc#1181740, bsc#1213001
-- Patches added:
+- Fix bsc#1213414, bsc#1207205, bsc#1212968, bsc#1179993,
+  bsc#1181740, bsc#1213001
+  * vhost-vdpa: do not cleanup the vdpa/vhost-net structures if peer nic is present (CVE-2023-3301)
+  * hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330)
+  * 9pfs: prevent opening special files (CVE-2023-2861)
+  * [openSUSE][OBS] Refine the OBS workflow for 15-SP5
-- Update to version 8.0.3:
-  * See full log: https://lists.nongnu.org/archive/html/qemu-stable/2023-07/msg00086.html
-  * Security issues fixed:
-  - 9pfs: prevent opening special files (CVE-2023-2861)
-  - vhost-vdpa (CVE-2023-3301)
-  * Use the official xkb name for Arabic layout, not the
-    legacy synonym (bsc#1212966)
-  * [openSUSE][RPM] Update to version 8.0.3
-
-- Patches added (first one is relevant for boo#1197298 and bsc#1212768):
-  * [openSUSE][RPM] Use --preserve-argv0 in qemu-linux-user (#32)
-  * [openSUSE][RPM] Split qemu-tools package (#31)
-
-- Update to version 8.0.2:
-  * Stability, security and bug fixes
-- Patch added:
-  * [openSUSE][RPM] Update to version 8.0.2
-
-- Patch added:
-  [openSUSE][RPM] Fix deps for virtiofsd and improve spec files
-
-- Update the _constraints file:
-  * the qemu-testsuite package does not exist any longer, but some
-    of the tests are done in the qemu package (so "transfer" some of
-    the constraints to that one)
-  - some of the builds are failing with OOM, happening while the RPM
-    is actually put together, at the end of the process. Try to give
-    them more RAM
-
-- Patch added:
-  [openSUSE][RPM] spec: require virtiofsd, now that it is a sep package (#27)
-
-- Update to version 8.0.0 (https://wiki.qemu.org/ChangeLog/8.0)
-  * Removed features: https://qemu-project.gitlab.io/qemu/about/removed-features.html
-  * Deprecated features: https://qemu-project.gitlab.io/qemu/about/deprecated.html
-  * Some notable changes:
-  - ARM:
-  - New emulated CPU types:
-  - Cortex-A55 CPU
-  - Cortex-R52 CPU
-  - x86
-  - Add support for Xen guests under KVM with Linux v5.12+
-  - New CPU model "SapphireRapids"
-  - VFIO
-  - Experimental migration support has been updated to the v2 VFIO migration protocol
-  - virtio
-  - virtio-mem now fully supports combining preallocation with migration
-  - vDPA
-  - Support live migration of vhost-vdpa net devices without CVQ, with no need of x-svq
-  - virtiofs
-  - The old C virtiofsd has been removed, use the new Rust implementation instead.
-  * Patches added:
-  [openSUSE][RPM] Try to avoid recommending too many packages (bsc#1205680)
-  [openSUSE][RPM] Move documentation to a subpackage and fix qemu-headless (bsc#1209629)
-  roms: add back edk2-basetools target
-  async: Suppress GCC13 false positive in aio_bh_poll()
-  [openSUSE][OBS] Limit the workflow runs to the factory branch (#25)
-  [openSUSE][RPM] Spec file adjustments for 8.0.0
+- Fix bsc#1211000
+- Patches added:
+  * Run fstat asynchronously inside coroutines (bsc#1211000)
+  * Allow bdrv_get_allocated_file_size to run in bdrv context (bsc#1211000)
+  * Convert query-named-block-nodes to coroutine (bsc#1211000)
+  * Convert query-block/info_block to coroutine (bsc#1211000)
+  * block: Convert bdrv_get_allocated_file_size() to co_wrapper (bsc#1211000)
+  * block-coroutine-wrapper.py: support also basic return types (bsc#1211000)
+  * [openSUSE][RPM] Backport some spec-file improvements from Factory
-- (Radical!) Change of packaging workflow. Now pretty much everything
-  happens via git, and interacting with https://github.com/openSUSE/qemu.git.
-  See README.PACKAGING for details
+- Fix bsc#bsc#1211697
-  linux-user: Add pidfd_open(), pidfd_send_signal() and pidfd_getfd() syscalls
+  smbios: sanitize type from external type before checking have_fields_bitmap (bsc#1211697)
+  hw/smbios: fix field corruption in type 4 table (bsc#1211697)
-  linux-user: Emulate CLONE_PIDFD flag in clone()
-  * Patches transformed in git commits:
+  test-vmstate: fix bad GTree usage, use-after-free
+  qemu/osdep: Switch position of "extern" and "G_NORETURN"
+
+- Switch the packaging workflow to git, like the one we have in place
+  already for Factory.
+  * Patches no longer present as patch files, but applied as commits:
-  acpi-cpuhp-fix-guest-visible-maximum-acc.patch
-  qemu-osdep-Switch-position-of-extern-and.patch
-  test-vmstate-fix-bad-GTree-usage-use-aft.patch
-- Enable again LTO for x86_64 target (boo#1133281).
-
-- Further fixes for bsc#1209546
-  * Patches added:
-  test-vmstate-fix-bad-GTree-usage-use-aft.patch
-
-- Fix bsc#1209546
-  * Patches added:
-  qemu-osdep-Switch-position-of-extern-and.patch
-
-- Backport the "acpi: cpuhp: fix guest-visible maximum access size
-  to the legacy reg block" patch, as it makes developing and
-  testing OVMF/EDK2 easier
-  acpi-cpuhp-fix-guest-visible-maximum-acc.patch
-- Disable -Werror as it is very sensitive when one
-  updates a new compiler. -Werror is fine for upstream development,
-  but not when it comes to stability of a package build.
-
quagga
+- Applied backport fix for bgpd: Use treat-as-withdraw for tunnel
+  encapsulation and also other malformed attributes instead of a
+  session reset (CVE-2023-38802,bsc#1213284)
+  [+ Quagga-CVE-2023-38802-bgpd-withdraw.bsc1213284.patch]
+- Applied backport fix for bgpd: Do not process NLRIs if the
+  attribute length is zero (CVE-2023-41358,bsc#1214735,
+  https://github.com/FRRouting/frr/pull/14260)
+  [+ Quagga-CVE-2023-41358-bgpd-NLRIs.bsc1214735.patch]
+
rabbitmq-c
-- security update
-- added patches
-  fix CVE-2023-35789 [bsc#1212499], Insecure credentials submission
-  + rabbitmq-c-CVE-2023-35789.patch
+- version update to 0.13.0
+  [#]# v0.13.0 - 2023-02-05
+  [#]# Fixed
+  - Fixed missing option to not install static library (#665)
+  - Missing pkgconfig version in v0.12.0 output (#755, #751)
+  - Correct return value from amqp_ssl_socket_set_key_buffer (#723)
+  [#]# Changed
+  - Remove OpenSSL code no longer needed when used with OpenSSL >= 1.1.0. (Fixed: #715, #737)
+  [#]# Added
+  - Integration with OSS-Fuzz (#736)
+  [#]# v0.12.0 - 2023-01-31
+  [#]# Changed
+  - rabbitmq-c now compiles as C99
+  - CMake 3.12 is new minimum required version
+  - CMake -DBUILD_TESTS renamed to -DBUILD_TESTING
+  - CMake -DBUILD_EXAMPLES now defaults to OFF
+  - CMake -DBUILD_TOOLS now defaults to OFF
+  - Unix library version now matches the release version, SONAME remains the same.
+  - Modernized CMake scripts to better adopt modern standards
+  - Public headers have moved to rabbitmq-c/ directory
+  - Dropped support for MSVC older than VS 2010
+  - Dropped support for OpenSSL v1.1.0 and older
+  - Minimum SSL version set to TLSv1.2
+  - Updated to RabbitMQ framing to v3.8.19
+- fixes CVE-2023-35789 [bsc#1212499]
+- %check: fix testsuite run
+
+- Update to version 0.11.0
+  * Added rabbitmq-c-config.cmake
+  * Add amqp_set_ssl_engine API to allow setting OpenSSL engine
+  * Add amqp_ssl_socket_set_key_engine API to allow setting OpenSSL
+    engine
+  * Add support use of password-protected SSL keys
+  * Update OpenSSL library initialization to current best practices
+  * Updates to OpenSSL to support v3.0.0
+  * Restore correct non-blocking behavior using OpenSSL v1.1.1
+  * Fix invalid format in generated pkg-config file
+  * Fix invalid AMQP_STATUS_HEARTBEAT_TIMEOUT
+  * Fix incorrect port when using --server flag in CLI tools
+- Drop upstream merged reproducible.patch
+
raspberrypi-firmware
+- Add _multibuild to define 2nd spec file as additional flavor.
+  Eliminates the need for source package links in OBS.
+
+- Update to 543692d23 (2023-04-25):
+  * firmware: arm_loader: Set local-bd-address if 6 zeroes found
+  * firmware: arm_loader: Really check for a zero local-bd-address
+    See: raspberrypi/linux#5437
+  * firmware: arm_dt: Don't overwrite existing i2c aliases
+    See: raspberrypi/linux#5428
+  * firmware: arm_loader: Reduce CMA warning severity
+    See: #1807
+
+- Update to c4122b870 (2023-03-22):
+  * firmware: gencmd: Add a fallback to mailbox interface if vchiq is not available
+  * firmware: Handle 64-bitness of named kernels
+    See: #1792
+  * firmware: bootloader: Fix automatic 64bit selection on Pi3s
+    See: https://forums.raspberrypi.com/viewtopic.php?p=2089764#p2089764
+  * firmware: bootloader: Raise CMA cap to 512MB on a 64-bit Pi4
+  * firmware: bootloader: Prefer 64-bit kernels on Pi 4s
+    See: https://forums.raspberrypi.com/viewtopic.php?p=2088935#p2088935
+  * firmware: platform: clocks: Replace m2mc with hdmi for state machine clock on 2711
+
+- Update to 489d3e2d0 (2023-02-22):
+  * firmware: video_decode: Convert the active lines, not the padded buffer
+  * firmware: il isp: Correct histogram masks for updated group
+    2 regions
+
+- Update to 2578acb89 (2023-01-18):
+  * kernel: overlays: i2c-sensor: Add mpu6050 and mpu9250
+    See: raspberrypi/linux#5325
+  * firmware: arm_dispmanx: Correct support for NV21, and add support for YV16
+    See: #1767
+  * firmware: arm_dispmanx: Fix FKMS to adopt pre-multiplied alpha
+    See: #1773
+  * firmware: hdmi_2711: Make some clock setup unconditional so booting
+    without hdmi setup is possible
+    See: https://forums.raspberrypi.com/viewtopic.php?t=345362
+  * firmware: Actually rebuild firmware described in previous commit
+  * firmware: Add D flag to video= cmdline option when hotplug is forced
+    See: https://forums.raspberrypi.com/viewtopic.php?p=2067109#p2067109
+
+- Update to 0a7ea702 (2022-12-12):
+  * firmware: arm_loader: PWM1 is not available on GPIO 45
+  * firmware: power: Always read the uncached voltage for AIN and USB_PD
+    See: https://forums.raspberrypi.com/viewtopic.php?p=2059832#p2059832
+  * firmware: Use new SDHCI controller instead of legacy arasan
+    See: #1763
+
+- Update to b8a7365 (2022-11-18):
+  * firmware: arm_loader: Improvements to Compute Module audio
+    See: https://forums.raspberrypi.com/viewtopic.php?p=2052680
+  * firmware: arm_loader: Fix GPIO bank 1 support
+    See: #1756
+
+- Update to 13691cee9 (2022-10-26):
+  * firmware: arm_loader: Add vcmailbox support for 256bit OTP
+    customer device key
+    See: raspberrypi/usbboot#163
+  * firmware: il: video_encode: MJPEG is not conditional on
+    being RASPBERRYPI_FULL
+
+- Update to ab37ef59f (2022-10-18):
+  * firmware: ldconfig: Add all, none, tryboot section support
+    to autoboot.txt for start.elf
+  * firmware: arm-dt: bootloader: Pass the original partition
+    number when booting a ramdisk
+  * firmware: arm_loader: HAT EEPROM support for GPIO bank 1
+    See: #1756
+
+- Update to bfbd42ef2 (2022-10-14):
+  * firmware: isp: Run ISP without hi-res output buffer
+  * firmware: arm_dt: Export the bootloader EEPROM RSA public
+    key via device-tree
+  * firmware: Add tryboot A_B mode
+  * firmware: il: isp: Correct order buffers were returned in
+  * firmware: board_info: Fix Pi 400 PHY addresses
+    See: #1754
+
+- Update to 2b3cef2f4 (2022-09-30):
+  * firmware: isp: Workaround for very unpleasant artifacts in the
+    sharpening block
+  * firmware: arm_loader: Raise maximum gzipped kernel size
+  * firmware: arm-loader: Indicate tryboot status via /proc/device-tree/chosen/bootloader/tryboot
+  * firmware: arm_loader: Increase TFTP block size to 1468 bytes
+    See: raspberrypi/rpi-eeprom#375
+  * firmware: Add kernel= logging
+  * firmware: camera_auto_detect changes
+    See: #1750
+  * firmware: Fix USB boot
+    See: #1744
+  * firmware: video decode/MJPEG fixes
+    See: http://git/vc4/vc4/-/merge_requests/1548
+  * firmware: power: Restore VEC and PIXEL clocks after HDMI domain power cycle
+    See: raspberrypi/linux#4962
+  * firmware: arm_loader: Never set warranty bit
+    See: #1741
+  * firmware: vcfw: camera_subsystem: Fix loop counter for powering up devices
+    See: https://forums.raspberrypi.com/viewtopic.php?t=338917
+  * firmware: ldconfig: Add [cm4s] conditional
+  * firmware: platform: Set min_frequency for HDMI SM clock on Pi0-3
+  * firmware: power: Fix failover to secondary PMIC interface functions
+    See: https://forums.raspberrypi.com/viewtopic.php?t=338429
+  * firmware: arm_loader: Correct GPIO expander initial state via SET_GPIO_CONFIG
+    See: raspberrypi/linux#5107
+  * firmware: Disable BT flow control pins for Pi3 rev1.3
+  * firmware: arm_loader: initramfs over NVME fix
+    See: #1731
+  * firmware: arm-dt: Export log buffer addresses to /proc/chosen/log
+  * firmware: arm_loader: Fix GET_CLOCKS to not overwrite client buffer
+    See: #1688
+  * firmware: arm_loader: Declare program_sdhost_use_dma
+
+- Update to df569e0 (2022-07-04):
+  * firmware: video_decode: Stop decode on a colourspace change
+    See: raspberrypi/linux#5059
+  * firmware: video_encode: Fix subsample image alignment assert
+  * firmware: tc358762_DSI: Don't start the PV and DSI before the HVS
+  * firmware: hello_pi: Fix some build issues
+    See: #1728
+  * firmware: arm_dt: camera_auto_detect cam0 flag needs to
+    look at Unicam instance, not port
+  * firmware: platform: over-voltage Zero 2 W by two pips
+    See: #1723
+  * firmware: arm_loader_dvfs: Only add clocks to boostable list
+    when they have been boosted
+    See: #1726
+  * firmware: arm_dt: Try upstream DTB files if downstream absent
+  * firmware: arm_loader: Delay the USB controller switchover
+  * firmware: Fix for vc_image YUYV family to YUV422 planar conversion function
+  * firmware: vcgencmd display_power and camera_auto_detect fixes
+  * firmware: variants: Add mjpg_encode to the standard firmware image
+  * firmware: arm_loader_dvfs: Support CLOCK_HDMI as boostable clock
+    See: raspberrypi/linux#5016
+  * firmware: dtblob: Use a cached alias to reduce boot time
+  * firmware: hdmi: Reduce the number of EDID retries if hotplug is not detected
+  * firmware: arm_loader: Support longer file paths
+    See: #1720
+  * firmware: arm_loader_dvfs: Make arm only see its own boosts,
+    fixed and min clocks
+  * firmware: dtoverlay: Fix path rebasing and exports
+  * firmware: dtoverlay: Fix clang warnings
+  * firmware: dtoverlay: Add support for string escape sequences
+    See: https://forums.raspberrypi.com/viewtopic.php?t=330792
+  * firmware: isp: R and B order must be swapped when reading
+    VC_IMAGE_RGBA32 into the ISP
+    See: http://git/vc4/vc4/-/merge_requests/1430
+
+- Update to 231daece7c (2022-03-01):
+  * firmware: board_info: Handle misprogrammed 3B rev 1.2s
+  * firmware: mmal: Add mapping for IL OMX_IndexParamBrcmEnableIJGTableScaling param
+  * firmware: Handle overlay parameters embedded in overlay_map.dtb
+    See: raspberrypi/linux#4860
+  * firmware: firmware: Add HDMI_PORTS trait
+  * firmware: arm_dt: Fix rpi-poe overlay parameters
+    See: #1689
+  * firmware: jpeghw: Skip APP0 AVI1 headers, regardless of length
+    See: https://forums.raspberrypi.com/viewtopic.php?p=1975448
+  * firmware: camera_subsystem: Report ignored interfaces due to libcamera
+    See: #1679
+  * firmware: Export os_prefix, overlay_prefix, rsts and boot-mode on all models
+  * firmware: vcfw/hdmi_i2c: Initialise all instances from hdmi_i2c_init
+  * firmware: mmal: Add mapping for IL OMX_IndexParamBrcmEnableIJGTableScaling param
+    See: raspberrypi/linux#4669
+
+- Update to 9c04ed2c1a (2022-01-24):
+  * firmware: platform: Limit max clock-id to CLOCK_VEC for now
+    See: #1688
+
+- Update to 827fdd0736 (2022-01-20):
+  * firmware: dtoverlay: Don't mix non-fatal errors and offsets
+    See: #1686
+  * firmware: arm_loader: Load vl805 overlay on CM4
+    See: https://forums.raspberrypi.com/viewtopic.php?t=326088
+  * firmware: gencmdserv: Add mailbox interface to gencmd
+  * firmware: improve firmware camera detection
+  * firmware: arm-loader: Fix kernel8.img selection on 2837 with arm_64bit=1
+    See: #1671
+  * firmware: ldconfig: Discard subsequent chunks from a truncated line
+    See: #1669
+  * firmware: cec: Fail set_passive_mode when running with kms
+  * firmware: Firmware: Remove PWM/audio traits for CM4
+  * firmware: usb: Fix non-BCM2711 MSD support
+    See: raspberrypi/usbboot#102
+
+- Update to 1a0297bfbf (2021-12-01):
+  * firmware: board_info: Add upstream dtb names for cm1 & 3
+  * firmware: board_info: Add upstream dtb name for cm4
+    See: #1660
+  * firmware: platform: Allow users to disable camera boot HMAC check
+    See: #1657
+  * firmware: clock: 2711: Fix potential API issue in 2711 VCO setup
+  * firmware: arm_loader: Enable USB MSD boot mode on Zero 2 W
+  * firmware: isp: Fix Rec.709 colour space problems
+
+- Fix deps for raspberrypi-firmware-config and raspberrypi-firmware-config-camera
+
+- Add raspberrypi-firmware-config-camera flavor - boo#1192047
+
+- Update to 12bc6e3677 (2021-11-16):
+  * firmware: dtoverlay: Rebase aliases in overlays like labels
+  * firmware: isp: Set core/vpu min clock to 320Mhz during ISP operation
+  * firmware: arm_loader: Enable watchdog early if wanted
+    See: #1651
+  * firmware: hello_fft: Update outdated link to V3D spec
+  * firmware: hello_fft: Remove unused function declaration
+    See: #1645
+    See: raspberrypi/userland#710
+  * firmware: platform: Declare CM4's SIO_1V8_SEL and SD_PWR_ON
+    See: raspberrypi/Raspberry-Pi-OS-64bit#188
+  * firmware: platform: Fix incorrect turbo voltage scaling on Pi0
+    See: raspberrypi/documentation#2255
+  * firmware: ISP: Fix magenta colour in right hand image of stereo pair
+    See: https://forums.raspberrypi.com/viewtopic.php?t=321089
+  * firmware: platform: Remove licence on VP6, VP8, Theora, and FLAC
+    See: raspberrypi/linux#4661
+  * firmware: arm_loader: Allow VEC clock to be controlled by arm
+  * firmware: userland: Reduce debug_sym error messages
+    See: https://forums.raspberrypi.com/viewtopic.php?f=98&t=322238
+  * firmware: arm_dt: Increase maximum line length to 98
+    See: raspberrypi/linux#4638
+  * firmware: video_decode: i/p port enable/disable without o/p active could stall
+    See: RPi-Distro/vlc#48
+    See: Hexxeh/rpi-firmware#272
+    See: #1637
+  * firmware: clock-2711: Limit PLLB VCO frequency to the high range
+  * firmware: arm_dt: Export the boot-mode, partition and usb state via device-tree
+    See: #1621
+
raspberrypi-firmware-dt
+- Update 0001-ARM-dts-bcm27xx-Use-better-name-for-spidev.patch description
+
-  * ARM-dts-bcm27xx-Use-better-name-for-spidev.patch-
+  * 0001-ARM-dts-bcm27xx-Use-better-name-for-spidev.patch
+
+- Enable 3.5mm jack socket stereo audio (bsc#1209314):
+  * 0001-ARM-dts-bcm2711-rpi-Reuse-bcm2836-vchiq-driver.patch
+
+- Update to 870c0a313b18 (2023-05-02):
+  * switch to 6.3 branch
+
+- Update to d3cab1cb1b6d (2023-03-02):
+  * switch to 6.2 branch
+
+- Update to 194f76d49a89 (2023-01-20)
+
+- Update to 696dcc735044 (2022-12-21):
+  * switch to 6.1 branch
+
+- Update to 692039799e78 (2022-10-26)
+
+- Update to 896b8da17ad1 (2022-10-03):
+  * switch to 6.0 branch
+
+- Update to a26d9d4da299 (2022-09-27):
+  * switch to 5.19 branch
+
+- Update to 82c39f3914 (2022-07-06):
+  * switch to 5.18 branch
+
+- Use last patch commit date instead patch creation date when creating
+  device tree archive and package version. Patch creation date could be
+  much earlier than patch commit date, which could mislead which patches
+  are included inside the package.
+  For example:
+    commit 7e72dd813a175ea7bf166655217ce60fbd7d4a21
+    Author:     Dom Cobley <popcornmix@gmail.com>
+    AuthorDate: Tue Oct 19 14:15:45 2021 +0100
+    Commit:     Dom Cobley <popcornmix@gmail.com>
+    CommitDate: Mon Nov 29 16:26:09 2021 +0000
+  dt: Move VEC clock to clk-raspberrypi
+  Package which contain this commit was named 2021.11.19 while obviously it
+  has changes from 2021.11.29.
+- Update to da91801ca1 (2022-04-24)
+  * overlays: Fix pitft28/35-resistive rotate params
+  * ARM: dts: Add i2c0mux node to Model B rev 1
+  * overlays: Add "drm" parameter to pitft28-resistive
+  * overlays: mipi-dbi-spi: width-mm and height-mm are mandatory
+  * Add support for the AudioInjector.net bare i2s sound card
+  * dtoverlays: Add overlay for Sony IMX258 image sensor
+  * ARM: dts: Enable PMU on Cortex-A72 in AArch32 state
+  * overlays/rpi-display: Add support for DRM driver
+  * Revert "update rpi-display-overlay.dts pins for 5.10+"
+  * overlays: Add overlay for MIPI DBI displays
+  * dtoverlays: Connect the backlight to the pitft35 display
+  * overlays: iqs550: Enable interrupt pull-down
+  * CM1&3 cam1_reg and cam1_reg_gpio fix
+  * dtoverlay: Add VCM option to ov5647 overlay
+  * dtoverlays: Add VCM option to imx219
+  * ARM: dts: bcm2711-rpi-ds: Disable the BCM2835 STC
+
+- Update to 8dd9f663bd7c (2022-02-25):
+  * Add GPIO names
+  * Add overlays:
+  - spi0-0cs
+  - vc4-kms-dpi-hyperpixel2r
+  - vc4-kms-dpi-hyperpixel4
+  - vc4-kms-dpi-hyperpixel4sq
+  - vc4-kms-dpi-panel
+  - waveshare-can-fd-hat-mode-a
+  - waveshare-can-fd-hat-mode-b
-- Switch back to platform driver until upstream gain support for
-  VEC clock in clk-raspberrypi driver. Add following patch to fix
-  immediate issue described in bsc#1198061.
-  Revert-dt-Move-VEC-clock-to-clk-raspberrypi.patch
-
-- With recent Linux kernel gpio-ranges Device Tree property is now
-  required. Add following patches to fix immediate issue described
-  in bsc#1197578.
-    ARM-dts-gpio-ranges-property-is-now-required.patch
-    ARM-dts-Add-GPIO-line-names-for-downstream-RPis.patch
-  We do not update whole package because this will create new
-  issues like the one described in comment#12 in bsc#1193434
-  and comment#2 in bsc#1196632. Once patches referenced in
-  bsc#1196632 are accepted upstream. _This_ package could be
-  upgraded too.
+- Switch to 5.16 branch - boo#1194423
+- Update to ffd6c6dc4dbf (2022-01-19)
-Enable RaspberryPi Zero 2 (jsc#SLE-23131).
rpmlint
+- backport systemd v254 whitelistings for SLE-15-SP6 (bsc#1215346)
+
rubygem-actionview-5_1
+- security update
+- added patches
+  fix CVE-2023-23913 [bsc#1209826], DOM Based Cross-site Scripting in rails-ujs
+  + rubygem-actionview-5_1-CVE-2023-23913.patch
+
rubygem-puma
+- Add CVE-2023-40175.patch (bsc#1214425, CVE-2023-40175.patch)
+  Reject empty string for Content-Length
+
rust1
+- bsc#1215834 - update to use gcc12
+
+Version 1.72.1 (2023-09-19)
+- [Adjust codegen change to improve LLVM codegen](https://github.com/rust-lang/rust/pull/115236)
+- [rustdoc: Fix self ty params in objects with lifetimes](https://github.com/rust-lang/rust/pull/115276)
+- [Fix regression in compile times](https://github.com/rust-lang/rust/pull/114948)
+- Resolve some ICE regressions in the compiler:
+  - [#115215](https://github.com/rust-lang/rust/pull/115215)
+  - [#115559](https://github.com/rust-lang/rust/pull/115559)
+
salt
+- Fix inconsistency in reported version by egg-info metadata (bsc#1215489)
+- Added:
+  * write-salt-version-before-building-when-using-with-s.patch
+
+- Revert usage of long running REQ channel to prevent possible
+  missing responses on requests and dublicated responses
+  (bsc#1213960, bsc#1213630, bsc#1213257)
+- Fix gitfs cachedir basename to avoid hash collisions
+  (bsc#1193948, bsc#1214797, CVE-2023-20898)
+- Added:
+  * fixed-gitfs-cachedir_basename-to-avoid-hash-collisio.patch
+  * revert-usage-of-long-running-req-channel-bsc-1213960.patch
+
+- Make sure configured user is properly set by Salt (bsc#1210994)
+- Do not fail on bad message pack message (bsc#1213441, CVE-2023-20897)
+- Fix broken tests to make them running in the testsuite
+- Prevent possible exceptions on salt.utils.user.get_group_dict (bsc#1212794)
+- Create minion_id with reproducible mtime
+- Fix detection of Salt codename by "salt_version" execution module
+- Fix regression: multiple values for keyword argument 'saltenv' (bsc#1212844)
+- Fix the regression of user.present state when group is unset (bsc#1212855)
+- Fix zypper repositories always being reconfigured
+- Fix utf8 handling in 'pass' renderer and make it more robust
+- Added:
+  * make-sure-configured-user-is-properly-set-by-salt-bs.patch
+  * prevent-possible-exceptions-on-salt.utils.user.get_g.patch
+  * mark-salt-3006-as-released-586.patch
+  * fix-the-regression-of-user.present-state-when-group-.patch
+  * fix-tests-to-make-them-running-with-salt-testsuite.patch
+  * fix-utf8-handling-in-pass-renderer-and-make-it-more-.patch
+  * do-not-fail-on-bad-message-pack-message-bsc-1213441-.patch
+  * zypper-pkgrepo-alreadyconfigured-585.patch
+  * fix-regression-multiple-values-for-keyword-argument-.patch
+
spacecmd
+- version 4.3.23-1
+  * Update translation strings
+
spack
+- Update to version 0.20.1 with the following changes:
+  * Bug fixes:
+    + Fix spec removed from an environment where not actually
+    removed if `--force` was not given.
+    + Hotfix for a few recipes that treat CMake as a link
+    dependency.
+    + Fix re-running stand-alone test a second time, which was
+    getting a trailing spurious failure.
+    + Fix reading JSON manifest on Cray, reporting non-concrete
+    specs.
+    + Fix a few bugs when generating Dockerfiles from Spack.
+    + Fix a few long-standing bugs when generating module files.
+    + Fix issues with building Python extensions when using an
+    external Python.
+    + Fix `spack compiler remove`: remove from command line even
+    if they appear in different scopes.
+  * Features:
+    + Speed-up module file generation.
+    + Show external status as `[e]`.
+    + Backport `archspec` fixes.
+    + Improve a few error messages.
+
+- Fix SPACK_ROOT setting in /etc/profile.d/spack.[c]sh (bsc#1214222).
+- Don't source /etc/os-release directly, use a subshell.
+
+- Add hwloc-devel and sqlite3 to the packages that trigger a
+  `spack external find`.
+- Change /usr/bin to %{_bindir}.
+- Make sure, libhwloc and hwloc are installed together when
+  spack is installed.
+
supportutils
+- Changes in version 3.1.26
+  + powerpc plugin to collect the slots and active memory (bsc#1210950)
+  + A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154
+  + supportconfig: collect BPF information (pr#154)
+  + Added additional iscsi information (pr#155)
+
+- Added run time detection (bsc#1213127)
+
+- ha_info sle15 uses /var/log/pacemaker/ (pq#153)
+
+- Changes for supportutils version 3.1.25
+  + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)
+  + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)
+  + powerpc: collect invscout logs (pr#150)
+  + powerpc: collect RMC status logs (pr#151)
+  + Added missing nvme nbft commands (bsc#1211599)
+  + Fixed invalid nvme commands (bsc#1211598)
+  + Added missing podman information (PED-1703, bsc#1181477)
+  + Removed dependency on sysfstools
+  + Check for systool use (bsc#1210015)
+  + Added selinux checking (bsc#1209979)
+  + Updated SLES_VER matrix
+
+- Fixed missing status detail for apparmor (bsc#1196933)
+- Corrected invalid argument list in docker.txt (bsc#1206608)
+- Applies limit equally to sar data and text files (bsc#1207543)
+- Collects hwinfo hardware logs (bsc#1208928)
+- Collects lparnumascore logs (issue#148)
+
+- Add dependency to `numactl` on ppc64le and `s390x`, this enforces
+  that `numactl --hardware` data is provided in supportconfigs
+
+- Changes to supportconfig.rc version 3.1.11-35
+  + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)
+
+- Changes to supportconfig version 3.1.11-46.4
+  + Added plymouth_info
+
+- Changes to getappcore version 1.53.02
+  + The location of chkbin was updated earlier. This documents that
+    change (bsc#1205533, bsc#1204942)
+
utf8proc
+- update to 2.8.0:
+  * Unicode 15 support
+
+- update to 2.7.0:
+  - Unicode 14 support
+  - Support `GNUInstallDirs` in CMake build
+  - `cmake` build now installs `pkg-config` file
+  - Various build and portability improvements.
+
-- Initial package, version 1.1.6
-
xen
+- bsc#1215474 - VUL-0: CVE-2023-20588: xen: AMD CPU transitional
+  execution leak via division by zero (XSA-439)
+  xsa439-00.patch
+  xsa439-01.patch
+  xsa439-02.patch
+  xsa439-03.patch
+  xsa439-04.patch
+  xsa439-05.patch
+  xsa439-06.patch
+  xsa439-07.patch
+  xsa439-08.patch
+  xsa439-09.patch
+
+- bsc#1215145 - VUL-0: CVE-2023-34322: xen: top-level shadow
+  reference dropped too early for 64-bit PV guests (XSA-438)
+  xsa438.patch
+
+- Handle potential unaligned access to bitmap in
+  libxc-sr-restore-hvm-legacy-superpage.patch
+  If setting BITS_PER_LONG at once, the initial bit must be aligned
+
xrdp
+- xrdp-CVE-2023-40184.patch (bsc#1214805)
+  + restriction bypass via improper session handling
+
yq
+- update to 4.35.2 (bsc#1215808):
+  * Fix various typos #1798
+  * Fixed number parsing as float bug in JSON #1756
+  * Fixed string, null concatenation consistency #1712
+  * Fixed expression parsing issue #1711
+  * Bumped dependencies
+- update to 4.35.1:
+  * Added Lua output support
+  * Added BSD checksum format
+  * Bumped dependencies
+
+- update to 4.34.2:
+  * Bumped depedencies
+- update to 4.34.1:
+  * Added shell output format
+  * Fixed nil pointer dereference
+  * Bumped dependency versions
+
+- update to 4.33.3:
+  * Fixed bug when splatting empty array #1613
+  * Added scalar output for TOML (#1617)
+  * Fixed passing of read-only context in pipe (partial fix for
+    [#1631])
+  * Bumped dependency versions
+
+- update to 4.33.2:
+  * Add ``--nul-output|-0`` flag to separate element with NUL
+    character (#1550) Thanks @vaab!
+  * Add removable-media interface plug declaration to the snap
+    packaging(#1618) Thanks @brlin-tw!
+  * Scalar output now handled in csv, tsv and property files
+  * Bumped dependency versions
+
+- update to 4.33.1:
+  * Added read-only TOML support! #1364. Thanks @pelletier for
+    making your API available in your toml lib :)
+  * Added warning when auto detect by file type is outputs JSON
+
+- update to 4.32.2:
+  * Fixes parsing terraform tfstate files results in "unknown"
+    format
+  * Added divide and modulo operators (#1593)
+  * Add support for decoding base64 strings without padding
+  * Add filter operation (#1588) - thanks @rbren!
+  * Detect input format based on file name extension (#1582)
+  * Auto output format when input format is automatically
+    detected
+  * Fixed npe in log #1596
+  * Improved binary file size!
+  * Bumped dependency versions
+
+- update to 4.31.2:
+  * Fixed merged anchor reference problem #1482
+  * Fixed xml encoding of ProcInst #1563, improved XML
+    comment handling
+  * Allow build without json and xml support (#1556) Thanks
+  * Bumped dependencies
+
+- update to 4.31.1:
+  * Added shuffle command #1503
+  * Added ability to sort by multiple fields #1541
+  * Added @sh encoder #1526
+  * Added @uri/@urid encoder/decoder #1529
+  * Fixed date comparison with string date #1537
+  * Added from_unix/to_unix Operators
+  * Bumped dependency versions
+
zypper
-- Changed location of bash-complication (bsc#1213854).
+- Fix name of the bash completion script (bsc#1215007)
+  In 1.14.63 the location of the bash completion script was changed
+  to /usr/share/bash-completion/completions/. But the patch failed
+  to also rename the completion script. The original script name
+  zypper.sh is not recognized at the new location.
+- Update notes about failing signature checks (bsc#1214395)
+  It might be a transient issue if the server is in the midst of
+  receiving new data. Retry after a few minutes might work.
+- Improve the SIGINT handler to be signal safe (bsc#1214292)
+  This patch updates the SIGINT handling strategy to be signal
+  safe. Meaning the signal handler will do not much more than
+  setting a flag, which we are going to check in the normal program
+  flow as much as possible.
+- version 1.14.64
+
+- Changed location of bash completion script (bsc#1213854).