Removed rpms
============

 - libicu69
 - libicu69-ledata
 - qemu-img
 - qemu-pr-helper
 - virtiofsd

Added rpms
==========


Package Source Changes
======================

LibVNCServer
+- version update to 0.9.14
+  [#]# Overall changes:
+  * Added more documentation (build system integration, repeater setup) and a legal FAQ.
+  * Added [contribution guidelines](CONTRIBUTING.md).
+  * Ported the TravisCI continous integration machinery to GitHub workflows.
+  [#]# LibVNCServer/LibVNCClient:
+  * Added [qemu extended key event].
+  * Fixed several potential multiplication overflows.
+  [#]# LibVNCClient:
+  * Fixes of several memory leaks and buffer overflows.
+  * Added UltraVNC's MSLogonII authentication scheme.
+  * Fixed TLS interoperability with GnuTLS servers.
+  * Fixed detection of newer UltraVNC and TightVNC servers.
+  * Added support for [SetDesktopSize].
+  * Added SSH tunneling example using libssh2.
+  * Added some extensions to VeNCrypt in order to be compatible with a wider range of servers.
+  [#]# LibVNCServer:
+  * Fixes to the multi-threaded server implementation which should be a lot more sound now.
+  * Fixed TightVNC-filetransfer file upload for 64-bit systems.
+  * Fixes of crashes in the zlib compression.
+  * Added support for [UTF8 clipboard data].
+  * Fixed visual artifacts in framebuffer on ARM platforms.
+  * Fixed several WebSockets bugs.
+  * Fixed the UltraVNC-style repeater example.
+  * Added support for larger framebuffers (two 4k screens possible now).
+  * Added support for timeouts for outbound connections (to repeaters for instance).
+  * Fixed out-of-bounds memory access in Tight encoding.
+- modified patches
+  % 0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch (refreshed)
+  % 0002-libvncserver-Add-channel-security-handlers.patch (refreshed)
+- deleted patches
+  - 0001-libvncserver-don-t-NULL-out-internal-of-the-default-.patch (upstreamed)
+  - 0003-libvncserver-auth-don-t-keep-security-handlers-from-.patch (upstreamed)
+  - 0004-zlib-Clear-buffer-pointers-on-cleanup-444.patch (upstreamed)
+  - LibVNCServer-CVE-2020-29260.patch (upstreamed)
+
MozillaFirefox
+- Mozilla Firefox ESR 115.3.1 ESR
+  MFSA 2023-44 (bsc#1215814)
+  * CVE-2023-5217: Heap buffer overflow in libvpx
+
+- Firefox Extended Support Release 115.3.0 ESR
+  Placeholder changelog-entry
+- Mozilla Firefox ESR 115.3
+  MFSA 2023-42 (bsc#1215575)
+  * CVE-2023-5168: (bmo#1846683)
+    Out-of-bounds write in FilterNodeD2D1
+  * CVE-2023-5169: (bmo#1846685)
+    Out-of-bounds write in PathOps
+  * CVE-2023-5171: (bmo#1851599)
+    Use-after-free in Ion Compiler
+  * CVE-2023-5174: (bmo#1848454)
+    Double-free in process spawning on Windows
+  * CVE-2023-5176: (bmo#1836353, bmo#1842674, bmo#1843824,
+    bmo#1843962, bmo#1848890, bmo#1850180, bmo#1850983,
+    bmo#1851195)
+    Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3,
+    and Thunderbird 115.3
+- Add patch mozilla-fix-broken-ffmpeg.patch to fix broken build
+  with newer binutils (bsc#1215309)
+
alsa
+- More upstream fix for incosistent compile conditions:
+  0004-reshuffle-included-files-to-include-config.h-as-firs.patch
+
+- Upstream fix backport:
+  0002-global.h-move-__STRING-macro-outside-PIC-ifdef-block.patch
+- Upstream fix for PCM segfault regression (bsc#1215167):
+  0003-pcm-Fix-segfault-with-32bit-libs.patch
+
+- Update to version 1.2.10 (jsc#PED-6566):
+  * MIDI 2.0 feature support
+  * build fixes for various platforms
+  * various documentation fixes
+  * misc topology fixes
+  * ucm fixes and cleanups
+  For details, see:
+    https://www.alsa-project.org/wiki/Changes_v1.2.9_v1.2.10#alsa-lib
+- Took upstream fix for possible build errors:
+  0001-control.h-Fix-ump-header-file-detection.patch
+
+- Update to version 1.2.9:
+  * Versioned symbol updates
+  * Various fixes for building on *BSD and Android
+  * Fixes and enhancements of auto silencing and playback drain
+  * Add SND_CTL_EINTR open mode at PCM
+  * Avoid endless loop in snd_pcm_sw_params_default()
+  * Fixes in PCM rate, route/softvol plugins
+  * Fixes in topology API parser, cleanups
+  * Enhancements in latency test program
+  * Minor code cleanup and memory leak fixes in UCM API
+  * emu10k1 config cleanup
+  For details, see:
+    https://www.alsa-project.org/wiki/Changes_v1.2.8_v1.2.9#alsa-lib
+
alsa-ucm-conf
+- Update to version 1.2.10 (jsc#PED-6566):
+  * updates / fixes for various devices: mtk-rt5650, usb-audio, tegra
+    es8316, sof-essx8336, pinephone, Steinberg UR44C, AMD ACP RPL,
+    ACP63, sof-hda-dsp, etc
+  For details, see:
+  https://www.alsa-project.org/wiki/Changes_v1.2.9_v1.2.10#alsa-ucm-conf
+- Upstream regression fix:
+  0001-SplitPCM-Device-argument-may-not-be-set.patch
+
+- Update to version 1.2.9:
+  various profile updates for USB-audio, SOF and others.
+  For details, see:
+  https://www.alsa-project.org/wiki/Changes_v1.2.8_v1.2.9#alsa-ucm-conf
+
alsa-utils
+- Update to alsa-utils 1.2.10 (jsc#PED-6566):
+  * MIDI 2.0 / UMP support for sequencer programs
+  * nhlt: add nhlt-dmic-info utility
+  * Build fixes and cleanups
+  * speaker-test: allow large buffer and period time setup - up to 100 seconds
+  * various topology fixes
+  For details, see:
+  https://www.alsa-project.org/wiki/Changes_v1.2.9_v1.2.10#alsa-utils
+- Fix the builds with old gcc:
+  0001-axfer-use-ATTRIBUTE_UNUSED-instead-remove-argument-n.patch
+  0002-amidi-use-ATTRIBUTE_UNUSED-instead-remove-argument-n.patch
+  0003-alsaloop-use-ATTRIBUTE_UNUSED-instead-remove-argumen.patch
+  0004-bat-use-ATTRIBUTE_UNUSED-instead-remove-argument-nam.patch
+  0005-seq-use-ATTRIBUTE_UNUSED-instead-remove-argument-nam.patch
+  0006-alsaucm-use-ATTRIBUTE_UNUSED-instead-remove-argument.patch
+  0007-topology-use-ATTRIBUTE_UNUSED-instead-remove-argumen.patch
+
+- Update to alsa-utils 1.2.9:
+  BSD build fix, and various updates for alsactl, amidi, axfer,
+  alsa-info.sh, alsaloop, alsatplg, alsaucm, aplay, abat.
+  For details, see:
+  https://www.alsa-project.org/wiki/Changes_v1.2.8_v1.2.9#alsa-utils
+
apparmor
+- Fix pam_apparmor %post and %postun scripts to handle pam-config errors
+  (bsc#1215596)
+
apparmor:libapparmor
+- Fix pam_apparmor %post and %postun scripts to handle pam-config errors
+  (bsc#1215596)
+
attica-qt5
+- Update to 5.110.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.110.0
+- No code change since 5.109.0
+
+- Update to 5.109.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.109.0
+- Changes since 5.108.0:
+  * Add explicit moc includes to sources for moc-covered headers
+
+- Update to 5.108.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.108.0
+- Changes since 5.107.0:
+  * Remove qt6 CI builds
+
+- Update to 5.107.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.107.0
+- No code change since 5.106.0
+
+- Update to 5.106.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.106.0
+- No code change since 5.105.0
+
+- Update to 5.105.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.105.0
+- No code change since 5.104.0
+
+- Update to 5.104.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.104.0
+- No code change since 5.103.0
+
bind
+- Update to release 9.16.44
+  Bug Fixes:
+  * Processing already-queued queries received over TCP could cause
+    an assertion failure, when the server was reconfigured at the
+    same time or the cache was being flushed. This has been fixed.
+  Security Fixes:
+  * Previously, sending a specially crafted message over the
+    control channel could cause the packet-parsing code to run out
+    of available stack memory, causing named to terminate
+    unexpectedly. This has been fixed. (CVE-2023-3341)
+  [bsc#1215472]
+- Switch to pkgconfig(libprotobuf-c) since this now contains the
+  required protobuf-c binary
+
binutils
+- Update to version 2.41 [PED-5778]:
+  * The MIPS port now supports the Sony Interactive Entertainment Allegrex
+  processor, used with the PlayStation Portable, which implements the MIPS
+  II ISA along with a single-precision FPU and a few implementation-specific
+  integer instructions.
+  * Objdump's --private option can now be used on PE format files to display the
+  fields in the file header and section headers.
+  * New versioned release of libsframe: libsframe.so.1.  This release introduces
+  versioned symbols with version node name LIBSFRAME_1.0.  This release also
+  updates the ABI in an incompatible way: this includes removal of
+  sframe_get_funcdesc_with_addr API, change in the behavior of
+  sframe_fre_get_ra_offset and sframe_fre_get_fp_offset APIs.
+  * SFrame Version 2 is now the default (and only) format version supported by
+  gas, ld, readelf and objdump.
+  * Add command-line option, --strip-section-headers, to objcopy and strip to
+  remove ELF section header from ELF file.
+  * The RISC-V port now supports the following new standard extensions:
+  - Zicond (conditional zero instructions)
+  - Zfa (additional floating-point instructions)
+  - Zvbb, Zvbc, Zvkg, Zvkned, Zvknh[ab], Zvksed, Zvksh, Zvkn, Zvknc, Zvkng,
+    Zvks, Zvksc, Zvkg, Zvkt (vector crypto instructions)
+  * The RISC-V port now supports the following vendor-defined extensions:
+  - XVentanaCondOps
+  * Add support for Intel FRED, LKGS and AMX-COMPLEX instructions.
+  * A new .insn directive is recognized by x86 gas.
+  * Add SME2 support to the AArch64 port.
+  * The linker now accepts a command line option of --remap-inputs
+  <PATTERN>=<FILE> to relace any input file that matches <PATTERN> with
+  <FILE>.  In addition the option --remap-inputs-file=<FILE> can be used to
+  specify a file containing any number of these remapping directives.
+  * The linker command line option --print-map-locals can be used to include
+  local symbols in a linker map.  (ELF targets only).
+  * For most ELF based targets, if the --enable-linker-version option is used
+  then the version of the linker will be inserted as a string into the .comment
+  section.
+  * The linker script syntax has a new command for output sections: ASCIZ "string"
+  This will insert a zero-terminated string at the current location.
+  * Add command-line option, -z nosectionheader, to omit ELF section
+  header.
+- Removed obsolete patches: binutils-2.40-branch.diff.gz,
+  riscv-dynamic-tls-reloc-pie.patch, riscv-pr22263-1.patch,
+  extensa-gcc-4_3-fix.diff .
+- Add binutils-2.41-branch.diff.gz .
+- Add binutils-old-makeinfo.diff for SLE-12 and older.
+- Rebased aarch64-common-pagesize.patch and binutils-revert-rela.diff .
+- Contains fixes for these non-CVEs (not security bugs per upstreams
+  SECURITY.md):
+  * bsc#1209642 aka CVE-2023-1579 aka PR29988
+  * bsc#1210297 aka CVE-2023-1972 aka PR30285
+  * bsc#1210733 aka CVE-2023-2222 aka PR29936
+  * bsc#1213458 aka CVE-2021-32256 aka PR105039 (gcc)
+  * bsc#1214565 aka CVE-2020-19726 aka PR26240
+  * bsc#1214567 aka CVE-2022-35206 aka PR29290
+  * bsc#1214579 aka CVE-2022-35205 aka PR29289
+  * bsc#1214580 aka CVE-2022-44840 aka PR29732
+  * bsc#1214604 aka CVE-2022-45703 aka PR29799
+  * bsc#1214611 aka CVE-2022-48065 aka PR29925
+  * bsc#1214619 aka CVE-2022-48064 aka PR29922
+  * bsc#1214620 aka CVE-2022-48063 aka PR29924
+  * bsc#1214623 aka CVE-2022-47696 aka PR29677
+  * bsc#1214624 aka CVE-2022-47695 aka PR29846
+  * bsc#1214625 aka CVE-2022-47673 aka PR29876
+
+- This only existed only for a very short while in SLE-15, as the main
+  variant in devel:gcc subsumed this in binutils-revert-rela.diff.
+  Hence:
+- Remove binutils-disable-dt-relr.sh as subsumed.
+
+- riscv-dynamic-tls-reloc-pie.patch: Backport for PR ld/22263 and PR
+  ld/25694
+- riscv-pr22263-1.patch: Backport for PR ld/22263
+
+- Rebase branch patch (includes fix for PR30281).
+
+- Document fixed CVEs:
+  * bnc#1208037 aka CVE-2023-25588 aka PR29677
+  * bnc#1208038 aka CVE-2023-25587 aka PR29846
+  * bnc#1208040 aka CVE-2023-25585 aka PR29892
+  * bnc#1208409 aka CVE-2023-0687 aka PR29444
+
+- Enable bpf-none cross target and add bpf-none to the multitarget
+  set of supported targets.
+
+- Disable packed-relative-relocs for old codestreams.  They generate
+  buggy relocations when binutils-revert-rela.diff is active.
+  [bsc#1206556]
+
+- Disable ZSTD debug section compress by default.
+
+- Enable zstd compression algorithm (instead of zlib)
+  for debug info sections by default.
+
+- Pack libgprofng only for supported platforms.
+
+- Remove upstreamed patch binutils-maxpagesize.diff.
+
+- Rebase binutils-2.40-branch.diff.gz as it includes fix for PR30043.
+- Move libgprofng-related libraries to the proper locations (packages).
+- Add --without=bootstrap for skipping of bootstrap (faster testing
+  of the package).
+
+- Remove broken arm32-avoid-copyreloc.patch to fix [gcc#108515]
+
+- Update to version 2.40:
+  * Objdump has a new command line option --show-all-symbols which will make it
+  display all symbols that match a given address when disassembling.  (Normally
+  only the first symbol that matches an address is shown).
+  * Add --enable-colored-disassembly configure time option to enable colored
+  disassembly output by default, if the output device is a terminal.  Note,
+  this configure option is disabled by default.
+  * DCO signed contributions are now accepted.
+  * objcopy --decompress-debug-sections now supports zstd compressed debug
+  sections.  The new option --compress-debug-sections=zstd compresses debug
+  sections with zstd.
+  * addr2line and objdump --dwarf now support zstd compressed debug sections.
+  * The dlltool program now accepts --deterministic-libraries and
+  - -non-deterministic-libraries as command line options to control whether or
+  not it generates deterministic output libraries.  If neither of these options
+  are used the default is whatever was set when the binutils were configured.
+  * readelf and objdump now have a newly added option --sframe which dumps the
+  SFrame section.
+  * Add support for Intel RAO-INT instructions.
+  * Add support for Intel AVX-NE-CONVERT instructions.
+  * Add support for Intel MSRLIST instructions.
+  * Add support for Intel WRMSRNS instructions.
+  * Add support for Intel CMPccXADD instructions.
+  * Add support for Intel AVX-VNNI-INT8 instructions.
+  * Add support for Intel AVX-IFMA instructions.
+  * Add support for Intel PREFETCHI instructions.
+  * Add support for Intel AMX-FP16 instructions.
+  * gas now supports --compress-debug-sections=zstd to compress
+  debug sections with zstd.
+  * Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd}
+  that selects the default compression algorithm
+  for --enable-compressed-debug-sections.
+  * Add support for various T-Head extensions (XTheadBa, XTheadBb, XTheadBs,
+  XTheadCmo, XTheadCondMov, XTheadFMemIdx, XTheadFmv, XTheadInt, XTheadMemIdx,
+  XTheadMemPair, XTheadMac, and XTheadSync) from version 2.0 of the T-Head
+  ISA manual, which are implemented in the Allwinner D1.
+  * Add support for the RISC-V Zawrs extension, version 1.0-rc4.
+  * Add support for Cortex-X1C for Arm.
+  * New command line option --gsframe to generate SFrame unwind information
+  on x86_64 and aarch64 targets.
+  * The linker has a new command line option to suppress the generation of any
+  warning or error messages.  This can be useful when there is a need to create
+  a known non-working binary.  The option is -w or --no-warnings.
+  * ld now supports zstd compressed debug sections.  The new option
+  - -compress-debug-sections=zstd compresses debug sections with zstd.
+  * Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd}
+  that selects the default compression algorithm
+  for --enable-compressed-debug-sections.
+  * Remove support for -z bndplt (MPX prefix instructions).
+- Rebased patches: add-ulp-section.diff, ld-relro.diff, binutils-revert-plt32-in-branches.diff,
+  cross-avr-size.patch.
+- Removed patch: binutils-pr29482.diff.
+- New patch: extensa-gcc-4_3-fix.diff.
+- Includes fixes for these CVEs:
+  * bnc#1206080 aka CVE-2022-4285 aka PR29699
+- Enable by default: --enable-colored-disassembly.
+
+- fix build on x86_64_vX platforms
+- add arm32-avoid-copyreloc.patch for PR16177 (bsc#1200962)
+
busybox
+-  Add ash-fix-segfault-d417193cf.patch: fix stack overflow vulnerability
+  in ash (CVE-2022-48174, bsc#1214538)
+
cracklib
+- version update to 2.9.11
+  * Merge fedora patches and man pages
+  * Fix missing files in dist tarball, other automake fixes (Leandro Nini)
+  * Fix error handling during build of dictionary (yixiangzhike)
+  * Fix to localization support (A. Wilcox, nekopsykose)
+  * Fix to test utilities (Alexander Kanavin)
+  * Translation updates from weblate
+  * python: adjust include path for builddir by @thesamesam in #61
+  * Make buffer static and avoid returning stack-allocated memory by @drfiemost in #63
+- modified patches
+  % 0002-cracklib-2.9.2-visibility.patch (refreshed)
+
+- update to 2.9.8:
+  * rules: Drop using register keyword
+  * add exec perms
+  * translation updates
+  * Use what's in the build environment and use a current autoconf
+  * util/Makefile.am: fix link with lintl
+  * Force grep to treat the input as text when formatting word files
+
+- Drop --with-pic, as it has no effect with --disable-static.
+
curl
+- Security fix: [bsc#1215026, CVE-2023-38039]
+  * http: return error when receiving too large header
+  * Add curl-CVE-2023-38039.patch
+
double-conversion
+- update to 3.3.0:
+  * Fix some compile warnings in Visual Studio
+  * Set permissions for github workflows
+  * Add flags to control trailing decimal and zero in exponent
+    form when input has one significant digit
+
+- update to 3.2.1
+  * Disable quiet nan test on windows
+  * Test on all platforms.
+  * Fix warnings on Windows
+  * Run ctests first.
+  * Give shared-lib option and test install
+  * Install Windows debbuger (pdb) files.
+  * Add a cast to silence a signedness conversion warning.
+  * Issue #184 : Fixed all -Wzero-as-null-pointer-constant warnings
+
+- update to 3.2.0:
+  * Fix quiet NANs on MIPS* and PA-RISC architectures.
+
+- update to 3.1.7:
+  * Reintroduce macros, if DOUBLE_CONVERSION_NON_PREFIXED_MACROS is set
+  * Also add support for Synopsys ARC64 architecture
+
+- update to 3.1.6:
+  * Features some code cleanups.
+  * Adds the following new architectures: loongarch, xtensa, nios2, e2k.
+
-- Initial package, version 2.0.1
-
evolution
+- Add evolution-height-miscalculation.patch: fix rendering of
+  calendar changes with WebKitGTK 2.40+ (boo#1213858
+  glgo#GNOME/evolution#2204).
+
+- Add evolution-frame-flattening.patch: handle frame flattening
+  change in WebKitGTK 2.40 (boo#1213858).
+
exempi
+- Add CVE-2020-18651.patch: fix a buffer overflow in ID3 support
+  (boo#1214486 CVE-2020-18651).
+
-- Update to version 2.2.0:
-  + New 'exempi' command line tool.
-  + Upgrade XMPCore to Adobe XMP 5.1.2
-  - Quicktime support now works without Quicktime.
-  - Reconciliation with ID3v2.
-  - "Blessed" 64-bits support (we already had it in exempi).
-  - Slight change in the way XMP are written for MWG compliance.
-  - Fixed a serious bug with RIFF.
-  - Change in the way local text encoding is dealt with.
-  - Alternative languages behave slightly differently by changing
-    how the default language property is managed.
-  - Probably a bunch of bugs fixed that I don't know about.
-  + Update unit tests.
-  - Refactor the fixtures.
-  + Use automake silent rules instead of shave. (build only)
-  + "make dist" generate a bzip2 archive as well. (build only)
-  + Remove some obsolete warning flags. (build only)
-  + Build xmpcommandtool
-  + Several new APIs.
-  + Bug fixes: fdo#37747.
-- Drop exempi-no-shave.patch: shave is not used upstream anymore.
-- Drop libtool BuildRequires, autoreconf call and
-  - -disable-silent-rules that were used because of patch above.
-- Create a tools subpackage for new exempi command line tool.
-- Change group of libexempi3 from "Development/Libraries/C and C++"
-  to System/Libraries.
-- Use V=1 during the build to get a verbose build.
-
ffmpeg
+- Add ffmpeg-CVE-2021-28429.patch: Fix Integer overflow
+  vulnerability in av_timecode_make_string in libavutil/timecode.c
+  (bsc#1214246, CVE-2021-28429).
+
ghostscript
+- CVE-2023-43115.patch is derived for Ghostscript-9.52 from
+  https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5
+  that fixes CVE-2023-43115 "remote code execution
+  via crafted PostScript documents in gdevijs.c"
+  see https://bugs.ghostscript.com/show_bug.cgi?id=707051
+  (bsc#1215466)
+
glibc
+- gb18030-2022.patch: add GB18030-2022 charmap (jsc#PED-4908, BZ #30243)
+
+- nscd-netlink-cache-invalidation.patch: nscd: Fix netlink cache
+  invalidation if epoll is used (bsc#1212910, BZ #29415)
+
+- nss-files-hosts-v4mapped.patch: Restore lookup of IPv4 mapped addresses
+  in files database (bsc#1212819, BZ #25457)
+
+- remove-excessive-p-align-check.patch: elf: Remove excessive p_align
+  check on PT_LOAD segments (bsc#1211829, BZ #28688)
+- segment-align.patch: elf: Properly align PT_LOAD segments (bsc#1211829,
+  BZ #28676)
+- ld-so-always-use-map-copy.patch: ld.so: Always use MAP_COPY to map the
+  first segment (BZ #30452)
+
icu
-- Renamed package from icu 69.1 for SUSE:SLE-15-SP3:Update
-  (jsc#SLE-17893)
-
-- nan-undefined-conversion.patch: ICU-21613 Fix undefined behaviour in
-  ComplexUnitsConverter::applyRounder
-
-- Update to release 69.1
-  * CLDR 39
-  * For Norwegian, "no" is back to being the canonical code, with
-    "nb" treated as equivalent. This aligns handling of Norwegian
-    with other macro language codes.
-  * Binary prefixes in measurement units (KiB, MiB, etc.)
-  * Time zone offsets from local time: New APIs
-    BasicTimeZone::getOffsetFromLocal() (C++) and
-    ucal_getTimeZoneOffsetFromLocal()
-- Drop icu-1618.patch (merged),
-  icu-fix-testTemperature.patch (merged)
-
-- icu-drop-testTemperature.patch: Remove
-- icu-fix-testTemperature.patch: Backport ICU-21366 (bsc#1182645)
-- Don't disable testsuite under qemu-linux-user
-
-- Add icu-drop-testTemperature.patch to fix boo#1182645
-  The test has been dropped in master branch
-
-- Added icu-1618.patch to fix 2 tests on aarch64 [boo#1182645]
-
-- Drop SUSE_ASNEEDED as the issue was in binutils (boo#1182252).
-
-- Fix pthread dependency issue (boo#1182252).
-
-- Update to release 68.2
-  * Fix memory problem in FormattedStringBuilder
-  * Fix assertion when setKeywordValue w/ long value.
-  * Fix UBSan breakage on 8bit of rbbi
-  * fix int32_t overflow in listFormat
-  * Fix memory handling in MemoryPool::operator=()
-  * Fix memory leak in AliasReplacer
-
-- Add back icu.keyring, see https://unicode-org.atlassian.net/browse/ICU-21361
-
-- Update to release 68.1
-  * CLDR 38
-  * Measurement unit preferences
-  * PluralRules selection for ranges of numbers
-  * Locale ID canonicalization now conforms to the CLDR spec
-    including edge cases
-  * DateIntervalFormat supports output options such as capitalization
-  * Measurement units are normalized in skeleton string output
-  * Time zone data (tzdata) version 2020d
+- Backport icu-CVE-2020-21913.patch: backport commit 727505bdd
+  from upstream, use LocalMemory for cmd to prevent use after free
+  (bsc#1193951 CVE-2020-21913).
-- Update to version 67.1
-  * Unicode 13 (ICU-20893, same as in ICU 66)
-    + Total of 5930 new characters
-    + 4 new scripts
-    + 55 new emoji characters, plus additional new sequences
-    + New CJK extension, first characters in plane 3: U+30000..U+3134A
-  * CLDR 37
-    + New language at Modern coverage: Nigerian Pidgin
-    + New languages at Basic coverage: Fulah (Adlam), Maithili,
-    Manipuri, Santali, Sindhi (Devanagari), Sundanese
-    + Region containment: EU no longer includes GB
-    + Unicode 13 root collation data and Chinese data for collation and transliteration
-  * DateTimePatternGenerator now obeys the "hc" preference in the locale identifier (ICU-20442)
-  * Various other improvements for ECMA-402 conformance
-  * Number skeletons have a new "concise" form that can be used in MessageFormat strings (ICU-20418)
-  * Currency formatting options for formal and other currency display name variants (ICU-20854)
-  * ListFormatter: new public API to select the style & type (ICU-12863)
-  * ListFormatter now selects the proper “and”/“or” form for Spanish & Hebrew (ICU-21016)
-  * Locale ID canonicalization upgraded to implement the complete CLDR spec (ICU-20834, ICU-20272)
-  * LocaleMatcher: New option to ignore one-way matches (ICU-20936),
-    and other tweaks to the code (ICU-20916, ICU-20917) and data (from CLDR)
-  * acceptLanguage() reimplemented via LocaleMatcher (ICU-20700)
-  * Data build tool: tzdbNames.res moved from the "zone_tree" category to the "zone_supplemental" category (ICU-21073)
-  * Fixed uses of u8"literals" broken by the C++20 introduction of the incompatible char8_t type (ICU-20972),
-  * and added a few API overloads to reduce the need for reinterpret_cast (ICU-20984).
-  * Support for manipulating CLDR 37 unit identifiers in MeasureUnit.
-
-- Drop icu-versioning.diff, icu-susevers.diff [boo#1159131]
-
-- Update to version 66.1
-  * Unicode 13 support
-  * Fix uses of u8"literals" broken by C++20 introduction of
-    incompatible char8_t type. (ICU-20972)
-
-- Add locale.diff [boo#1162882]
-
-- Remove /usr/lib(64)/icu/current [boo#1158955].
-
-    FATE#325570)
+    FATE#325570, bnc#1103893, fate#325570, fate#325419)
kernel-default
+- x86/sev: Make enc_dec_hypercall() accept a size instead of
+  npages (bsc#1214635).
+- commit c11336f
+
+- Drop amdgpu patch causing spamming (bsc#1215523)
+  Deleted:
+  patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch.
+- commit 2351f50
+
+- USB: core: Change usb_get_device_descriptor() API (bsc#1213123
+  CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552).
+  Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk)
+  Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context)
+- commit be6100d
+
kernel-kvmsmall
+- x86/sev: Make enc_dec_hypercall() accept a size instead of
+  npages (bsc#1214635).
+- commit c11336f
+
+- Drop amdgpu patch causing spamming (bsc#1215523)
+  Deleted:
+  patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch.
+- commit 2351f50
+
+- USB: core: Change usb_get_device_descriptor() API (bsc#1213123
+  CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552).
+  Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk)
+  Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context)
+- commit be6100d
+
libX11
+- U_0001-CVE-2023-43785-out-of-bounds-memory-access-in-_XkbRe.patch
+  U_0002-CVE-2023-43786-stack-exhaustion-from-infinite-recurs.patch
+  U_0003-XPutImage-clip-images-to-maximum-height-width-allowe.patch
+  U_0004-XCreatePixmap-trigger-BadValue-error-for-out-of-rang.patch
+  U_0005-CVE-2023-43787-Integer-overflow-in-XCreateImage-lead.patch
+  * CVE-2023-43785 libX11: out-of-bounds memory access in
+    _XkbReadKeySyms() (boo#1215683)
+  * CVE-2023-43786 libX11: stack exhaustion from infinite recursion
+  in PutSubImage() (boo#1215684)
+  * CVE-2023-43787 libX11: integer overflow in XCreateImage()
+    leading to a heap overflow (boo#1215685)
+
libXpm
+- U_0000-test-Add-unit-tests-using-glib-framework.patch
+  U_0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch
+  U_0002-test-Add-test-case-for-CVE-2023-43789-corrupt-colorm.patch
+  U_0003-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch
+  * fixes CVE-2023-43788 libXpm: out of bounds read in
+    XpmCreateXpmImageFromBuffer() (boo#1215686)
+  * fixes CVE-2023-43789 libXpm: out of bounds read on XPM with
+    corrupted colormap (boo#1215687)
+- U_0004-test-Add-test-case-for-CVE-2023-43786-stack-exhausti.patch
+  U_0005-Avoid-CVE-2023-43786-stack-exhaustion-in-XPutImage.patch
+  U_0006-test-Add-test-case-for-CVE-2023-43787-integer-overfl.patch
+  U_0007-Avoid-CVE-2023-43787-integer-overflow-in-XCreateImag.patch
+  * avoids to trigger CVE-2023-43786,CVE-2023-43787 (boo#1215684,
+    boo#1215685); see changelog in libX11 update ...
+
-- bumped version number to 7.6
-
libcacard
+- Update to version 2.8.1
+  * Unbreak RAW deciphering emulation using RSA-PKCS1 method
+  * Use g_memdup2 to avoid deprecation warnings with new glib2
+
+- Update to v2.8.0. Changes include:
+  * Improve project documentation
+  * Bump minimal glib version to 2.32 and remove old compatibility functions
+  * Introduce meson build system in addition to existing autotools
+  * Create and run fuzzer drivers to improve stability
+  * Introduce a new API vcard_emul_finalize() to clean up allocated resources
+  * Remove key caching to avoid issues with some PKCS #11 modules
+  * Prevent logging critical errors on unknown instruction
+- Remove empty libcacard package, and also drop the rpm provided
+  symbol qemu-tools:/usr/bin/vscclient, both assumed unused by now
+
+- Update to v2.7.0. Changes include:
+  * Improve compatibility with Windows guests, particularly with
+  ActivClient Windows drivers.
+  * Implement Microsoft PnP applet used by Windows for card detection
+  * Fill several structures returned by Global Platform applet to
+  mimic behavior of real cards.
+  * Implement API for creation of serial number used to uniquely
+  identify a emulated card.
+  * More verbose debug logs
+  * Fix the VERIFY semantics, which can be used for login status
+  check
+  * Add clang and csbuild CI targets
+  * Use ATR from official CAC card to improve card detection under
+  Windows
+
+- Update to v2.6.1
+  * various bug fixes (memory corruption issues which would cause
+  crashes in spice-gtk)
+
+- Update to v2.6.0
+  * provides implementation of GSC-IS 2.1 (aka CAC version 2) to improve
+  interoperability with guest software using the emulated or shared
+  smart cards. The previously implemented CACv1 specification is no
+  longer supported by any other application so the old code is gone
+  and any application depending on this old standard will not work
+  anymore.
+  * vscclient is no longer installed, as it is not an end-user supported
+  solution
+  * various bug & leak fixes
+
libeconf
+- Additional info for version 0.5.2:
+  * Fixed a stack-buffer-overflow vulnerability in "econf_writeFile"
+    function. (CVE-2023-30078, CVE-2023-32181, bsc#1211078)
+  * Fixed a stack-buffer-overflow vulnerability in "read_file"
+    function. (CVE-2023-30079, CVE-2023-22652, bsc#1211078)
+
+- Update to version 0.5.2:
+  * Fixed build for aarch64 and gcc13.
+  * Making the output verbose when a test fails.
+  * Fixed a stack-buffer-overflow vulnerability in "econf_writeFile"
+    function.
+  * Fixed a stack-buffer-overflow vulnerability in "read_file"
+    function.
+  * Added new feature: econf_set_conf_dirs (const char **dir_postfix_list)
+    Sets a list of directory structures (with order) which describes
+    the directories in which the files have to be parsed.
+    E.G. with the given list: {"/conf.d/", ".d/", "/", NULL} files in following
+    directories will be parsed:
+    "<default_dirs>/<project_name>.<suffix>.d/"
+    "<default_dirs>/<project_name>/conf.d/"
+    "<default_dirs>/<project_name>.d/"
+    "<default_dirs>/<project_name>/"
+    The entry "<default_dirs>/<project_name>.<suffix>.d/" will be added
+    automatically.
+  * General code cleanup.
+
+- Update to version 0.5.1:
+  * Reading files in /usr/_vendor_/_example_._suffix_.d/* regardless
+    there is a /etc/_example_._suffix_ file. (#175)
+
+- Update to version 0.5.0:
+  * API calls econf_read*WithCallback supporting a general (void *)
+    argument for user defined data with which the callback function is
+    called.
+  * Tagged following functions deprecated:
+    econf_requireOwner, econf_requireGroup, econf_requirePermissions,
+    econf_followSymlinks, econf_reset_security_settings
+    Use one of the econf_read*WithCallback functions instead.
+
+- Update to version 0.4.9:
+  * libeconf.h: added missing sys/types.h header (#171)
+  * new API calls: econf_readFileWithCallback,
+    econf_readDirsWithCallback, econf_readDirsHistoryWithCallback (#172)
+  * Checking NULL comment parameter in the parsing functions.
+
+- Update to version 0.4.8+git20221114.7ff7704:
+  * Parsing files which are containing keys only (#170)
+    All delimiters are allowed now : "", " =", " ", "=". But the
+    user should use "" in order to be distinct.
+  * /usr/etc/shells.d/<file_name> will not be parsed if
+    /etc/shells.d/<file_name> is defined too.
+  * Lto build fixed (#168)
+  * New calls: econf_comment_tag, econf_delimiter_tag, econf_set_comment_tag,
+    econf_set_delimiter_tag
+  * Checking UID,GroupID, permissions,... of the parsed files (#165)
+    New calls: econf_requireOwner, econf_requireGroup, econf_requirePermissions,
+    econf_followSymlinks
+  * Ignoring Group without brackets; Do not hold brackets in the internal data structure. (#164)
+  * Error handling improved for nums and booleans (#163)
+
libjpeg-turbo
+- merge two spec files into one
+
+- Add _multibuild to define 2nd spec file as additional flavor.
+  Eliminates the need for source package links in OBS.
+
+- Build AVX2 enabled hwcaps library for x86_64-v3
+
+- update to 2.1.5.1:
+  * Fixed a regression introduced by 2.0 beta1[15] that caused a buffer
+    overrun in the progressive Huffman encoder when attempting to transform
+    a specially-crafted malformed 12-bit-per-component JPEG image into a
+    progressive 12-bit-per-component JPEG image using a 12-bit-per-component
+    build of libjpeg-turbo.
+  * Fixed an issue whereby, when using a 12-bit-per-component build of
+    libjpeg-turbo (-DWITH_12BIT=1), passing samples with values greater than 4095
+    or less than 0 to jpeg_write_scanlines() caused a buffer overrun or
+    underrun in the RGB-to-YCbCr color converter.
+  * Fixed a floating point exception that occurred when attempting to use
+    the jpegtran -drop and -trim options to losslessly transform a
+    specially-crafted malformed JPEG image.
+  * Fixed an issue in tjBufSizeYUV2() whereby it returned a bogus result,
+    rather than throwing an error, if the align parameter was not a power of 2.
+  * Fixed a similar issue in tjCompressFromYUV() whereby it generated a corrupt
+    JPEG image in certain cases, rather than throwing an error,
+    if the align parameter was not a power of 2.
+  * Fixed an issue whereby tjDecompressToYUV2(), which is a wrapper for
+    tjDecompressToYUVPlanes(), used the desired YUV image dimensions
+    rather than the actual scaled image dimensions when computing the plane
+    pointers and strides to pass to tjDecompressToYUVPlanes().
+    This caused a buffer overrun and subsequent segfault if the desired
+    image dimensions exceeded the scaled image dimensions.
+  * Fixed an issue whereby, when decompressing a 12-bit-per-component JPEG
+    image (-DWITH_12BIT=1) using an alpha-enabled output color space such as
+    JCS_EXT_RGBA, the alpha channel was set to 255 rather than 4095.
+  * Fixed an issue whereby the Java version of TJBench did not accept a range
+    of quality values.
+  * Fixed an issue whereby, when -progressive was passed to TJBench,
+    the JPEG input image was not transformed into a progressive JPEG image
+    prior to decompression.
+
+- Add explicit provides for jpegtran, so it can be installed easier
+
+- update to 2.1.4:
+  * Fixed a regression introduced in 2.1.3 that caused build failures with
+    Visual Studio 2010.
+  * The tjDecompressHeader3() function in the TurboJPEG C API and the
+    TJDecompressor.setSourceImage() method in the TurboJPEG Java API now
+    accept "abbreviated table specification" (AKA "tables-only") datastreams,
+    which can be used to prime the decompressor with quantization and Huffman
+    tables that can be used when decompressing subsequent "abbreviated image"
+    datastreams.
+  * libjpeg-turbo now performs run-time detection of AltiVec instructions on
+    OS X/PowerPC systems if AltiVec instructions are not enabled at compile
+    time. This allows both AltiVec-equipped (PowerPC G4 and G5) and
+    non-AltiVec-equipped (PowerPC G3) CPUs to be supported using the same
+    build of libjpeg-turbo.
+  * Fixed an error ("Bogus virtual array access") that occurred when
+    attempting to decompress a progressive JPEG image with a height less than
+    or equal to one iMCU (8 * the vertical sampling factor) using
+    buffered-image mode with interblock smoothing enabled. This was a
+    regression introduced by 2.1 beta1[6(b)].
+  * Fixed two issues that prevented partial image decompression from working
+    properly with buffered-image mode:
+  * Attempting to call jpeg_crop_scanline() after jpeg_start_decompress()
+    but before jpeg_start_output() resulted in an error ("Improper call to
+    JPEG library in state 207".)
+  * Attempting to use jpeg_skip_scanlines() resulted in an error ("Bogus
+    virtual array access") under certain circumstances.
+
+- Add requires between baselibs
+
+- Use nasm instead of yasm, the latter has not released any update
+  in 7 years.
+
+- update to 2.1.3:
+  * Fixed a regression introduced by 2.0 beta1[7] whereby cjpeg compressed PGM
+    input files into full-color JPEG images unless the `-grayscale` option was
+    used.
+  * cjpeg now automatically compresses GIF and 8-bit BMP input files into
+    grayscale JPEG images if the input files contain only shades of gray.
+  * The build system now enables the intrinsics implementation of the AArch64
+    (Arm 64-bit) Neon SIMD extensions by default when using GCC 12 or later.
+  * Fixed a segfault that occurred while decompressing a 4:2:0 JPEG image using
+    the merged (non-fancy) upsampling algorithms (that is, with
+    `cinfo.do_fancy_upsampling` set to `FALSE`) along with `jpeg_crop_scanline()`.
+    Specifically, the segfault occurred if the number of bytes remaining in the
+    output buffer was less than the number of bytes required to represent one
+    uncropped scanline of the output image.  For that reason, the issue could only
+    be reproduced using the libjpeg API, not using djpeg.
+
+- update to 2.1.2:
+  * Fixed a regression introduced by 2.1 beta1[13] that caused the remaining
+    GAS implementations of AArch64 (Arm 64-bit) Neon SIMD functions (which are used
+    by default with GCC for performance reasons) to be placed in the `.rodata`
+    section rather than in the `.text` section.  This caused the GNU linker to
+    automatically place the `.rodata` section in an executable segment, which
+    prevented libjpeg-turbo from working properly with other linkers and also
+    represented a potential security risk.
+  * Fixed an issue whereby the `tjTransform()` function incorrectly computed the
+    MCU block size for 4:4:4 JPEG images with non-unary sampling factors and thus
+    unduly rejected some cropping regions, even though those regions aligned with
+    8x8 MCU block boundaries.
+  * Fixed a regression introduced by 2.1 beta1[13] that caused the build system
+    to enable the Arm Neon SIMD extensions when targetting Armv6 and other legacy
+    architectures that do not support Neon instructions.
+  * libjpeg-turbo now performs run-time detection of AltiVec instructions on
+    FreeBSD/PowerPC systems if AltiVec instructions are not enabled at compile
+    time.  This allows both AltiVec-equipped and non-AltiVec-equipped CPUs to be
+    supported using the same build of libjpeg-turbo.
+  * cjpeg now accepts a `-strict` argument similar to that of djpeg and
+    jpegtran, which causes the compressor to abort if an LZW-compressed GIF input
+    image contains incomplete or corrupt image data.
+
libostree
+- Add patch from upstream to fix corrupted files when using a large
+  fs with 64-bit inodes (boo#1214708):
+  * 0001-commit-fix-ostree-deployment-on-64-bit-inode-fs.patch
+
libraw
+  fix CVE-2020-22628 [bsc#1215308], stretch() function in libraw/src/postprocessing/aspect_ratio.cpp
+  + libraw-CVE-2020-22628.patch
+
+- security update
+- added patches
libvpx
+- Fixing CVE-2023-5217 heap buffer overflow (boo#1215778)
+  added CVE-2023-5217.patch
+
libzip
+- version update to 1.10.1
+  * Add `ZIP_LENGTH_TO_END` and `ZIP_LENGTH_UNCHECKED`. Unless
+    `ZIP_LENGTH_UNCHECKED` is used as `length`, it is an error
+    for a file to shrink between the time when the source is
+    created and when its data is read.
+
+- version update to 1.10.0
+  * Make support for layered sources public.
+  * Add `zip_source_zip_file` and `zip_source_zip_file_create`, deprecate `zip_source_zip` and `zip_source_zip_create`.
+  * Allow reading changed file data.
+  * Fix handling of files of size 4294967295.
+  * `zipmerge`: copy extra fields.
+  * `zipmerge`: add option to keep files uncompressed.
+  * Switch test framework to use nihtest instead of Perl.
+  * Fix reading/writing compressed data with buffers > 4GiB.
+  * Restore support for torrentzip.
+  * Add warnings when using deprecated functions.
+  * Allow keeping files for empty archives.
+  * Support mbedTLS>=3.3.0.
+  * Support OpenSSL 3.
+  * Use ISO C secure library functions, if available.
+
+- libzip 1.9.2:
+  * Fix version number in header file.
+  * Fix zip_file_is_seekable().
+  * Add zip_file_is_seekable().
+  * Improve compatibility with WinAES.
+  * Fix encoding handling in zip_name_locate().
+  * Add option to zipcmp to output summary of changes.
+  * Various bug fixes and documentation improvements.
+
lz4
+- Build AVX2 enabled hwcaps library for x86_64-v3
+
+- Update to release 1.9.4
+  * Decompression speed on high-end ARM64 platform is improved,
+    by ~+20%.
+  * For the specific scenario of data compressed with -BD4
+    setting (small blocks, <= 64 KB, linked) decompressed
+    block-by-block into a flush buffer (like lz4 CLI does),
+    decompression speed is improved ~+70%.
+  * For compressed data employing the lz4frame format (native
+    format of lz4 CLI), it's possible to ignore checksum
+    validation during decompression, resulting in speed
+    improvements of ~+40% . This capability is exposed at both
+    CLI (see --no-crc) and library levels.
+
man-pages
-- install kernel_lockdown.7 man page [bsc#1185534]
-- added sources
-  + kernel_lockdown.7
+- update to 6.04:
+  * Newly documented interfaces in existing pages
+  * proc.5
+    KPF_PGTABLE                     (Linux 4.18)
+  * landlock.7
+    LANDLOCK_ACCESS_FS_REFER        (Linux 5.19)
+  * udp.7
+    UDP_GRO                         (Linux 5.0)
+    UDP_SEGMENT                     (Linux 4.18)
+  * Changes to individual pages
+
+- Update to version 6.00
+  * Updated manual pages and interface documentation
+  * Move definitions of types to separate pages in man2type/ and
+    man3type/.  Previously, they were spread (and duplicated) in other
+    pages, or in system_data_types.7 (with links in man3/).
+  * Add man3head/ for pages that document header files.
+  * Add man3const/ for pages that document constants.
+  * Improve consistency of man(7) source
+  * Manual pages sections:
+  * Title (.TH):
+  * Remove 5th argument to TH (middle-header).
+  * Specify "Linux man-pages" and the version in the 4th argument
+    (left-footer).
+  * Add the LIBRARY section.  This section standardizes a way to
+    document the library that provides a given interface.
+  * Add the CAVEATS section.  BUGS and NOTES were serving that purpose
+    before, but CAVEATS is more appropriate.
+  * Rename the CONFORMING TO section to STANDARDS for consistency with
+    other projects, such as the BSDs.
+  * SYNOPSIS:  Add the ISO C2X [[deprecated]] attribute for functions
+    that have been deprecated or removed.
+  * EXAMPLES:  Improve consistency of C source code.  Also, reduce the
+    number of warnings that several linting tools emit.
+  * COLOPHON:  Remove section (its purpose is now served by the title).
+- Update to version 6.01
+  * Updated interface documentation
+  * Manual pages' sections:
+  * Title (.TH):
+  * Remove the hardcoded date (TH 3rd argument), and replace it by a
+    placeholder that should be changed when creating the tarball.
+    This removes the need for a tstamp commit before each release.
+- Update to version 6.02
+  * Updated manual pages and interface documentation, noteable:
+  * copy_file_range.2: Fix wrong kernel version information
+  * process_madvise.2: Fix capability and ptrace requirements
+  * madvise.2: Update Transparent Huge Pages file/shmem documentation
+    for Linux 5.4+.
+  * Use correct letter case in manual page titles, instead of uppercase.
+  * Use \" t comments when appropriate (Lintian needs this).
+  * SYNOPSIS:
+  * Add _Nullable for functions that receive NULL as a meaningful
+    input.
+  * Use VLA syntax to clarify the meaning of size parameters, rather
+    than hiding it in possibly-confusing text.
+  * Use [[noreturn]] instead of noreturn, which will be deprecated
+    soon.
+- Rebased man-pages-tcp_fack.patch
+- Added keyring and signed source
+
+- version update to 5.13 [bsc#1189908]
+  http://linux-man-pages.blogspot.com/2021/06/man-pages-512-released.html
+
+- do not package man5/motd.5, it is provided by pam package
+  [bsc#1188724]
+
+- version update to 5.12
+  http://linux-man-pages.blogspot.com/2021/06/man-pages-512-released.html
+- deleted patches
+  - man-pages-tty_ioctl.patch (upstreamed)
+
+- version update to 5.11
+  http://linux-man-pages.blogspot.com/2021/03/man-pages-511-is-released.html
+- modified patches
+  % man-pages-tty_ioctl.patch (refreshed)
+
+- version update to 5.10
+  * added documentation of the faccessat2() system call
+  * added a new subsection to the signal(7) manual page that provides
+    a "big picture" of what happens when a signal handler is executed
+- deleted patches
+  - man-pages-openat2.h-location.patch (upstreamed)
+
+- version update to 5.09
+  http://linux-man-pages.blogspot.com/2020/11/man-pages-509-is-released.html
+- modified patches
+  % man-pages-openat2.h-location.patch (refreshed)
+- [bsc#1185534]
+
+- version update to 5.08
+  Newly documented interfaces in existing pages
+  - --------------------------------------------
+  prctl.2
+    Dave Martin
+    Add SVE prctls (arm64)
+    Add documentation for the the PR_SVE_SET_VL and PR_SVE_GET_VL
+    prctls added in Linux 4.15 for arm64.
+    Dave Martin  [Catalin Marinas]
+    Add tagged address ABI control prctls (arm64)
+    Add documentation for the the PR_SET_TAGGED_ADDR_CTRL and
+    PR_GET_TAGGED_ADDR_CTRL prctls added in Linux 5.4 for arm64.
+  setns.2
+    Michael Kerrisk
+    Document the use of PID file descriptors with setns()
+    Starting with Linux 5.8, setns() can take a PID file descriptor as
+    an argument, and move the caller into or more of the namespaces of
+    the thread referred to by that descriptor.
+  capabilities.7
+    Michael Kerrisk
+    Document CAP_BPF
+    Michael Kerrisk
+    Add CAP_PERFMON
+  symlink.7
+    Aleksa Sarai
+    Document magic links more completely
+  etc. see Changes
+- modified patches
+  % man-pages-openat2.h-location.patch (refreshed)
+
+- added patches
+  fix [bsc#1173382]
+  + man-pages-openat2.h-location.patch
+
+- version update to 5.07
+  New and rewritten pages
+  - ----------------------
+  ioctl_fslabel.2
+    New page documenting filesystem get/set label ioctl(2) operations
+  Removed pages
+  - ------------
+  ioctl_list.2
+    This page was first added more than 20 years ago. Since
+    that time it has seen hardly any update, and is by now
+    very much out of date, as reported by Heinrich Schuchardt
+    and confirmed by Eugene Syromyatnikov.
+  Newly documented interfaces in existing pages
+  - --------------------------------------------
+  adjtimex.2
+    Document clock_adjtime(2)
+  clock_getres.2
+    Explain dynamic clocks
+  clone.2
+    Document the clone3() CLONE_INTO_CGROUP flag
+  mremap.2
+    Document MREMAP_DONTUNMAP
+  open.2
+    Document fs.protected_fifos and fs.protected_regular
+  prctl.2
+    Add PR_SPEC_INDIRECT_BRANCH for SPECULATION_CTRL prctls
+    Add PR_SPEC_DISABLE_NOEXEC for SPECULATION_CTRL prctls
+    Add PR_PAC_RESET_KEYS (arm64)
+  ptrace.2
+    Document PTRACE_SET_SYSCALL
+  proc.5
+    Document /proc/sys/fs/protected_regular
+    Document /proc/sys/fs/protected_fifos
+    Document /proc/sys/fs/aio-max-nr and /proc/sys/fs/aio-nr
+- deleted patches
+  - man-pages-remove-ioctl_list-reference.patch (upstreamed)
+- jsc#SLE-16566 jsc#SLE-15188
+
+- version update to 5.06
+  New and rewritten pages
+  - ----------------------
+  * openat2.2
+  * pidfd_getfd.2
+  * select.2
+  * select_tut.2
+  * sysvipc.7
+  * time_namespaces.7
+  Newly documented interfaces in existing pages
+  - --------------------------------------------
+    arch_prctl.2
+    Add ARCH_SET_CPUID subcommand
+    clock_getres.2
+    Document CLOCK_TAI
+    Add CLOCK_REALTIME_ALARM and CLOCK_BOOTTIME_ALARM
+    prctl.2
+    Document PR_SETIO_FLUSHER/GET_IO_FLUSHER
+    setns.2
+    Document CLONE_NEWTIME
+    statx.2
+    Document STATX_ATTR_VERITY
+    unshare.2
+    Document CLONE_NEWTIME
+    socket.7
+    Add description of SO_SELECT_ERR_QUEUE
+    Document SO_TIMESTAMPNS
+  etc., see Changes
+
+- version update to 5.05
+  * Newly documented interfaces in existing pages
+    clone.2
+    Add clone3() set_tid information
+    Document CLONE_CLEAR_SIGHAND
+    fcntl.2
+    Update manpage with new memfd F_SEAL_FUTURE_WRITE seal
+    memfd_create.2
+    Update manpage with new memfd F_SEAL_FUTURE_WRITE seal
+    loop.4
+    Document LOOP_SET_BLOCK_SIZE
+    Document LOOP_SET_DIRECT_IO
+    proc.5
+    Document /proc/sys/vm/unprivileged_userfaultfd
+- deleted patches
+  - man-pages-somaxconn-default-value.patch (upstreamed)
-- Add PR_PAC_RESET_KEYS for arm64 (jsc#SLE-16566 jsc#SLE-15188).
-  + prctl.2-Add-PR_PAC_RESET_KEYS-arm64.patch
-  + prctl.2-Fixes-to-Dave-Martin-s-patch.patch
+  [bsc#1162464]
+  + man-pages-somaxconn-default-value.patch
+
+- do not install man7/bpf-helpers.7 as it is already part of
+  bpftool package
+
+- don't use alternatives for man.7, just move it to a different directory
+  (boo#1160568)
+- use packageand to supplement the documentation pattern instead of
+  unconditionally hooking on man.
-- move man.7 man mdoc.7 to a separate directory to avoid conflicts
-  with mandoc which is a light-weight man alternative for small
-  systems (boo#1160568).
+- Set up %{_mandir}/man7/man.7%{?ext_man} as an alternative for
+  the man-page specific document. The other package providing
+  this man page is mandoc, which is meant as an alternative
+  lightweight faster replacement for man-pages package. It does
+  not have that many dependencies, it is written in C, see
+  http://mandoc.bsd.lv/ for more.
-- correct documentation of tcp_fack, document tcp_recovery
+- version update to 5.04
+  * clone.2
+    Document clone3()
+  * wait.2
+    Add P_PIDFD for waiting on a child referred to by a PID file descriptor
+  * bpf-helpers.7
+    Refresh against kernel v5.4-rc7
+  * see Changes for other changes
+
+- tcp.7: correct documentation of tcp_fack, document tcp_recovery
+- version update to 5.03
+  * New and rewritten pages
+    pidfd_open.2
+    pidfd_send_signal.2
+    pivot_root.2
+    ipc_namespaces.7
+    uts_namespaces.7
+  * Newly documented interfaces in existing pages
+    clone.2
+    Document CLONE_PIDFD
+    fanotify_mark.2
+    Document FAN_MOVE_SELF
+    ptrace.2
+    Document PTRACE_GET_SYSCALL_INFO
+    regex.3
+    Document REG_STARTEND
+  * see Changes for other changes
+
+- version update to 5.02
+  * Newly documented interfaces in existing pages
+    fanotify.7
+    fanotify_init.2
+    fanotify_mark.2
+    Matthew Bobrowski  [Amir Goldstein, Jan Kara]
+    Document FAN_REPORT_FID and directory modification events
+    vdso.7
+    Tobias Klauser  [Palmer Dabbelt]
+    Document vDSO for RISCV
+  * see Changes for more details
+
+- version update to 5.01
+  * Newly documented interfaces in existing pages
+    tsearch.3
+    Document the twalk_r() function added in glibc 2.30
+  * see Changes for more details
+
+- update to 5.00:
+  * new or rewritten pages:
+    s390_guarded_storage.2
+    address_families.7
+    bpf-helpers.7
+  * newly documented interfaces:
+    fanotify_init.2
+    fanotify.7
+    Document FAN_REPORT_TID
+    fanotify_init.2: add new flag FAN_REPORT_TID
+    fanotify.7: update description of member pid in
+    struct fanotify_event_metadata
+    Document FAN_MARK_FILESYSTEM
+    Monitor fanotify events on the entire filesystem.
+    Document FAN_OPEN_EXEC and FAN_OPEN_EXEC_PERM
+    io_submit.2
+    Document IOCB_FLAG_IOPRIO
+    msgctl.2
+    semctl.2
+    shmctl.2
+    Document STAT_ANY commands
+    prctl.2
+    Document PR_SET_SPECULATION_CTRL and PR_GET_SPECULATION_CTRL
+    sched_setattr.2
+    Document SCHED_FLAG_DL_OVERRUN and SCHED_FLAG_RECLAIM
+    socket.2
+    Document AF_XDP
+    Document AF_XDP added in Linux 4.18.
+    inotify.7
+    Document IN_MASK_CREATE
+    unix.7
+    Document SO_PASSSEC
+    Document SCM_SECURITY ancillary data
+
mtools
+- update to 4.0.43:
+  * Fix root directory test in mattrib
+  * -b BiosDisk flag for mformat to allow setting physdrive to
+    a user-specified value
+  * Clearer error message in mformat when trying to mformat a
+    disk whose total size is not known
+  * Make recursive copy more consistent
+  * Trailing slash now always implies target should be a directory
+
+- update to 4.0.42:
+  * Added postcmd attribute in drive description to allow to
+    execute "device release" code automatically at end of
+    command
+  * Code cleanup, signedness cleanup about directory entries
+
+- update to 4.0.41:
+  * Support FAT32 with less than 0xfff5 clusters
+  * Make FAT32 entries 0 and 1 match what what Windows 10 does
+
+- fix build
+- deleted patches
+  - mtools-prototypes.diff (not needed)
+
+- update to 4.0.40:
+  * Better compatibility with legacy platforms
+
+- update to 4.0.39:
+  * Rename strtoi to strosi (string to signed int). The strtoi
+    function on BSD does something else (returns an intmax, not
+    an int)
+
+- update to 4.0.38:
+  * Make sure case byte is cleared when making the special
+    directory entries "." and ".."
+  * In mattrib man page, replace "attribute flags" with "attribute
+    bits"
+
+- update to 4.0.37:
+  * Removed mclasserase commands, which doesn't fit the coding
+    structure of the rest of mtools
+  * Add support to -i option to mcd
+  * Document -i in mtools.1
+  * Fix a missing commad error in floppyd_io.c
+
+- update to 4.0.36:
+  * Fix error status of recursive listing of empty root directory
+  * If recursive listing, also show matched files at level one
+  * Use "seekless" reads & write internally, where possible
+  * Text mode conversion refactoring
+  * Misc refactoring
+- remove mtools-aliasing.diff (obsolete)
+
nfs-utils
+- Add 0032-exportfs-Ingnore-export-failures-in-nfs-server.seriv.patch
+  Inconsistencies in /etc/exports shouldn't be fatal.
+  (bsc#1212594)
+
+- Add 0030-systemd-use-correct-modprobe-d-directory
+  SLE15-SP5 an earlier don't use /usr/lib/modprobe.d
+  (bsc#1200710)
+- Add 0031-mountd-don-t-advertise-krb5-for-v4root-when-not-conf.patch
+  Avoid unhelpful warning if rpcsec_gss_krb5.ko not installed
+
+- Add 0028-mount.nfs-always-include-mountpoint-or-spec-if-error.patch
+  boo#1157881
+- Add 0029-nfsd.man-fix-typo-in-section-on-scope.patch
+  bsc#1209859
+- Allow scope to be set in sysconfig: NFSD_SCOPE
+
nghttp2
+- Fixes memory leak that happens when PUSH_PROMISE or HEADERS frame cannot be
+  sent, and nghttp2_on_stream_close_callback fails with a fatal error.
+  [CVE-2023-35945 bsc#1215713]
+  + nghttp2-CVE-2023-35945.patch
+
postfix
+- postfix: config.postfix causes too tight permission on main.cf
+  (bsc#1215372)
+
python-brotlipy
+- Fix CVE-2020-8927, integer overflow when input chunk is larger than 2GiB,
+  bsc#1175825
+  * CVE-2020-8927.patch
+
python-linux-procfs
+- update to 0.7.1:
+  * Correct VERSION number in procfs.py
+  * Use f-strings
+  * Add missing open in with statement
+  * Use sys.exit and add some docstrings
+  * Add tar.xz and asc files to gitignore
+  * Fix traceback with non-utf8 chars in the /proc/PID/cmdline
+  * Propagate error to user if a pid is completed
+  * pflags: Handle pids that completed
+  * Makefile: Add ctags
+  * Remove procfs/sysctl.py
+  * Various clean-ups
+  * Fix UnicodeDecodeError
+  * Fix more spacing problems with procfs.py
+  * procfs.py: Simplify is_s390
+  * procfs.py: Fix a few more style problems
+  * clean-ups for recent python formating regarding spacing, tabs, etc
+  * Fix to parse the number of cpus correctly on s390(x)
+
+- %python3_only -> %python_alternative
+
python3
+- Add CVE-2023-40217-avoid-ssl-pre-close.patch fixing
+  gh#python/cpython#108310, backport from upstream patch
+  gh#python/cpython#108315
+  (bsc#1214692, CVE-2023-40217)
+
qemu
-- Fix bsc#1215311:
-  * roms/ipxe: Backport 0aa2e4ec9635, in preparation of binutils 2.41 (bsc#1215311)
-
-- Fix the build for SLE/Leap:
-  * [openSUSE][RPM] Make the package buildable on SLE/Leap 15.x
-
-- Fix bsc#1211000:
-  * [openSUSE] block: Add a thread-pool version of fstat (bsc#1211000)
-  * [openSUSE] block: Convert qmp_query_block() to coroutine_fn (bsc#1211000)
-  * [openSUSE] block: Don't query all block devices at hmp_nbd_server_start (bsc#1211000)
-  * [openSUSE] block: Convert qmp_query_named_block_nodes to coroutine (bsc#1211000)
-  * [openSUSE] block: Convert bdrv_block_device_info into co_wrapper (bsc#1211000)
-  * [openSUSE] block: Convert bdrv_query_block_graph_info to coroutine (bsc#1211000)
-  * [openSUSE] block: Temporarily mark bdrv_co_get_allocated_file_size as mixed (bsc#1211000)
-  * [openSUSE] block: Allow the wrapper script to see functions declared in qapi.h (bsc#1211000)
-  * [openSUSE] block: Remove unnecessary variable in bdrv_block_device_info (bsc#1211000)
-  * [openSUSE] block: Remove bdrv_query_block_node_info (bsc#1211000)
-- Fix bsc#1213210:
-  * target/s390x: Fix the "ignored match" case in VSTRS (bsc#1213210)
-
-- Update to version 8.1.0. Full list of changes are available at:
-  https://wiki.qemu.org/ChangeLog/8.1
-  Highlights:
-  * VFIO: improved live migration support, no longer an experimental feature
-  * GTK GUI now supports multi-touch events
-  * ARM, PowerPC, and RISC-V can now use AES acceleration on host processor
-  * PCIe: new QMP commands to inject CXL General Media events, DRAM
-    events and Memory Module events
-  * ARM: KVM VMs on a host which supports MTE (the Memory Tagging Extension)
-    can now use MTE in the guest
-  * ARM: emulation support for bpim2u (Banana Pi BPI-M2 Ultra) board and
-    neoverse-v1 (Cortex Neoverse-V1) CPU
-  * ARM: new architectural feature support for: FEAT_PAN3 (SCTLR_ELx.EPAN),
-    FEAT_LSE2 (Large System Extensions v2), and experimental support for
-    FEAT_RME (Realm Management Extensions)
-  * Hexagon: new instruction support for v68/v73 scalar, and v68/v69 HVX
-  * Hexagon: gdbstub support for HVX
-  * MIPS: emulation support for Ingenic XBurstR1/XBurstR2 CPUs, and MXU
-    instructions
-  * PowerPC: TCG SMT support, allowing pseries and powernv to run with up
-    to 8 threads per core
-  * PowerPC: emulation support for Power9 DD2.2 CPU model, and perf
-    sampling support for POWER CPUs
-  * RISC-V: ISA extension support for BF16/Zfa, and disassembly support
-    for Zcm*/Z*inx/XVentanaCondOps/Xthead
-  * RISC-V: CPU emulation support for Veyron V1
-  * RISC-V: numerous KVM/emulation fixes and enhancements
-  * s390: instruction emulation fixes for LDER, LCBB, LOCFHR, MXDB, MXDBR,
-    EPSW, MDEB, MDEBR, MVCRL, LRA, CKSM, CLM, ICM, MC, STIDP, EXECUTE, and
-    CLGEBR(A)
-  * SPARC: updated target/sparc to use tcg_gen_lookup_and_goto_ptr() for
-    improved performance
-  * Tricore: emulation support for TC37x CPU that supports ISA v1.6.2
-    instructions
-  * Tricore: instruction emulation of POPCNT.W, LHA, CRC32L.W, CRC32.B,
-    SHUFFLE, SYSCALL, and DISABLE
-  * x86: CPU model support for GraniteRapids
-  * and lots more...
-- This also (automatically) fixes:
-  * bsc#1212850 (CVE-2023-3354)
-  * bsc#1213001 (CVE-2023-3255)
-  * bsc#1213925 (CVE-2023-3180)
-  * bsc#1213414 (CVE-2023-3301)
-  * bsc#1207205 (CVE-2023-0330)
-  * bsc#1212968 (CVE-2023-2861)
-  * bsc#1179993, bsc#1181740, bsc#1211697
-
-- perl-Text-Markdown is not available in all distros and for all
-  arch-es. Use discount instead
-- Patches added:
-  * [openSUSE][spec] Use discount instead of perl-Text-Markdown
-
-- Update to version 8.0.4:
-  * Official changelog not released on the mailing list yet
-  * Security issues fixed:
-  - bsc#1212850 (CVE-2023-3354)
-  - bsc#1213001 (CVE-2023-3255)
-  - bsc#1213925 (CVE-2023-3180)
-  - bsc#1207205 (CVE-2023-0330)
-
-- Fix bsc#1179993, bsc#1181740, bsc#1213001
-- Patches added:
+- Fix bsc#1213414, bsc#1207205, bsc#1212968, bsc#1179993,
+  bsc#1181740, bsc#1213001
+  * vhost-vdpa: do not cleanup the vdpa/vhost-net structures if peer nic is present (CVE-2023-3301)
+  * hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330)
+  * 9pfs: prevent opening special files (CVE-2023-2861)
+  * [openSUSE][OBS] Refine the OBS workflow for 15-SP5
-- Update to version 8.0.3:
-  * See full log: https://lists.nongnu.org/archive/html/qemu-stable/2023-07/msg00086.html
-  * Security issues fixed:
-  - 9pfs: prevent opening special files (CVE-2023-2861)
-  - vhost-vdpa (CVE-2023-3301)
-  * Use the official xkb name for Arabic layout, not the
-    legacy synonym (bsc#1212966)
-  * [openSUSE][RPM] Update to version 8.0.3
-
-- Patches added (first one is relevant for boo#1197298 and bsc#1212768):
-  * [openSUSE][RPM] Use --preserve-argv0 in qemu-linux-user (#32)
-  * [openSUSE][RPM] Split qemu-tools package (#31)
-
-- Update to version 8.0.2:
-  * Stability, security and bug fixes
-- Patch added:
-  * [openSUSE][RPM] Update to version 8.0.2
-
-- Patch added:
-  [openSUSE][RPM] Fix deps for virtiofsd and improve spec files
-
-- Update the _constraints file:
-  * the qemu-testsuite package does not exist any longer, but some
-    of the tests are done in the qemu package (so "transfer" some of
-    the constraints to that one)
-  - some of the builds are failing with OOM, happening while the RPM
-    is actually put together, at the end of the process. Try to give
-    them more RAM
-
-- Patch added:
-  [openSUSE][RPM] spec: require virtiofsd, now that it is a sep package (#27)
-
-- Update to version 8.0.0 (https://wiki.qemu.org/ChangeLog/8.0)
-  * Removed features: https://qemu-project.gitlab.io/qemu/about/removed-features.html
-  * Deprecated features: https://qemu-project.gitlab.io/qemu/about/deprecated.html
-  * Some notable changes:
-  - ARM:
-  - New emulated CPU types:
-  - Cortex-A55 CPU
-  - Cortex-R52 CPU
-  - x86
-  - Add support for Xen guests under KVM with Linux v5.12+
-  - New CPU model "SapphireRapids"
-  - VFIO
-  - Experimental migration support has been updated to the v2 VFIO migration protocol
-  - virtio
-  - virtio-mem now fully supports combining preallocation with migration
-  - vDPA
-  - Support live migration of vhost-vdpa net devices without CVQ, with no need of x-svq
-  - virtiofs
-  - The old C virtiofsd has been removed, use the new Rust implementation instead.
-  * Patches added:
-  [openSUSE][RPM] Try to avoid recommending too many packages (bsc#1205680)
-  [openSUSE][RPM] Move documentation to a subpackage and fix qemu-headless (bsc#1209629)
-  roms: add back edk2-basetools target
-  async: Suppress GCC13 false positive in aio_bh_poll()
-  [openSUSE][OBS] Limit the workflow runs to the factory branch (#25)
-  [openSUSE][RPM] Spec file adjustments for 8.0.0
+- Fix bsc#1211000
+- Patches added:
+  * Run fstat asynchronously inside coroutines (bsc#1211000)
+  * Allow bdrv_get_allocated_file_size to run in bdrv context (bsc#1211000)
+  * Convert query-named-block-nodes to coroutine (bsc#1211000)
+  * Convert query-block/info_block to coroutine (bsc#1211000)
+  * block: Convert bdrv_get_allocated_file_size() to co_wrapper (bsc#1211000)
+  * block-coroutine-wrapper.py: support also basic return types (bsc#1211000)
+  * [openSUSE][RPM] Backport some spec-file improvements from Factory
-- (Radical!) Change of packaging workflow. Now pretty much everything
-  happens via git, and interacting with https://github.com/openSUSE/qemu.git.
-  See README.PACKAGING for details
+- Fix bsc#bsc#1211697
-  linux-user: Add pidfd_open(), pidfd_send_signal() and pidfd_getfd() syscalls
+  smbios: sanitize type from external type before checking have_fields_bitmap (bsc#1211697)
+  hw/smbios: fix field corruption in type 4 table (bsc#1211697)
-  linux-user: Emulate CLONE_PIDFD flag in clone()
-  * Patches transformed in git commits:
+  test-vmstate: fix bad GTree usage, use-after-free
+  qemu/osdep: Switch position of "extern" and "G_NORETURN"
+
+- Switch the packaging workflow to git, like the one we have in place
+  already for Factory.
+  * Patches no longer present as patch files, but applied as commits:
-  acpi-cpuhp-fix-guest-visible-maximum-acc.patch
-  qemu-osdep-Switch-position-of-extern-and.patch
-  test-vmstate-fix-bad-GTree-usage-use-aft.patch
-- Enable again LTO for x86_64 target (boo#1133281).
-
-- Further fixes for bsc#1209546
-  * Patches added:
-  test-vmstate-fix-bad-GTree-usage-use-aft.patch
-
-- Fix bsc#1209546
-  * Patches added:
-  qemu-osdep-Switch-position-of-extern-and.patch
-
-- Backport the "acpi: cpuhp: fix guest-visible maximum access size
-  to the legacy reg block" patch, as it makes developing and
-  testing OVMF/EDK2 easier
-  acpi-cpuhp-fix-guest-visible-maximum-acc.patch
-- Disable -Werror as it is very sensitive when one
-  updates a new compiler. -Werror is fine for upstream development,
-  but not when it comes to stability of a package build.
-
zypper
-- Changed location of bash-complication (bsc#1213854).
+- Fix name of the bash completion script (bsc#1215007)
+  In 1.14.63 the location of the bash completion script was changed
+  to /usr/share/bash-completion/completions/. But the patch failed
+  to also rename the completion script. The original script name
+  zypper.sh is not recognized at the new location.
+- Update notes about failing signature checks (bsc#1214395)
+  It might be a transient issue if the server is in the midst of
+  receiving new data. Retry after a few minutes might work.
+- Improve the SIGINT handler to be signal safe (bsc#1214292)
+  This patch updates the SIGINT handling strategy to be signal
+  safe. Meaning the signal handler will do not much more than
+  setting a flag, which we are going to check in the normal program
+  flow as much as possible.
+- version 1.14.64
+
+- Changed location of bash completion script (bsc#1213854).