Removed rpms
============


Added rpms
==========

 - oxygen5-sounds

Package Source Changes
======================

ImageMagick
+  fix CVE-2023-1289 [bsc#1209141], segmentation fault and possible DoS via specially crafted SVG
+  + ImageMagick-CVE-2023-1289.patch
+
+- security update
+- added patches
MozillaThunderbird
+- Mozilla Thunderbird 102.9.1
+  * fixed: Thunderbird was unable to open file URLs from command
+    line (URLs beginning with "file://") (bmo#1816343)
+  * fixed: Source strings for localized builds not uploaded to
+    FTP as expected (bmo#1817086)
+  * fixed: Visual and theme improvements
+    (bmo#1821358,bmo#1822286)
+  * fixed: Security fixes
+  MFSA 2023-12 (bsc#1209953)
+  * CVE-2023-28427 (bmo#1822595)
+    Matrix SDK bundled with Thunderbird vulnerable to denial-of-
+    service attack
+
+- Mozilla Thunderbird 102.9
+  * fixed: Notification about a sender's changed OpenPGP key was
+    not immediately visible (bmo#1814003)
+  * fixed: TLS Certificate Override dialog did not appear when
+    retrieving messages via IMAP using "Get Messages" context
+    menu (bmo#1816596)
+  * fixed: Spellcheck dictionaries were missing from localized
+    Thunderbird builds that should have included them
+    (bmo#1818257)
+  * fixed: Tooltips for "Show/Hide" calendar toggle did not
+    display (bmo#1809557)
+  * fixed: Various security fixes
+  MFSA 2023-11 (bsc#1209173)
+  * CVE-2023-25751 (bmo#1814899)
+    Incorrect code generation during JIT compilation
+  * CVE-2023-28164 (bmo#1809122)
+    URL being dragged from a removed cross-origin iframe into the
+    same tab triggered navigation
+  * CVE-2023-28162 (bmo#1811327)
+    Invalid downcast in Worklets
+  * CVE-2023-25752 (bmo#1811627)
+    Potential out-of-bounds when accessing throttled streams
+  * CVE-2023-28163 (bmo#1817768)
+    Windows Save As dialog resolved environment variables
+  * CVE-2023-28176 (bmo#1808352, bmo#1811637, bmo#1815904,
+    bmo#1817442, bmo#1818674)
+    Memory safety bugs fixed in Thunderbird 102.9
+
bind
+- Update to release 9.16.38
+  Bug Fixes:
+  * A constant stream of zone additions and deletions via rndc
+    reconfig could cause increased memory consumption due to
+    delayed cleaning of view memory. This has been fixed.
+  * The speed of the message digest algorithms (MD5, SHA-1, SHA-2),
+    and of NSEC3 hashing, has been improved.
+  * Building BIND 9 failed when the --enable-dnsrps switch for
+    ./configure was used. This has been fixed.
+  [jsc#SLE-24600]
+- Updated keyring and signature
+
bluedevil5
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- No code changes since 5.27.2
+
blueman
+- Update to version 2.3.5:
+  * Right click menu was pointing to the wrong list row
+  * Double click to connect
+- Changes from version 2.3.4:
+  * Errors when connected to a device with the DisconnectItems plugin enabled
+- Changes from version 2.3.3:
+  * Issues with NM PANU connections of equally named devices
+  * Submenus in KDE Plasma tray
+  * Avoid using StatusNotifierItem and GtkStatusIcon icons in parallel
+  * Do not re-use dbusmenu item identifiers; avoids issues at least with
+    gnome-shell-extension-appindicator
+- Changes from version 2.3.2:
+  * StatusNotifierItem submenus did not work in lxqt-panel (@niknah)
+  * StatusNotifierItem vanished on panel restarts
+  * StatusNotifierItem compatibility issues with libdbusmenu used at least
+    by xfce4-panel and Waybar
+  * StatusNotifierItem showed the menu on left click in xfce4-panel
+- Changes from version 2.3.1:
+  * StatusNotifierItem sent an incomplete NewStatus signal.
+  * Avoid statusbar resize when showing progressbar
+- Changes from version 2.3.0:
+  * Blocked emblem was not visible for scales other than 1
+  * Audio profile switcher in applet menu (@abhijeetviswa)
+  * Symbolic tray icon option (GSettings switch symbolic-status-icons in
+    org.blueman.general)
+  * Replace AppIndicator with DBus StatusNotifierItem
+  * Use a GtkTreeModelFilter to show/hide unnamed devices
+  * Replace sigint hack with GLib to catch it
+  * Port meson from deprecated python3 module
+  * Rework battery handling
+  * Merge Battery applet plugin into ConnectionNotifier
+  * Symbolic icons and small UI improvements
+- Changes from version 2.2.5:
+  * Fix network interface iteration on 32 bit systems
+  * Manager: Fix cancel button in send-note dialog
+  * Fix battery and signals bars
+- Removed blueman-2.2.4-ayatana-appindicator.patch as Appindicator
+  has been replaced with DBus StatusNotifierItem
+- Dependencies.md file is no longer packaged
+
+- Do not recommend -lang package: the auto-generated -lang package
+  already contains relevant supplements.
+
+- Added iproute2 build dependency to satisfy ip requirement
+
+- Update to version 2.2.4:
+  * Dropped the PIN database.
+  * Fix that blueman-mechanism accepted arbitrary file paths and
+    returned the errors from trying to open them,
+    see https://github.com/blueman-project/blueman/security/advisories/GHSA-3r9p-m5c8-8mw8
+- Add blueman-2.2.4-ayatana-appindicator.patch: Support
+  Ayatana AppIndicators.
+- Require dbus(org.freedesktop.Notifications) instead of
+  notification-daemon.
+
+- Disable agent startup on Pantheon desktop
+
+- Update to version 2.2.3
+  * Recent connections disabled after suspend and resume
+  * Service authorization notifications did not respond
+  * Passkeys did not get displayed
+- Updates from version 2.2.2
+  * Issues with power level bars
+  * Error message in blueman-mechanism
+
+- Update to version 2.2.1
+  * New Desktop notifications on connect / disconnect
+  * New notifications with battery level for connecting devices
+  * Allow cancelling device connection attempts
+  * Allow opening device menus via keyboard (Shift+F10 or menu key)
+  * Add Ctrl+Q and Ctrl+W accelerators for closing blueman-manager
+  * Stop discovery and retry connection for broken adapter drivers
+  * Improved passkey handling
+  * Auto-connect settings for supported services
+  * Fix hide devices with no name
+  * Fix disconnecting NMDevice
+  * Fix DiscvManager plugin showed its icon unreliably
+  * Drop blueman-report, and blueman-assistant
+- Add subpackages for caja, nautilus, and nemo sendto extensions
+
-  * Security Release for CVE-2020-15238 (boo#1178196)
+  * Security Release for CVE-2020-15238 (bsc#1178196)
breeze
+- Add patches to make the window outline configurable (kde#465948):
+  * 0001-Outline-intensity-setting.patch
+  * 0002-Undo-some-string-changes-from-the-preceding-commit.patch
+
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- Changes since 5.27.2:
+  * Setting height before adding margins
+  * Calling expandSize in flat comboboxes too
+
breeze-gtk
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- Changes since 5.27.2:
+  * gtk3, gtk4: apply searchbar styles to the box inside the revealer inside the searchbar
+  * gtk3, gtk4: Make image-buttons have min-height
+  * Remove margins between linked buttons
+
discover
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- Changes since 5.27.2:
+  * rpm-ostree/notifier: Setup a watcher to trigger reboot check
+  * rpm-ostree/notifier: Fix update/reboot notification logic
+  * ApplicationPage: Allow main app info column to grow with window
+  * ApplicationPage: off-by-one in stackedLayout calc
+  * ApplicationResouceButton: place icon side-by-side to the title
+  * ApplicationResourceButton: attribute the left/right padding
+  * ApplicationPage: drop the ternary operator for buttonWidth
+  * flatpak: Use Downloading as the status for Flatpak transactions
+  * pk: Finish porting away from runservices (kde#466742)
+  * pk: Don't forget to finish streams (kde#466765)
+  * Flatpak: Fix spacing in permissions view
+  * fwupd: Mark the backend as invalid if fwupd_client_connect() fails
+- Drop patches, now upstream:
+  * 0001-pk-Don-t-forget-to-finish-streams.patch
+
drkonqi5
+- Replace '%service_del_postun -n' with '%service_del_postun_without_restart'
+
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- Changes since 5.27.2:
+  * Add emoji picker to mappings
+
firewalld
+- Fix firewall-offline-cmd fails with ERROR: Calling pre func
+  Added following patch (bsc#1206928)
+  [+ 0003-firewall-offline-cmd-fail-fix.patch]
+
gdm
+- Update gdm-fingerprint.pamd and gdm-smartcard.pamd: Before this
+  they do not really support fingerprint and smartcard, just put
+  correct configuration to make them work (bsc#1205664).
+- Enable split authentication because we have correct
+  gdm-fingerprint.pamd and gdm-smartcard.pamd.
+
+- Update gdm-disable-gnome-initial-setup.patch: Refactoring to
+  disable it on SLE runtime, so with the same executable it is
+  still possible to run on Leap (jsc#PED-1719).
+
glibc
+- amd-cacheinfo.patch: x86: Cache computation for AMD architecture
+  (bsc#1207957)
+
+- gmon-hash-table-size.patch: gmon: Fix allocated buffer overflow
+  (CVE-2023-0687, bsc#1207975, BZ #29444)
+
+- strncmp-avx2-boundary.patch: Fix avx2 strncmp offset compare condition
+  check (bsc#1208358, BZ #25933)
+
+- dlopen-filter-object.patch: elf: Allow dlopen of filter object to work
+  (bsc#1207571, BZ #16272)
+- powerpc-tst-ucontext.patch: powerpc: Fix unrecognized instruction errors
+  with recent GCC
+
google-noto-sans-cjk-fonts
+- Fix bsc#1203741: Add _constraint file to make it build (taken from Factory)
+- Use %license to store OFL license text
+
kactivitymanagerd
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- No code changes since 5.27.2
+
kcm_sddm
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- No code changes since 5.27.2
+
kde-cli-tools5
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- No code changes since 5.27.2
+
kde-gtk-config5
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- No code changes since 5.27.2
+
kernel-default
+- net: tls: fix possible race condition between
+  do_tls_getsockopt_conf() and do_tls_setsockopt_conf()
+  (bsc#1209366 CVE-2023-28466).
+- commit 3a1702c
+
+- mm: memcontrol: deprecate charge moving (bsc#1209801).
+- commit a953603
+
+- netdevice: add the case if dev is NULL (bsc#1208628).
+- Refresh
+  patches.suse/net-add-net-device-refcount-tracker-infrastructure.patch.
+- commit 726a950
+
+- Rename
+  patches.suse/locking-rwsem-Disable-preemption-in-all-down_write-a.patch.
+- commit 37a8307
+
+- Rename
+  patches.suse/locking-rwsem-Disable-preemption-in-all-down_read-an.patch.
+- commit f080340
+
+- Refresh
+  patches.suse/locking-rwsem-Prevent-non-first-waiter-from-spinning.patch.
+- commit af52be6
+
+- Delete patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1209681)
+  linux-firmware tree finally provides iwlwifi-*-72.ucode, and more badly,
+  they dropped *-71.ucode, hence the workaround leads to the firmware load
+  failure.  Drop the old workaround now.
+- commit dc4368f
+
+- net/sched: tcindex: update imperfect hash filters respecting
+  rcu (CVE-2023-1281 bsc#1209634).
+- commit aced962
+
+- Update
+  patches.suse/Revert-block-freeze-the-queue-earlier-in-del_gendisk-4c66.patch
+  (git-fixes bsc#1208921).
+- commit b2c9582
+
+- prlimit: do_prlimit needs to have a speculation check
+  (bsc#1209256 CVE-2017-5753).
+- commit b7234d1
+
+- Revert "block: freeze the queue earlier in del_gendisk"
+  (git-fixes).
+- commit 6b26f6b
+
kernel-kvmsmall
+- net: tls: fix possible race condition between
+  do_tls_getsockopt_conf() and do_tls_setsockopt_conf()
+  (bsc#1209366 CVE-2023-28466).
+- commit 3a1702c
+
+- mm: memcontrol: deprecate charge moving (bsc#1209801).
+- commit a953603
+
+- netdevice: add the case if dev is NULL (bsc#1208628).
+- Refresh
+  patches.suse/net-add-net-device-refcount-tracker-infrastructure.patch.
+- commit 726a950
+
+- Rename
+  patches.suse/locking-rwsem-Disable-preemption-in-all-down_write-a.patch.
+- commit 37a8307
+
+- Rename
+  patches.suse/locking-rwsem-Disable-preemption-in-all-down_read-an.patch.
+- commit f080340
+
+- Refresh
+  patches.suse/locking-rwsem-Prevent-non-first-waiter-from-spinning.patch.
+- commit af52be6
+
+- Delete patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1209681)
+  linux-firmware tree finally provides iwlwifi-*-72.ucode, and more badly,
+  they dropped *-71.ucode, hence the workaround leads to the firmware load
+  failure.  Drop the old workaround now.
+- commit dc4368f
+
+- net/sched: tcindex: update imperfect hash filters respecting
+  rcu (CVE-2023-1281 bsc#1209634).
+- commit aced962
+
+- Update
+  patches.suse/Revert-block-freeze-the-queue-earlier-in-del_gendisk-4c66.patch
+  (git-fixes bsc#1208921).
+- commit b2c9582
+
+- prlimit: do_prlimit needs to have a speculation check
+  (bsc#1209256 CVE-2017-5753).
+- commit b7234d1
+
+- Revert "block: freeze the queue earlier in del_gendisk"
+  (git-fixes).
+- commit 6b26f6b
+
kgamma5
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- No code changes since 5.27.2
+
khotkeys5
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- No code changes since 5.27.2
+
kmenuedit5
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- No code changes since 5.27.2
+
kpipewire
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- Changes since 5.27.2:
+  * Guard m_producer
+  * stream: better fallback for BGR formats when downloading into a QImage
+  * stream: Fix support of SPA_VIDEO_FORMAT_RGB
+  * recording: Drop unnecessary conditional
+  * recording: use "good" deadline rather than quality that is deprecated upstream
+  * recording: Make bitrate depend on the stream size
+
kscreen5
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- Changes since 5.27.2:
+  * kded/output: with duplicate edid hashes, use different global config files (kde#452614,kde#448599)
+
kscreenlocker
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- No code changes since 5.27.2
+
ksshaskpass5
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- No code changes since 5.27.2
+
ksystemstats5
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- No code changes since 5.27.2
+
kwayland-integration
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- No code changes since 5.27.2
+
kwin5
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- Changes since 5.27.2:
+  * colordevice: default the simple transformations to 1
+  * backends/drm: fail commits if nonexistent properties would be set
+  * backends/drm: ignore opaque formats for the cursor plane
+  * Forward keymap and modifier change to input method keyboard grab when changed.
+  * inputmethod: Show the input method even if it was dismissed (kde#466969)
+  * backends/drm: support CTM for simple color transformations (kde#455720)
+  * xwayland: Prevent potential file descriptor leak
+  * wayland: Prevent leaking --wayland-fd and --xwayland-fd to child processes
+  * helper: Don't leak lock file to kwin_wayland
+  * backends/wayland: Don't leak renderD128 fd
+  * backends/wayland: Don't leak WaylandEventThread's pipe fds
+  * Fix text-input-v1 compatibility with 111.0.5563.64-1
+  * input: Make sure input backends are initialised when the workspace is set up (kde#466721)
+  * Tabbox: Fix grouping windows by application
+  * scene: Use correct scale when computing world transform
+  * wayland: Fix interactive resize of debug console
+  * kscreenintegration: read global output data
+  * workspace: move kscreen integration into separate files
+  * screencast: Try harder to be compatible with the pipewire buffer format
+  * screencasting: on memfd, skip the QImage step (kde#466655)
+  * TabBox: Avoid unnecesary resets of the client model (kde#466660)
+  * wayland: Cancel selections if set without focus
+  * windowitem: properly handle sub-subsurfaces (kde#466747)
+  * tabletmodemanager: properly export properties
+  * Enable GLSL for Mali (Lima) / PinePhone devices
+
kwrited5
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- No code changes since 5.27.2
+
layer-shell-qt
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- No code changes since 5.27.2
+
libheif
+- security update
+- added patches
+  fix CVE-2023-0996 [bsc#1208640], buffer overflow in heif_js_decode_image in libheif
+  + libheif-CVE-2023-0996.patch
+
+- fixed CVE-2020-23109 [bsc#1192382]
+  (bca0162018df9a32d21c05aad1fa203881fa7813)
libkdecoration2
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- No code changes since 5.27.2
+
libkscreen2
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- Changes since 5.27.2:
+  * libdpms/wayland: Do not create dpms interfaces for placeholder QScreens (kde#466674)
+  * dpms/xcb: Make sure we are setting it as unsupported when it is (kde#466181)
+  * backends/wayland: Round passed scale
+
libksysguard5
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- No code changes since 5.27.2
+
liblouis
+- Add liblouis-CVE-2023-26769.patch: Check the path length before
+  copying into tableFile(CVE-2023-26769 bsc#1209432).
+
+- Add liblouis-CVE-2023-26767.patch: Check the length of path before
+  copying into dataPath(CVE-2023-26767 bsc#1209429).
+
-  compilePassOpcode (boo#1197085 CVE-2022-26981).
+  compilePassOpcode (bsc#1197085 CVE-2022-26981).
-  write in compileRule (boo#1200120 CVE-2022-31783).
+  write in compileRule (bsc#1200120 CVE-2022-31783).
libqt5-qtbase
+- Update to version 5.15.8+kde185:
+  * QFSFileEngine: fix overflow bug when using lseek64
+  * Add QImage null check when QOpenGLTexture converts
+- Add patch to fix return key handling in QGroupBox on GNOME (bsc#1209364):
+  * 0001-Revert-QGnomeTheme-Allow-Space-Return-Enter-and-Sele.patch
+- Add patch to fix XInput2 events in big-endian X11 clients (bsc#1204883, QTBUG-105157):
+  * big-endian-scroll.patch
+
libstorage-ng
+- Translated using Weblate (Portuguese (Brazil)) (bsc#1149754)
+- 4.5.92
+
+- merge gh#openSUSE/libstorage-ng#922
+- add PCIe as disk transport
+- 4.5.91
+
+- merge gh#openSUSE/libstorage-ng#921
+- fixed setting sysfs-name for partitions on nvme disks
+- 4.5.90
+
+- Translated using Weblate (Georgian) (bsc#1149754)
+- 4.5.89
+
+- Translated using Weblate (Polish) (bsc#1149754)
+- 4.5.88
+
mdadm
+- sysconfig.mdadm: Remove ServiceRestart line to mdadm since there
+  is not such systemd service. (bsc#1203491)
+
milou5
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- No code changes since 5.27.2
+
openssl-1_1
+- Security Fix: [CVE-2023-0465, bsc#1209878]
+  * Invalid certificate policies in leaf certificates are silently ignored
+  * Add openssl-CVE-2023-0465.patch
+- Security Fix: [CVE-2023-0466, bsc#1209873]
+  * Certificate policy check not enabled
+  * Add openssl-CVE-2023-0466.patch
+
+- Security Fix: [CVE-2023-0464, bsc#1209624]
+  * Excessive Resource Usage Verifying X.509 Policy Constraints
+  * Add openssl-CVE-2023-0464.patch
+
+- FIPS: Service-level indicator [bsc#1208998]
+  * Add additional check required by FIPS 140-3. Minimum values for
+    PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for
+    iteration count and 20 characters for password.
+  * Add openssl-1_1-ossl-sli-008-pbkdf2-salt_pass_iteration.patch
+
openvpn
+- bsc#1202792: --enable-iproute2 added back as default option.
+
pam_kwallet
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- No code changes since 5.27.2
+
patterns-gnome
+- Require xorg-x11-fonts to fix gnome-shell starting failure (bsc#1203966)
+
pkcs11-helper
+- Added pkcs11-helper_support-RSA_NO_PADDING-padding.patch
+  * Fixes bsc#1175219
+  * Adds support for openssl's RSA_NO_PADDING padding
+  * Sourced from https://github.com/OpenSC/pkcs11-helper/commit/c192bb48
+
-- remove static libraries and "la" files
-- fix -devel package dependencies and pkgconfig file
-
plasma-browser-integration
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- No code changes since 5.27.2
+
plasma-nm5
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- Changes since 5.27.2:
+  * Don't crash when importing VPN config with missing NetworkManager plugin (kde#465484)
+  * [kcm] Show VPN import error in the UI
+
plasma5-addons
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- No code changes since 5.27.2
+
plasma5-desktop
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- Changes since 5.27.2:
+  * Partly revert "make sure screen numbers are consecutive" (kde#464873)
+
plasma5-disks
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- No code changes since 5.27.2
+
plasma5-integration
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- Changes since 5.27.2:
+  * Revert "extend kio with portal-based open-with implementation" (kde#460741)
+
plasma5-openSUSE
+- Update to 5.27.3
+
plasma5-pa
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- Changes since 5.27.2:
+  * kcm: Fix visuals when testing non-standard channel names
+  * kcm: Fix missing id and implicit parameter signal handler (kde#466075)
+
plasma5-systemmonitor
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- No code changes since 5.27.2
+
plasma5-thunderbolt
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- No code changes since 5.27.2
+
plasma5-workspace
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- Changes since 5.27.2:
+  * klipper: remove duplicate items when loading from history (kde#466236)
+  * kcms/region_language: set LC_PAPER, not LC_PAGE (kde#467269)
+  * Screenpool: avoid uniqueConnection with lambda
+  * kcms/fonts: Enable change notifications for base fonts settings (forceFontDPI)
+  * sddm-theme: Transfer the focus to the text field as we show the OSK (kde#466969)
+  * appstreamtest: fix test failure
+  * wallpapers/image: improve efficiency of ImageFinder
+  * klipper: Make action menu Frameless (kde#466406)
+  * dataengines/mpris2: tolerate non-standards compliant players like mpris-proxy (kde#466288)
+  * klipper: History test passes now
+  * klipper: Insert items before remove (kde#466041)
+  * sddm: Focus something useful when switching between alternative login screens
+
polkit-kde-agent-5
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- No code changes since 5.27.2
+
powerdevil5
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- Changes since 5.27.2:
+  * Suspend by default on AC profile
+  * Use correct tablet mode function to determine mobile-ness
+
shim
-- Update the SLE signatures
+- Updated shim signature after shim 15.7 be signed back:
+  signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458)
+
+- Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to
+  disable the NX compatibility flag when using post-process-pe because
+  grub2 is not ready. (bsc#1205588)
+  - Kernel can boot with the NX compatibility flag since 82e0d6d76a2a7
+    be merged to v5.19. On the other hand, upstream is working on
+    improve compressed kernel stage for NX:
+    [PATCH v3 00/24] x86_64: Improvements at compressed kernel stage
+    https://www.spinics.net/lists/kernel/msg4599636.html
+
+- Add shim-Enable-the-NX-compatibility-flag-by-default.patch to
+  enable the NX compatibility flag by default. (jsc#PED-127)
+
+- Drop upstreamed patch:
+  - shim-Enable-TDX-measurement-to-RTMR-register.patch
+  - Enable TDX measurement to RTMR register (jsc#PED-1273)
+  - 4fd484e4c2	15.7
+
+- Update to 15.7 (bsc#1198458)(jsc#PED-127)
+  - Patches (git log --oneline --reverse 15.6..15.7)
+  0eb07e1 Make SBAT variable payload introspectable
+  092c2b2 Reference MokListRT instead of MokList
+  8b59b69 Add a link to the test plan in the readme.
+  4fd484e Enable TDX measurement to RTMR register
+  14d6339 Discard load-options that start with a NUL
+  5c537b3 shim: Flush the memory region from i-cache before execution
+  2d4ebb5 load_cert_file: Fix stack issue
+  ea4911c load_cert_file: Use EFI RT memory function
+  0cf43ac Add -malign-double to IA32 compiler flags
+  17f0233 pe: Fix image section entry-point validation
+  5169769 make-archive: Build reproducible tarball
+  aa1b289 mok: remove MokListTrusted from PCR 7
+  53509ea CryptoPkg/BaseCryptLib: fix NULL dereference
+  616c566 More coverity modeling
+  ea0d0a5 Update shim's .sbat to sbat,3
+  dd8be98 Bump grub's sbat requirement to grub,3
+  1149161 (HEAD -> main, tag: 15.7, origin/main, origin/HEAD) Update version to 15.7
+  - 15.7 release note https://github.com/rhboot/shim/releases
+  Make SBAT variable payload introspectable by @chrisccoulson in #483
+  Reference MokListRT instead of MokList by @esnowberg in #488
+  Add a link to the test plan in the readme. by @vathpela in #494
+  [V3] Enable TDX measurement to RTMR register by @kenplusplus in #485
+  Discard load-options that start with a NUL by @frozencemetery in #505
+  load_cert_file bugs by @esnowberg in #523
+  Add -malign-double to IA32 compiler flags by @nicholasbishop in #516
+  pe: Fix image section entry-point validation by @iokomin in #518
+  make-archive: Build reproducible tarball by @julian-klode in #527
+  mok: remove MokListTrusted from PCR 7 by @baloo in #519
+  - Drop upstreamed patch:
+  - shim-bsc1177789-fix-null-pointer-deref-AuthenticodeVerify.patch
+  - Cryptlib/CryptAuthenticode: fix NULL pointer dereference in  AuthenticodeVerify()
+  - 53509eaf22	15.7
+  - shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch
+  - For backporting the following patches between 15.6 with aa1b289a1a (jsc#PED-127)
+  - The following patches are merged to 15.7
+  aa1b289a1a mok: remove MokListTrusted from PCR 7
+  0cf43ac6d7 Add -malign-double to IA32 compiler flags
+  ea4911c2f3 load_cert_file: Use EFI RT memory function
+  2d4ebb5a79 load_cert_file: Fix stack issue
+  5c537b3d0c shim: Flush the memory region from i-cache before execution
+  14d6339829 Discard load-options that start with a NUL
+  092c2b2bbe Reference MokListRT instead of MokList
+  0eb07e11b2 Make SBAT variable payload introspectable
+
+- Update shim.changes, added missed shim 15.6-rc1 and 15.6 changelog to
+  the item in Update to 15.6. (bsc#1198458)
+
+- Add shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch for backporting the following
+  patches between 15.6 with aa1b289a1a (jsc#PED-127):
+    aa1b289a1a16774afc3143b8948d97261f0872d0 mok: remove MokListTrusted from PCR 7
+    0cf43ac6d78c6f47f8b91210639ac1aa63665f0b Add -malign-double to IA32 compiler flags
+    ea4911c2f3ce8f8f703a1476febac86bb16b00fd load_cert_file: Use EFI RT memory function
+    2d4ebb5a798aafd3b06d2c3cb9c9840c1caa41ef load_cert_file: Fix stack issue
+    5c537b3d0cf8c393dad2e61d49aade68f3af1401 shim: Flush the memory region from i-cache before execution
+    14d63398298c8de23036a4cf61594108b7345863 Discard load-options that start with a NUL
+    092c2b2bbed950727e41cf450b61c794881c33e7 Reference MokListRT instead of MokList
+    0eb07e11b20680200d3ce9c5bc59299121a75388 Make SBAT variable payload introspectable
+
+- Add shim-Enable-TDX-measurement-to-RTMR-register.patch to support
+  enhance shim measurement to TD RTMR. (jsc#PED-1273)
+
+- For pushing openSUSE:Factory/shim to SLE15-SP5, sync the shim.spec
+  and shim.changes: (jsc#PED-127)
+  - Add some change log from SLE shim.changes to Factory shim.changes
+    Those messages are added "(sync shim.changes from SLE)" tag.
+  - Add the following changes to shim.spec
+  - only apply Patch100, the shim-bsc1198101-opensuse-cert-prompt.patch
+    on openSUSE.
+  - Enable the AArch64 signature check for SLE:
+  [#] AArch64 signature
+  signature=%{SOURCE13}
+
+- shim-install: ensure grub.cfg created is not overwritten after
+  installing grub related files
+
+- Add logic to shim.spec to only set sbat policy when efivarfs is writeable.
+  (bsc#1201066)
+
+- Add logic to shim.spec for detecting --set-sbat-policy option before
+  using mokutil to set sbat policy. (bsc#1202120)
+
+- Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282)
+
+- Revoked the change in shim.spec for "use common SBAT values (boo#1193282)"
+  - we need to build openSUSE Tumbleweed's shim on Leap 15.4 because Factory
+    is unstable for building out a stable shim binary for signing. (bsc#1198458)
+  - But the rpm-config-suse package in Leap 15.4 is direct copied from SLE 15.4
+    because closing-the-leap-gap. So sbat_distro_* variables are SLE version,
+    not for openSUSE. (bsc#1198458)
+
+- Update to 15.6 (bsc#1198458)
+  - shim-15.6.tar.bz2 is downloaded from bsc#1198458#c76
+    which is from upstream grub2.cve_2021_3695.ms keybase channel.
+  - For building 15.6~rc1 aarch64 image (d6eb9c6 Modernize aarch64), objcopy needs to
+    support efi-app-aarch64 target. So we need the following patches in bintuils:
+  - binutils-AArch64-Add-support-for-AArch64-EFI-efi-aarch64.patch
+    b69c9d41e8 AArch64: Add support for AArch64 EFI (efi-*-aarch64).
+  - binutils-Re-AArch64-Add-support-for-AArch64-EFI-efi-aarch64.patch
+    32384aa396 Re: AArch64: Add support for AArch64 EFI (efi-*-aarch64)
+  - binutils-Re-Add-support-for-AArch64-EFI-efi-aarch64.patch
+    d91c67e873 Re: Add support for AArch64 EFI (efi-*-aarch64)
+  - Patches (git log --oneline --reverse 15.5~..77144e5a4)
+    448f096 MokManager: removed Locate graphic output protocol fail error message (bsc#1193315, bsc#1198458)
+    a2da05f shim: implement SBAT verification for the shim_lock protocol
+    bda03b8 post-process-pe: Fix a missing return code check
+    af18810 CI: don't cancel testing when one fails
+    ba580f9 CI: remove EOL Fedoras from github actions
+    bfeb4b3 Remove aarch64 build tests before f35
+    38cc646 CI: Add f36 and centos9 CI build tests.
+    b5185cb post-process-pe: Fix format string warnings on 32-bit platforms
+    31094e5 tests: also look for system headers in multi-arch directories
+    4df989a mock-variables.c: fix gcc warning
+    6aac595 test-str.c: fix gcc warnings with FORTIFY_SOURCE enabled
+    2670c6a Allow MokListTrusted to be enabled by default
+    5c44aaf Add code of conduct
+    d6eb9c6 Modernize aarch64
+    9af50c1 Use ASCII as fallback if Unicode Box Drawing characters fail
+    de87985 make: don't treat cert.S specially
+    803dc5c shim: use SHIM_DEVEL_VERBOSE when built in devel mode
+    6402f1f SBAT matching: Break out of the inner sbat loop if we find the entry.
+    bb4b60e Add verify_image
+    acfd48f Abstract out image reading
+    35d7378 Load additional certs from a signed binary
+    8ce2832 post-process-pe: there is no 's' argument.
+    465663e Add some missing PE image flag definitions
+    226fee2 PE Loader: support and require NX
+    df96f48 Add MokPolicy variable and MOK_POLICY_REQUIRE_NX
+    b104fc4 post-process-pe: set EFI_IMAGE_DLLCHARACTERISTICS_NX_COMPAT
+    f81a7cc SBAT revocation management
+    abe41ab make: unbreak scan-build again for gnu-efi
+    610a1ac sbat.h: minor reformatting for legibility
+    f28833f peimage.h: make our signature macros force the type
+    5d789ca Always initialize data/datasize before calling read_image()
+    a50d364 sbat policy: make our policy change actions symbolic
+    5868789 load_certs: trust dir->Read() slightly less.
+    a78673b mok.c: fix a trivial dead assignment
+    759f061 Fix preserve_sbat_uefi_variable() logic
+    aa61fdf Give the Coverity scanner some more GCC blinders...
+    0214cd9 load_cert_file(): don't defererence NULL
+    1eca363 mok import: handle OOM case
+    75449bc sbat: Make nth_sbat_field() honor the size limit
+    c0bcd04 shim-15.6~rc1
+    77144e5 SBAT Policy latest should be a one-shot
+  - 15.5 release note https://github.com/rhboot/shim/releases
+  Broken ia32 relocs and an unimportant submodule change. by @vathpela in #357
+  mok: allocate MOK config table as BootServicesData by @lcp in #361
+  Don't call QueryVariableInfo() on EFI 1.10 machines by @vathpela in #364
+  Relax the check for import_mok_state() by @lcp in #372
+  SBAT.md: trivial changes by @hallyn in #389
+  shim: another attempt to fix load options handling by @chrisccoulson in #379
+  Add tests for our load options parsing. by @vathpela in #390
+  arm/aa64: fix the size of .rela* sections by @lcp in #383
+  mok: fix potential buffer overrun in import_mok_state by @jyong2 in #365
+  mok: relax the maximum variable size check by @lcp in #369
+  Don't unhook ExitBootServices when EBS protection is disabled by @sforshee in #378
+  fallback: find_boot_option() needs to return the index for the boot entry in optnum by @jsetje in #396
+  httpboot: Ignore case when checking HTTP headers by @frozencemetery in #403
+  Fallback allocation errors by @vathpela in #402
+  shim: avoid BOOTx64.EFI in message on other architectures by @xypron in #406
+  str: remove duplicate parameter check by @xypron in #408
+  fallback: add compile option FALLBACK_NONINTERACTIVE by @xnox in #359
+  Test mok mirror by @vathpela in #394
+  Modify sbat.md to help with readability. by @eshiman in #398
+  csv: detect end of csv file correctly by @xypron in #404
+  Specify that the .sbat section is ASCII not UTF-8 by @daxtens in #413
+  tests: add "include-fixed" GCC directory to include directories by @diabonas in #415
+  pe: simplify generate_hash() by @xypron in #411
+  Don't make shim abort when TPM log event fails (RHBZ #2002265) by @rmetrich in #414
+  Fallback to default loader if parsed one does not exist by @julian-klode in #393
+  fallback: Fix for BootOrder crash when index returned by find_boot_option() is not in current BootOrder list by @rmetrich in #422
+  Better console checks by @vathpela in #416
+  docs: update SBAT UEFI variable name by @nicholasbishop in #421
+  Don't parse load options if invoked from removable media path by @julian-klode in #399
+  fallback: fix fallback not passing arguments of the first boot option by @martinezjavier in #433
+  shim: Don't stop forever at "Secure Boot not enabled" notification by @rmetrich in #438
+  Shim 15.5 coverity by @vathpela in #439
+  Allocate mokvar table in runtime memory. by @vathpela in #447
+  Remove post-process-pe on 'make clean' by @vathpela in #448
+  pe: missing perror argument by @xypron in #443
+  - 15.6-rc1 release note https://github.com/rhboot/shim/releases
+  MokManager: removed Locate graphic output protocol fail error message by @joeyli in #441
+  shim: implement SBAT verification for the shim_lock protocol by @chrisccoulson in #456
+  post-process-pe: Fix a missing return code check by @vathpela in #462
+  Update github actions matrix to be more useful by @frozencemetery in #469
+  Add f36 and centos9 CI builds by @vathpela in #470
+  post-process-pe: Fix format string warnings on 32-bit platforms by @steve-mcintyre in #464
+  tests: also look for system headers in multi-arch directories by @steve-mcintyre in #466
+  tests: fix gcc warnings by @akodanev in #463
+  Allow MokListTrusted to be enabled by default by @esnowberg in #455
+  Add code of conduct by @frozencemetery in #427
+  Re-add ARM AArch64 support by @vathpela in #468
+  Use ASCII as fallback if Unicode Box Drawing characters fail by @vathpela in #428
+  make: don't treat cert.S specially by @vathpela in #475
+  shim: use SHIM_DEVEL_VERBOSE when built in devel mode by @vathpela in #474
+  Break out of the inner sbat loop if we find the entry. by @vathpela in #476
+  Support loading additional certificates by @esnowberg in #446
+  Add support for NX (W^X) mitigations. by @vathpela in #459
+  Misc fixups from scan-build. by @vathpela in #477
+  Fix preserve_sbat_uefi_variable() logic by @jsetje in #478
+  - 15.6 release note https://github.com/rhboot/shim/releases
+  MokManager: removed Locate graphic output protocol fail error message by @joeyli in #441
+  shim: implement SBAT verification for the shim_lock protocol by @chrisccoulson in #456
+  post-process-pe: Fix a missing return code check by @vathpela in #462
+  Update github actions matrix to be more useful by @frozencemetery in #469
+  Add f36 and centos9 CI builds by @vathpela in #470
+  post-process-pe: Fix format string warnings on 32-bit platforms by @steve-mcintyre in #464
+  tests: also look for system headers in multi-arch directories by @steve-mcintyre in #466
+  tests: fix gcc warnings by @akodanev in #463
+  Allow MokListTrusted to be enabled by default by @esnowberg in #455
+  Add code of conduct by @frozencemetery in #427
+  Re-add ARM AArch64 support by @vathpela in #468
+  Use ASCII as fallback if Unicode Box Drawing characters fail by @vathpela in #428
+  make: don't treat cert.S specially by @vathpela in #475
+  shim: use SHIM_DEVEL_VERBOSE when built in devel mode by @vathpela in #474
+  Break out of the inner sbat loop if we find the entry. by @vathpela in #476
+  Support loading additional certificates by @esnowberg in #446
+  Add support for NX (W^X) mitigations. by @vathpela in #459
+  Misc fixups from scan-build. by @vathpela in #477
+  Fix preserve_sbat_uefi_variable() logic by @jsetje in #478
+  SBAT Policy latest should be a one-shot by @jsetje in #481
+  pe: Fix a buffer overflow when SizeOfRawData > VirtualSize by @chriscoulson
+  pe: Perform image verification earlier when loading grub by @chriscoulson
+  Update advertised sbat generation number for shim by @jsetje
+  Update SBAT generation requirements for 05/24/22 by @jsetje
+  Also avoid CVE-2022-28737 in verify_image() by @vathpela
+  - Drop upstreamed patch:
+  - shim-bsc1184454-allocate-mok-config-table-BS.patch
+  - Allocate MOK config table as BootServicesData to avoid the error message
+  from linux kernel
+  - 4068fd42c8		15.5-rc1~70
+  - shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch
+  - Handle ignore_db and user_insecure_mode correctly
+  - 822d07ad4f07		15.5-rc1~73
+  - shim-bsc1185621-relax-max-var-sz-check.patch
+  - Relax the maximum variable size check for u-boot
+  - 3f327f546c219634b2	15.5-rc1~49
+  - shim-bsc1185261-relax-import_mok_state-check.patch
+  - Relax the check for import_mok_state() when Secure Boot is off
+  - 9f973e4e95b113	15.5-rc1~67
+  - shim-bsc1185232-relax-loadoptions-length-check.patch
+  - Relax the check for the LoadOptions length
+  - ada7ff69bd8a95	15.5-rc1~52
+  - shim-fix-aa64-relsz.patch
+  - Fix the size of rela* sections for AArch64
+  - 34e3ef205c5d65	15.5-rc1~51
+  - shim-bsc1187260-fix-efi-1.10-machines.patch
+  - Don't call QueryVariableInfo() on EFI 1.10 machines
+  - 493bd940e5		15.5-rc1~69
+  - shim-bsc1185232-fix-config-table-copying.patch
+  - Avoid buffer overflow when copying the MOK config table
+  - 7501b6bb44		15.5-rc1~50
+  - shim-bsc1187696-avoid-deleting-rt-variables.patch
+  - Avoid deleting the mirrored RT variables
+  - b1fead0f7c9		15.5-rc1~37
+  - Add "rm -f *.o" after building MokManager/fallback in shim.spec
+    to make sure all object files gets rebuilt
+  - reference: https://github.com/rhboot/shim/pull/461
+- The following fix-CVE-2022-28737-v6 patches against bsc#1198458 are included
+  in shim-15.6.tar.bz2
+  - shim-bsc1198458-pe-Fix-a-buffer-overflow-when-SizeOfRawData-VirtualS.patch
+    pe: Fix a buffer overflow when SizeOfRawData VirtualSize
+  - shim-bsc1198458-pe-Perform-image-verification-earlier-when-loading-g.patch
+    pe: Perform image verification earlier when loading grub
+  - shim-bsc1198458-Update-advertised-sbat-generation-number-for-shim.patch
+    Update advertised sbat generation number for shim
+  - shim-bsc1198458-Update-SBAT-generation-requirements-for-05-24-22.patch
+    Update SBAT generation requirements for 05/24/22
+  - shim-bsc1198458-Also-avoid-CVE-2022-28737-in-verify_image.patch
+    Also avoid CVE-2022-28737 in verify_image()
+  - 0006-shim-15.6-rc2.patch
+  - 0007-sbat-add-the-parsed-SBAT-variable-entries-to-the-deb.patch
+    sbat: add the parsed SBAT variable entries to the debug log
+  - 0008-bump-version-to-shim-15.6.patch
+- Add mokutil command to post script for setting sbat policy to latest mode
+  when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created.
+  (bsc#1198458)
+- Add shim-bsc1198101-opensuse-cert-prompt.patch back to openSUSE shim to
+  show the prompt to ask whether the user trusts openSUSE certificate or not
+  (bsc#1198101)
+- Updated vendor dbx binary and script (bsc#1198458)
+  - Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding
+    SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
+  - Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding
+    openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
+  - Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt
+    and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment.
+  - Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin
+    file which includes all .der for testing environment.
+
+- use common SBAT values (boo#1193282)
+
+- Update the SLE signatures (sync shim.changes from SLE)
+(sync shim.changes from SLE)
+- Add shim-bsc1185232-fix-config-table-copying.patch to avoid
+  buffer overflow when copying data to the MOK config table
+  (bsc#1185232)
+
+- Add shim-disable-export-vendor-dbx.patch to disable exporting
+  vendor-dbx to MokListXRT since writing a large RT variable
+  could crash some machines (bsc#1185261)
+- Add shim-bsc1187260-fix-efi-1.10-machines.patch to avoid the
+  potential crash when calling QueryVariableInfo in EFI 1.10
+  machines (bsc#1187260)
+
+- Add shim-fix-aa64-relsz.patch to fix the size of rela sections
+  for AArch64
+  Fix: https://github.com/rhboot/shim/issues/371
+
+- Add shim-bsc1185232-relax-loadoptions-length-check.patch to
+  ignore the odd LoadOptions length (bsc#1185232)
+
+- shim-install: reset def_shim_efi to "shim.efi" if the given
+  file doesn't exist
+
+- Add shim-bsc1185261-relax-import_mok_state-check.patch to relax
+  the check for import_mok_state() when Secure Boot is off.
+  (bsc#1185261)
+
+  (sync shim.changes from SLE)
+
+- Add shim-bsc1185621-relax-max-var-sz-check.patch to relax the
+  maximum variable size check for u-boot (bsc#1185621)
+
+- Add shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch
+  to handle ignore_db and user_insecure_mode correctly
+  (bsc#1185441, bsc#1187071)
+
+- Split the keys in vendor-dbx.bin to vendor-dbx-sles and
+  vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce
+  the size of MokListXRT (bsc#1185261)
+  + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz
-- Enable the AArch64 signature check for SLE
+- Enable the AArch64 signature check for SLE (sync shim.changes from SLE)
-- Update the SLE signatures
+- Update the SLE signatures (sync shim.changes from SLE)
smartmontools
+- fix smartctl crash for an NVMe on big endian systems [bsc#1208905]
+- added patches
+  fix https://www.smartmontools.org/changeset/5448
+  + smartmontools-smartctl-NVMe-big-endian.patch
+
systemd
+- Import commit dad0071f15341be2b24c2c9d073e62617e0b46733 (merge of v249.16)
+
+- Fix return non-zero value when disabling SysVinit service (bsc#1208432)
+
+- Drop build requirement on libpci, it's not more needed since udev hwdb was
+  introduced 11 years ago.
+
+- Move systemd-boot and all components managing (secure) UEFI boot into udev
+  sub-package: they may deserve a dedicated sub-package in the future but for
+  now move them to udev so they aren't installed in systemd based containers.
+
systemsettings5
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- No code changes since 5.27.2
+
tigervnc
+- Fixes for bsc#1209283
+  * Drop chown vnc:vnc calls in with-vnc-key.sh
+  * Add TLSNone to -securitytypes to increase security in xvnc@.service
+
xdg-desktop-portal-kde
+- Update to 5.27.3
+  * New bugfix release
+  * For more details please see:
+  * https://kde.org/announcements/plasma/5/5.27.3
+- Changes since 5.27.2:
+  * Fix cursor and borders selectors in screenshot dialog
+
xen
+- bsc#1209017 - VUL-0: CVE-2022-42332: xen: x86 shadow plus
+  log-dirty mode use-after-free (XSA-427)
+  xsa427.patch
+- bsc#1209018 - VUL-0: CVE-2022-42333,CVE-2022-42334: xen: x86/HVM
+  pinned cache attributes mis-handling (XSA-428)
+  xsa428-1.patch
+  xsa428-2.patch
+- bsc#1209019 - VUL-0: CVE-2022-42331: xen: x86: speculative
+  vulnerability in 32bit SYSCALL path (XSA-429)
+  xsa429.patch
+
xorg-x11-server
+- U_xserver-composite-Fix-use-after-free-of-the-COW.patch
+  * overlay window use-after-free (CVE-2023-1393, ZDI-CAN-19866,
+    bsc#1209543)
+
xwayland
+- U_xserver-composite-Fix-use-after-free-of-the-COW.patch
+  * overlay window use-after-free (CVE-2023-1393, ZDI-CAN-19866,
+    bsc#1209543)
+
yast2-snapper
+- Fixed translations: Moved variable message part out of _(...)
+  (bsc#1209956)
+- 4.5.1
+
yast2-storage-ng
+- Fix the translation of widgets titles in the dialog to select
+  a partitioning scheme (bsc#1209697).
+- 4.5.19
+
yast2-users
+- Stop mangling the value of "Create as Btrfs Subvolume" for new
+  users when clicking on "Edit -> Details" (bsc#1209377).
+- 4.5.4
+
+- AutoYaST: Fix creation of home for system users (bsc#1202974).
+
zstd
+- Fix CVE-2022-4899, bsc#1209533
+  * Fix buffer underflow when dir1 == ""
+  * Disallow empty string as an argument for --output-dir-flat=""
+  and --output-dir-mirror="".
+- Added patches:
+  * Disallow-empty-output-directory.patch
+  * Fix-buffer-underflow-for-null-dir1.patch
+