Packages changed:
  MicroOS-release (20250410 -> 20250411)
  cyrus-sasl
  docker
  ethtool (6.11 -> 6.14)
  iproute2 (6.13 -> 6.14)
  libalternatives (1.2+30.a5431e9 -> 1.2+31.da24cd4)
  libgpg-error (1.51 -> 1.53)
  mjpegtools
  python-MarkupSafe
  python-PyJWT
  runc (1.2.5 -> 1.2.6)
  selinux-policy (20250403 -> 20250410)
  systemd (257.4 -> 257.5)

=== Details ===

==== MicroOS-release ====
Version update (20250410 -> 20250411)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd

- automatically generated by openSUSE-release-tools/pkglistgen

==== cyrus-sasl ====
Subpackages: cyrus-sasl-gssapi libsasl2-3

- add -std=gnu11 to CFLAGS to fix gcc15 compile time error, and to
  still allow build on Leap 15.6

==== docker ====
Subpackages: docker-buildx docker-rootless-extras

- Update to docker-buildx v0.22.0. Upstream changelog:
  <https://github.com/docker/buildx/releases/tag/v0.22.0>
  * Includes fixes for CVE-2025-0495. bsc#1239765
- Disable transparent SUSEConnect support for SLE-16. PED-12534
  When this patchset was first added in 2013 (and rewritten over the years),
  there was no upstream way to easily provide SLE customers with a way to build
  container images based on SLE using the host subscription. However, with
  docker-buildx you can now define secrets for builds (this is not entirely
  transparent, but we can easily document this new requirement for SLE-16).
  Users should use
    RUN --mount=type=secret,id=SCCcredentials zypper -n ...
  in their Dockerfiles, and
    docker buildx build --secret id=SCCcredentials,src=/etc/zypp/credentials.d/SCCcredentials,type=file .
  when doing their builds.
- Now that the only blocker for docker-buildx support was removed for SLE-16,
  enable docker-buildx for SLE-16 as well. PED-8905
- Don't use the new container-selinux conditional requires on SLE-12, as the
  RPM version there doesn't support it. Arguably the change itself is a bit
  suspect but we can fix that later. bsc#1237367
- Add backport for golang.org/x/oauth2 CVE-2025-22868 fix. bsc#1239185
  + 0006-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
- Add backport for golang.org/x/crypto CVE-2025-22869 fix. bsc#1239322
  + 0007-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
- Refresh patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch

==== ethtool ====
Version update (6.11 -> 6.14)

- update to upstream release 6.14
  * Feature: list PHYs (--show-phys)
  * Feature: target a specific PHY with some commands (--phy)
  * Feature: more attributes for C33 PSE (--show-pse, --set-pse)
  * Feature: source information for cable tests (--cable-test[-tdr])
  * Feature: JSON output for module info (-m)
  * Feature: misc RSS hash info improvements (-x)
  * Feature: tsinfo hwtstamp provider (--{get,set}-hwtimestamp-cfg)
  * Fix: fix wrong auto-negotiation state (no option)
  * Fix: more explicit RSS context action (-n)
  * Fix: print PHY address as decimal (no option)
  * Fix: fix return value on flow hashing error (-N)
  * Fix: fix JSON output for IRQ coalescing
  * Fix: fix MDI-X info output (no option)
  * Misc: add '-j' alias for --json
  * Misc: provide AppStream metainfo XML

==== iproute2 ====
Version update (6.13 -> 6.14)

- Update to release 6.14
  * Add IPv6 flow label support to `ip route` and `ip rule`
  * Add `ip monitor maddress` support
  * ss: Display seq counters as decimal for mptcp subflows

==== libalternatives ====
Version update (1.2+30.a5431e9 -> 1.2+31.da24cd4)
Subpackages: alts libalternatives1

- Update to version v1.2+31.da24cd4:
  * utils: better handle case of unknown option

==== libgpg-error ====
Version update (1.51 -> 1.53)

- Update to 1.53:
  * Fix regression in 1.52.
  * Rebase libgpg-error-nobetasuffix.patch
- Update to 1.52:
  * The KEY_WOW64_xxKEY flags can now be passed to the Registry read
    functions. [rE652328c786]
  * In the spawn functions care about closefrom/close call is
    interrupted. [T7478]
  * New simple string list API. [rE47097806f1]
  * New API for name value files. [rE7ec1f27b60]
  * Interface changes relative to the 1.51 release:
  - gpgrt_w32_reg_query_string          NEW (Windows only).
  - gpgrt_strlist_t                     NEW type.
  - gpgrt_strlist_free                  NEW.
  - gpgrt_strlist_add                   NEW.
  - gpgrt_strlist_tokenize              NEW.
  - gpgrt_strlist_copy                  NEW.
  - gpgrt_strlist_rev                   NEW.
  - gpgrt_strlist_prev                  NEW.
  - gpgrt_strlist_last                  NEW.
  - gpgrt_strlist_pop                   NEW.
  - gpgrt_strlist_find                  NEW.
  - GPGRT_STRLIST_APPEND                NEW const.
  - GPGRT_STRLIST_WIPE                  NEW const.
  - gpgrt_nvc_t                         NEW type.
  - gpgrt_nve_t                         NEW type.
  - gpgrt_nvc_new                       NEW.
  - gpgrt_nvc_release                   NEW.
  - gpgrt_nvc_get_flag                  NEW.
  - gpgrt_nvc_add                       NEW.
  - gpgrt_nvc_set                       NEW.
  - gpgrt_nve_set                       NEW.
  - gpgrt_nvc_delete                    NEW.
  - gpgrt_nvc_lookup                    NEW.
  - gpgrt_nvc_parse                     NEW.
  - gpgrt_nvc_write                     NEW.
  - gpgrt_nve_next                      NEW.
  - gpgrt_nve_name                      NEW.
  - gpgrt_nve_value                     NEW.
  - gpgrt_nvc_get_string                NEW.
  - gpgrt_nvc_get_bool                  NEW.
  - GPGRT_NVC_WIPE                      NEW const.
  - GPGRT_NVC_PRIVKEY                   NEW const.
  - GPGRT_NVC_SECTION                   NEW const.
  - GPGRT_NVC_MODIFIED                  NEW const.

==== mjpegtools ====
Subpackages: libmjpegutils-2_2-0 libmpeg2encpp-2_2-0 libmplex2-2_2-0

- add patches from upstream to fix gcc15 compile time errors and
  some warnings:  mjpegtools-gcc15.patch, mjpegtools-lto.patch,
  mjpegtools-c99-configure.patch
- add patch mjpegtools-c++-17.patch (from gentoo) to silence
  std=c++17 warnings

==== python-MarkupSafe ====

- Make the dist-info name case-insensitive
- Lowercase metadata directory name.

==== python-PyJWT ====

- Just use a wildcard for the dist-info metadata to make it
  properly work on all setuptools versions.
- Wrap the metadata directory name in a distro-based conditional
- Lowercase metadata directory name.

==== runc ====
Version update (1.2.5 -> 1.2.6)

- Update to runc v1.2.6. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.2.6>.

==== selinux-policy ====
Version update (20250403 -> 20250410)
Subpackages: selinux-policy-targeted

- Update to version 20250410:
  * Allow login to podman container from tty (bsc#1238709)
  * Add an rpmbuild test to the gitlab-ci
- Add ugly workaround for semodule removal issues
  (bsc#1221342 bsc#1238062 bsc#1230643 bsc#1230938)
  Can be dropped when PED-12491 is done.

==== systemd ====
Version update (257.4 -> 257.5)
Subpackages: libsystemd0 libudev1 systemd-boot systemd-experimental udev

- Import commit c10a66fb4dd34b86d42fa92501bd88db63df479a (merge of v257.5)
  This merge includes the following fix:
    9b52c10986 test-network: replace symlink to 99-default.link with a copy
    d7577221b8 man/pstore.conf: pstore.conf template is not always installed in /etc
    62071a984d man: coredump.conf template is not always installed in /etc (bsc#1237496)
  For a complete list of changes, visit:
  https://github.com/openSUSE/systemd/compare/f133e5974e69708d7491d4823780690c913f7bda...c10a66fb4dd34b86d42fa92501bd88db63df479a