Packages changed:
  Mesa (23.3.5 -> 23.3.6)
  Mesa-drivers (23.3.5 -> 23.3.6)
  acl (2.3.1 -> 2.3.2)
  apparmor
  attr (2.5.1 -> 2.5.2)
  binutils (2.41 -> 2.42)
  expat (2.5.0 -> 2.6.0)
  gcc14 (13.2.1+git8285 -> 14.0.1+git8957)
  gnome-maps
  ibus-m17n (1.4.27 -> 1.4.28)
  kernel-source (6.7.4 -> 6.7.5)
  libapparmor
  libshumate
  libstorage-ng (4.5.188 -> 4.5.189)
  mariadb (11.2.2 -> 11.2.3)
  nodejs21 (21.6.1 -> 21.6.2)
  python311
  python311-core
  qemu
  qt6-base (6.6.1 -> 6.6.2)
  qt6-declarative (6.6.1 -> 6.6.2)
  qt6-imageformats (6.6.1 -> 6.6.2)
  qt6-translations (6.6.1 -> 6.6.2)
  qt6-wayland (6.6.1 -> 6.6.2)
  rpm-config-SUSE (20240118 -> 20240214)
  webkit2gtk3
  webkit2gtk3-soup2

=== Details ===

==== Mesa ====
Version update (23.3.5 -> 23.3.6)
Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libOSMesa8 libgbm1

- Update to bugfix release 23.3.6
  - -> https://docs.mesa3d.org/relnotes/23.3.6.html

==== Mesa-drivers ====
Version update (23.3.5 -> 23.3.6)
Subpackages: Mesa-dri Mesa-gallium Mesa-libva libxatracker2

- Update to bugfix release 23.3.6
  - -> https://docs.mesa3d.org/relnotes/23.3.6.html

==== acl ====
Version update (2.3.1 -> 2.3.2)
Subpackages: libacl1 libacl1-32bit

- Update to version 2.3.2:
  + libobj: declare s_str directly in string_obj_tag.
  + Use thread-safe getpwnam_r and getgrnam_r.
  + setfacl: preserve the failed status when processing multiple
    files.
  + man: Document pitfall with negative permissions and user
    namespaces.
  + tools: mark long_options static & const.

==== apparmor ====
Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang python3-apparmor

- Add apparmor-abstractions-openssl-allow-version-specific-en.patch to
  allow version specific engdef & engines openssl paths (boo#1219571)

==== attr ====
Version update (2.5.1 -> 2.5.2)
Subpackages: libattr1

- update to 2.5.2:
  * attr: eliminate a dead store in attr_copy_action()
  * libattr: Set symbol versions for legacy syscalls via attribute
    or asm
  * exports: use LGPL for library code
  * documentation updates
  * translation updates (Polish, Dutch, Gregorian, French)
  * build system updates

==== binutils ====
Version update (2.41 -> 2.42)
Subpackages: libctf-nobfd0 libctf0

- Add binutils-disable-code-arch-error.diff to demote an
  error about swapped .arch/.code directives to a warning.
  It happens in the wild.
- Update to version 2.42:
  * Add support for many aarch64 extensions: SVE2.1, SME2.1, B16B16,
  RASv2, LSE128, GCS, CHK, SPECRES2, LRCPC3, THE, ITE, D128, XS and
  flags to enable them: '+fcma', '+jscvt', '+frintts', '+flagm2',
  '+rcpc2' and '+wfxt'
  * Add experimantal support for GAS to synthesize call-frame-info for
  some hand-written asm (--scfi=experimental) on x86-64.
  * Add support for more x86-64 extensions: APX: 32 GPRs, NDD, PUSH2/POP2,
  PUSHP/POPP; USER_MSR, AVX10.1, PBNDKB, SM4, SM3, SHA512, AVX-VNNI-INT16.
  * Add support for more RISC-V extensions: T-Head v2.3.0, CORE-V v1.0,
  SiFive VCIX v1.0.
  * BPF assembler: ';' separates statements now, and does not introduce
  line comments anymore (use '#' or '//' for this).
  * x86-64 ld: Add '-z mark-plt/-z nomark-plt' to mark PLT entries with
  dynamic tags.
  * risc-v ld: Add '--[no-]check-uleb128'.
  * New linker script directive: REVERSE, to be combined with SORT_BY_NAME
  or SORT_BY_INIT_PRIORITY, reverses the generated order.
  * New linker options --warn-execstack-objects (warn only about execstack
  when input object files request it), and --error-execstack plus
  - -error-rxw-segments to convert the existing warnings into errors.
  * objdump: Add -Z/--decompress to be used with -s/--full-contents to
  decompress section contents before displaying.
  * readelf: Add --extra-sym-info to be used with --symbols (currently
  prints section name of references section index).
  * objcopy: Add --set-section-flags for x86_64 to include
  SHF_X86_64_LARGE.
  * s390 disassembly: add target-specific disasm option 'insndesc',
  as in "objdump -M insndesc" to display an instruction description
  as comment along with the disassembly.
- Add binutils-2.42-branch.diff.gz.
- Rebased s390-biarch.diff.
- Adjusted binutils-revert-hlasm-insns.diff,
  binutils-revert-plt32-in-branches.diff and binutils-revert-rela.diff
  for upstream changes.
- Removed binutils-2.41-branch.diff.gz, binutils-2.41.tar.bz2,
  binutils-2.41-branch.diff.gz.
- Removed binutils-use-less-memory.diff, binutils-old-makeinfo.diff
  and riscv-relro.patch (all upstreamed).
- Removed add-ulp-section.diff, we use a different mechanism
  for live patching since a long time.

==== expat ====
Version update (2.5.0 -> 2.6.0)
Subpackages: libexpat1

- Update keyring automatically from keyserver during OBS service run.
- Explicitly use --without-docbook (before it was implicit).
- Include missing files for documentation and examples.
- Add manpage for xmlwf, which is not available in the release tarball.
- Clean the spec file a bit.
- Update to 2.6.0:
  * Security fixes:
  - CVE-2023-52425 (boo#1219559)
  - - Fix quadratic runtime issues with big tokens
    that can cause denial of service, in partial where
    dealing with compressed XML input.  Applications
    that parsed a document in one go -- a single call to
    functions XML_Parse or XML_ParseBuffer -- were not affected.
    The smaller the chunks/buffers you use for parsing
    previously, the bigger the problem prior to the fix.
    Backporters should be careful to no omit parts of
    pull request #789 and to include earlier pull request #771,
    in order to not break the fix.
  - CVE-2023-52426 (boo#1219561)
  - - Fix billion laughs attacks for users
    compiling *without* XML_DTD defined (which is not common).
    Users with XML_DTD defined have been protected since
    Expat >=2.4.0 (and that was CVE-2013-0340 back then).
  * Bug fixes:
  - Fix parse-size-dependent "invalid token" error for
    external entities that start with a byte order mark
  - Fix NULL pointer dereference in setContext via
    XML_ExternalEntityParserCreate for compilation with
    XML_DTD undefined
  - Protect against closing entities out of order
  * Other changes:
  - Improve support for arc4random/arc4random_buf
  - Improve buffer growth in XML_GetBuffer and XML_Parse
  - xmlwf: Support --help and --version
  - xmlwf: Support custom buffer size for XML_GetBuffer and read
  - xmlwf: Improve language and URL clickability in help output
  - examples: Add new example "element_declarations.c"
  - Be stricter about macro XML_CONTEXT_BYTES at build time
  - Make inclusion to expat_config.h consistent
  - Autotools: configure.ac: Support --disable-maintainer-mode
  - Autotools: Sync CMake templates with CMake 3.26
  - Autotools: Make installation of shipped man page doc/xmlwf.1
    independent of docbook2man availability
  - Autotools|CMake: Add missing -DXML_STATIC to pkg-config file
    section "Cflags.private" in order to fix compilation
    against static libexpat using pkg-config on Windows
  - Autotools|CMake: Require a C99 compiler
    (a de-facto requirement already since Expat 2.2.2 of 2017)
  - Autotools|CMake: Fix PACKAGE_BUGREPORT variable
  - Autotools|CMake: Make test suite require a C++11 compiler
  - CMake: Require CMake >=3.5.0
  - CMake: Lowercase off_t and size_t to help a bug in Meson
  - CMake: Sort xmlwf sources alphabetically
  - CMake|Windows: Fix generation of DLL file version info
  - CMake: Build tests/benchmark/benchmark.c as well for
    a build with -DEXPAT_BUILD_TESTS=ON
  - docs: Document the importance of isFinal + adjust tests
    accordingly
  - docs: Improve use of "NULL" and "null"
  - docs: Be specific about version of XML (XML 1.0r4)
    and version of C (C99); (XML 1.0r5 will need a sponsor.)
  - docs: reference.html: Promote function XML_ParseBuffer more
  - docs: reference.html: Add HTML anchors to XML_* macros
  - docs: reference.html: Upgrade to OK.css 1.2.0
  - docs: Fix typos
  - docs|CI: Use HTTPS URLs instead of HTTP at various places
  - Address compiler warnings
  - Address clang-tidy warnings
  - Version info bumped from 9:10:8 (libexpat*.so.1.8.10)
    to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/
    for what these numbers do

==== gcc14 ====
Version update (13.2.1+git8285 -> 14.0.1+git8957)
Subpackages: libasan8 libatomic1 libgcc_s1 libgcc_s1-32bit libgfortran5 libgomp1 libhwasan0 libitm1 liblsan0 libobjc4 libquadmath0 libstdc++6 libstdc++6-32bit libstdc++6-locale libstdc++6-pp libstdc++6-pp-32bit libtsan2 libubsan1

- Update to trunk head, 4a1cd5560b9b545eb848eb1d1e06d345fb, git8957
  * bumps libgphobos and libgdrundime SONAME
- Use %patch -P N instead of %patchN
- Refresh gcc44-rename-info-files.patch

==== gnome-maps ====
Subpackages: gnome-maps-lang

- Update license based on legaldb review

==== ibus-m17n ====
Version update (1.4.27 -> 1.4.28)

- Update to 1.4.28
  * Add Russian translations

==== kernel-source ====
Version update (6.7.4 -> 6.7.5)
Subpackages: kernel-default kernel-default-devel kernel-devel kernel-macros

- Linux 6.7.5 (bsc#1012628).
- ext4: regenerate buddy after block freeing failed if under fc
  replay (bsc#1012628).
- dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools
  (bsc#1012628).
- dmaengine: ti: k3-udma: Report short packet errors
  (bsc#1012628).
- dmaengine: fsl-qdma: Fix a memory leak related to the status
  queue DMA (bsc#1012628).
- dmaengine: fsl-qdma: Fix a memory leak related to the queue
  command DMA (bsc#1012628).
- phy: qcom-qmp-usb: fix register offsets for ipq8074/ipq6018
  (bsc#1012628).
- phy: qcom-qmp-usb: fix serdes init sequence for IPQ6018
  (bsc#1012628).
- phy: renesas: rcar-gen3-usb2: Fix returning wrong error code
  (bsc#1012628).
- perf tests: Add perf script test (bsc#1012628).
- perf test: Fix 'perf script' tests on s390 (bsc#1012628).
- perf evlist: Fix evlist__new_default() for > 1 core PMU
  (bsc#1012628).
- dmaengine: fix is_slave_direction() return false when
  DMA_DEV_TO_DEV (bsc#1012628).
- phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
  (bsc#1012628).
- cifs: avoid redundant calls to disable multichannel
  (bsc#1012628).
- cifs: failure to add channel on iface should bump up weight
  (bsc#1012628).
- drm/msms/dp: fixed link clock divider bits be over written in
  BPC unknown case (bsc#1012628).
- drm/msm/dp: return correct Colorimetry for
  DP_TEST_DYNAMIC_RANGE_CEA case (bsc#1012628).
- drm/msm/dpu: check for valid hw_pp in
  dpu_encoder_helper_phys_cleanup (bsc#1012628).
- wifi: iwlwifi: mvm: skip adding debugfs symlink for reconfig
  (bsc#1012628).
- x86/efistub: Give up if memory attribute protocol returns an
  error (bsc#1012628).
- x86/efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR
  (bsc#1012628).
- net: stmmac: xgmac: fix handling of DPP safety error for DMA
  channels (bsc#1012628).
- wifi: cfg80211: consume both probe response and beacon IEs
  (bsc#1012628).
- wifi: mac80211: fix RCU use in TDLS fast-xmit (bsc#1012628).
- wifi: mac80211: fix unsolicited broadcast probe config
  (bsc#1012628).
- wifi: mac80211: fix waiting for beacons logic (bsc#1012628).
- wifi: iwlwifi: exit eSR only after the FW does (bsc#1012628).
- wifi: brcmfmac: Adjust n_channels usage for __counted_by
  (bsc#1012628).
- netdevsim: avoid potential loop in nsim_dev_trap_report_work()
  (bsc#1012628).
- net: atlantic: Fix DMA mapping for PTP hwts ring (bsc#1012628).
- selftests: net: cut more slack for gro fwd tests (bsc#1012628).
- selftests/net: convert unicast_extensions.sh to run it in
  unique namespace (bsc#1012628).
- selftests/net: convert pmtu.sh to run it in unique namespace
  (bsc#1012628).
- selftests/net: change shebang to bash to support "source"
  (bsc#1012628).
- selftests: net: fix tcp listener handling in pmtu.sh
  (bsc#1012628).
- selftests: net: avoid just another constant wait (bsc#1012628).
- tsnep: Fix mapping for zero copy XDP_TX action (bsc#1012628).
- tunnels: fix out of bounds access when building IPv6 PMTU error
  (bsc#1012628).
- atm: idt77252: fix a memleak in open_card_ubr0 (bsc#1012628).
- octeontx2-pf: Fix a memleak otx2_sq_init (bsc#1012628).
- hwmon: (aspeed-pwm-tacho) mutex for tach reading (bsc#1012628).
- hwmon: (coretemp) Fix out-of-bounds memory access (bsc#1012628).
- hwmon: (coretemp) Fix bogus core_id to attr name mapping
  (bsc#1012628).
- inet: read sk->sk_family once in inet_recv_error()
  (bsc#1012628).
- drm/i915/gvt: Fix uninitialized variable in handle_mmio()
  (bsc#1012628).
- x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat
  section (bsc#1012628).
- rxrpc: Fix generation of serial numbers to skip zero
  (bsc#1012628).
- rxrpc: Fix delayed ACKs to not set the reference serial number
  (bsc#1012628).
- rxrpc: Fix response to PING RESPONSE ACKs to a dead call
  (bsc#1012628).
- rxrpc: Fix counting of new acks and nacks (bsc#1012628).
- selftests: net: let big_tcp test cope with slow env
  (bsc#1012628).
- tipc: Check the bearer type before calling
  tipc_udp_nl_bearer_add() (bsc#1012628).
- af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC
  (bsc#1012628).
- devlink: avoid potential loop in
  devlink_rel_nested_in_notify_work() (bsc#1012628).
- ppp_async: limit MRU to 64K (bsc#1012628).
- selftests: cmsg_ipv6: repeat the exact packet (bsc#1012628).
- netfilter: nft_compat: narrow down revision to unsigned 8-bits
  (bsc#1012628).
    ... changelog too long, skipping 163 lines ...
- commit 1dccf2a

==== libapparmor ====

- Add apparmor-abstractions-openssl-allow-version-specific-en.patch to
  allow version specific engdef & engines openssl paths (boo#1219571)

==== libshumate ====
Subpackages: libshumate-1_0-1 libshumate-lang typelib-1_0-Shumate-1_0

- Update licenses based on legaldb review

==== libstorage-ng ====
Version update (4.5.188 -> 4.5.189)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1

- merge gh#openSUSE/libstorage-ng#986
- log textdomain codeset
- 4.5.189

==== mariadb ====
Version update (11.2.2 -> 11.2.3)
Subpackages: libmariadbd19 mariadb-client mariadb-errormessages

- Update to 11.2.3:
    https://mariadb.com/kb/en/mariadb-11-2-3-release-notes/
    https://mariadb.com/kb/en/mariadb-11-2-3-changelog/
- Update list of skipped tests

==== nodejs21 ====
Version update (21.6.1 -> 21.6.2)
Subpackages: npm21

- Update to 21.6.2: (security updates)
  * (CVE-2024-21892, bsc#1219992) - Code injection and privilege escalation through Linux capabilities- (High)
  * (CVE-2024-22019, bsc#1219993) - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
  * (CVE-2024-21896, bsc#1219994) - Path traversal by monkey-patching Buffer internals- (High)
  * (CVE-2024-22017, bsc#1219995) - setuid() does not drop all privileges due to io_uring - (High)
  * (CVE-2023-46809, bsc#1219997) - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
  * (CVE-2024-21891, bsc#1219998) - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
  * (CVE-2024-21890, bsc#1219999) - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
  * (CVE-2024-22025, bsc#1220014) - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
  * undici version 5.28.3 (CVE-2024-24758, bsc#1220017)
  * libuv version 1.48.0

==== python311 ====
Subpackages: python311-curses python311-dbm python311-x86-64-v3

- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser
  with Expat 2.6.0, gh#python/cpython#115289

==== python311-core ====
Subpackages: libpython3_11-1_0 libpython3_11-1_0-x86-64-v3 python311-base python311-base-x86-64-v3

- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser
  with Expat 2.6.0, gh#python/cpython#115289

==== qemu ====
Subpackages: qemu-accel-tcg-x86 qemu-audio-spice qemu-block-curl qemu-block-nfs qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-img qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-microvm qemu-pr-helper qemu-seabios qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios qemu-x86

- Update the service file to use OBS-scm (by fvogt)
- Various fixes:
  * [openSUSE][RPM] Fix enabling features on non-x86_64
  * [openSUSE][RPM] Disable test-crypto-secret in linux-user build
  * [openSUSE] Update ipxe submodule reference (bsc#1219733, bsc#1219722)
  * [openSUSE][RPM] spec: allow building without spice

==== qt6-base ====
Version update (6.6.1 -> 6.6.2)
Subpackages: libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6Sql6 libQt6Test6 libQt6Widgets6 qt6-network-tls qt6-networkinformation-glib qt6-networkinformation-nm qt6-platformtheme-gtk3

- Update to 6.6.2
  * https://www.qt.io/blog/qt-6.6.2-released
- Drop patches, merged upstream:
  * 0001-QMimeDatabase-handle-buggy-type-definitions.patch
  * 0001-QMimeDatabase-collect-glob-patterns-from.patch
  * 0001-HPack-fix-a-Yoda-Condition.patch
  * 0002-HPack-fix-incorrect-integer-overflow-check.patch
  * 0001-Http2-fix-potential-overflow-in-assemble_hpack_block.patch

==== qt6-declarative ====
Version update (6.6.1 -> 6.6.2)
Subpackages: libQt6LabsAnimation6 libQt6LabsFolderListModel6 libQt6LabsQmlModels6 libQt6LabsSettings6 libQt6LabsSharedImage6 libQt6LabsWavefrontMesh6 libQt6Qml6 libQt6QmlCore6 libQt6QmlLocalStorage6 libQt6QmlModels6 libQt6QmlWorkerScript6 libQt6QmlXmlListModel6 libQt6Quick6 libQt6QuickControls2-6 libQt6QuickControls2Impl6 libQt6QuickDialogs2-6 libQt6QuickDialogs2QuickImpl6 libQt6QuickDialogs2Utils6 libQt6QuickEffects6 libQt6QuickLayouts6 libQt6QuickParticles6 libQt6QuickShapes6 libQt6QuickTemplates2-6 libQt6QuickTest6 qt6-declarative-imports

- Update to 6.6.2
  * https://www.qt.io/blog/qt-6.6.2-released
- Add upstream changes to make build reproducible:
  * 0001-QuickControls-Link-the-impl-libraries-into-the-base-.patch
  * 0001-Dialogs-Depend-on-controls-styles-in-QuickDialogs2Qu.patch

==== qt6-imageformats ====
Version update (6.6.1 -> 6.6.2)

- Update to 6.6.2
  * https://www.qt.io/blog/qt-6.6.2-released

==== qt6-translations ====
Version update (6.6.1 -> 6.6.2)

- Update to 6.6.2
  * https://www.qt.io/blog/qt-6.6.2-released

==== qt6-wayland ====
Version update (6.6.1 -> 6.6.2)
Subpackages: libQt6WaylandClient6 libQt6WaylandCompositor6 libQt6WaylandEglClientHwIntegration6 libQt6WaylandEglCompositorHwIntegration6 libQt6WlShellIntegration6

- Update to 6.6.2
  * https://www.qt.io/blog/qt-6.6.2-released
- Drop patch, merged upstream:
  * client-avoid-creating-decorations-in-the-render-thread.patch

==== rpm-config-SUSE ====
Version update (20240118 -> 20240214)

- Update to version 20240214:
  * set_permissions: handle chkstat failure more grateful (bsc#1219736)

==== webkit2gtk3 ====
Subpackages: WebKitGTK-4.1-lang libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles

- Increase mem_per_process again to match what is in SLE. The build
  was sporadically failing there (bsc#1198743).
- Require libwaylandclient0 >= 1.20. 15.4 originally had 1.19.0,
  but webkitgtk uses a function added in 1.20.0, so we need to
  ensure that the wayland update is pulled in (bsc#1215072).

==== webkit2gtk3-soup2 ====
Subpackages: WebKitGTK-4.0-lang libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles

- Increase mem_per_process again to match what is in SLE. The build
  was sporadically failing there (bsc#1198743).
- Require libwaylandclient0 >= 1.20. 15.4 originally had 1.19.0,
  but webkitgtk uses a function added in 1.20.0, so we need to
  ensure that the wayland update is pulled in (bsc#1215072).