Packages changed:
  adwaita-icon-theme (48.0 -> 48.1)
  clamav (1.4.2 -> 1.4.3)
  fwupd (2.0.11 -> 2.0.12)
  gdm
  grilo-plugins (0.3.16+45 -> 0.3.17)
  jq (1.7.1 -> 1.8.0)
  libsoup
  libsoup2
  libyui (4.7.3 -> 4.7.4)
  libyui-ncurses (4.7.3 -> 4.7.4)
  libyui-ncurses-pkg (4.7.3 -> 4.7.4)
  libyui-qt (4.7.3 -> 4.7.4)
  libyui-qt-graph (4.7.3 -> 4.7.4)
  libyui-qt-pkg (4.7.3 -> 4.7.4)
  ncurses (6.5.20250531 -> 6.5.20250614)
  openSUSE-release (20250618 -> 20250620)
  pam (1.7.0 -> 1.7.1)
  pam-full-src (1.7.0 -> 1.7.1)
  pam_pkcs11
  python-certifi (2025.1.31 -> 2025.6.15)
  selinux-policy (20250616 -> 20250618)
  systemd

=== Details ===

==== adwaita-icon-theme ====
Version update (48.0 -> 48.1)

- Update to version 48.1:
  + cursors: semantic cleanup of DND cursors.

==== clamav ====
Version update (1.4.2 -> 1.4.3)
Subpackages: libclamav12 libclammspack0 libfreshclam3

- New version 1.4.3:
  ClamAV 1.4.3 is a patch release with the following fixes:
  * CVE-2025-20260, bsc#1245054: Fixed a possible buffer overflow
    write bug in the PDF file parser that could cause a
    denial-of-service (DoS) condition or enable remote code
    execution. This issue only affects configurations where both:
  - The max file-size scan limit is set greater than or equal to 1024MB.
  - The max scan-size scan limit is set greater than or equal to 1025MB.
    The code flaw was present prior to version 1.0.0, but a change in
    version 1.0.0 that enables larger allocations based on untrusted data
    made it possible to trigger this bug.
    This issue affects all currently supported versions.
  * CVE-2025-20234, bsc#1245055: Fixed a possible buffer overflow
    read bug in the UDF file parser that may write to a temp file
    and thus disclose information, or it may crash and cause a
    denial-of-service (DoS) condition.
    This issue was introduced in version 1.2.0.
  * Fixed a possible use-after-free bug in the Xz decompression module in
    the bundled lzma-sdk library.
    This issue was fixed in the lzma-sdk version 18.03. ClamAV bundles a
    copy of the lzma-sdk with some performance changes specific to
    libclamav, plus select bug fixes like this one in lieu of a full
    upgrade to newer lzma-sdk.
    This issue affects all ClamAV versions at least as far back as 0.99.4.
  * Windows: Fixed a build install issue when a DLL dependency such as
    libcrypto has the exact same name as one provided by the Windows
    operating system.
- Renew clamav.keyring

==== fwupd ====
Version update (2.0.11 -> 2.0.12)
Subpackages: fwupd-bash-completion fwupd-lang libfwupd3 typelib-1_0-Fwupd-2_0

- Update to version 2.0.12:
  + This release adds the following features:
  - Add a config option for enforcing immutable device enumeration
  - Add device emulation support for Thunderbolt host controllers
  - Do the efivarfs free space checks for dbx, db, KEK and PK devices
  - Ensure the i2c_dev kernel driver is always loaded if a module
  - Parse the SBOM data from fwupdx64.efi if provided
  - Support loading multiple coSWID blobs from PE files
  + This release fixes the following bugs:
  - Added HP Elitedesk G6 mini to not get dbx-updates
  - Add two more uefi dbx checksum->version entries
  - Be more useful when building modem device Instance IDs
  - Convert asus-hid and legion-hid2 to hidraw to avoid possible input blips
  - Do not create radio for Logitech RDFU-capable devices
  - Fix a modem-manager regression where a PCI device had no vendor ID
  - Fix a regression when updating DFOTA modem devices
  - Fix self tests when building with -Defi_os_dir
  - Fix self tests when the builder does not support DistroVersion
  - Fix updating Thunderbolt host controllers with some version formats
  - Handle HECI unsupported status (0x0b) for Dell hardware
  - Make tar a dependency of the uefi-capsule tests
  - Mark the KEK and db updates as affecting FDE like BitLocker
  - Properly detect the Redfish reboot request for Dell servers
  - Send the proper artifact firmware filename to the Redfish BMC
  - Set the correct RMM device version for some Dell dock devices
  - Use inhibits so that the rts54hub device is marked as non-updatable
  - Use the virtual size to avoid padding when cutting PE sections
  - Wait for the Logitech Scribe device to replug after updating
  + This release adds support for the following hardware:
  - HP Portable USB-C Hub
  - More Foxconn 5G modem products
  - More Intel Arc Battlemage products

==== gdm ====
Subpackages: gdm-lang gdm-schema gdm-xdm-integration gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0

- pam.d: removes pam_env from auth stack for security reason
  [bsc#1243226, CVE-2025-6018]

==== grilo-plugins ====
Version update (0.3.16+45 -> 0.3.17)
Subpackages: grilo-plugin-tracker grilo-plugins-lang

- Update to version 0.3.17:
  + filesystem:
  - Fix is-hidden warning browsing filesystem entries
  - Add ability to split sources
  + Fix build with libxml 2.12
  + Replace defunct mailing list URLs with GNOME Discourse
  + dleyna:
  - Quiet error when dleyna is not installed
  - Fix "Quiet error when dleyna is not installed"
  + tests:
  - Adapt to tracker-test-sandbox utility changes
  - Fix tracker3 test duration range
  + Remove non-working plugins (appletrailers, raitv)
  + euronews: Remove source
  + plugins: add IPTV source
  + iptv:
  - improve iptv source
  - fix typo in the path of the icon
  + plugins: Add OpenSubtitles in Lua
  + Updated translations.
- Add pkgconfig(rest-1.0) BuildRequires, new dependency.

==== jq ====
Version update (1.7.1 -> 1.8.0)
Subpackages: libjq1

- Update to version 1.8.0
  Security fixes
  * CVE-2024-23337: Fix signed integer overflow in jvp_array_write
    and jvp_object_rehash.
  * CVE-2024-53427: Reject NaN with payload while parsing JSON.
  * CVE-2025-48060: Fix heap buffer overflow in jv_string_vfmt.
  * Fix use of uninitialized value in check_literal.
  * Fix segmentation fault on strftime/1, strflocaltime/1.
  * Fix unhandled overflow in @base64d.
  CLI changes
  * Fix --indent 0 implicitly enabling --compact-output.
  * Improve error messages to show problematic position in the
    filter.
  * Include column number in parser and compiler error messages.
  * Fix error message for string literal beginning with single
    quote.
  * Improve JQ_COLORS environment variable to support larger
    escapes like truecolor.
  * Add --library-path long option for -L.
  * Fix --slurp --stream when input has no trailing newline
    character.
  * Fix --indent option to error for malformed values.
  * Fix option parsing of --binary on non-Windows platforms.
  * Fix issue with ~/.jq on Windows where $HOME is not set.
  * Increase the maximum parsing depth for JSON to 10000.
  * Parse short options in order given.
  * Consistently reset color formatting.
  New functions
  * Add trim/0, ltrim/0 and rtrim/0 to trim leading and trailing
    white spaces.
  * Add trimstr/1 to trim string from both ends.
  * Add add/1. Generator variant of add/0.
  * Add skip/2 as the counterpart to limit/2.
  * Add toboolean/0 to convert strings to booleans.
  * Add @urid format. Reverse of @uri.
  Changes to existing functions
  * Use code point index for indices/1, index/1 and rindex/1.
  * Improve tonumber/0 performance and rejects numbers with
    leading or trailing white spaces.
  * Populate timezone data when formatting time.
  * Preserve numerical precision on unary negation, abs/0, length/0
  * Make last(empty) yield no output values like first(empty).
  * Make ltrimstr/1 and rtrimstr/1 error for non-string inputs.
  * Make limit/2 error for negative count.
  * Fix mktime/0 overflow and allow fewer elements in date-time
    representation array.
  * Fix non-matched optional capture group.
  * Provide strptime/1 on all systems.
  * Improve bsearch/1 performance by implementing in C.
  * Improve unique/0 and unique_by/1 performance.
  * Fix error messages including long string literal not to break
    Unicode characters.
  * Remove pow10/0 as it has been deprecated in glibc 2.27.
    Use exp10/0 instead.
  * Remove private (and undocumented) _nwise filter.
  Language changes
  * Fix precedence of binding syntax against unary and binary
    operators.
  * Support Tcl-style multiline comments.
  * Fix foreach not to break init backtracking with DUPN.
  * Fix reduce/foreach state variable should not be reset each
    iteration.
  * Support CRLF line breaks in filters.
  * Improve performance of repeating strings.
- Drop not longer needed patches (fixed by upstream):
  * CVE-2024-23337.patch
  * CVE-2024-53427.patch
- Remove not longer needed hardcoded compiler option "-std-gnu17"
  gh#3206

==== libsoup ====
Subpackages: libsoup-3_0-0 libsoup-lang typelib-1_0-Soup-3_0

- Add libsoup-CVE-2025-4945.patch: add value checks for date/time
  parsing (boo#1243314 CVE-2025-4945).

==== libsoup2 ====
Subpackages: libsoup-2_4-1 libsoup2-lang

- Add libsoup-CVE-2025-4945.patch: add value checks for date/time
  parsing (boo#1243314 CVE-2025-4945).

==== libyui ====
Version update (4.7.3 -> 4.7.4)

- Integrated the graphviz API fix upstream (gh#libyui/libyui#120)
  (Let CMake detect graphviz version)
- 4.7.4
  D graphviz_unsigned_fix.patch

==== libyui-ncurses ====
Version update (4.7.3 -> 4.7.4)

- Integrated the graphviz API fix upstream (gh#libyui/libyui#120)
  (Let CMake detect graphviz version)
- 4.7.4
  D graphviz_unsigned_fix.patch

==== libyui-ncurses-pkg ====
Version update (4.7.3 -> 4.7.4)

- Integrated the graphviz API fix upstream (gh#libyui/libyui#120)
  (Let CMake detect graphviz version)
- 4.7.4
  D graphviz_unsigned_fix.patch

==== libyui-qt ====
Version update (4.7.3 -> 4.7.4)

- Integrated the graphviz API fix upstream (gh#libyui/libyui#120)
  (Let CMake detect graphviz version)
- 4.7.4
  D graphviz_unsigned_fix.patch

==== libyui-qt-graph ====
Version update (4.7.3 -> 4.7.4)

- Integrated the graphviz API fix upstream (gh#libyui/libyui#120)
  (Let CMake detect graphviz version)
- 4.7.4
  D graphviz_unsigned_fix.patch

==== libyui-qt-pkg ====
Version update (4.7.3 -> 4.7.4)

- Integrated the graphviz API fix upstream (gh#libyui/libyui#120)
  (Let CMake detect graphviz version)
- 4.7.4
  D graphviz_unsigned_fix.patch

==== ncurses ====
Version update (6.5.20250531 -> 6.5.20250614)
Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen

- Add ncurses patch 20250614
  + reduce lintian warnings for test-packages.
  + clean up some shellcheck warnings
  + improve test/configure checks for X libraries, reducing duplicates
  + fix some typos/errata in license text, to help with scripted checks

==== openSUSE-release ====
Version update (20250618 -> 20250620)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd

- automatically generated by openSUSE-release-tools/pkglistgen

==== pam ====
Version update (1.7.0 -> 1.7.1)
Subpackages: pam-32bit

- hardcode disabling elogind, meson detection is unreliable in OBS
- Update to version 1.7.1
  - pam_access: do not resolve ttys or display variables as hostnames.
  - pam_access: added "nodns" option to disallow resolving of tokens
    as hostnames (CVE-2024-10963).
  - pam_limits: added support for rttime (RLIMIT_RTTIME).
  - pam_namespace: fixed potential privilege escalation (CVE-2025-6020).
  - meson: added support of elogind as a logind provider.
  - Multiple minor bug fixes, build fixes, portability fixes,
    documentation improvements, and translation updates.
- pam_access-rework-resolving-of-tokens-as-hostname.patch got obsoleted

==== pam-full-src ====
Version update (1.7.0 -> 1.7.1)
Subpackages: pam-extra pam-manpages

- hardcode disabling elogind, meson detection is unreliable in OBS
- Update to version 1.7.1
  - pam_access: do not resolve ttys or display variables as hostnames.
  - pam_access: added "nodns" option to disallow resolving of tokens
    as hostnames (CVE-2024-10963).
  - pam_limits: added support for rttime (RLIMIT_RTTIME).
  - pam_namespace: fixed potential privilege escalation (CVE-2025-6020).
  - meson: added support of elogind as a logind provider.
  - Multiple minor bug fixes, build fixes, portability fixes,
    documentation improvements, and translation updates.
- pam_access-rework-resolving-of-tokens-as-hostname.patch got obsoleted

==== pam_pkcs11 ====

- Removes pam_env from auth stack for security reason
  [bsc#1243226, CVE-2025-6018]

==== python-certifi ====
Version update (2025.1.31 -> 2025.6.15)
Subpackages: python311-certifi python313-certifi

- Update to 2024.6.15
  * Declare setuptools as the build backend in pyproject.toml
  * remove code that's no longer required that 3.7 is our minimum
- Rebase python-certifi-shipped-requests-cabundle.patch

==== selinux-policy ====
Version update (20250616 -> 20250618)
Subpackages: selinux-policy-targeted

- Update to version 20250618:
  * Set /srv/www = /var/www as equivalent file context (bsc#1239177)

==== systemd ====
Subpackages: libsystemd0 libsystemd0-32bit libudev1 systemd-32bit systemd-boot systemd-container systemd-experimental systemd-lang udev

- Import commit 1e42ecf5a145589954df77da05937ee69619f3e5
  1e42ecf5a1 firstboot: make sure labelling is enabled
  3bdb2efbe0 tmpfiles: fix symlink creation when replacing
  61c228d2cc firstboot: use WRITE_STRING_FILE_LABEL more
  f5148acf37 env-file: port write_env_file() to label_ops_pre()
  bbff8b5523 fs-util: replace symlink_atomic_full_label() by a flag to symlinkat_atomic_full() (bsc#1244237)
  2b39393efa env-file: rework write_env_file() to make use of O_TMPFILE