Packages changed:
  MicroOS-release (20241226 -> 20250101)
  dolphin
  gnome-branding-Aeon
  kate
  libportal (0.8.1 -> 0.9.0)
  openvpn
  pcr-oracle
  python-Jinja2 (3.1.4 -> 3.1.5)
  qt6-webengine
  shadow (4.16.0 -> 4.17.0)
  srt (1.5.3 -> 1.5.4)
  transactional-update-notifier (1.1.0.2 -> 1.1.1)
  webkit2gtk3 (2.46.4 -> 2.46.5)
  webkit2gtk4 (2.46.4 -> 2.46.5)
  xdg-desktop-portal (1.18.4 -> 1.19.0)
  xxhash (0.8.2 -> 0.8.3)

=== Details ===

==== MicroOS-release ====
Version update (20241226 -> 20250101)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd

- automatically generated by openSUSE-release-tools/pkglistgen

==== dolphin ====
Subpackages: dolphin-part libdolphinvcs6

- fix super user mode in right click menu

==== gnome-branding-Aeon ====

- Correctly populate custom-keybindings gschema structure
- A more modern choice of applications in aeon-firstboot - evince -> papers; celluloid -> showtime; vlc -> celluloid

==== kate ====
Subpackages: kate-plugins

- new Qt keychain dependency to re-enable SQL plugin build

==== libportal ====
Version update (0.8.1 -> 0.9.0)
Subpackages: libportal-gtk4-1 libportal1

- Update to version 0.9.0:
  + Features: Introduce support for the Notification v2 portal
    version.
  + Bug fixes:
  - Fix a file descriptor leak in the Mail portal code
  - Fix some minor memory leaks

==== openvpn ====
Subpackages: openvpn-auth-pam-plugin

- Set %_buildshell because of bashisms in build recipe
- Replace over-the-top `find -exec rm` by just -delete

==== pcr-oracle ====

- Add fix-event-reshash-for-cryptouuid.patch to detect the crypto
  device with the 'cryptouuid' prefix

==== python-Jinja2 ====
Version update (3.1.4 -> 3.1.5)

- Update to 3.1.5:
  * The sandboxed environment handles indirect calls to str.format,
    such as by passing a stored reference to a filter that calls
    its argument. GHSA-q2x7-8rv6-6q7h
  * Escape template name before formatting it into error messages,
    to avoid issues with names that contain f-string syntax. #1792,
    GHSA-gmj6-6f8f-6699
  * Sandbox does not allow clear and pop on known mutable sequence
    types. #2032
  * Calling sync render for an async template uses asyncio.run. #1952
  * Avoid unclosed auto_aiter warnings. #1960
  * Return an aclose-able AsyncGenerator from
    Template.generate_async. #1960
  * Avoid leaving root_render_func() unclosed in
    Template.generate_async. #1960
  * Avoid leaving async generators unclosed in blocks, includes and
    extends. #1960
  * The runtime uses the correct concat function for the current
    environment when calling block references. #1701
  * Make |unique async-aware, allowing it to be used after another
    async-aware filter. #1781
  * |int filter handles OverflowError from scientific notation. #1921
  * Make compiling deterministic for tuple unpacking in a {% set ... %}
    call. #2021
  * Fix dunder protocol (copy/pickle/etc) interaction with Undefined
    objects. #2025
  * Fix copy/pickle support for the internal missing object. #2027
  * Environment.overlay(enable_async) is applied correctly. #2061
  * The error message from FileSystemLoader includes the paths that
    were searched. #1661
  * PackageLoader shows a clearer error message when the package does
    not contain the templates directory. #1705
  * Improve annotations for methods returning copies. #1880
  * urlize does not add mailto: to values like @a@b. #1870
  * Tests decorated with @pass_context can be used with the
    |select filter. #1624
  * Using set for multiple assignment (a, b = 1, 2) does not fail when
    the target is a namespace attribute. #1413
  * Using set in all branches of {% if %}{% elif %}{% else %} blocks does
    not cause the variable to be considered initially undefined. #1253
- drop fix-ftbfs-with-python313.patch, merged upstream

==== qt6-webengine ====
Subpackages: libQt6WebEngineCore6 libQt6WebEngineQuick6 libQt6WebEngineWidgets6 qt6-webengine-imports

- Add patch to avoid CVE-2024-40896 (boo#1234820)
  * 0001-Build-system-remove-libxml2-compilation-test.patch

==== shadow ====
Version update (4.16.0 -> 4.17.0)
Subpackages: libsubid5 login_defs

- Update to 4.17.0:
  * Fix the lower part of the domain of csrand_uniform()
  * Fix use of volatile pointer
  * Use 'dist-hook' to clean up <tests/unit/Makefile>
  * Use str2[u]l() instead of atoi(3)
  * Use a2i() in various places
  * Fix const correctness
  * Use uid_t for holding UIDs (and GIDs)
  * Move all sprintf(3)-like APIs to a subdirectory
  * Move all copying APIs to a subdirectory
  * Fix forever loop on ENOMEM
  * Fix REALLOC() nmemb calculation
  * Remove id(1)
  * Remove groups(1)
  * Use local time for human-readable dates
  * Use %F instead of %Y-%m-%d with strftime(3)
  * is_valid{user,group}_name(): Set errno to distinguish the reasons
  * Recommend --badname only if it is useful
  * Add fmkomstemp() to fix mode of </etc/default/useradd>
  * Fix use-after-free bug in sgetgrent()
  * Update Catalan translation
  * Remove references to cppw, cpgr
  * groupadd, groupmod: Update gshadow file with -U
  * Added option -a for listing active users only, optimized using if aflg,return
  * Added information in lastlog man page for new option '-a'
  * Plenty of code cleanup and clarifications
- Update to 4.17.0 RC1:
  Pre-release without changelog

==== srt ====
Version update (1.5.3 -> 1.5.4)

- version update to 1.5.4
  * API/ABI:
  - PR #2967: SRTO_VERSION socket option is read-only. Removed the ability to
    set a value (srt_setopt(..)).
  - PR #2849: Removed the possibility to use optlen=-1 in srt_setsockopt.
  - PR #2683:❗Changed conditions for setting caller and listen callbacks.
  - PR #2804: Fixed NULL characters handling inside of strings.
  - PRs #2887, #2918, #2912: Fixed getting some socket options from a group.
  * Known Issues
  - #3072: Getting SRTO_STREAMID on an accepted group connection does not
    return a value (listener side).
  * New Features and Improvements
  - PR #2700: Added support for Botan cryptography library.
  - PR #2940: Added support for building SRT on visionOS.
  * Thread Safety fixes:
  - PR #3047: Fixed static variable usage in the crypto module.
  - PR #3038: Improved mutex protection of the TSBPD.
  - PR #2998: Fixed a data race on the listener's config.
  - PR #2990: Fixed a potential data race around m_bGCStatus variable.
  - PR #2972: Fixed TSBPD thread create/join protection.
  - PR #2893: Fixed data races and multithreading issues.
  - PR #2723: Fixed lacking mutex protection of some ACK-related fields.
  - PR #1884: Fixed a possible socket leak in srt_accept failure.
  - PR #1824: Fixed some lock-order-inversion and data race problems.
  * Logging improvements
  * Encryption
  - PR #2962: Improved AES GCM encryption, changed GCM IV length to 12 bytes.
  - PR #2921: Drop unencrypted packets if the receiving KM state is "secured".
  - PR #2905: Fixed HaiCrypt_Clone() by properly setting up the RX crypto context.
  - PR #2880: Fixed the PacketFilter (FEC) configuration not counting the
    AEAD AUTH tag length.
  * Fixes related to SRT Socket groups.
  * Statistics fixes
  * Sample Applications fixes
  - PR #3002: Fixed verbose log linkage difference.
  - PR #2848: Added simplified support for RTP input in srt-live-transmit.
  - PR #2015, #3041: Added URL percent decoding to the URL query string keys and
    values.
  * Documentation
  - PR #2762: Added Rejection Reasons document.
  - PR #2921: Update the SRT_KM_S_SECURED description.
    Updated pktRcvUndecrypted description.
  - PR #2875: Updated the documentation about latency and transmission type.
  - PR #2820: More explicit description of grpdata_size updates.

==== transactional-update-notifier ====
Version update (1.1.0.2 -> 1.1.1)

- Update to v1.1.1
  * feat: env variable to set notification urgency

==== webkit2gtk3 ====
Version update (2.46.4 -> 2.46.5)
Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 webkit2gtk-4_1-injected-bundles

- Update to version 2.46.5 (boo#1234851):
  + Fix the build with GBM and release logs disabled.
  + Fix several crashes and rendering issues.
  + Security fixes: CVE-2024-54479, CVE-2024-54502, CVE-2024-54505,
    CVE-2024-54508.

==== webkit2gtk4 ====
Version update (2.46.4 -> 2.46.5)
Subpackages: libjavascriptcoregtk-6_0-1 libwebkitgtk-6_0-4 webkitgtk-6_0-injected-bundles

- Update to version 2.46.5 (boo#1234851):
  + Fix the build with GBM and release logs disabled.
  + Fix several crashes and rendering issues.
  + Security fixes: CVE-2024-54479, CVE-2024-54502, CVE-2024-54505,
    CVE-2024-54508.

==== xdg-desktop-portal ====
Version update (1.18.4 -> 1.19.0)

- Create a doc flavor for building developer documentation.
- Update to 1.19.0:
  + The portals.conf parser is now able to handle fallback backends
    better, and respects the order of backends in the config file.
  + Try to use the xdg-desktop-portal-gtk backend as a last resort
    backend, if everything else fails.
  + Implement getlk and setlk, and honour O_NOFOLLOW, in the
    Document portal's FUSE filesystem.
  + Neutralize the Devices portal. Originally the Devices portal
    was introduced so that services like PulseAudio or PipeWire
    could request access to microphones and cameras on the behalf
    of apps. It was not meant to be used by sandboxed apps
    directly, which is unusual for a portal. Practically, however,
    it didn't take off.
  + Implement PID/TID mapping for host system apps.
  + Add a new "supported_output_file_formats" option to the Print
    portal. This can be used by apps like browsers to limit the
    output file formats presented by the Print portal backend. For
    example, an app can limit file printing to PDF files.
  + Add a new "GetHostPaths" method to the Document portal, which
    allows mapping file descriptors to paths on the host system.
    This can be used by apps to show more meaningful file paths in
    the user interface.
  + Like the new method above, the Document portal sets the
    "user.document-portal.host-path" xattr on files, pointing to
    the host system file path. The use case is similar to
    "GetHostPaths".
  + Make the Background portal more robust when validating
    autostart files.
  + Clarify behavior of the File Chooser portal in the
    documentation pages.
  + Improve robustness against deleted o_path fds in the Document
    portal.
  + Fix a warning in some systems while trying to load Request
    D-Bus object properties.
  + Fix a physical inode leak in the Document portal.
  + Various improvements to the test suite. Python-based tests now
    run in parallel and are more careful when setting up the mock
    D-Bus server. Tests also start dbus-monitor if necessary now.
    FUSE tests of the Document portal have been made more
    TAP-alike now.
  + Memory leak fixes in a variety of portals and services,
    including the permissions database, the Document portal, the
    File Transfer portal, the Location portal, the Background
    portal, tests, and the icon validator. And more. There's a lot
    of memory leak fixes everywhere, really.
  + Major refactorings of the icon validator. Icons are now
    limited to 4MB files.
  + Update XML specification specifying session handle type to
    match current actual ABI in GlobalShortcuts, Inhibit,
    RemoteDesktop, and ScreenCast portals.
  + New and updated translations.
- Adapt BuildRequires for new documentation build process:
  + Add python3-Sphinx
  + Add python3-furo
  + Add python3-sphinxcontrib-copybutton
  + Add python3-sphinxext-opengraph

==== xxhash ====
Version update (0.8.2 -> 0.8.3)

- Update to release 0.8.3
  * Corrects an edge case in ``XXH3_128bits_withSecretandSeed``
    that could generate invalid results.
  * xxhash now knows command-line arguments ``--filelist``,
    ``--files-from``.