Removed rpms
============

 - adjtimex
 - dbus-1-glib
 - dbus-1-glib-tool
 - google-croscore-fonts
 - libavif13
 - libcbor0
 - libcpupower0
 - libhugetlbfs
 - libhunspell-1_6-0
 - libmariadb3
 - libprotobuf20
 - librav1e0
 - noto-arimo-fonts
 - noto-cousine-fonts
 - noto-tinos-fonts
 - openssl-1_1
 - python3-bind
 - python3-ply
 - wsdd

Added rpms
==========

 - cpupower-bash-completion
 - cpupower-lang
 - libabsl2308_0_0
 - libavif16
 - libbpf1
 - libcbor0_10
 - libcpupower1
 - libdav1d6
 - libdbus-glib-1-2
 - libhunspell-1_7-0
 - libopenssl3
 - libprotobuf25_1_0
 - librav1e0_6
 - libvulkan1
 - openssl
 - openssl-3

Package Source Changes
======================

Mesa
+- Update to bugfix release 23.3.4
+  - -> https://docs.mesa3d.org/relnotes/23.3.4.html
+
+- split python36-buildfix.patch into two patches python36-buildfix1.patch
+  and python36-buildfix2.patch; apply the latter only on sle15-sp6/Leap 15.6
+  since on newer python releases than 3.6 it changes behaviour to
+  remove required=True option
+
+- python36-buildfix.patch
+  * src/freedreno/registers/gen_header.py: hopefully fixes aarch64
+    build
+
+- u_0001-intel-genxml-Drop-from-__future__-import-annotations.patch
+  u_0002-intel-genxml-Add-a-untyped-OrderedDict-fallback-for-.patch
+  python36-buildfix.patch
+  * fixes build against python 3.6
+
+- let Mesa-dri require libvulkan1 to get zink/swrast driver
+  fallbacks working (hopefully); probably related:
+  https://gitlab.freedesktop.org/mesa/mesa/-/commit/2a71f06f2938678d89d5ed1372cda6a7b55d964d
+
+-  Update to bugfix release 23.3.3
+  - -> https://docs.mesa3d.org/relnotes/23.3.3.html
+
+- Update to bugfix release 23.3.2
+  - -> https://docs.mesa3d.org/relnotes/23.3.2.html
+
+- Update to version 23.3.0:
+  * It includes NVK, a new reverse-engineered Vulkan driver for
+    Nvidia hardware. This driver is still in experimental phase,
+    not quite ready for prime time yet, but adventurous users can
+    give it a go!
+  * New extensions & features (in no particular order):
+  - VK_EXT_pipeline_robustness on ANV
+  - VK_KHR_maintenance5 on RADV
+  - OpenGL ES 3.1 on Asahi
+  - GL_ARB_compute_shader on Asahi
+  - GL_ARB_shader_atomic_counters on Asahi
+  - GL_ARB_shader_image_load_store on Asahi
+  - GL_ARB_shader_image_size on Asahi
+  - GL_ARB_shader_storage_buffer_object on Asahi
+  - GL_ARB_sample_shading on Asahi
+  - GL_OES_sample_variables on Asahi
+  - GL_OES_shader_multisample_interpolation on Asahi
+  - GL_OES_gpu_shader5 on Asahi
+  - EGL_ANDROID_blob_cache works when disk caching is disabled
+  - VK_KHR_cooperative_matrix on RADV/GFX11+
+- Drop patches fixed upstream:
+  * U_clover-llvm-move-to-modern-pass-manager.patch
+  * U_radeonsi-prefix-function-with-si_-to-prevent-name-co.patch
+- Refresh patches with quilt.
+- Use %patch -p N instead of deprecated %patchN.
+
Mesa:drivers
+- Update to bugfix release 23.3.4
+  - -> https://docs.mesa3d.org/relnotes/23.3.4.html
+
+- split python36-buildfix.patch into two patches python36-buildfix1.patch
+  and python36-buildfix2.patch; apply the latter only on sle15-sp6/Leap 15.6
+  since on newer python releases than 3.6 it changes behaviour to
+  remove required=True option
+
+- python36-buildfix.patch
+  * src/freedreno/registers/gen_header.py: hopefully fixes aarch64
+    build
+
+- u_0001-intel-genxml-Drop-from-__future__-import-annotations.patch
+  u_0002-intel-genxml-Add-a-untyped-OrderedDict-fallback-for-.patch
+  python36-buildfix.patch
+  * fixes build against python 3.6
+
+- let Mesa-dri require libvulkan1 to get zink/swrast driver
+  fallbacks working (hopefully); probably related:
+  https://gitlab.freedesktop.org/mesa/mesa/-/commit/2a71f06f2938678d89d5ed1372cda6a7b55d964d
+
+-  Update to bugfix release 23.3.3
+  - -> https://docs.mesa3d.org/relnotes/23.3.3.html
+
+- Update to bugfix release 23.3.2
+  - -> https://docs.mesa3d.org/relnotes/23.3.2.html
+
+- Update to version 23.3.0:
+  * It includes NVK, a new reverse-engineered Vulkan driver for
+    Nvidia hardware. This driver is still in experimental phase,
+    not quite ready for prime time yet, but adventurous users can
+    give it a go!
+  * New extensions & features (in no particular order):
+  - VK_EXT_pipeline_robustness on ANV
+  - VK_KHR_maintenance5 on RADV
+  - OpenGL ES 3.1 on Asahi
+  - GL_ARB_compute_shader on Asahi
+  - GL_ARB_shader_atomic_counters on Asahi
+  - GL_ARB_shader_image_load_store on Asahi
+  - GL_ARB_shader_image_size on Asahi
+  - GL_ARB_shader_storage_buffer_object on Asahi
+  - GL_ARB_sample_shading on Asahi
+  - GL_OES_sample_variables on Asahi
+  - GL_OES_shader_multisample_interpolation on Asahi
+  - GL_OES_gpu_shader5 on Asahi
+  - EGL_ANDROID_blob_cache works when disk caching is disabled
+  - VK_KHR_cooperative_matrix on RADV/GFX11+
+- Drop patches fixed upstream:
+  * U_clover-llvm-move-to-modern-pass-manager.patch
+  * U_radeonsi-prefix-function-with-si_-to-prevent-name-co.patch
+- Refresh patches with quilt.
+- Use %patch -p N instead of deprecated %patchN.
+
ModemManager
+- Add explicit /usr/bin/dbus-daemon BuildRequires: Needed for
+  tests.
+
+- Update to version 1.20.6:
+  + build: New build option to allow disabling the installation of
+    examples.
+  + core:
+  - Fix crash when uninhibiting partially removed device.
+  - Fix crash when attempting to load an invalid shared utils
+    library.
+  + mmcli:
+  - Allow JSON and key/value output when creating SMS messages.
+  - Improved JSON output in network scan results.
+  + libmm-glib:
+  - Avoid using g_time_zone_new_offset() unless glib >= 2.58.
+  - Fix flags to string conversion utils to allow multiple flags.
+  + MBIM:
+  - Reset cached SIM info when SIM is unlocked.
+  - Fix synchronizing the state of the SIM hot swap configured
+    flag.
+  - Fix bug cleaning up the LTE attach info unsolicited message
+    handler.
+  - Fallback from QMI UIM service only if unsupported.
+  - Add missing support for 'emergency' APN type.
+  + QMI:
+  - Fix processing and exposing PCOs.
+  - Fix power up on modems that don't support power state change
+    indications.
+  + plugins:
+  - telit:
+    . add additional support for 5G modems.
+    . added port type hints for FN990 0x1070, 0x1071
+    compositions.
+    . increase allowed initial delay in AT ports.
+    . fallback to AT commands if loading revision via MBIM fails.
+  - quectel: add support for EC21-EUX usb modules.
+  - xmm: fix crash parsing XACT? response.
+- Changes from version 1.20.4:
+  + build:
+  - Don't hardcode building shared libraries, so that meson's
+    default_library option can be used properly,
+  - po: Added missing Georgian translation in LINGUAS.
+  + QMI:
+  - Fixed loading NR5G signal info.
+  - Fixed memory leaks when processing signal info.
+  - Correctly scaled the SNR value reported in NR5G.
+  - Fixed invalid use-after-free actions due to improper handling
+    of proxy removal events.
+  + MBIM:
+  - Fixed processing MbimSmsStatusFlag as flags, not as an enum.
+  - Fixed invalid use-after-free actions due to improper handling
+    of proxy removal events.
+  - Chained up device notifications through the MMPortMbim
+    object.
+  + Messaging: Allowed Delete operation during enabling/disabling.
+  + Core: Don't assume port tables always exist so that
+    long-standing operations holding an object reference can finish
+    cleanly even after the initial object disposal has already been
+    run.
+  + plugins:
+  - quectel: added new firehose/sahara support udev tags in new
+    models.
+  - broadmobi: added MM_PLUGIN_REQUIRED_QCDM flag.
+  - cinterion:
+    . added a delay to the ^SWWAN? command.
+    . added retry mechanism to the ^SWWAN? command.
+- Changes from version 1.20.2:
+  + build:
+  - Fixed building without MBIM support.
+  - Fixed building without tests support.
+  - Disabled test interface in base manager if building without
+    tests.
+  - Updated intel plugin dependencies to require XMM shared
+    utils.
+  - Fixed templates to make build reproducible.
+  + FCC unlock: Updated shell scripts to avoid requiring bash.
+  + MBIM:
+  - Ignored SIM related indications during a SIM slot switch
+    operation.
+  - Updated capabilities loading to use Microsoft Extensions if
+    available.
+  - Updated supported modes loading to use the CustomDataClass
+    field contents.
+  + SIM: Fixed length when reading GID1/GID2 using AT commands.
+  + Several other minor improvements and fixes.
+- Changes from version 1.20.0:
+  + API:
+  - New 'Modem.Sar' interface to allow the host to manage the SAR
+    power level.
+  - New 'Modem.GetCellInfo()' method, that allows querying
+    information about the current serving and neighboring cells.
+    Currently including 'cell-type' and 'serving' fields for all
+    cell types, plus additional type-specific fields:
+    . CDMA: 'nid', 'sid', 'base-station-id', 'ref-pn' and
+    'pilot-strength'.
+    . GSM: 'operator-id', 'lac', 'ci', 'timing-advance', 'arfcn',
+    'base-station-id' and 'rx-level'.
+    . UMTS: 'operator-id', 'lac', 'ci', 'frequency-fdd-ul',
+    'frequency-fdd-dl', 'frequency-tdd', 'uarfcn', 'psc',
+    'rscp', 'ecio' and 'path-loss'.
+    . TDSCDMA: 'operator-id', 'lac', 'ci', 'uarfcn',
+    'cell-parameter-id', 'timing-advance', 'rscp' and
+    'path-loss'.
+    . LTE: 'operator-id', 'tac', 'ci', 'physical-ci', 'earfcn',
+    'rsrp', 'rsrq' and 'timing-advance'.
+    . 5GNR: 'operator-id', 'tac', 'ci', 'physical-ci', 'nrarfcn',
+    'rsrp', 'rsrq', 'sinr' and 'timing-advance'.
+  - New 'access-type-preference', 'roaming-allowance',
+    'profile-name', 'profile-enabled' and 'profile-source'
+    fields in the 'Bearer.Properties' property, that can also be
+    used in both 'Modem.Simple.Connect()' and
+    'Modem.CreateBearer()'.
+  - New 'Modem.Modem3gpp.SetPacketServiceState()' method and
+    'Modem.Modem3gpp.PacketServiceState' property, which allow
+    management the explicit attach or detach to packet service on
+    the current registered network.
+  - New 'Modem.Modem3gpp.SetNr5gRegistrationSettings()' method
+    and 'Modem.Modem3gpp.Nr5gRegistrationSettings' property, to
+    allow management of 5G specific settings like 'mico-mode' or
+    'drx-cycle'.
+  - New 'start-date', 'uplink-speed' and 'downlnk-speed' fields
+    in the 'Bearer.Stats' property.
+  - New 'Bearer.ReloadStatsSupported' property to indicate
+    whether reloading ongoing stats is supported or not.
+  - New 'Modem.Modem3gppProfileManager.IndexField' property, to
+    indicate which field is to be used as unique index in the
+    profile management operations.
+  - New 'Sim.SimType', 'Sim.EsimStatus' and 'Sim.Removability'
+    properties to improve the management of eSIM related
+    operations.
+  - New 'Sim.Gid1' and 'Sim.Gid2' properties, which allow
+    identifying SIM cards that should have different settings
+    applied.
+  - New 'Modem.Signal.SetupThresholds() method,
+    'Modem.Signal.RssiThreshold' and
+    'Modem.Signal.ErrorRateThreshold' to allow configuring
+    thresholds so that the modem emits indications whenever the
+    signal quality values change based on those thresholds. For
+    RSSI a delta amount of dBm can be given, and for error rate
+    just a boolean to enable or disable the corresponding event.
+  - New 'error-rate' fields in the 'Modem.Signal.Cdma',
+    'Modem.Signal.Evdo', 'Modem.Signal.Gsm', 'Modem.Signal.Umts',
+    'Modem.Signal.Lte' and 'Modem.Signal.Nr5g' properties.
+  + Core:
+  - Detecting an eSIM without an active profile in the current
+    SIM slot will lead to the modem being in Failed state, in the
+    same way as if the slot was for a physical SIM and no SIM was
+    inserted.
+  - Default amount of AT probing attempts is updated to 6, to
+    cope with modems that are slower to boot.
+  - New '--test-mbimex-profile-management' option in the daemon,
+    to enable support for profile management operations using the
+    Microsoft extensions. This is an optional feature because it
+    requires using the 'apn-type' field as unique index, which
+    not all users of the profile management API may expect.
+  - Implemented some initial support to automatically hide
+    personal details (e.g. phone numbers, SMS contents...) from
+    logs, right now only applicable to QMI and MBIM logs. Updated
+    support for this feature will keep on being integrated in
+    future 1.20.x updates. The new '--log-personal-info' option
+    in the daemon allows to disable this feature completely.
+  - Added new filter match option for subsystem vendor id,
+    required in several PCI based Qualcomm modules.
+  - QCDM port probing will no longer automatically run for all
+    plugins, only in those that explicitly require it.
+  - Implemented support for suspend/resume detection based on
+    ChromeOS' powerd daemon.
+  - Added Cat-M and NB-IoT LPWA access technologies.
+  + Modem interface: On 3GPP+3GPP2 multimode devices, a missing SIM
+    card will now force the modem into Failed state, as if it was a
+    3GPP-only device.
+  + Simple interface: Explicitly wait for PS domain to be attached
+    during a connection attempt.
+  + 3GPP interface: Updated to report domain registration changes
+    altogether whenever possible (e.g. when using the QMI or MBIM
+    protocols).
+  + MBIM:
+  - Implemented support to use the Microsoft-defined MBIM
+    extensions v2 and v3 whenever supported by the device. The
+    ModemManager daemon will negotiate which version to use with
+    the modem, so that the highest version supported is enabled.
+    This negotiation applies to the whole device, so any other
+    user of the MBIM device will automatically start using the
+    newly agreed version.
+  - Implemented current modes switching using MBIMEx v2.0
+    extensions.
+  - Trigger explicit disconnection if a connection attempt fails.
+  - Modem will be flagged as unusable if 10 consecutive MBIM
+    requests timeout.
+  - Enabled multiplex support for devices in the WWAN subsystem.
+  + QMI:
+  - Updated logic to by default prefer 'Signal Info' over the
+    deprecated 'Signal Strength' operations.
+  - Updated logic to by default prefer 'System Info' over the
+    deprecated 'Serving System' operations.
+  - Updated power state transition logic to ensure the new state
+    is reached before returning success to the user.
+  - Implemented support for the 'Modem3gppProfileManager.Updated'
+    signal using PDC refresh notifications.
+  - Modem will be flagged as unusable if 10 consecutive QMI
+    requests timeout.
+  - Implemented DTMF support.
+  - Implemented support for automatic SIM IMSI switch detection
+    under certain roaming scenarios.
+  - Updated the logic to move the PS domain state to 'registered'
+    based on the DSD System Status indications.
+  - Updated endpoint type detection logic to be based on the net
+    driver.
+  - Updated endpoint number selection to be based on the data
+    port.
+  - Updated connection logic to allocate separate WDS clients per
+    endpoint.
+  - Added support for PCO reporting.
+  + plugins:
+  - quectel: Added FCC unlock support for the EM05-G.
+  - telit:
+    . Band management updated to prefer using QMI whenever
+    available, as well as to detect the #BND command format
+    automatically.
+    . Added support for LPWA modems.
+  - fibocom:
+    . Implemented optional support to power down and up the modem
+    during the update of the initial EPS bearer settings.
+    . Implemented initial EPS bearer settings management in the
+    MA510.
+  - intel: New generic plugin for Intel PCI devices with vid
+    0x8086.
+  - xmm: Prefer GNSS control ports explicitly tagged via udev
+    tags.
+  - foxconn: Use the new FOX QMI service to load firmware
+    version.
+  - cinterion: Added support for PCIe based devices.
+- Use ldconfig_scriptlets macro.
+- Switch to meson buildsystem, add meson BuildRequires and macros.
+- Add xsltproc and pkgconfig(bash-completion) BuildRequires: New
+  dependencies.
+
+- Update to version 1.18.12:
+  + This release fixes a few very critical issues that happpen when
+    using a glib2 newer or equal than 2.73.2, plus numerous fixes
+    for the Core, MBIM, QMI, 3GPP profile manager interface, SMS,
+    libmm-glib, and mmcli.
+  + Plugins:
+  - sierra: disable +CPOL in the GL7600.
+  - telit: add LE910Cx MBIM composition port hints.
+  - telit: add port type hints for LN920 0x1060, 0x1061
+    compositions.
+  - icera: fix double free on %%IPSYS=? response processing
+  - mtk: fix task completion when loading supported modes.
+- Add new pkgconfig modules build requirements: gio-2.0, glib-2.0,
+  gmodule-2.0, and gobject-2.0.
+- Update ModemManager.keyring to the new upstream key:
+  A814D09B9C5BC01945A64308AECE0239C6606AD5. Found at
+  www.freedesktop.org/software/ModemManager/0xAECE0239C6606AD5.asc.
+
+- Disable make_check call, tests currently fails due to our switch
+  to glib 2.73.2.
+  https://gitlab.freedesktop.org/mobile-broadband/ModemManager/-/merge_requests/870
+  https://gitlab.freedesktop.org/mobile-broadband/ModemManager/-/issues/601
+  https://gitlab.freedesktop.org/mobile-broadband/ModemManager/-/issues/621
+
NetworkManager
-- Update to version 1.38.6 (bsc#1208631):
+- Add python3.6-in-sle.patch: SLE still takes python 3.6 as primary
+  system, the patch allows meson to find python 3.6 in SLE.
+
+- Use %patch -p N instead of deprecated %patchN.
+
+- Update to version 1.44.2:
+  + Better log IPv4 Address Conflict Detection (ACD) conflicts
+  + Remove the upper limit of 65535 for PIDs read from the PID file
+  + Allow missing default gateway with oFono
+  + Honor the CLICOLOR_FORCE environment variable
+  + Fix generating connection with IPv6 method disabled vs ignored
+  + Fix possible segmentation fault when doing a checkpoint
+    rollback
+  + Documentation improvements
+- Switch to source services, use explicit released tag.
+
+- Update to version 1.44.0:
+  + Introduce a new "link" setting that holds properties related to
+    the kernel link such as "tx-queue-length", "gso-max-size",
+    "gso-max-segments", "gro-max-size".
+  + Support sending a DHCPv6 prefix delegation hint via the
+    "ipv6.dhcp-pd-hint" connection property.
+  + Support new bond options: "arp_missed_max", "lacp_active",
+    "ns_ip6_target".
+  + Add new "initial-eps-bearer-configure" and
+    "initial-eps-bearer-apn" properties in the GSM setting.
+  + Setting "connection.stable-id=default${CONNECTION}" changed
+    behavior to be identical to the built-in default value when the
+    stable-id is not set.
+  + Add a "[keyfile].rename" option to NetworkManager.conf to force
+    renaming profiles on disk when their name changes.
+  + The ifcfg-rh plugin is deprecated; it will only receive
+    bugfixes and no new features. A warning is emitted the log when
+    a connection in ifcfg-rh format is found.
+  + To automatically migrate existing ifcfg-rh connections to the
+    keyfile format, a new configuration option
+    "main.migrate-ifcfg-rh" is provided. Migration is disabled by
+    default, but the default value can be changed at build time via
+    "--with-config-migrate-ifcfg-rh-default=yes".
+  + When configuring hostnames in non-public TLD (like
+    "example.local"), use the TLD as default search domain instead
+    of the full hostname.
+  + Always apply DNS options from the [global-dns] configuration
+    section
+  + The NetworkManager daemon now acquires the D-Bus name only
+    after populating the D-Bus tree. This can add a delay during
+    startup but it is required to avoid race conditions with other
+    services depending on NM.
+  + Add a "version-id" argument to the Update2() D-Bus call to
+    guard against concurrent modifications of profiles.
+  + Don't use tentative IPv6 addresses to resolve the system
+    hostname via DNS.
+  + Track the number of autoconnect retries left for each device
+    and connection. Previously it was tracked only per connection
+    and this lead to unexpected behaviors in case of multiconnect
+    profiles.
+  + Set VLAN filtering options on bridge via netlink instead of
+    sysfs.
+  + nm-cloud-setup now supports IMDSv2 on Amazon EC2.
+  + nmtui now allows to enable or disable Wi-Fi and WWAN radios.
+  + Honor ignore-carrier=no for bond/bridge/team devices.
+  + Add version mismatch warning when running nmcli commands.
+- Rebase patches with quilt.
+
+- Update to version 1.42.8:
+  + Add support for ppp 2.5.0.
+  + Fix nft rules for balance-slb bonding.
+  + Support port priority for bonding.
+  + Fix regression handling the PKEY_ID for infiniband profiles in
+    ifcfg-rh format.
+  + Fix race in nm-cloud-setup that caused partial configuration
+    and loss of connectivity with multiple interfaces.
+  + Don't touch "net.ipv6.conf.$IFACE.forwarding" unless explicitly
+    required for IPv6 sharing.
+  + Various bugfixes related to team, Wi-Fi P2P, IPv6LL.
+  + Automatically unblock autoconnect of profiles during reapply.
+
+- Update https://www.gnome.org/projects/NetworkManager/ URL tag to
+  NM's newest home page: https://networkmanager.dev/, and main
+  package summary to: standard Linux network configuration tool
+  suite.
+
+- Add nm-runstatedir.patch: to correct rundir from /var/run to /run
+  for systemd FHS compatibility
+
+- Update to version 1.42.6:
+  + Emit the dhcp-change dispatcher event also after a lease
+    renewal.
+  + Fix assertion failure on DHCP renewal.
+  + Add support for EC2 IMDSv2 in nm-cloud-setup.
+  + Allow setting tunnel flags for ip6gre & ip6gretap connection
+    profiles.
+  + Improve the Wi-Fi hotspot functionality.
+  + Fix setting the Wi-Fi roaming policy based on the number of
+    seen BSSIDs.
+  + Support the "no-aaaa" resolv.conf option.
+  + Some oFono fixes.
+
+- Update to version 1.42.4:
+  + Fix a possible crash when [global-dns] is used and improve the
+    documentation.
+  + Documentation improvements.
+
+- Changes from version 1.38.6 (bsc#1208631):
-- Changes from version 1.38.4:
+
+- Update to version 1.42.2:
+  + Add build option to set the mobile-broadband-provider-info
+    database path.
+  + Add new "ipv[46].replace-local-rule" setting to control whether
+    to remove the local route rule that is automatically generated.
+  + Add the DHCPv6 IAID to the lease information exposed in /run
+    and on D-Bus.
+  + Fix assuming team connections at boot.
+  + Fix race condition when setting the MAC address of an OVS
+    interface.
+  + Fix constructing the IPv4 name servers variable passed to
+    dispatcher scripts.
+  + Don't use tentative IPv6 address to resolve the system hostname
+    via DNS.
+  + Deprecate the "Master" property of the NMActiveConnection D-Bus
+    object in favor of the new "Controller" property.
+- Drop 1539.patch: Fixed upstream.
+- Refresh patch with quilt:
+  + 0001-Coerce-connectivity-LIMITED-to-NONE-when-device-is-d.patch
+
+- Add 1539.patch: Fix constructing the IPv4 nameserver variable
+  (boo#1208371).
+
+- Pass session_tracking=systemd and
+  session_tracking_consolekit=false to meson, no longer build
+  support for consolekit as session tracker.
+
+- Update to version 1.42.0:
+  + Added support for source load balancing for Ethernet Bonds.
+  + Allow specifying vhost name (SNI) for a manually DNS-over-TLS
+    server. Only works with systemd-resolved plugin.
+  + Connections can now be activated on a loopback interface.
+  + Added support of IPv4 ECMP routes. The ECMP routes will get
+    merged.
+
+- Update to version 1.40.12:
+  + Make sure "external-ids" stays up to date in Open vSwitch
+    database on a connection reapply.
+  + Retry if a netlink sockets runs out of buffer space before
+    we're able to read results of a link change.
+  + Fix a possible race involving concurrent invocation of iptables
+    in IPv4 shared mode.
+  + Other various fixes.
+
+- Update to version 1.40.10:
+  + Fix the evaluation of the autoconnect retries.
+  + nm-cloud-setup now preserves addresses added externally.
+  + Ensure that dnsmasq is stopped after changing the dns backend
+    and restarting the service.
+  + Fix honoring an explicit DHCPv6 DUID with dhclient.
+  + Other various fixes.
+
+- Update to version 1.40.8:
+  + Fixed a bug that caused devices (MACsec in particular) to be
+    stuck in UNAVAILABLE state and not transition to DISCONNECTED
+    if the carrier was ready too early.
+  + Improved interoperability of MACsec with some Aruba switches by
+    allowing CKN shorter than 64 characters.
+  + Fixed an assertion failure when restarting NetworkManager with
+    MACsec links configured.
+  + Fixed a possible DHCP helper crash when handling failure to
+    connect to D-Bus.
+  + Corrected calculation of expiration time for items configured
+    from IPv6 neighbor discovery messages.
+  + Various fixes for platforms that don't allow unaligned memory
+    access.
+
+- Drop iptables BuildRequires and -Diptables meson parameter:
+  iptables is legacy (obsoleted in favor of nft). Additionally.
+  meson has proper fallback detection to assume the correct path,
+  should it need to use iptables.
+- Recommend nftables instead of iptables.
+
+- Update to version 1.40.6:
+  + team:
+  - Also set empty port configuration so teamd knows about the
+    port.
+  - Restore port configuration after teamd respawn.
+- Changes from version 1.40.4:
+  + dhcp: revert restarting DHCP when MAC address changes, for
+    example during a bond fail over.
+  + Various documentation fixes.
+  + Fix non-exported ABI in libnm which was wrongly present in the
+    header files but unusable so far.
+  + ifcfg-rh: fix writing ethtool pause settings to file.
+  + core: set "proto static" for manual routing rules configured by
+    NetworkManager.
+  + Various minor bugfixes.
+
+- Keep netconfig support. The rc-manager auto detection will select
+  appropriate manager during runtime.
+
+- Use a with_netconfig define instead of relying on bcond: bcond is
+  meant to have extrenally controllable build conditions (build -D,
+  or OBS prjconf).
+
+- Update to version 1.40.2:
+  + Ensure that resolv.conf gets updated when the configuration
+    changes.
+  + Fix setting as bond primary an interface that doesn't exist yet
+    when the bond is activated.
+  + The number of autoconnect retries is now accounted
+    independently for each device when there are profiles with
+    multi-connect=multiple.
+  + Don't print duplicate entries in the output of "NetworkManager
+  - -print-config".
+  + Fix the ifcfg-rh plugin to properly read infiniband P-Key
+    connection profiles without an explicit interface name.
+  + Allow the removal of a bond port connection profile from the
+    bond via nmcli.
+  + Fix race condition during the activation of veth profiles when
+    the peer already exists.
+  + Decline the DHCPv6 lease if all addresses fail IPv6 duplicate
+    address detection (DAD).
+  + Wait that devices get carrier before trying to resolve the
+    system hostname on them via DNS.
+  + Fix race condition during the initial activation of OVS
+    interfaces.
+  + Profiles generated by nm-initrd-generator now have lower than
+    default priority.
+  + Fix error when adding many SR-IOV virtual functions (VFs).
+
+- Disabling netconfig compiling option for openSUSE Tumbleweed.
+
+- Drop dependency on sysconfig-netconfig: the collection of shell
+  scripts is not required for regular operation.
+
+- Update to version 1.40.0:
+  + During the build, stop relying on intltool for i18n and use
+    gettext only.
+  + Undeprecate nm_remote_connection_get_secrets() in libnm.
+  + NetworkManager now will restart DHCP if the MAC changes on a
+    device.
+- Drop intltool BuildRequires following upstream changes.
+- Refresh patches with quilt.
+- Stop passing dnssec_trigger=%{_libexecdir}/dnssec-trigger-script
+  to meson, support dropped upstream.
+
+- Update to version 1.38.4:
+- Create /etc/NetworkManager/conf.d by default, allowing easy
+  override for NetworkManager.conf file with drop-in.
+- Move default config file to
+  /usr/lib/NetworkManager/NetworkManager.conf, as part of main
+  package.
+- Branding upstream package is now just a config drop-in to
+  disable conncheck.
+- Ensure /usr/lib/NetworkManager/conf.d is part of the package.
+
NetworkManager-branding:openSUSE
+- Fix most rpmlint warnings:
+  + suse-zypp-packageand: use current Supplements: (A and B) syntax
+    over packagand(A:B)
+  + summary-ended-with-dot: Remove dot at the end of Summary:
+  + no-%build-section: Add empty %build section
+  + branding-supplements-missing: Fixes as part of
+    suse-zypp-packageand.
+
+- Expliciltly BuildRequire NetworkManager-branding-upstream:
+  branding-upstream is produced by NetworkManager and is guaranteed
+  to be the same version. Breaks a self-cycle.
+
+- Move conncheck config file out of /etc. No longer
+  import main config file.
+
SDL2
+- Update to release 2.28.5
+  * Added support for the HP HyperX Clutch Gladiate controller
+  * Fixed a crash if a controller is disconnected while SDL is
+    opening it
+  * Fixed a crash on Linux if XInput2 isn't available at runtime
+
+- Enable direct PipeWire support
+
+- Update to release 2.28.4
+  * Enable clipping for zero sized rectangles in the SDL renderer
+  * Notify X11 clipboard managers when the clipboard changes
+  * Fixed sensor timestamps for third-party PS5 controllers
+  * Added detection for Logitech and Simagic racing wheels
+
+- Update to release 2.28.3
+  * Added a gamepad mapping for the G-Shark GS-GP702
+  * Fixed touchpad events for the Razer Wolverine V2 Pro in PS5 mode
+
+- Update to release 2.28.2
+  * Fixed 8BitDo gamepad mapping when in XInput mode on Linux
+  * Fixed controller lockup initializing some unofficial PS4
+    replica controllers
+  * Fixed video initialization on headless Linux systems using VNC
+
+- Update to release 2.28.1
+  * Added support for the Nintendo Online Famicom controllers
+  * Improved support for third-party Nintendo Switch controllers
+  * Fixed setting the player LED on Nintendo Switch controllers
+  * Added Linux controller mapping for the Logitech Chillstream
+
+- Update to release 2.28
+  * Added SDL_HasWindowSurface() and SDL_DestroyWindowSurface() to
+    switch between the window surface and rendering APIs.
+  * Added a display event SDL_DISPLAYEVENT_MOVED which is sent
+    when the primary monitor changes or displays change position
+    relative to each other.
+  * Added the hint SDL_HINT_ENABLE_SCREEN_KEYBOARD to control
+    whether the on-screen keyboard should be shown when text input
+    is active.
+- Delete 0001-Cleanup-add-brace-6545.patch,
+  0002-Update-for-SDL3-coding-style-6717.patch,
+  0003-Clang-Tidy-fixes-6725.patch (inapplicable),
+  0004-evdev_kbd-Use-current-keymap.patch (merged).
+
+- Update to release 2.26.5
+  * Fixed handling of third party PS4 controller input reports
+  * Added support for the trigger buttons on the Victrix Pro FS
+    for PS5
+  * Added mapping for Flydigi Vader 2 with the latest firmware
+    (6.0.4.9)
+  * Added mapping for DualSense Edge Wireless Controller on Linux
+  * Added mapping for Hori Pokken Tournament DX Pro Pad
+  * Improved the speed and quality of audio resampling
+  * Fixed crash on Linux if dbus can't be initialized
+
+- Update to release 2.26.4
+  * Fixed using older game controller mappings on Linux
+
+- Use current keymap on console
+  (https://github.com/libsdl-org/SDL/pull/7400 )
+  + 0001-Cleanup-add-brace-6545.patch
+  + 0002-Update-for-SDL3-coding-style-6717.patch
+  + 0003-Clang-Tidy-fixes-6725.patch
+  + 0004-evdev_kbd-Use-current-keymap.patch
+
+- Update to release 2.26.3
+  * Fixed infinite loop shutting down WGI controllers
+  * Fixed centering the D-pad on some Xbox controllers
+
+- Update to release 2.26.2
+  * Fixed long delay at startup when a Razer keyboard is
+    connected
+  * Fixed not receiving SDLK_5 or SDL_SCANCODE_5 when using the
+    AZERTY keyboard layout on Linux
+- Enable libsamplerate and libdecor components
+- Remove unused tslib build requirement
+
+- Update to release 2.26.1
+  * Improved audio resampling quality
+  * Fixed crash if SDL_GetPointDisplayIndex() or
+    SDL_GetRectDisplayIndex() are called before SDL_VideoInit()
+
+- Update to release 2.26
+  * Added SDL_GetWindowSizeInPixels() to get the window size in
+    pixels, which may differ from the window coordinate size for
+    windows with high-DPI support.
+  * Added simulated vsync synchronization for the software
+    renderer.
+  * Added the mouse position to SDL_MouseWheelEvent.
+  * Added SDL_ResetHints() to reset all hints to their default
+    values.
+  * Added SDL_GetJoystickGUIDInfo() to get device information
+    encoded in a joystick GUID.
+  * Added XBOX Hints.
+  * Added support for PS3 and Wii controllers to the HIDAPI
+    driver (not enabled by default).
+  * Added access to the individual left and right gyro sensors of
+    the combined Joy-Cons controller.
+  * Added a microsecond timestamp to SDL_SensorEvent and
+    SDL_ControllerSensorEvent, when the hardware provides that
+    information.
+- Delete sdl2-khronos.patch (merged)
+- Drop CVE-2022-4743.patch.
+
+- Update to release 2.24.2
+  * Fixed crash in Wayland_HasScreenKeyboardSupport()
+
+- Drop unused buildrequires on nasm
+
+- Update to release 2.24.1
+  * Fixed shader compilation issues using the OpenGL ES2 renderer
+
+- Update to release 2.24.0
+  * Added a number of function relating to input devices such as
+    keyboard and joystick.
+  * Added support for the NVIDIA Shield Controller to the HIDAPI
+    driver, supporting rumble and battery status
+  * Added support for opening audio devices with 3 or 5 channels
+    (2.1, 4.1). All channel counts from Mono to 7.1 are now
+    supported.
+- Drop baselibs.conf (no SDL2_ttf-dependent Tumbleweed packages
+  themselves have baselibs).
+- Drop fix-xi2-crash.patch (merged)
+- Rename devel package to just %name-devel, which is what most
+  our packages do.
+
+- Add fix-xi2-crash.patch
+
+- Restore sdl2-symvers.patch to full symbol list to facilitate
+  application installation with Leap 15.x's SDL2.
+
+- Update to release 2.0.22
+  * Added SDL_RenderGetWindow() to get the window associated with a renderer
+  * Added floating point rectangle functions: SDL_PointInFRect(),
+    SDL_FRectEmpty(), SDL_FRectEquals(), SDL_FRectEqualsEpsilon(),
+    SDL_HasIntersectionF(), SDL_IntersectFRect(), SDL_UnionFRect(),
+    SDL_EncloseFPoints(), SDL_IntersectFRectAndLine().
+  * Added SDL_IsTextInputShown() which returns whether the IME
+    window is currently shown.
+  * Added SDL_ClearComposition() to dismiss the composition
+    window without disabling IME input.
+  * Added SDL_TEXTEDITING_EXT event for handling long composition
+    text, and a hint SDL_HINT_IME_SUPPORT_EXTENDED_TEXT to enable
+    it.
+  * Added the hint SDL_HINT_MOUSE_RELATIVE_MODE_CENTER to control
+    whether the mouse should be constrained to the whole window
+    or the center of the window when relative mode is enabled.
+  * The mouse is now automatically captured when mouse buttons
+    are pressed, and the hint SDL_HINT_MOUSE_AUTO_CAPTURE allows
+    you to control this behavior.
+  * Added the hint SDL_HINT_VIDEO_FOREIGN_WINDOW_OPENGL to let
+    SDL know that a foreign window will be used with OpenGL.
+  * Added the hint SDL_HINT_VIDEO_FOREIGN_WINDOW_VULKAN to let
+    SDL know that a foreign window will be used with Vulkan.
+  * Added the hint SDL_HINT_QUIT_ON_LAST_WINDOW_CLOSE to specify
+    whether an SDL_QUIT event will be delivered when the last
+    application window is closed.
+  * Added the hint SDL_HINT_JOYSTICK_ROG_CHAKRAM to control
+    whether ROG Chakram mice show up as joysticks.
+  * Added the hint SDL_HINT_X11_WINDOW_TYPE to specify the
+    _NET_WM_WINDOW_TYPE of SDL windows.
+  * Added the hint SDL_HINT_VIDEO_WAYLAND_PREFER_LIBDECOR to
+    allow using libdecor with compositors that support
+    xdg-decoration.
+
+- Drop 0001-Fix-build-against-wayland-1.20.patch
+  Fixed upstream: https://github.com/libsdl-org/SDL/pull/5092
+
+- Update to release 2.0.20
+  * SDL_RenderGeometryRaw() takes a pointer to SDL_Color, not
+    int. You can cast color data in SDL_PIXELFORMAT_RGBA32 format
+    (SDL_PIXELFORMAT_ABGR8888 on little endian systems) for this
+    parameter.
+  * Improved accuracy of horizontal and vertical line drawing
+    when using OpenGL or OpenGLES.
+  * Added the hint SDL_HINT_RENDER_LINE_METHOD to control the
+    method of line drawing used, to select speed, correctness,
+    and compatibility.
+
+- Add 0001-Fix-build-against-wayland-1.20.patch
+
+- Update to release 2.0.18
+  * Added SDL_RenderGeometry() and SDL_RenderGeometryRaw() to
+    allow rendering of arbitrary shapes using the SDL 2D render
+    API.
+  * Added SDL_SetTextureUserData() and SDL_GetTextureUserData()
+    to associate application data with an SDL texture.
+  * Added SDL_RenderWindowToLogical() and
+    SDL_RenderLogicalToWindow() to convert between window
+    coordinates and logical render coordinates.
+  * Added SDL_RenderSetVSync() to change whether a renderer
+    present is synchronized with vblank at runtime.
+  * Added SDL_PremultiplyAlpha() to premultiply alpha on a block
+    of SDL_PIXELFORMAT_ARGB8888 pixels.
+  * Added a window event SDL_WINDOWEVENT_DISPLAY_CHANGED which is
+    sent when a window changes what display it is centered on.
+  * Added SDL_GetWindowICCProfile() to query a window's ICC
+    profile, and a window event SDL_WINDOWEVENT_ICCPROF_CHANGED
+    that is sent when it changes.
+  * Added the hint SDL_HINT_VIDEO_EGL_ALLOW_TRANSPARENCY to allow
+    EGL windows to be transparent instead of opaque.
+  * Added SDL_SetWindowMouseRect() and SDL_GetWindowMouseRect()
+    to confine the mouse cursor to an area of a window.
+  * You can now read precise mouse wheel motion using 'preciseX'
+    and 'preciseY' event fields.
+  * Added SDL_GameControllerHasRumble() and
+    SDL_GameControllerHasRumbleTriggers() to query whether a game
+    controller supports rumble.
+  * Added SDL_JoystickHasRumble() and
+    SDL_JoystickHasRumbleTriggers() to query whether a joystick
+    supports rumble.
+  * SDL's hidapi implementation is now available as a public API
+    in SDL_hidapi.h.
+- Drop SDL2-endian.patch (inapplicable),
+  sdl2-fix-wayland-fullscreen.patch (merged),
+  audio-Support-pulse-as-an-alias-for-pulseaudio.patch (merged)
+- Drop CVE-2021-33657.patch.
+
+- Support "pulse" as an alias for pulseaudio (bsc#1191868,
+  bsc#1189778):
+  audio-Support-pulse-as-an-alias-for-pulseaudio.patch
+
+- sdl2-fix-wayland-fullscreen.patch
+  * fix wayland issue for wlroot, see https://github.com/libsdl-org/SDL/pull/4629
+
+- Update to release 2.0.16
+  * Better native Wayland support, including handling for
+    client-side decorations and other functionality in place.
+  * Support for being able to directly interface with PipeWire for
+    audio input/output, a variety of new APIs, support for the
+    Amazon Luna game controller, rumble support for more
+    controllers.
+  * NOTE: Switching away (e.g. with Alt-Tab) from fullscreen
+    windows created with the SDL_WINDOW_FULLSCREEN flag will now
+    minimize them. If your window manager is configured to now show
+    minimzed windows in either the Alt-Tab list or the task bar,
+    you will have difficulty unminimizing these windows.
+
+- update to 2.0.14:
+  * Added support for PS5 DualSense and Xbox Series X controllers to the HIDAPI controller driver
+  * Vulkan support to the KMSDRM video driver
+  * see details on https://discourse.libsdl.org/t/sdl-2-0-14-released/28470
+
+- Restore libSDL2main.a, patching it out was not easily possible.
+
+- Update to release 2.0.12
+  * Support for the Google Stadia controller and other game
+    controllers
+  * A new video driver for offscreen rendering
+  * ARM NEON optimizations
+- Drop CVE-2019-13616.patch (merged upstream)
+- Drop sdl2-surface-pitch-overflow.patch.
+
--  sdl2-khronos.patch
-  * fixes build on i586 (boo#1158176)
+- Temporarily work around -fno-common build failure [boo#1160382].
+
+- sdl2-khronos.patch
+  * fixes build on i586 (boo#1153455, boo#1158176)
+
+- Update sdl2-symvers.patch for SDL 2.0.9/2.0.10.
+
+- Drop libSDL2main.a from libSDL-2_0-devel. It is only used
+  during build.
+
+- Use FAT LTO objects in order to provide proper static library.
+
+- Update to version 2.0.10
+  * The SDL_RW* macros have been turned into functions that are
+    available only in 2.0.10 and onward
+  * Added SDL_SIMDGetAlignment(), SDL_SIMDAlloc(), and
+    SDL_SIMDFree(), to allocate memory aligned for SIMD
+    operations for the current CPU
+  * Added SDL_RenderDrawPointF(), SDL_RenderDrawPointsF(),
+    SDL_RenderDrawLineF(), SDL_RenderDrawLinesF(),
+    SDL_RenderDrawRectF(), SDL_RenderDrawRectsF(),
+    SDL_RenderFillRectF(), SDL_RenderFillRectsF(),
+    SDL_RenderCopyF(), SDL_RenderCopyExF(), to allow floating
+    point precision in the SDL rendering API.
+  * Added SDL_GetTouchDeviceType() to get the type of a touch
+    device, which can be a touch screen or a trackpad in relative
+    or absolute coordinate mode.
+  * The SDL rendering API now uses batched rendering by default,
+    for improved performance
+  * Added SDL_RenderFlush() to force batched render commands to
+    execute, if you're going to mix SDL rendering with native
+    rendering
+  * Added the hint SDL_HINT_RENDER_BATCHING to control whether
+    batching should be used for the rendering API. This defaults
+    to "1" if you don't specify what rendering driver to use when
+    creating the renderer.
+  * Added the hint SDL_HINT_EVENT_LOGGING to enable logging of
+    SDL events for debugging purposes
+  * Added the hint SDL_HINT_GAMECONTROLLERCONFIG_FILE to specify
+    a file that will be loaded at joystick initialization with
+    game controller bindings
+  * Added the hint SDL_HINT_MOUSE_TOUCH_EVENTS to control
+    whether SDL will synthesize touch events from mouse events
+  * Improved handling of malformed WAVE and BMP files, fixing
+    potential security exploits (boo#1142031 CVE-2019-13626)
+  * Removed the Mir video driver in favor of Wayland
+  * Security fixes: CVE-2019-7635 (boo#1124827), CVE-2019-7636
+    (boo#1124826), CVE-2019-7638 (boo#1124824).
+- Refreshed sdl2-symvers.patch
+- Drop CVE-2019-13626.patch, CVE-2019-7636.patch,
+  CVE-2019-7635.patch.
+
+- Update to version 2.0.9
+  * Added a new sensor API, initialized by passing
+    SDL_INIT_SENSOR to SDL_Init(), and defined in SDL_sensor.h
+  * Added an event SDL_SENSORUPDATE which is sent when a sensor
+    is updated
+  * Added SDL_GetDisplayOrientation() to return the current
+    display orientation
+  * Added an event SDL_DISPLAYEVENT which is sent when the
+    display orientation changes
+  * Added HIDAPI joystick drivers for more consistent support
+    for Xbox, PS4 and Nintendo Switch Pro controller support
+    across platforms. (Thanks to Valve for contributing the PS4
+    and Nintendo Switch Pro controller support)
+  * Added support for many other popular game controllers
+  * Added SDL_JoystickGetDevicePlayerIndex(),
+    SDL_JoystickGetPlayerIndex(), and
+    SDL_GameControllerGetPlayerIndex() to get the player index for
+    a controller. For XInput controllers this returns the XInput
+    index for the controller.
+  * Added SDL_GameControllerRumble() and SDL_JoystickRumble()
+    which allow simple rumble without using the haptics API
+  * Added SDL_GameControllerMappingForDeviceIndex() to get the
+    mapping for a controller before it's opened
+  * Added the hint SDL_HINT_MOUSE_DOUBLE_CLICK_TIME to control
+    the mouse double-click time
+  * Added the hint SDL_HINT_MOUSE_DOUBLE_CLICK_RADIUS to control
+    the mouse double-click radius, in pixels
+  * Added SDL_HasColorKey() to return whether a surface has a
+    colorkey active
+  * Added SDL_HasAVX512F() to return whether the CPU has
+    AVX-512F features
+  * Added SDL_IsTablet() to return whether the application is
+    running on a tablet
+  * Added SDL_THREAD_PRIORITY_TIME_CRITICAL for threads that
+    must run at the highest priority
+  * Added SDL_LinuxSetThreadPriority() to allow adjusting the
+    thread priority of native threads using RealtimeKit if
+    available.
+- Dropped 7babfecee045.patch (merged upstream)
+
+- Add 7babfecee045.patch, fixes launching Firewatch
+
+- SDL2-endian.patch: bring up patch from SDL1, use optimized
+  byteswap routines from the C library.
+- build with --disable-3dnow, do not pass -m3dnow to the compiler
+  modern cpus do not support this instructions at all.
+
apache2
+- Add OpenSSL 3.x support: [bsc#1217722, jsc#PED-6570]
+  * Upstream: github.com/apache/httpd/pull/258
+  * Add httpd-OpenSSL-3.patch
+
apparmor
+- Add apparmor-abstractions-openssl-allow-version-specific-en.patch to
+  allow version specific engdef & engines openssl paths (boo#1219571)
+
+- Update to AppArmor 3.1.7
+  - aa-logprof: don't skip exec events in hats
+  - fix aa-cleanprof to work with named profiles
+  - add permissions in various abstractions
+  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.7
+    for the full list of changes
+- drop upstreamed apparmor-systemd-sessions.patch
+
+- Add dovecot-unix_chkpwd.diff to allow dovecot-auth to execute
+  unix_chkpwd, and add a profile for unix_chkpwd. This is needed
+  for PAM 1.6 (boo#1219139)
+- Refresh apparmor.keyring - the key was renewed
+
+- Actually apply the previously added patch for bsc#1216878
+
+- Add apparmor-systemd-sessions.patch to allow read access to
+  /run/systemd/sessions/ (bsc#1216878)
+
apparmor:libapparmor
+- Add apparmor-abstractions-openssl-allow-version-specific-en.patch to
+  allow version specific engdef & engines openssl paths (boo#1219571)
+
+- Update to AppArmor 3.1.7
+  - aa-logprof: don't skip exec events in hats
+  - fix aa-cleanprof to work with named profiles
+  - add permissions in various abstractions
+  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.7
+    for the full list of changes
+- drop upstreamed apparmor-systemd-sessions.patch
+
+- Add dovecot-unix_chkpwd.diff to allow dovecot-auth to execute
+  unix_chkpwd, and add a profile for unix_chkpwd. This is needed
+  for PAM 1.6 (boo#1219139)
+- Refresh apparmor.keyring - the key was renewed
+
+- Actually apply the previously added patch for bsc#1216878
+
+- Add apparmor-systemd-sessions.patch to allow read access to
+  /run/systemd/sessions/ (bsc#1216878)
+
autofs
+- Removed following upstreamed patches because of upgrade:
+  * autofs-5.1.6-fix-quoted-string-length-calc-in-expand.patch
+  * 0001-use_hostname_for_mounts-shouldn-t-prevent-selection-.patch
+  * 0002-Fix-monotonic_elapsed.patch Deleted
+  * 0003-autofs-5.1.4-fix-fd-leak-in-rpc_do_create_client.patch Deleted
+  * 0004-autofs-5.1.3-add-port-parameter-to-rpc_ping.patch
+  * 0005-autofs-5.1.4-fix-incorrect-locking-in-sss-lookup.patch
+  * autofs-5.1.3-revert-fix-argc-off-by-one-in-mount_aut.patch
+  * autofs-5-1-3-check-map-instances-for-staleness-on-map-update.patch
+  * autofs-5-1-3-fix-ordering-of-seteuid-setegid-in-do_spawn.patch
+  * autofs-5-1-3-fix-possible-map-instance-memory-leak.patch
+  * autofs-5.1.3-revert-fix-argc-off-by-one-in-mount_aut.patch
+  * autofs-5.1.6-fix-quoted-string-length-calc-in-expand.patch
+- Add autofs-suse-manpage-remove-initdir.patch
+  Removes references of initdir from man pages (bsc#1207881)
+- Move dbus-1 system.d file to /usr (bsc#1203362)
+- Moved -autofs- file from user specif directory
+  /etc/NetworkManager/dispatcher.d to vendor specific directory
+  /usr/lib/NetworkManager/dispatcher.d. So, users changes can
+  still be done in /etc and will not be overwritten by an update.
+- Use OPTIONS instead of AUTOFS_OPTIONS in /etc/sysconfig/autofs
+  (bsc#1199027)
+- Add autofs-Test-TCP-request-correctly-in-nfs_get_info.patch
+  Fix bug when rpcbind not visible
+  (bsc#1195587 bsc#1195595)
+- update to 5.1.8:
+  * add xdr_exports().
+  * remove mount.x and rpcgen dependencies.
+  * dont use realloc in host exports list processing.
+  * use sprintf() when constructing hosts mapent.
+  * fix mnts_remove_amdmount() uses wrong list.
+  * Fix option for master read wait.
+  * eliminate cache_lookup_offset() usage.
+  * fix is mounted check on non existent path.
+  * simplify cache_get_parent().
+  * set offset parent in update_offset_entry().
+  * remove redundant variables from mount_autofs_offset().
+  * remove unused parameter form do_mount_autofs_offset().
+  * refactor umount_multi_triggers().
+  * eliminate clean_stale_multi_triggers().
+  * simplify mount_subtree() mount check.
+  * fix mnts_get_expire_list() expire list construction.
+  * fix inconsistent locking in umount_subtree_mounts().
+  * fix return from umount_subtree_mounts() on offset list delete.
+  * pass mapent_cache to update_offset_entry().
+  * fix inconsistent locking in parse_mount().
+  * remove unused mount offset list lock functions.
+  * eliminate count_mounts() from expire_proc_indirect().
+  * eliminate some strlen calls in offset handling.
+  * don't add offset mounts to mounted mounts table.
+  * reduce umount EBUSY check delay.
+  * cleanup cache_delete() a little.
+  * rename path to m_offset in update_offset_entry().
+  * don't pass root to do_mount_autofs_offset().
+  * rename tree implementation functions.
+  * add some multi-mount macros.
+  * remove unused functions cache_dump_multi() and cache_dump_cache().
+  * add a len field to struct autofs_point.
+  * make tree implementation data independent.
+  * add mapent tree implementation.
+  * add tree_mapent_add_node().
+  * add tree_mapent_delete_offsets().
+  * add tree_mapent_traverse_subtree().
+  * fix mount_fullpath().
+  * add tree_mapent_cleanup_offsets().
+  * add set_offset_tree_catatonic().
+  * add mount and umount offsets functions.
+  * switch to use tree implementation for offsets.
+  * remove obsolete functions.
+  * remove redundant local var from sun_mount().
+  * use mount_fullpath() in one spot in parse_mount().
+  * pass root length to mount_fullpath().
+  * remove unused function master_submount_list_empty().
+  * move amd mounts removal into lib/mounts.c.
+  * check for offset with no mount location.
+  * remove mounts_mutex.
+  * remove unused variable from get_exports().
+  * add missing free in handle_mounts().
+  * remove redundant if check.
+  * fix possible memory leak in master_parse().
+  * fix possible memory leak in mnts_add_amdmount().
+  * fix double unlock in parse_mount().
+  * add length check in umount_subtree_mounts().
+  * fix flags check in umount_multi().
+  * dont try umount after stat() ENOENT fail.
+  * remove redundant assignment in master_add_amd_mount_section_mounts().
+  * fix dead code in mnts_add_mount().
+  * fix arg not used in error print.
+  * fix missing lock release in mount_subtree().
+  * fix double free in parse_mapent().
+  * refactor lookup_prune_one_cache() a bit.
+  * cater for empty mounts list in mnts_get_expire_list().
+  * add ext_mount_hash_mutex lock helpers.
+  * fix amd section mounts map reload.
+  * fix dandling symlink creation if nis support is not available.
+  * dont use AUTOFS_DEV_IOCTL_CLOSEMOUNT.
+  * fix lookup_prune_one_cache() refactoring change.
+  * fix amd hosts mount expire.
+  * fix offset entries order.
+  * use mapent tree root for tree_mapent_add_node().
+  * eliminate redundant cache lookup in tree_mapent_add_node().
+  * fix hosts map offset order.
+  * fix direct mount deadlock.
+  * add missing description of null map option.
+  * fix nonstrict offset mount fail handling.
+  * fix concat_options() error handling.
+  * eliminate some more alloca usage.
+  * use default stack size for threads.
+  * fix use of possibly NULL var in lookup_program.c:match_key().
+  * fix incorrect print format specifiers in get_pkt().
+  * add mapent path length check in handle_packet_expire_direct().
+  * add copy length check in umount_autofs_indirect().
+  * add some buffer length checks to master map parser.
+  * add buffer length check to rmdir_path().
+  * eliminate buffer usage from handle_mounts_cleanup().
+  * add buffer length checks to autofs mount_mount().
+  * make NFS version check flags consistent.
+  * refactor get_nfs_info().
+- drop autofs-5.1.7-Fix-option-for-master_read_wait.patch,
+  autofs-5.1.7-use-default-stack-size-for-threads.patch: upstream
+-  autofs-5.1.7-use-default-stack-size-for-threads.patch: Use default
+  stack size for threads (bsc#1189199)
+- Upgrade to 5.1.7
+  - make bind mounts propagation slave by default.
+  - update ldap READMEs and schema definitions.
+  - fix program map multi-mount lookup after mount fail.
+  - fix browse dir not re-created on symlink expire.
+  - fix a regression with map instance lookup.
+  - correct fsf address.
+  - samples: fix Makefile targets' directory dependencies
+  - remove intr hosts map mount option.
+  - fix trailing dollar sun entry expansion.
+  - initialize struct addrinfo for getaddrinfo() calls.
+  - fix quoted string length calc in expandsunent().
+  - fix autofs mount options construction.
+  - mount_nfs.c fix local rdma share not mounting.
+  - configure.in: Remove unneeded second call to PKG_PROG_PKG_CONFIG.
+  - configure.in: Do not append parentheses to PKG_PROG_PKG_CONFIG.
+  - Use PKG_CHECK_MODULES to detect the libxml2 library.
+  - fix ldap sasl reconnect problem.
+  - samples/ldap.schema fix.
+  - fix configure force shutdown check.
+  - fix crash in sun_mount().
+  - fix lookup_nss_read_master() nsswicth check return.
+  - fix typo in open_sss_lib().
+  - fix sss_master_map_wait timing.
+  - add sss ECONREFUSED return handling.
+  - use mapname in sss context for setautomntent().
+  - add support for new sss autofs proto version call.
+  - fix retries check in setautomntent_wait().
+  - refactor sss setautomntent().
+  - improve sss setautomntent() error handling.
+  - refactor sss getautomntent().
+  - improve sss getautomntent() error handling.
+  - sss introduce calculate_retry_count() function.
+  - move readall into struct master.
+  - sss introduce a flag to indicate map being read.
+  - update sss timeout documentation.
+  - refactor sss getautomntbyname().
+  - improve sss getautomntbyname() error handling.
+  - use a valid timeout in lookup_prune_one_cache().
+  - dont prune offset map entries.
+  - simplify sss source stale check.
+  - include linux/nfs.h directly in rpc_subs.h.
+  - fix typo in daemon/automount.c.
+  - fix direct mount unlink_mount_tree() path.
+  - fix unlink mounts umount order.
+  - fix incorrect logical compare in unlink_mount_tree().
+  - use bit flag for force unlink mounts.
+  - improve force unlink option description.
+  - remove command fifo on autofs mount fail.
+  - add force unlink mounts and exit option.
+  - cleanup stale logpri fifo pipes on unlink and exit.
+  - fix incorrect systemctl command syntax in autofs(8).
+  - update list.h.
+  - add hashtable implementation.
+  - change mountpoint to mp in struct ext_mount.
+  - make external mounts independent of amd_entry.
+  - make external mounts use simpler hashtable.
+  - add a hash index to mnt_list.
+  - use mnt_list for submounts.
+  - use mnt_list for amdmounts.
+  - make umount_autofs() static.
+  - remove force parameter from umount_all().
+  - fix remount expire.
+  - fix stale offset directories disable mount.
+  - use struct mnt_list to track mounted mounts.
+  - use struct mnt_list mounted list for expire.
+  - remove unused function tree_get_mnt_list().
+  - only add expre alarm for active mounts.
+  - move submount check into conditional_alarm_add().
+  - move lib/master.c to daemon/master.c.
+  - use master_list_empty() for list empty check.
+  - add helper to construct mount point path.
+  - check defaults_read_config() return.
+  - move AUTOFS_LIB to end of build rule lines.
+  - make autofs.a a shared library.
+  - make lookup_file.c nss map read status return handling consistent.
+  - fix empty mounts list return from unlink_mount_tree().
+- Refreshed autofs-5.1.1-dbus-udisks-monitor.patch
+- Replaced automount-fix-master-wait.patch with upstream patch
+  autofs-5.1.7-Fix-option-for-master_read_wait.patch
+- automount-fix-master-wait.patch: Fix options string for master wait
+  (bsc#1178006)
+- autofs-nsswitch-usr-etc.patch: Use /usr/etc/nsswitch.conf if
+  /etc/nsswitch.con is unavailable (bsc#1175238)
+- Upgrade to 5.1.6
+  - support strictexpire mount option.
+  - fix hesiod string check in master_parse().
+  - add NULL check for get_addr_string() return.
+  - use malloc(3) in spawn.c.
+  - add mount_verbose configuration option.
+  - optionally log mount requestor process info.
+  - log mount call arguments if mount_verbose is set.
+  - Fix NFS mount from IPv6 addresses.
+  - make expire remaining log level debug.
+  - allow period following macro in selector value.
+  - fix macro expansion in selector values.
+  - fix typing errors.
+  - Explain /etc/auto.master.d usage.
+  - plus map includes are only allowed in file sources.
+  - Update README.
+  - fix additional typing errors.
+  - update autofs(8) offset map entry update description.
+  - increase group buffer size geometrically.
+  - also use strictexpire for offsets.
+  - remove unused function has_fstab_option().
+  - remove unused function reverse_mnt_list().
+  - remove a couple of old debug messages.
+  - fix amd entry memory leak.
+  - fix unlink_mount_tree() not umounting mounts.
+  - use ignore option for offset mounts as well.
+  - add config option for "ignore" mount option
+  - use bit flags for autofs mount types in mnt_list.
+  - use mp instead of path in mnt_list entries.
+  - always use PROC_MOUNTS to make mount lists.
+  - add glibc getmntent_r().
+  - use local getmntent_r in table_is_mounted().
+  - refactor unlink_active_mounts() in direct.c.
+  - don't use tree_is_mounted() for mounted checks.
+  - use single unlink_umount_tree() for both direct and indirect mounts.
+  - move unlink_mount_tree() to lib/mounts.c.
+  - use local_getmntent_r() for unlink_mount_tree().
+  - use local getmntent_r() in get_mnt_list().
+  - use local getmntent_r() in tree_make_mnt_list().
+  - fix missing initialization of autofs_point flags.
+- NetworkManager-autofs: reload rather than restart autofs.service
+  * If complex network setups are being brought up, autofs.service
+    may be restarted too quickly, causing systemd to consider the
+    service failed. "reload" avoids that, and works just fine.
+- Fix autofs restart when Networkmanager connection is brought up
+  * NetworkManager-autofs: /bin/systemctl has been removed in
+    systemd-244
+- BuildRequire pkgconfig(libsystemd) instead of systemd-devel:
+  allow OBS to shortcut by using systemd-devel-mini.
+- Remove legacy LSB-init script code, we don't have that anymore.
+- Drop pre-12.2 parts from build recipe
+- Switch %systemd_requires to %systemd_ordering, since %service_*
+  can deal with its absence.
+- Upgrade to 5.1.5
+  - fix flag file permission.
+  - fix directory create permission.
+  - fix use after free in do_master_list_reset().
+  - fix deadlock in dumpmaps.
+  - dont use array for path when not necessary.
+  - fix prefix option handling in expand_entry().
+  - fix sublink option not set from defaults.
+  - fix error return in do_nfs_mount().
+  - add error handling for ext_mount_add().
+  - account for recent libnsl changes.
+  - use_hostname_for_mounts shouldn't prevent selection among replicas.
+  - fix monotonic_elapsed.
+  - Makefiles.rules: remove 'samples' from SUBDIRS.
+  - dont allow trailing slash in master map mount points.
+  - fix libresolv configure check.
+  - add fedfs-getsrvinfo.c.
+  - add mount.fedfs.c.
+  - add fedfs-map-nfs4.c.
+  - add conditional inclusion of fedfs binaries.
+  - add an example fedfs master map entry to the installed master map.
+  - improve hostname lookup error logging.
+  - fix rpm spec install premissions on auto.net and auto.smb.
+  - tiny patch for autofs typo and possible bug.
+  - add units After line to include statd service.
+  - use systemd sd_notify() at startup.
+  - fix NFS version mask usage.
+  - fix fd leak in rpc_do_create_client().
+  - add-man page note about extra slashes in paths.
+  - change expire type naming to better reflect usage.
+  - use defines for expire type.
+  - enable SIGUSR2 handling in rpm spec file.
+  - fix age setting at startup.
+  - fix update_negative_cache() map source usage.
+  - fix program usage message.
+  - mark removed cache entry negative.
+  - set bind mount as propagation slave.
+  - add master map pseudo options for mount propagation.
+  - fix use after free in parse_ldap_config().
+  - fix incorrect locking in sss lookup.
+  - fix amd parser opts option handling.
+  - fix possible NULL pointer dereference in get_defaults_entry().
+  - better handle hesiod support not built in.
+  - fix indent in automount(8) man page.
+  - remove autofs4 module load code.
+  - add NULL check in prepare_attempt_prefix().
+  - update build info with systemd.
+  - use flags for startup boolean options.
+  - move close stdio descriptors to become_daemon().
+  - add systemd service command line option.
+  - refactor negative map entry check.
+  - remove unused function dump_master().
+  - remove unused function dump_state_queue().
+  - remove couple of undeeded requires.
+  - Removed patches:
+  * autofs-5-1-3-fix-ordering-of-seteuid-setegid-in-do_spawn.patch
+  * autofs-5-1-3-fix-possible-map-instance-memory-leak.patch
+  * autofs-5-1-3-check-map-instances-for-staleness-on-map-update.patch
+  * 0001-use_hostname_for_mounts-shouldn-t-prevent-selection-.patch
+  * 0002-Fix-monotonic_elapsed.patch
+  * 0003-autofs-5.1.4-fix-fd-leak-in-rpc_do_create_client.patch
+  - Updated spec file to use native autofs service files
+
autoyast2
+- jsc#PED-6407
+  - enabled lvm_vg_reuse to be used in general/storage/proposal
+    section
+- 4.6.6
+
+- Install standard SLES when the AY XML profile selects SLE_HPC,
+  it has been dropped in SP6 (jsc#PED-7841)
+- 4.6.5
+
bind
+- Update to new Major Version 9.18.24.
+  This has many enhancements, bug fixes and changes.
+  Breaking Changes:
+  * Some options have been removed and some have been deprecated
+    and will be removed in the future.
+    For a complete list, see:
+    https://kb.isc.org/docs/changes-to-be-aware-of-when-moving-from-bind-916-to-918
+  Major Changes:
+  * Support for securing DNS traffic using Transport Layer Security
+    (TLS). TLS is used by both DNS-over-TLS (DoT) and
+    DNS-over-HTTPS (DoH).
+  * Support for zone transfers over TLS (XFR-over-TLS, XoT) for
+    both incoming and outgoing zone transfers.
+  * The dig tool is now able to send DoT queries (+tls option).
+  * Support for OpenSSL 3.0 APIs was added.
+  * dnssec-checkds, dnssec-coverage, dnssec-keymgr, which have been
+    removed in favor of the dnssec-policy feature
+  * python3-bind is deprecated and the subpackage has been removed
+  * A number of utilities have been moved from /usr/sbin to
+    /usr/bin:
+    named-checkconf named-checkzone named-compilezone
+    dnssec-dsfromkey dnssec-importkey dnssec-keyfromlabel
+    dnssec-keygen dnssec-revoke dnssec-settime dnssec-signzone
+    dnssec-verify dnssec-cds named-journalprint nsec3hash
+  * The lib directory was renamed from 'named' to 'bind'
+  For a complete list of changes, see:
+  * Bind Release Notes
+    https://bind9.readthedocs.io/en/v9.18.24/notes.html
+  * The CHANGES file in the source RPM
+  Security Fixes:
+  * Validating DNS messages containing a lot of DNSSEC signatures
+    could cause excessive CPU load, leading to a denial-of-service
+    condition. This has been fixed. (CVE-2023-50387)
+    [bsc#1219823]
+  * Preparing an NSEC3 closest encloser proof could cause excessive
+    CPU load, leading to a denial-of-service condition. This has
+    been fixed. (CVE-2023-50868)
+    [bsc#1219826]
+  * Parsing DNS messages with many different names could cause
+    excessive CPU load. This has been fixed. (CVE-2023-4408)
+    [bsc#1219851]
+  * Specific queries could cause named to crash with an assertion
+    failure when nxdomain-redirect was enabled. This has been
+    fixed. (CVE-2023-5517)
+    [bsc#1219852]
+  * A bad interaction between DNS64 and serve-stale could cause
+    named to crash with an assertion failure, when both of these
+    features were enabled. This has been fixed. (CVE-2023-5679)
+    [bsc#1219853]
+  * Query patterns that continuously triggered cache database
+    maintenance could cause an excessive amount of memory to be
+    allocated, exceeding max-cache-size and potentially leading to
+    all available memory on the host running named being exhausted.
+    This has been fixed. (CVE-2023-6516)
+    [bsc#1219854]
+  Packaging notes:
+  * libnghttps2 added as BuildRequires for tls support
+  * named-bootconf.diff patch is obsolete and has been removed
+  [jsc#PED-7932]
+- Update KillMode to 'control-group' in named.service to handle
+  forked processes better.
+  [bsc#1215755]
+
cpupower
-- Add turbostat support for MeteorLake platforms (jsc#PED-4325)
-  A tools-power-turbostat-Add-support-for-MeteorLake-platforms.patch
+- Fix library file version: libcpupower.so.0.0.1 -> libcpupower.so.1.0.1
+  (bsc#1217044)
+  A cpupower_fix_library_so_name.patch
-- Add Emerald Ridge Intel CPU model support:
-  * jsc#PED-4393
-    intel-speed-select tool support for EMR
-  A tools-power-turbostat-Introduce-support-for-EMR.patch
-  A add_emerald_ridge_intel_family.patch
-  * jsc#PED-4395
-    Add EMR CPU support to turbostat
-  A tools-power-x86-intel-speed-select-Add-Emerald-Rapid-quirk.patch
-
-- Update to latest intel-speed-select package version from 1.10 to 1.13
-  (jsc#PED-2137):
-    1.13:
-  * Fix build failure when using gcc options -Wl,--as-needed
-  * Fix warning for perf_cap.cpu may be uninitialized
-  * Fix off by one check for MAX_DIE_PER_PACKAGE
-  * Fix issue with use of get_physical_die_id instead of
-    get_physical_die_id
-  * Warn if turbo is disabled and SST turbo-freq feature is requested
-    1.12:
-  * Allows out of band SST support, where some remote agent
-    changes SST profiles via some Board Management Controller.
-  * HFI support to process config level changes in oob mode
-    1.11:
-  * Update max performance when BIOS disabled turbo
-
-- Update to latest turbostat version 2022.07.28
-  jsc#PED-1028
-  Includes:
-  Add ADL-N platform to Turbostat
-  jsc#PED-1027
-  Add RPL-P platform to Turbostat
-  jsc#PED-1029
-  Add RPL-S platform to Turbostat
-  jsc#PED-1026
-- Explicitly add patch to support Raptorlake-S
-  jsc#PED-2066
-  A tools-power-turbostat-add-support-for-RPL-S.diff
+- Rename libcpupower0 to libcpupower1 following changes in SONAME.
+- Use ldconfig_scriptlets macro for post(un) handling.
+
+- Add wildcard for powercap.h since powercap patches have reached mainline
+- Build bash-completion noarch
+
+- clean up sources: drop rapl_monitor.patch and
+  cpupower_rapl.patch.
+
+- Move bash-completion to subpackage so it isn't installed when
+  not needed
+
+- Remove powercap capabilities to patch againt latest kernel sources
+  - > still keep the patches, will be removed after trying to get this
+    mainline
+- Add netlink (libnl-devel) requires
+
+- add rebuild subpackage to trigger rebuild on kernel updates
+
+- Change to building the package from kernel-source based on
+  how the perf package works
+- Removed patches:
+  * turbostat_makefile_fix_asm_header.patch
+  * remove_bits_h.patch
+  * x86_perf_makefile_fix_asm_header.patch
+- Remove all tarballs and git script
+- Use %lang_package
+- Correct ix86 to %ix86
dav1d
+- Add dav1d-CVE-2023-32570.patch: fix possible crash when decoding
+  a frame (bsc#1211262 CVE-2023-32570).
+
+- Drop _lto_cflags define, current version supports lto build.
+- Drop unneeded rpm BuildRequires.
+- Add pkgconfig(libxxhash) BuildRequires and stop passing
+  xhash_muxer=disabled to meson, build hash_muxer support.
+- Add check section and meson_test macro, run tests during build.
+
+- Update to version 1.0.0
+  * Automatic thread management.
+  * Add support for AVX-512 acceleration.
+  * x86 code speedup (from SSE2 to AVX2).
+  * New grain API to ease acceleration on the GPU.
+  * New API call to get information of which frame failed to
+    decode, in error cases.
+  * Numerous small bug fixes.
+- Bump soversion to 6
+
dbus-1-glib
+- Try to guard against incomplete update stacks (boo#1202241):
+  + Add split-provides to libdbus-1-glib and bash-completion
+    sub-package.
+  + Add explicit conflict to bash-completion subpackage against
+    dbus-1-glib < 0.112 (when the package split happened)
+  + Ensure dbus-1-glib-tool gets the correct library version
+    installed.
+
+- Add relevant dbus-1-glib-<targettype> provides/obsoletes also in
+  baselibs.conf (boo#1193502).
+
+- Add signature and keyring as sources, verify tarball with gpg.
+
+- Update to version 0.112:
+  + Dependencies:
+  - dbus 1.8 was already required, but is more strongly required
+    now: the workarounds that were used to run continuous
+    integration with dbus 1.6 on Ubuntu 14.04 'trusty' have been
+    removed. (Note that dbus 1.8 has already reached end-of-life
+    for security support, and newer dbus stable branches are
+    strongly recommended.)
+  - pkg-config 0.28 is required when building from git.
+  + Enhancements:
+  - Rewrite CONTRIBUTING.md document, based on Wayland's
+    equivalent.
+  - A generated ChangeLog file, which made up a significant
+    proportion of the size of source tarball releases, is no
+    longer included.
+  - Improve man page.
+  - Add test coverage for fdo#80557
+  - Use more modern GLib assertions in unit tests.
+  - Improve continuous integration to be run by GitLab in
+    addition to Travis-CI.
+  - Add clearer license information using
+    SPDX-License-Identifier.
+  + Fixes:
+  - Allow glib-genmarshal to be overridden with
+    `./configure GLIB_GENMARSHAL=/path/to/glib-genmarshal`, for
+    cross-compilation.
+  - Avoid a double-free in dbus-binding-tool for certain inputs,
+    possibly involving nested introspection data structures.
+  - Report a better error for excessive recursion depth or
+    unsupported data types.
+  - Map the 15 most-recently-added DBusGError members to their
+    corresponding D-Bus error names.
+  - Mark all documented symbols as deprecated.
+  - Fix unit test failures during distcheck by enabling
+    assertions.
+  - Fix a core dump during installed-tests by not attempting to
+    close a shared DBusConnection.
+- Package COPYING as license, CONTRIBUTING.md and NEWS as docs.
+- Add explicit pkgconfig BuildRequires.
+- Replace dbus-1-devel and glib2-devel with pkgconfig variants that
+  configure checks for: pkgconfig(dbus-1), pkgconfig(glib-2.0),
+  pkgconfig(gobject-2.0) and pkgconfig(gio-2.0) BuildRequires.
+- Drop hard Requires and BuildRequires that are not needed as they
+  are added automatically.
+- Split out bash-completion sub-package.
+- Split out shared library into own sub-package, and Require it
+  from the devel package, and add to the baselibs.conf. Following
+  the SLPP standard. Add Provides and Obsoletes for the no longer
+  existing main package.
+- Use ldconfig_scriptlets for post(un) handling.
+- Add soname define, ease future updates.
+
+- Update to version 0.110:
+  Dependencies:
+  + GLib 2.40 is required
+  Enhancements:
+  + The GLib main-loop glue, "dbus-gmain", is now available as a separate
+    subproject (the dbus-gmain branch in dbus-glib's git repository) for
+    embedding in larger projects like dbus-glib and dbus-python via the
+    `git subtree` or `git submodule` commands. This removes dbus-python's
+    dependency on the rest of dbus-glib.
+  Fixes:
+  + autogen.sh can now detect gtk-doc >= 1.26.
+  + More files have per-file copyright information.
+- Run spec-cleaner
+
-- Update to version 0.100.2:
-  + Respin tarball.
-
-- Update to version 0.100.1:
-  + dbus-gproxy: Verify sender of NameOwnerChanged signals to be
-    o.f.DBus (CVE-2013-0292, bnc#804392).
-  + Some cleanups.
-  + Other bugs fixed: fdo#23633, fdo#40711, fdo#55729, fdo#55730.
-
-- Update to version 0.100:
-  + Enhancements:
-  - Support building on Android with androgenizer
-    (fdo#42532)
-  - Respect NOCONFIGURE=1 in autogen.sh
-  + Fixes:
-  - Fix several GVariant reference leaks in
-    dbus_g_value_parse_variant (fdo#41125)
-  - Don't crash if an error code is out of range for its domain
-    or has a negative code (fdo#40151)
-  - Fix compilation with -Werror=format-security
-  - Don't crash if dbus_g_proxy_new_for_peer() is used to talk to
-    the dbus-daemon (fdo#41126)
-
-- Further dependency changes: Let dbus-1-glib-devel require
-  dbus-1-devel (implicitly pulls dbus-1).
-
-- Fix and loosen dependency towards dbus-1. Reported by Andreas
-  Jaeger <aj@suse.de>.
-
-- license update: AFL-2.1 or GPL-2.0+
-  License is a dual license choice of either Academic Free License 2.1 or
-  GNU GPL 2+. This is the SPDX format for that license
-
-- Update to version 0.98:
-  + Fix the documentation, a lot. We have nearly 100% coverage now.
-    (fdo#37793)
-  + In specialized collection iterators, check that the type is
-    correct; g_critical and return harmlessly, rather than
-    crashing, if not
-  + If library users register specialized GTypes, warn if their
-    vtables have missing callbacks which would cause accessors to
-    crash
-  + Fix production of documentation out-of-tree with newer gtk-doc
-  + Simplify invoke_object_method() and OOM handling in
-    dbus-gobject (fdo#35767)
-- Changes from version 0.96:
-  + Fix a regression in marshalling GObject instances as object
-    paths, which broke NetworkManager (fdo#37852, deb#628890)
-  + Fix crashes when sending a message when disconnected from D-Bus
-    but still working through our backlog of incoming messages,
-    similar to fdo#12675 (fdo#38406)
-  + Cope more gracefully, with a critical warning instead of a
-    memory leak, if programmer error causes G_VALUE_COLLECT to fail
-    (fdo#38406, nokia#86280, nokia#180486)
-  + Avoid an assertion failure when unregistering a proxy if
-    GetNameOwner failed (fdo#38408, nokia#116862)
-  + Don't report various programmer errors as "out of memory";
-    raise suitable critical warnings instead, and don't leak memory
-    (fdo#35767, fdo#35766)
-  + If a remote process sends a wrong method call on the Properties
-    interface, send back an error reply, instead of warning on
-    stderr and not replying (fdo#35766)
-  + Show a warning if dbus_g_method_return fails to marshal
-    something (fdo#29884, nokia#180486)
-  + Remove remnants of i18n (fdo#36428)
-  + Remove dead code (nokia#180486)
-- Drop dbus-1-glib-fix-marshalling-regression.patch: fixed
-  upstream.
-
-- cross-build fix: use host's dbus-binding-tool
-
-- Remove redundant tags/sections from specfile
-  (cf. packaging guidelines)
-- Add dbus-1-glib-devel to baselibs
-
-- Add dbus-1-glib-fix-marshalling-regression.patch: this fixes a
-  regression causing issues in NetworkManager; taken from git.
-
-- Update to version 0.94:
-  + Check validity of more arguments, don't report "out of memory"
-    or "should not have been reached" if an invalid string or
-    boolean is given, and abandon broken containers more gracefully
-    (fdo#30171)
-  + Allow underscores in error names (fdo#30274)
-  + If an object is on more than one connection, emit signals on
-    all of them; if it's unregistered, only unregister it from the
-    requested connection (fdo#32087)
-  + Fix ability to switch a DBusConnection from one GMainContext to
-    another (fdo#35115)
-  + Forbid a ReturnVal annotation after the first OUT <arg>, which
-    had never worked correctly anyway (fdo#35952)
-  + Remove false claim that we use Introspect() at runtime, and
-    document more error cases (fdo#36216)
-  + Remove unused support for translated messages (fdo#36428)
-  + Don't corrupt internal data if a GObject is registered twice on
-    the same (connection, path) tuple, and fix out-of-bounds
-    reading (fdo#36793)
-  + Fix multiple signal emissions if an object is removed from all
-    of its locations then re-exported, and a memory leak if an
-    exported object is disposed (fdo#36811)
-  + Log the error message if object registration fails (fdo#37795)
-  + Several small fixes.
-  + Remove Doxygen support (as gtk-doc is used) (fdo#10890)
-  + Build fixes.
-  + Bugs fixed: fdo#22667, fdo#22854, fdo#23616, fdo#26952,
-    fdo#27193, fdo#27598, fdo#29884, fdo#32351, fdo#33145,
-    fdo#33646, fdo#34282, fdo#37060, fdo#37062, fdo#37789,
-    fdo#37790, fdo#37812.
-
-- Update to version 0.92:
-  + Require glib 2.26: this dependency bump was missed in 0.90.
-
-- Update to version 0.90:
-  + Add DBusGObjectPath, DBusGSignature typedefs
-  + Give specialized GArrays iteration/appending support
-  + fdo#30428: add dbus_g_value_parse_g_variant
-  + Fix switching a connection's GMainContext
-  + Various small fixes
-
-- Update to version 0.88:
-  + Allow duplicate object path registrations for different
-    connections
-  + Don't use the identifier "interface" in public headers
-  + Don't pass malformed error interface to dbus (rh#581794)
-  + Fix a crash in dbus_pending_call_cancel() (fdo#14579)
-  + Fix lookup of regular properties when shadow properties are
-    used
-  + fdo#28715: Add dbus_g_value_build_g_variant()
-  + Support DBUS_TYPE_G_SIGNATURE
-  + Respect property access flags for writing, allow disabling for
-    reads
-  + Documentation improvements
-  + Build fixes, especially for windows
-- Drop bug-628607-access-flags-CVE-2010-1172.diff: fixed upstream.
-
-- honor access properties from xml file (CVE-2010-1172, bnc#628607)
-
-- use %_smp_mflags
-
-- Update to version 0.86:
-  + core: allow duplicate property names on GInterfaces
-  + core: performance optimization for object info lookup
-  + Fix hyphenated error codes correctly
-  + Free errors returned by method implementations
-  + Trivial compiler warning fixes
-  + Use AM_SILENT_RULES if available
-  + Turn the gtk-doc documentation into buildable shape
-
-- Update to version 0.84:
-  + Support duplicate object registrations
-  + Only re-set registration list if it's non-empty
-  + Copy object registration list when unregistering.
-  + fdo#19623 - Add dbus_g_bus_get_private
-  + fdo#25119 - Don't leak DBusGMethodInvocation for no-reply calls
-  + Import dbus-bus-introspect.xml upstream
-  + dbus-gvalue: set an error when demarshal_basic doesn't
-    recognize type
-  + Man page fixes.
-
-- add baselibs.conf as a source
-- package documentation as noarch
-
-- Update to version 0.82:
-  + Fix format-security warning
-  + Use -fno-strict-aliasing by default
-  + fdo#14183 - Listen to NameOwnerChanged using arg0 matching
-  + Use g_strdup instead of strdup in dbus_g_method_get_sender
-  + fdo#13908: make dbus_g_type_specialized_init() safe for library
-    users to call
-  + fdo#16776: teach dbus_g_method_return_error about DBUS_GERROR
-  + fdo#20884: dbus_g_proxy_manager_replace_name_owner: don't leave
-    freed memory in the hash table if the name was the owner's
-    first
-  + dbus_g_type_specialized_init: make some effort at being
-    thread-safe
-  + add --with-dbus-binding-tool configure option to use an
-    external dbus-binding-tool
-  + fdo#5688: don't assert when exported object is destroyed
-  * after* D-Bus connection closes
-  + fdo#21219: implement unregistration of objects
-  + dbus-gobject: save the ObjectRegistration on each object, not
-    just the path
-  + fdo#20879 - Use --skip-source argument for glib-genmarshal
-  + fdo#19927 - Use const for GError * param we're not modifying
-  + fdo#13908: silently initialize specialized types whenever
-    required
-  + fdo#21362 - Remove use of deprecated symbols
-  + fdo#21753 - Correctly initialize GValues in dbus-binding-tool
-    generated code
-  + fdo#22244 - Only include <glib.h>, not individual headers
-  + fdo#20343 - Add a man page for dbus-binding-tool
-  + fdo#18294 - Be defensive about a possibly NULL property string
-  + Various build fixes.
-- Remove AutoReqProv: it's default now.
-- Remove -fno-strict-aliasing from our custom CFLAGS since it's by
-  default now.
-- Drop dbus-1-glib-selinux.patch: unneeded now.
-- Drop marshall-skip-source.patch: fixed upstream.
-- Use libexecdir whenever possible.
-- Remove Requires from doc package since it's purely html files.
-
-- Do not add source file name as comment for glib-genmarshall Aufruf.
-  This creates otherwise files with temporary filenames that make
-  comparison of builds impossible (marshall-skip-source.patch)
-
distribution-logos-openSUSE
+- switch to a service using zstd
+
+- list the source url
+
+- Update Leap 15.6 branding poo#131666
+
enchant-1
+- Use %autosetup instead of %setup/%patch.
+
+- Drop baselibs.conf: there is no known consumer of the -32bit
+  package.
+
-- Added url as source.
-  Please see http://en.opensuse.org/SourceUrls
-
-- Spec-cleanup using format_spec_file service.
-
fontconfig
+- Run autoreconf for Leap 15.x to fix build breakage
+
+- update to 2.14.2:
+  * Adjust indentation between programlisting in fontconfig-user.sgml
+  * Add some missing constant names for weight
+  * Report more detailed logs instead of assertion
+  * Fix a typo in description for HAVE_STDATOMIC_PRIMITIVES
+  * Ignore LC_CTYPE if set to "UTF-8"
+  * add --with-default-sub-pixel-rendering option
+  * Add FC_DESKTOP_NAME property
+
+- update to 2.14.1:
+  * Bump the cache version to 8 in doc/fontconfig-user.sgm
+  * Enable 10-sub-pixel-rgb.conf by default
+  * build fixes and translation updates
+  * Avoid misuse of ctype
+
+- Seems we now need python3 for building
+
+- update to 2.14.0:
+  * Fix endianness on generating MD5 cache name
+  * Fix a typo in the description of FcWeightFromOpenTypeDouble
+  * fc-validate: returns an error code when missing some glyphs
+  * Fallback uuid-based name to read a cache if no MD5-based cache
+  * fc-cache: Show font directories to generate cache with -v
+  * Replace UUID file mechanism with per-directory 'map' attribute [v2]
+  * memleak fixes
+- drop fontconfig-do-not-remove-UUID-file.patch (obsolete)
+- add skip-network-test.patch
+
gcr3
+- Use %patch -p N instead of deprecated %patchN.
+
glib-networking
+- Update to version 2.78.0:
+  + Respect root certificates added to macOS system keychain by
+    users
+  + Disable PKCS #11 tests when GnuTLS is built without PKCS #11
+    support
+  + Fix connection tests on 32-bit systems with 64-bit time_t
+  + Updated translations.
+
+- Ignore test suite errors for now: the test passes when run
+  locally in a chroot build env, but fails inside a kvm build env.
+
+- Update to version 2.76.1:
+  + Fix proxy tests when built against libproxy 0.5.
+  + Updated translations.
+- Drop a7db10e8862050f19af5c2eebcd1d590a04d5ced.patch: fixed
+  upstream.
+
+- Add a7db10e8862050f19af5c2eebcd1d590a04d5ced.patch: Fix tests
+  using libproxy 0.5.
+
+- Update to version 2.76.0:
+  + Fix OpenSSL sessions becoming unresumable.
+  + Fix installed libproxy test.
+
+- Update to version 2.76.beta:
+  + Hopefully fix environment proxy resolver on Windows.
+  + Remove static_modules build option, use
+  - Ddefault_library=static instead.
+  + Updated translations.
+
+- Update to version 2.76.alpha:
+  + OpenSSL: add session resumption support.
+  + GnuTLS: several session resumption improvements.
+  + Skip TLS exporter test for TLS 1.2.
+  + Default values for build options have changed, no longer use
+    auto.
+  + Fix static linking on Windows.
+  + Don't use system trust on iOS.
+  + Updated translations.
+- Drop glib-networking-gnutls-tls-exporter-tls12.patch: fixed
+  upstream.
+
+- Fix build with gnutls 3.7.8:
+  * tests: skip tls-exporter test for TLS 1.2
+  * https://gitlab.gnome.org/GNOME/glib-networking/-/issues/201
+  * Add glib-networking-gnutls-tls-exporter-tls12.patch
+
+- Update to version 2.74.0:
+  + Updated translations.
+
+- Update to version 2.74.rc:
+  + Support PKCS #12 encrypted certificates.
+  + Various improvements to Meson build system.
+  + Multiple fixes for proxy tests.
+
+- Update to version 2.74.beta:
+  + Drop environment proxy resolver to lowest priority.
+
+- Update to version 2.74.alpha:
+  + Add build option for toggling debug logging.
+  + Move gettext() usage out of hot paths.
+  + Fix tests build when using openssl.
+  + Properly free libproxy lookup results and require libproxy
+    0.4.16.
+  + Add additional validation for proxy lookup results.
+  + Allow using static libraries via meson subprojects.
+  + Updated translations.
+
+- Update to version 2.72.2:
+  + Drop environment proxy resolver to lowest priority.
+
+- Update to version 2.72.1
+  + Discard empty proxy environment variables.
+
+- Update to version 2.72.0:
+  + Fix proxy tests.
+  + GnuTLS: use IANA-style ciphersuite names with GnuTLS 3.7.4.
+  + meson devenv.
+  + Updated translations.
+
+- Update to version 2.72.beta:
+  + Add environment variable proxy resolver.
+  + OpenSSL: fix uninitialized memory use.
+
+- Update to version 2.72.alpha:
+  + OpenSSL:
+  - Fix unsafe error handling.
+  - Fail when appropriate if Must-Staple extension is set.
+  + GnuTLS: fix TLS 1.3 ciphersuite names, should use underscores.
+  + Improve failure of tls-unique channel binding requests.
+  + Do not fill SNI extension with IP address.
+
glibc
+- syslog-buffer-overflow.patch: syslog: Fix heap buffer overflow in
+  __vsyslog_internal (CVE-2023-6246, CVE-2023-6779, CVE-2023-6780,
+  bsc#1218863, bsc#1218867, bsc#1218868)
+- qsort-invalid-cmp.patch: qsort: handle degenerated compare function
+  (bsc#1218866)
+
+- Change minimum GCC to 13
+
+- Split off libnsl.so.1 into a separate package
+
gnutls
+- Update to 3.8.3:
+  * libgnutls: Fix more timing side-channel inside RSA-PSK key
+    exchange. [GNUTLS-SA-2024-01-14, CVSS: medium]
+    [bsc#1218865, CVE-2024-0553]
+  * libgnutls: Fix assertion failure when verifying a certificate
+    chain with a cycle of cross signatures.
+    [GNUTLS-SA-2024-01-09, CVSS: medium] [bsc#1218862, CVE-2024-0567]
+  * libgnutls: Fix regression in handling Ed25519 keys stored in
+    PKCS#11 token certtool was unable to handle Ed25519 keys
+    generated on PKCS#11 with pkcs11-tool (OpenSC).
+    This is a regression introduced in 3.8.2.
+  * Rebase gnutls-FIPS-140-3-references.patch
+  * Updated upstream gnutls.keyring
+
+- Update to 3.8.2: [bsc#1217277, CVE-2023-5981]
+  * libgnutls: Fix timing side-channel inside RSA-PSK key exchange.
+    [GNUTLS-SA-2023-10-23, CVSS: medium] [CVE-2023-5981]
+  * libgnutls: Add API functions to perform ECDH and DH key agreement
+    The functionality has been there for a long time though they were
+    not available as part of the public API.  This enables applications
+    to implement custom protocols leveraging non-interactive key
+    agreement with ECDH and DH.
+  * libgnutls: Added support for AES-GCM-SIV ciphers (RFC 8452)
+    The new algorithms GNUTLS_CIPHER_AES_128_SIV_GCM and
+    GNUTLS_CIPHER_AES_256_SIV_GCM have been added to be used through
+    the AEAD interface.  Note that, unlike
+    GNUTLS_CIPHER_AES_{128,256}_SIV_GCM, the authentication tag is
+    appended to the ciphertext, not prepended.
+  * libgnutls: transparent KTLS support is extended to FreeBSD kernel
+    The kernel TLS feature can now be enabled on FreeBSD as well as
+    Linux when compiled with the --enable-ktls configure option.
+  * gnutls-cli: New option --starttls-name
+    Depending on deployment, application protocols such as XMPP may
+    require a different origin address than the external address to be
+    presented prior to STARTTLS negotiation.  The --starttls-name can
+    be used to specify specify the addresses separately.
+  * API and ABI modifications:
+  - gnutls_pubkey_import_dh_raw: New function
+  - gnutls_privkey_import_dh_raw: New function
+  - gnutls_pubkey_export_dh_raw: New function
+  - gnutls_privkey_export_dh_raw: New function
+  - gnutls_x509_privkey_import_dh_raw: New function
+  - gnutls_privkey_derive_secret: New function
+  - GNUTLS_KEYGEN_DH: New enum member of gnutls_keygen_types_t
+  - GNUTLS_CIPHER_AES_128_SIV_GCM: Added
+  - GNUTLS_CIPHER_AES_256_SIV_GCM: Added
+  * Rebase gnutls-FIPS-140-3-references.patch
+  * Remove upstream: gnutls-GNUTLS_NO_EXTENSIONS-compatibility.patch
+
gobject-introspection
+- Drop BuildRequires on pkgconfig(cairo)/pkgconfig(cairo-gobject),
+  cairo is only needed for some tests.
+
gpg2
+- Update to 2.4.4: [bsc#1219191]
+  * gpg: Do not keep an unprotected smartcard backup key on disk.
+    See https://gnupg.org/blog/20240125-smartcard-backup-key.html
+    for a security advisory. [T6944]
+  * gpg: Allow to specify seconds since Epoch beyond 2038 on 32-bit
+    platforms. [T6736]
+  * gpg: Fix expiration time when Creation-Date is specified. [T5252]
+  * gpg: Add support for Subkey-Expire-Date. [rG96b69c1866]
+  * gpg: Add option --with-v5-fingerprint. [T6705]
+  * gpg: Add sub-option ignore-attributes to --import-options.
+  * gpg: Add --list-filter properties sig_expires/sig_expires_d.
+  * gpg: Fix validity of re-imported keys. [T6399]
+  * gpg: Report BEGIN_ status before examining the input. [T6481]
+  * gpg: Don't try to compress a read-only keybox. [T6811]
+  * gpg: Choose key from inserted card over a non-inserted card. [T6831]
+  * gpg: Allow to create revocations even with non-compliant algos. [T6929]
+  * gpg: Fix regression in the Revoker keyword of the parameter file. [T6923]
+  * gpg: Improve error message for expired default keys. [T4704]
+  * gpgsm: Add --always-trust feature. [T6559]
+  * gpgsm: Support ECC certificates in de-vs mode. [T6802]
+  * gpgsm: Major rewrite of the PKCS#12 parser. [T6536]
+  * gpgsm: No not show the pkcs#12 passphrase in debug output. [T6654]
+  * keyboxd: Timeout on failure to get the database lock. [T6838]
+  * agent: Update the key stubs only if really modified. [T6829]
+  * scd: Add support for certain Starcos 3.2 cards. [rG5304c9b080]
+  * scd: Add support for CardOS 5.4 cards. [rG812f988059]
+  * scd: Add support for D-Trust 4.1/4.4 cards. [rG0b85a9ac09]
+  * scd: Add support for Smartcafe Expert 7.0 cards. [T6919]
+  * scd: Add a length check for a new PIN. [T6843]
+  * tpm: Fix keytotpm handling in the agent. [rG9909f622f6]
+  * tpm: Fixes for the TPM test suite. [T6052]
+  * dirmngr: New option --ignore-crl-extensions. [T6545]
+  * dirmngr: Support config value "none" to disable the default
+    keyserver. [T6708]
+  * dirmngr: Fix handling of the HTTP Content-Length. [rGa5e33618f4]
+  * gpgconf: Add commands --lock and --unlock. [rG93b5ba38dc]
+  * gpgconf: Add keyword socketdir to gpgconf.ctl. [rG239c1fdc28]
+  * gpgconf: Adjust the -X command for the new VERSION file format. [T6918]
+  * wkd: Use export-clean for gpg-wks-client's --mirror and --create
+    commands. [rG2c7f7a5a278c]
+  * wkd: Make --add-revocs the default in gpg-wks-client. New option
+  - -no-add-revocs. [rG10c937ee68]
+  * Remove duplicated backslashes when setting the homedir. [T6833]
+  * Ignore attempts to remove the /dev/null device. [T6556]
+  * Improve advisory file lock retry strategy. [T3380]
+  * Release-info: https://dev.gnupg.org/T6578
+  * Remove patch upstream:
+  - gnupg-Report-BEGIN_-status-before-examining-the-input.patch
+
gsettings-desktop-schemas
+- Use %autosetup instead of %setup/%patch.
+
gstreamer
+- Update to version 1.22.9:
+  + Highlighted bugfixes in 1.22.9
+  - More Security fixes for the AV1 video codec parser
+  - va: fixes for Mesa Gallium drivers in Mesa versions older
+    than v23.2
+  - v4l2src: Consider framerate during caps selection
+  - v4l2codec: decoder fixes
+  - rtspsrc: multicast fixes
+  - camerabin viewfinder fixes
+  - various bug fixes, build fixes, memory leak fixes, and other
+    stability and reliability improvements
+  + gstreamer
+  - aggregator: fix use-after-free in queries processing
+  - multiqueue: Ignore queue fullness for most events
+- Rebase reduce-required-meson.patch
+
gstreamer-plugins-bad
+- Require libvpl only on supported architectures (x86_64 and aarch64)
+
+- drop support for libmfx, which is no longer supported upstream
+  at all (boo#1219494)
+- added support for oneVPL
+
+- Update to version 1.22.9:
+  + av1parser: Fix potential stack overflow during tile list
+    parsing (CVE-2024-0444, bsc#1219453, ZDI-CAN-22300)
+  + camerabin: Correctly relink viewfinderbin_queue
+  + GstPlay: Fix error details parsing
+  + h264decoder: Handle malformed avc/avc3 packets
+  + h264decoder: h265decoder: Align with wraparound fix
+  + vp8decoder: vp9decoder: av1decoder: mpeg2decoder:
+    Fix multiplication wraparound
+  + vah264enc/vah264dec issues after recent upgrade to 1.22.8
+    from 1.22.7
+  + va: fixes for Mesa Gallium drivers in Mesa versions older
+    than v23.2
+  + vp9parse: Fix critical warning during caps negotiation
+- Rebase reduce-required-meson.patch
+
gstreamer-plugins-base
+- Update to version 1.22.9:
+  + audiobasesink: Don't wait on gap events
+  + audioconvert: change gst_audio_convert_get_unit_size() log
+    levels
+  + glcolorconvert: Correct transform_caps direction
+  + gloverlay: Apply updated overlay coordinates correctly
+  + videorate: keep pool if max_buffers is unlimited
+- Rebase reduce-required-meson.patch
+
gvfs
+- Update to version 1.52.2:
+  + smb: Fix livelock when mounting share without enough
+    permissions.
+  + smb: Fi moving files across filesystem boundaries.
+  + Updated transltions.
+
+- Use %patch -p N instead of deprecated %patchN.
+
hunspell
+- update to 1.7.2:
+  * Crash fixes, code clean-up in ~200 commits
+  * tdf#136306 don't accept/suggest typos as 3-or-more-word compound words
+  * Prepare optional spelling mode of LibreOffice to not accept/suggest not
+    dictionary-based words as compound words
+  * Merge in weblate translations
+
+- update to 1.7.1:
+  * Merge chromium fix for #714 OOB string write in hunspell
+  * Merge firefox fix for #756 various issues parsing incomplete aff files
+  * Fix #492 crash with hunspell -l -r
+  * Merge in weblate translations
+- drop hunspell-CVE-2019-16707.patch (upstream)
+
+- Version update to 1.7.0:
+  * add SPELLML support for run-time dictionary extensio
+  * No annoying suggestion times any more, especially in languages with
+    compound word handling and complex morphology
+  * Improved, highly customizable suggestions on level of dictionary words
+  * Handling multiple word suggestions is much more easier
+  * Limit compound overgeneration by dictionary based word pairs
+  * makealias dictionary compression
+  * Various minor bugfixes
+
hwdata
+- update to 0.378:
+  * Update pci, usb and vendor ids
+
+- update to 0.377:
+  * Fixed trailing spaces in pnp.ids
+
+- update to 0.376:
+  * Update pci, usb and vendor ids
+
+- update to 0.373:
+  * Update pci, usb and vendor ids
+
+- update to 0.372:
+  * Update pci, usb and vendor ids
+
karchive
+- Update to 5.114.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.114.0
+- No code change since 5.113.0
+
+- Update to 5.113.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.113.0
+- Changes since 5.112.0:
+  * karchivetest: QVERIFY KArchiveFile* before dereferencing it
+  * Fix broken bzip2 with new shared-mime-info
+
kernel-default
+- net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
+  (bsc#1219127 CVE-2024-23849).
+- commit 7f27245
+
+- x86/coco: Define cc_vendor without CONFIG_ARCH_HAS_CC_PLATFORM
+  (jsc#PED-7322).
+- commit 98c6595
+
+- x86/kvm: Fix SEV check in sev_map_percpu_data() (jsc#PED-7322).
+- commit 082b8e1
+
+- KVM: x86: Give a hint when Win2016 might fail to boot due to
+  XSAVES erratum (jsc#PED-7322).
+- commit d5577b6
+
+- KVM: x86: Check irqchip mode before create PIT (jsc#PED-7322).
+- commit d2cbe00
+
+- Update config files (bsc#1219440).
+  Update the CONFIG_LSM option to include the BPF LSM in the default set of
+  LSMs that get enabled when booting up. The new version of systemd in
+  SLE15-SP6 requires the BPF LSM.
+- commit bf6e39d
+
+- KVM: introduce CONFIG_KVM_COMMON (jsc#PED-7322).
+- Update config files.
+- commit 60742fc
+
+- Update metadata: "scsi: lpfc: Use unsigned type for num_sge (bsc#1214746)."
+  Move patch into sorted section.
+- commit bf77043
+
+- virt: sev-guest: Convert to platform remove callback returning
+  void (jsc#PED-7322).
+- commit 5752a5f
+
+- KVM: remove CONFIG_HAVE_KVM_IRQFD (jsc#PED-7322).
+- Update config files.
+- commit 6e3621a
+
+- KVM: remove CONFIG_HAVE_KVM_EVENTFD (jsc#PED-7322).
+- Update config files.
+- commit 6361a8e
+
+- Update config files.
+- commit 6ba26a3
+
+- KVM x86/xen: add an override for PVCLOCK_TSC_STABLE_BIT
+  (jsc#PED-7322).
+- commit 737fb0e
+
+- octeontx2-af: Initialize maps (jsc#PED-6931).
+- net: intel: fix old compiler regressions (jsc#PED-4874).
+- octeontx2-pf: Fix a memleak otx2_sq_init (jsc#PED-6931).
+- idpf: avoid compiler padding in virtchnl2_ptype struct
+  (jsc#PED-6716).
+- octeontx2-pf: Remove xdp queues on program detach
+  (jsc#PED-6931).
+- ixgbe: Fix an error handling path in
+  ixgbe_read_iosf_sb_reg_x550() (jsc#PED-4872).
+- e1000e: correct maximum frequency adjustment values
+  (jsc#PED-4868).
+- bnxt_en: Make PTP timestamp HWRM more silent (jsc#PED-5742).
+- gve: Fix skb truesize underestimation (bsc#1214479).
+- commit 610ddc5
+
+- KVM: nSVM: Hide more stuff under CONFIG_KVM_HYPERV/CONFIG_HYPERV
+  (jsc#PED-7322).
+- commit c8c1c08
+
+- team: Fix use-after-free when an option instance allocation
+  fails (git-fixes).
+- commit aa6501b
+
+- KVM: nVMX: Hide more stuff under CONFIG_KVM_HYPERV (jsc#PED-7322).
+- commit bc6ea0c
+
+- net: dsa: microchip: provide a list of valid protocols for
+  xmit handler (git-fixes).
+- commit 14ae17e
+
+- nfp: flower: fix for take a mutex lock in soft irq context
+  and rcu lock (git-fixes).
+- commit 8699210
+
+- net: hns: fix fake link up on xge port (git-fixes).
+- commit 7b3f477
+
+- net: hns: fix wrong head when modify the tx feature when
+  sending packets (git-fixes).
+- commit 848eb56
+
+- net: atlantic: Fix NULL dereference of skb pointer in
+  (git-fixes).
+- commit bfa6175
+
+- net: stmmac: fix FPE events losing (git-fixes).
+- commit 2382976
+
+- net: ravb: Keep reverse order of operations in ravb_remove()
+  (git-fixes).
+- commit d60c1dc
+
+- net: ravb: Stop DMA in case of failures on ravb_open()
+  (git-fixes).
+- commit 536e15e
+
+- net: ravb: Start TX queues after HW initialization succeeded
+  (git-fixes).
+- commit 67bd94d
+
+- net: ravb: Make write access to CXR35 first before accessing
+  other EMAC registers (git-fixes).
+- commit 2f42ed8
+
+- net: ravb: Use pm_runtime_resume_and_get() (git-fixes).
+- commit f02fced
+
+- net: ravb: Check return value of reset_control_deassert()
+  (git-fixes).
+- commit 864deed
+
+- net: libwx: fix memory leak on msix entry (git-fixes).
+- commit 159ffaa
+
+- KVM: nVMX: Introduce accessor to get Hyper-V eVMCS pointer
+  (jsc#PED-7322).
+- commit 4c639bf
+
+- KVM: nVMX: Introduce helpers to check if Hyper-V evmptr12 is
+  valid/set (jsc#PED-7322).
+- commit bc7347a
+
+- KVM: x86: Make Hyper-V emulation optional (jsc#PED-7322).
+- Update config files.
+- commit 87507f6
+
+- Drop ASoC AMD ACP patch causing a regression (bsc#1219789)
+- commit 1eacaea
+
+- KVM: nVMX: Move guest_cpuid_has_evmcs() to hyperv.h (jsc#PED-7322).
+- commit 2cbad81
+
+- KVM: nVMX: Split off helper for emulating VMCLEAR on Hyper-V
+  eVMCS (jsc#PED-7322).
+- commit 82136e4
+
+- KVM: x86: Introduce helper to handle Hyper-V paravirt TLB
+  flush requests (jsc#PED-7322).
+- commit 92008f5
+
+- KVM: VMX: Split off hyperv_evmcs.{ch} (jsc#PED-7322).
+- commit 056eb46
+
+- KVM: x86: Introduce helper to check if vector is set in Hyper-V
+  SynIC (jsc#PED-7322).
+- commit ee580aa
+
+- KVM: x86: Introduce helper to check if auto-EOI is set in
+  Hyper-V SynIC (jsc#PED-7322).
+- commit 3628f1b
+
+- KVM: VMX: Split off vmx_onhyperv.{ch} from hyperv.{ch}
+  (jsc#PED-7322).
+- commit a52f7d7
+
+- KVM: x86: Move Hyper-V partition assist page out of Hyper-V
+  emulation context (jsc#PED-7322).
+- commit c274d49
+
+- KVM: x86/xen: Remove unneeded xen context from kvm_arch when
+  !CONFIG_KVM_XEN (jsc#PED-7322).
+- commit 1a3426d
+
+- KVM: x86/mmu: fix comment about mmu_unsync_pages_lock
+  (jsc#PED-7322).
+- commit 6927f64
+
+- KVM: x86/mmu: always take tdp_mmu_pages_lock (jsc#PED-7322).
+- commit 3c339d8
+
+- KVM: x86/mmu: remove unnecessary "bool shared" argument from
+  iterators (jsc#PED-7322).
+- commit 26089fe
+
+- KVM: x86/mmu: remove unnecessary "bool shared" argument from
+  functions (jsc#PED-7322).
+- commit 20e6465
+
+- KVM: x86/mmu: Check for leaf SPTE when clearing dirty bit in
+  the TDP MMU (jsc#PED-7322).
+- commit 04b615d
+
+- KVM: x86/mmu: Fix off-by-1 when splitting huge pages during
+  CLEAR (jsc#PED-7322).
+- commit ca542a6
+
+- KVM: x86: Harden copying of userspace-array against overflow
+  (jsc#PED-7322).
+- commit 2624bb5
+
+- KVM: x86/pmu: Track emulated counter events instead of previous
+  counter (jsc#PED-7322).
+- commit 50f3c68
+
+- KVM: x86/pmu: Update sample period in pmc_write_counter()
+  (jsc#PED-7322).
+- commit b607273
+
+- KVM: x86/pmu: Remove manual clearing of fields in kvm_pmu_init()
+  (jsc#PED-7322).
+- commit 5d80669
+
+- KVM: x86/pmu: Stop calling kvm_pmu_reset() at RESET (it's
+  redundant) (jsc#PED-7322).
+- commit ba0d28d
+
+- KVM: x86/pmu: Reset the PMU, i.e. stop counters, before
+  refreshing (jsc#PED-7322).
+- commit 3e9e29b
+
+- KVM: x86/pmu: Move PMU reset logic to common x86 code
+  (jsc#PED-7322).
+- commit 4d829a7
+
+- KVM: SVM,VMX: Use %rip-relative addressing to access
+  kvm_rebooting (jsc#PED-7322).
+- commit 94d4ceb
+
+- KVM: SVM: Don't intercept IRET when injecting NMI and vNMI is
+  enabled (jsc#PED-7322).
+- commit abf0f42
+
+- KVM: SVM: Explicitly require FLUSHBYASID to enable SEV support
+  (jsc#PED-7322).
+- commit 51dc0ef
+
+- KVM: nSVM: Advertise support for flush-by-ASID (jsc#PED-7322).
+- commit d96ff28
+
+- Revert "nSVM: Check for reserved encodings of TLB_CONTROL in
+  nested VMCB" (jsc#PED-7322).
+- commit 733d5b1
+
+- KVM: x86: Don't unnecessarily force masterclock update on vCPU
+  hotplug (jsc#PED-7322).
+- commit e2477e4
+
+- KVM: x86: Use a switch statement and macros in
+  __feature_translate() (jsc#PED-7322).
+- commit 26af95a
+
+- KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace
+  (jsc#PED-7322).
+- commit 8de3668
+
+- blacklist.conf: false positive
+- commit 3612d1b
+
+- dm: limit the number of targets and parameter size area
+  (bsc#1219827, bsc#1219146, CVE-2023-52429, CVE-2024-23851).
+- commit 7512798
+
+- KVM: x86: Turn off KVM_WERROR by default for all configs
+  (jsc#PED-7322).
+- commit 427cbaf
+
+- KVM: x86/mmu: Declare flush_remote_tlbs{_range}() hooks iff
+  HYPERV!=n (jsc#PED-7322).
+- commit 47fe30a
+
+- mm: memcontrol: don't throttle dying tasks on memory.high
+  (bsc#1219889).
+- kernel/fork: beware of __put_task_struct() calling context
+  (bsc#1216761).
+- commit e3538e2
+
+- KVM: x86: Use KVM-governed feature framework to track "LAM
+  enabled" (jsc#PED-7322).
+- commit e0b7547
+
+- docs/perf: Add ampere_cspmu to toctree to fix a build warning (jsc#PED-7859)
+- commit 5a39b75
+
+- KVM: x86: Advertise and enable LAM (user and supervisor)
+  (jsc#PED-7322).
+- commit be96f66
+
+- KVM: x86: Virtualize LAM for user pointer (jsc#PED-7322).
+- commit 51ea9b3
+
+- KVM: x86: Virtualize LAM for supervisor pointer (jsc#PED-7322).
+- commit 4719d36
+
+- perf vendor events arm64 AmpereOneX: Add core PMU events and metrics (jsc#PED-7859)
+- commit 8763e5d
+
+- netdevsim: Don't accept device bound programs (git-fixes).
+- commit c28704b
+
+- ravb: Fix races between ravb_tx_timeout_work() and net related
+  ops (git-fixes).
+- commit ca1ed03
+
+- r8169: prevent potential deadlock in rtl8169_close (git-fixes).
+- commit c6c74b1
+
+- r8169: fix deadlock on RTL8125 in jumbo mtu mode (git-fixes).
+- commit 350e699
+
+- net: stmmac: xgmac: Disable FPE MMC interrupts (git-fixes).
+- commit 4d4a44e
+
+- dpaa2-eth: recycle the RX buffer only after all processing done
+  (git-fixes).
+- commit 6f9cf91
+
+- KVM: x86: Untag addresses for LAM emulation where applicable
+  (jsc#PED-7322).
+- commit 3aca57c
+
+- dpaa2-eth: increase the needed headroom to account for alignment
+  (git-fixes).
+- commit aeead7c
+
+- net: rswitch: Fix missing dev_kfree_skb_any() in error path
+  (git-fixes).
+- commit dfab415
+
+- net: rswitch: Fix return value in rswitch_start_xmit()
+  (git-fixes).
+- commit 3061c1f
+
+- net: rswitch: Fix type of ret in rswitch_start_xmit()
+  (git-fixes).
+- commit 3bd4f02
+
+- net: ipa: fix one GSI register field width (git-fixes).
+- commit 57e43ae
+
+- net: axienet: Fix check for partial TX checksum (git-fixes).
+- commit 765d022
+
+- amd-xgbe: propagate the correct speed and duplex status
+  (git-fixes).
+- commit ca7f648
+
+- amd-xgbe: handle the corner-case during tx completion
+  (git-fixes).
+- commit 05c99da
+
+- amd-xgbe: handle corner-case during sfp hotplug (git-fixes).
+- commit 63bb25f
+
+- net: veth: fix ethtool stats reporting (git-fixes).
+- commit 40065a7
+
+- wireguard: use DEV_STATS_INC() (git-fixes).
+- commit c56067d
+
+- net: wangxun: fix kernel panic due to null pointer (git-fixes).
+- commit cc57ffc
+
+- KVM: x86: Introduce get_untagged_addr() in kvm_x86_ops and
+  call it in emulator (jsc#PED-7322).
+- Refresh
+  patches.suse/KVM-SEV-Make-AVIC-backing-VMSA-and-VMCB-memory-allocation-SNP-sa.
+- commit db34c34
+
+- stmmac: dwmac-loongson: Add architecture dependency (git-fixes).
+- commit 746bbc5
+
+- macvlan: Don't propagate promisc change to lower dev in passthru
+  (git-fixes).
+- commit ad66810
+
+- pds_core: use correct index to mask irq (git-fixes).
+- commit f2391e5
+
+- net: stmmac: avoid rx queue overrun (git-fixes).
+- commit 3a28d91
+
+- net: stmmac: fix rx budget limit check (git-fixes).
+- commit 739b241
+
+- KVM: x86: Remove kvm_vcpu_is_illegal_gpa() (jsc#PED-7322).
+- commit 214f40f
+
+- KVM: x86: Add & use kvm_vcpu_is_legal_cr3() to check CR3's
+  legality (jsc#PED-7322).
+- commit 0ea18e6
+
+- KVM: x86/mmu: Drop non-PA bits when getting GFN for guest's PGD
+  (jsc#PED-7322).
+- commit a7a4e2c
+
+- KVM: x86: Add X86EMUL_F_INVLPG and pass it in em_invlpg()
+  (jsc#PED-7322).
+- commit 469975b
+
+- KVM: x86: Add an emulation flag for implicit system access
+  (jsc#PED-7322).
+- commit d9485ea
+
+- KVM: x86: Consolidate flags for __linearize() (jsc#PED-7322).
+- commit bc10a7d
+
+- tools arch x86: Sync the msr-index.h copy with the
+  kernel sources to pick IA32_MKTME_KEYID_PARTITIONING
+  (perf-sync-headers).
+- Delete
+  patches.suse/sync-tools-arch-header-for-support-branch-counters-logging.patch.
+- commit 4348ec9
+
+- tools headers x86 cpufeatures: Sync with the kernel sources
+  to pick TDX, Zen, APIC MSR fence changes (perf-sync-headers).
+- commit 13aa64d
+
+- perf evlist: Fix evlist__new_default() for > 1 core PMU
+  (git-fixes).
+- perf db-export: Fix missing reference count get in
+  call_path_from_sample() (git-fixes).
+- perf stat: Fix hard coded LL miss units (git-fixes).
+- perf env: Avoid recursively taking env->bpf_progs.lock
+  (git-fixes).
+- perf vendor events: Remove UTF-8 characters from cmn.json
+  (git-fixes).
+- perf unwind-libunwind: Fix base address for .eh_frame
+  (git-fixes).
+- perf unwind-libdw: Handle JIT-generated DSOs properly
+  (git-fixes).
+- perf genelf: Set ELF program header addresses properly
+  (git-fixes).
+- perf hisi-ptt: Fix one memory leakage in
+  hisi_ptt_process_auxtrace_event() (git-fixes).
+- perf header: Fix one memory leakage in
+  perf_event__fprintf_event_update() (git-fixes).
+- perf stat: Fix help message for --metric-no-threshold option
+  (git-fixes).
+- perf stat: Exit perf stat if parse groups fails (git-fixes).
+- perf mem: Fix error on hybrid related to availability of mem
+  event in a PMU (git-fixes).
+- perf vendor events powerpc: Update datasource event name to
+  fix duplicate events (git-fixes).
+- perf vendor events arm64 AmpereOne: Rename BPU_FLUSH_MEM_FAULT
+  to GPC_FLUSH_MEM_FAULT (git-fixes).
+- perf test record user-regs: Fix mask for vg register
+  (git-fixes).
+- perf docs: Fix man page formatting for 'perf lock' (git-fixes).
+- perf test record+probe_libc_inet_pton: Fix call chain match
+  on powerpc (bsc#1218986).
+- perf tests: Skip pipe test if noploop symbol is missing
+  (bsc#1219617).
+- perf tests lib: Add perf_has_symbol.sh (bsc#1219617).
+- perf header: Fix segfault on build_mem_topology() error path
+  (git-fixes).
+- perf test: Remove atomics from test_loop to avoid test failures
+  (git-fixes).
+- commit a32b1b0
+
+- hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER
+  missed (git-fixes).
+- hv_netvsc: Fix race condition between netvsc_probe and
+  netvsc_remove (git-fixes).
+- scsi: storvsc: Fix ring buffer size calculation (git-fixes).
+- hv_netvsc: Calculate correct ring size when PAGE_SIZE is not
+  4 Kbytes (git-fixes).
+- commit 721575c
+
+- s390/scm: fix virtual vs physical address confusion (git-fixes
+  bsc#1219816).
+- commit d8288d6
+
+- s390/boot: always align vmalloc area on segment boundary
+  (git-fixes bsc#1219815).
+- commit 08905ad
+
+- s390/vfio-ap: fix sysfs status attribute for AP queue devices
+  (git-fixes bsc#1219814).
+- commit 2f4c817
+
+- s390/ptrace: handle setting of fpc register correctly (git-fixes
+  bsc#1219812).
+- commit be5b93a
+
+- s390/qeth: Fix potential loss of L3-IP@ in case of network
+  issues (git-fixes bsc#1219811).
+- commit 32d0fc0
+
+- Reference recently released CVE
+- Update
+  patches.suse/x86-coco-Disable-32-bit-emulation-by-default-on-TDX-.patch
+  (jsc#PED-7322 CVE-2024-25744).
+- Update
+  patches.suse/x86-entry-convert-int-0x80-emulation-to-idtentry.patch
+  (bsc#1217927 CVE-2024-25744).
+- Update
+  patches.suse/x86-entry-do-not-allow-external-0x80-interrupts.patch
+  (bsc#1217927 CVE-2024-25744).
+- Update
+  patches.suse/x86-tdx-Allow-32-bit-emulation-by-default.patch
+  (jsc#PED-7322 CVE-2024-25744).
+- commit 06d4b38
+
+- KVM: s390: vsie: fix race during shadow creation (git-fixes
+  bsc#1219810).
+- commit 8180746
+
+- KVM: s390: fix setting of fpc register (git-fixes bsc#1219809).
+- commit 478f49e
+
+- KVM: s390: fix cc for successful PQAP (git-fixes bsc#1219808).
+- commit 51e5204
+
+- KVM: s390: add stat counter for shadow gmap events
+  (jsc#PED-5439).
+- commit 256c0f9
+
+- KVM: s390: add tracepoint in gmap notifier (jsc#PED-5439).
+- commit 06f0c94
+
+- nvme-host: fix the updating of the firmware version (git-fixes).
+- commit 9bc381c
+
+- x86/MCE: Always save CS register on AMD Zen IF Poison errors (git-fixes).
+- commit 63e2bb6
+
+- x86/entry/ia32: Ensure s32 is sign extended to s64 (git-fixes).
+- commit d1f7bea
+
+- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code  block (git-fixes).
+- commit b594e28
+
+- x86/srso: Print mitigation for retbleed IBPB case (git-fixes).
+- Refresh
+  patches.suse/x86-srso-fix-vulnerability-reporting-for-missing-microcode.patch.
+- commit 5b45539
+
+- x86/purgatory: Remove LTO flags (git-fixes).
+- commit 215c902
+
+- x86/kvm: Do not try to disable kvmclock if it was not enabled (git-fixes).
+- commit 0a9eee3
+
+- scsi: fnic: unlock on error path in fnic_queuecommand()
+  (git-fixes).
+- commit af1e53a
+
+- net: ethernet: cortina: Drop TSO support (git-fixes).
+- commit 1041212
+
+- Update patches.suse/arm64-errata-Add-Cortex-A520-speculative-unprivilege.patch (git-fixes, bsc#1219443)
+  Add reference to bsc#1219443.
+- commit b300257
+
+- arm64: errata: Add Cortex-A510 speculative unprivileged load (bsc#1219443)
+  Enable erratum workaround.
+- commit b26ca40
+
+- r8169: fix network lost after resume on DASH systems
+  (git-fixes).
+- commit c170312
+
+- r8169: add handling DASH when DASH is disabled (git-fixes).
+- commit 43f9a07
+
+- net: ethernet: cortina: Fix MTU max setting (git-fixes).
+- commit cdfb94f
+
+- net: ethernet: cortina: Handle large frames (git-fixes).
+- commit 76e929a
+
+- net: ethernet: cortina: Fix max RX frame define (git-fixes).
+- commit 1807254
+
+- bonding: stop the device in bond_setup_by_slave() (git-fixes).
+- commit 072954c
+
+- ppp: limit MRU to 64K (git-fixes).
+- commit 80ad17a
+
+- net: mvneta: fix calls to page_pool_get_stats (git-fixes).
+- commit 73be237
+
+- net: hns3: fix VF wrong speed and duplex issue (git-fixes).
+- commit 01a4b9c
+
+- net: phy: realtek: add 5Gbps support to rtl822x_config_aneg()
+  (bsc#1217417).
+- net: phy: realtek: use generic MDIO constants (bsc#1217417).
+- net: mdio: add 2.5g and 5g related PMA speed constants
+  (bsc#1217417).
+- commit 51b8f13
+
+- hwmon: (coretemp) Fix bogus core_id to attr name mapping
+  (git-fixes).
+- hwmon: (coretemp) Fix out-of-bounds memory access (git-fixes).
+- hwmon: (aspeed-pwm-tacho) mutex for tach reading (git-fixes).
+- mmc: sdhci-pci-o2micro: Fix a warm reboot issue that disk
+  can't be detected by BIOS (git-fixes).
+- drm/i915/gvt: Fix uninitialized variable in handle_mmio()
+  (git-fixes).
+- commit fb6968f
+
+- scsi: fnic: Increment driver version (jsc#PED-7888).
+- scsi: fnic: Improve logs and add support for multiqueue (MQ)
+  (jsc#PED-7888).
+- scsi: fnic: Add support for multiqueue (MQ) in fnic driver
+  (jsc#PED-7888).
+- scsi: fnic: Add support for multiqueue (MQ) in fnic_main.c
+  (jsc#PED-7888).
+- scsi: fnic: Remove usage of host_lock (jsc#PED-7888).
+- scsi: fnic: Define stats to track multiqueue (MQ) IOs
+  (jsc#PED-7888).
+- scsi: fnic: Modify ISRs to support multiqueue (MQ)
+  (jsc#PED-7888).
+- commit 4ae8e51
+
+- scsi: fnic: Refactor and redefine fnic.h for multiqueue
+  (jsc#PED-7888).
+- Refresh
+  patches.suse/fnic-move-fnic_fnic_flush_tx-to-a-work-queue.patch.
+- commit 5d5bc93
+
+- scsi: fnic: Get copy workqueue count and interrupt mode from
+  config (jsc#PED-7888).
+- scsi: fnic: Rename wq_copy to hw_copy_wq (jsc#PED-7888).
+- scsi: fnic: Add and improve log messages (jsc#PED-7888).
+- scsi: fnic: Add and use fnic number (jsc#PED-7888).
+- scsi: fnic: Modify definitions to sync with VIC firmware
+  (jsc#PED-7888).
+- commit 4104ea5
+
+- net: hns3: fix VF reset fail issue (git-fixes).
+- commit 357e0c0
+
+- net: hns3: fix variable may not initialized problem in
+  hns3_init_mac_addr() (git-fixes).
+- commit 761dece
+
+- net: hns3: fix out-of-bounds access may occur when coalesce
+  info is read via debugfs (git-fixes).
+- commit 9368f32
+
+- net: hns3: fix incorrect capability bit display for copper port
+  (git-fixes).
+- commit 7b8e42d
+
+- net: hns3: add barrier in vf mailbox reply process (git-fixes).
+- commit deb564c
+
+- net: hns3: fix add VLAN fail issue (git-fixes).
+- commit 6ae1571
+
+- ipvlan: add ipvlan_route_v6_outbound() helper (git-fixes).
+- commit 5f2d3b6
+
+- net: enetc: shorten enetc_setup_xdp_prog() error message to
+  fit NETLINK_MAX_FMTMSG_LEN (git-fixes).
+- commit f882476
+
+- net: sfp: add quirk for FS's 2.5G copper SFP (git-fixes).
+- commit eb7d824
+
+- driver core: Replace kstrdup() + strreplace() with
+  kstrdup_and_replace() (jsc#PED-6054 bsc#1219692).
+- lib/string_helpers: Add kstrdup_and_replace() helper
+  (jsc#PED-6054 bsc#1219692).
+- commit d4a62fc
+
+- net: ethernet: mtk_wed: fix EXT_INT_STATUS_RX_FBUF definitions
+  for MT7986 SoC (git-fixes).
+- commit be286c4
+
+- blacklist.conf: drop two entries to be revived (bsc#1219692)
+- commit ba7ec6f
+
+- net: spider_net: Use size_add() in call to struct_size()
+  (git-fixes).
+- commit 722bf2b
+
+- lib/string_helpers: Change returned value of the strreplace()
+  (bsc#1219692).
+- jbd2: Avoid printing outside the boundary of the buffer
+  (bsc#1219692).
+- commit 8aa13d7
+
+- mlxsw: Use size_mul() in call to struct_size() (git-fixes).
+- commit a527704
+
+- net: ethernet: adi: adin1110: Fix uninitialized variable
+  (git-fixes).
+- commit 4905ac5
+
+- net: mdio-mux: fix C45 access returning -EIO after API change
+  (git-fixes).
+- commit 8842ac4
+
+- net: dsa: bcm_sf2: Fix possible memory leak in
+  bcm_sf2_mdio_register() (git-fixes).
+- commit 8a76104
+
+- team: fix null-ptr-deref when team device type is changed
+  (git-fixes).
+- commit c07a0c7
+
+- net: fec: use netdev_err_once() instead of netdev_err()
+  (git-fixes).
+- commit 45e8d45
+
+- wifi: iwlwifi: exit eSR only after the FW does (git-fixes).
+- wifi: mac80211: fix waiting for beacons logic (git-fixes).
+- wifi: mac80211: fix RCU use in TDLS fast-xmit (git-fixes).
+- wifi: cfg80211: fix wiphy delayed work queueing (git-fixes).
+- wifi: iwlwifi: fix double-free bug (git-fixes).
+- selftests: cmsg_ipv6: repeat the exact packet (git-fixes).
+- selftests: net: let big_tcp test cope with slow env (git-fixes).
+- atm: idt77252: fix a memleak in open_card_ubr0 (git-fixes).
+- selftests: net: avoid just another constant wait (git-fixes).
+- selftests: net: cut more slack for gro fwd tests (git-fixes).
+- crypto: algif_hash - Remove bogus SGL free on zero-length
+  error path (git-fixes).
+- crypto: ccp - Fix null pointer dereference in
+  __sev_platform_shutdown_locked (git-fixes).
+- commit f9fa694
+
+- Drop the driver core change that caused memory corruption (bsc#1219692 bsc#1219732)
+  patches.suse/driver-core-Replace-kstrdup-strreplace-with-kstrdup_.patch
+  required the change of strreplace() API behavior as an implicit prerequiste
+- commit 9bd691b
+
+- sched: fair: move unused stub functions to header (git fixes
+  (sched)).
+- sched/fair: Fix the decision for load balance (git fixes
+  (sched)).
+- sched/core: Fix RQCF_ACT_SKIP leak (git fixes (sched)).
+- commit ec9d436
+
+- Update
+  patches.suse/Bluetooth-Fix-atomicity-violation-in-min-max-_key_si.patch
+  (git-fixes bsc#1219608 CVE-2024-24860).
+- commit 060d07f
+
+- Update
+  patches.suse/mm-lock_vma_under_rcu-must-check-vma-anon_vma-.patch
+  (bsc#1012628 per-VMA_lock_fix CVE-2024-1312 bsc#1219731).
+- commit 91e52e6
+
+- Refresh patches.suse/RAS-AMD-ATL-Add-MI300-support.patch.
+  Fix min() related warning.
+- commit 7a6c291
+
+- Update
+  patches.suse/drm-amdgpu-Fix-potential-fence-use-after-free-.patch
+  (bsc#1219128 CVE-2023-51042 jsc#PED-3527 jsc#PED-5475
+  jsc#PED-6068 jsc#PED-6070 jsc#PED-6116 jsc#PED-6120
+  jsc#PED-5065 jsc#PED-5477 jsc#PED-5511 jsc#PED-6041 jsc#PED-6069
+  jsc#PED-6071).
+- commit 72ce736
+
+- iommu: Don't reserve 0-length IOVA region (git-fixes)
+- commit d83c0fa
+
+- rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config
+  (bsc#1219653)
+  They are put into -devel subpackage. And a proper link to
+  /usr/share/gdb/auto-load/ is created.
+- commit 1dccf2a
+
+- fs/buffer.c: disable per-CPU buffer_head cache for isolated (bsc#1219631)
+- commit 55bb990
+
+- EDAC/amd64: Add MI300 row retirement support (jsc#PED-7618).
+- commit 36c2567
+
+- RAS/AMD/ATL: Add MI300 DRAM to normalized address translation support (jsc#PED-7618).
+- commit 76938a8
+
+- RAS/AMD/ATL: Fix array overflow in get_logical_coh_st_fabric_id_mi300() (jsc#PED-7618).
+- commit d6d16c5
+
+- RAS/AMD/ATL: Add MI300 support (jsc#PED-7618).
+- commit c9f0c56
+
+- Documentation: RAS: Add index and address translation section (jsc#PED-7618).
+- commit f894cc4
+
+- EDAC/amd64: Use new AMD Address Translation Library (jsc#PED-7618).
+- commit 22937f8
+
+- RAS: Introduce AMD Address Translation Library (jsc#PED-7618).
+- commit 2857e01
+
+- netfilter: nf_tables: check if catch-all set element is active
+  in next generation (CVE-2024-1085 bsc#1219429).
+- commit c4588a6
+
+- mm/writeback: fix possible divide-by-zero in wb_dirty_limits(),
+  again (git-fixes).
+- commit 5ddccd0
+
+- mm: migrate: fix getting incorrect page mapping during page
+  migration (git-fixes).
+- commit 54204d1
+
+- mm: migrate: record the mlocked page status to remove
+  unnecessary lru drain (git-fixes).
+- commit 1782112
+
+- mm/gup: fix follow_devmap_pd() on page==NULL handling
+  (git-fixes).
+- commit 3518c0e
+
+- mm: page_alloc: unreserve highatomic page blocks before oom
+  (git-fixes).
+- commit 61457c0
+
+- mm: page_alloc: enforce minimum zone size to do high atomic
+  reserves (git-fixes).
+- commit 4f2bf1e
+
+- mm: page_alloc: correct high atomic reserve calculations
+  (git-fixes).
+- commit 5a4ddfb
+
+- mm: fix unmap_mapping_range high bits shift bug (git-fixes).
+- commit 7453200
+
+- mm/shmem: fix race in shmem_undo_range w/THP (git-fixes).
+- commit 6a39858
+
+- mm: fix for negative counter: nr_file_hugepages (git-fixes).
+- commit db03bb0
+
+- mm: fix unaccount of memory on vma_link() failure (git-fixes).
+- commit 8c916f3
+
+- mm/mremap: fix unaccount of memory on vma_merge() failure
+  (git-fixes).
+- commit 1139c35
+
+- mm: zswap: fix pool refcount bug around shrink_worker()
+  (git-fixes).
+- commit ae8fafe
+
+- mm/migrate: fix do_pages_move for compat pointers (git-fixes).
+- commit d66394c
+
+- mm: mempolicy: keep VMA walk if both MPOL_MF_STRICT and
+  MPOL_MF_MOVE are specified (git-fixes).
+- commit d9dbc78
+
+- slab: kmalloc_size_roundup() must not return 0 for non-zero size
+  (git-fixes).
+- commit 4566078
+
+- mm/slab_common: fix slab_caches list corruption after
+  kmem_cache_destroy() (git-fixes).
+- commit 5566bfb
+
+- netfilter: nf_tables: reject QUEUE/DROP verdict parameters
+  (CVE-2024-1086 bsc#1219434).
+- commit 459b678
+
+- KVM: x86: Add support for "protected VMs" that can utilize
+  private memory (jsc#PED-5122).
+- Update config files.
+- commit 646dbdf
+
+- blacklist.conf: add f96c48670319 ("mm: disable CONFIG_PER_VMA_LOCK until its fixed")
+- commit 8e3f9d5
+
+- tick/sched: Preserve number of idle sleeps across CPU hotplug (git-fixes)
+- commit 60b5ecb
+
+- KVM: Convert KVM_ARCH_WANT_MMU_NOTIFIER to
+  CONFIG_KVM_GENERIC_MMU_NOTIFIER (jsc#PED-5122).
+- Update config files.
+- commit dd9b571
+
+- KVM: x86: add missing "depends on KVM" (jsc#PED-5122).
+- KVM: guest-memfd: fix unused-function warning (jsc#PED-5122).
+- KVM: Allow arch code to track number of memslot address spaces
+  per VM (jsc#PED-5122).
+- KVM: Drop superfluous __KVM_VCPU_MULTIPLE_ADDRESS_SPACE macro
+  (jsc#PED-5122).
+- KVM: x86/mmu: Handle page fault for private memory
+  (jsc#PED-5122).
+- KVM: x86: Disallow hugepages when memory attributes are mixed
+  (jsc#PED-5122).
+- KVM: x86: "Reset" vcpu->run->exit_reason early in KVM_RUN
+  (jsc#PED-5122).
+- KVM: Add KVM_CREATE_GUEST_MEMFD ioctl() for guest-specific
+  backing memory (jsc#PED-5122).
+- fs: Rename anon_inode_getfile_secure() and
+  anon_inode_getfd_secure() (jsc#PED-5122).
+- mm: Add AS_UNMOVABLE to mark mapping as completely unmovable
+  (jsc#PED-5122).
+- KVM: Introduce per-page memory attributes (jsc#PED-5122).
+- KVM: Drop .on_unlock() mmu_notifier hook (jsc#PED-5122).
+- KVM: Add a dedicated mmu_notifier flag for reclaiming freed
+  memory (jsc#PED-5122).
+- KVM: Add KVM_EXIT_MEMORY_FAULT exit to report faults to
+  userspace (jsc#PED-5122).
+- KVM: Introduce KVM_SET_USER_MEMORY_REGION2 (jsc#PED-5122).
+- KVM: PPC: Return '1' unconditionally for KVM_CAP_SYNC_MMU
+  (jsc#PED-5122).
+- KVM: PPC: Drop dead code related to KVM_ARCH_WANT_MMU_NOTIFIER
+  (jsc#PED-5122).
+- KVM: WARN if there are dangling MMU invalidations at VM
+  destruction (jsc#PED-5122).
+- KVM: Use gfn instead of hva for mmu_notifier_retry
+  (jsc#PED-5122).
+- KVM: Assert that mmu_invalidate_in_progress *never* goes
+  negative (jsc#PED-5122).
+- KVM: Tweak kvm_hva_range and hva_handler_t to allow reusing
+  for gfn ranges (jsc#PED-5122).
+- commit 5a43605
+
+- perf: arm_cspmu: ampere_cspmu: Add support for Ampere SoC PMU (jsc#PED-7859)
+- commit 1242994
+
+- perf: arm_cspmu: Support implementation specific validation (jsc#PED-7859)
+- commit 36b0b74
+
+- perf: arm_cspmu: Support implementation specific filters (jsc#PED-7859)
+- commit d78d04c
+
+- perf: arm_cspmu: Split 64-bit write to 32-bit writes (jsc#PED-7859)
+- commit ae4b62f
+
+- perf: arm_cspmu: Separate Arm and vendor module (jsc#PED-7859)
+- commit d997aaf
+
+- x86/CPU/AMD: Add X86_FEATURE_ZEN1 (jsc#PED-5122).
+- commit 91f26ba
+
+- reiserfs: Avoid touching renamed directory if parent does not
+  change (git-fixes).
+- commit 1175a85
+
+- afs: fix the usage of read_seqbegin_or_lock() in
+  afs_find_server*() (git-fixes).
+- commit 81e58a2
+
+- afs: fix the usage of read_seqbegin_or_lock() in
+  afs_lookup_volume_rcu() (git-fixes).
+- commit 17037c1
+
+- jfs: fix array-index-out-of-bounds in diNewExt (git-fixes).
+- commit 924a4d7
+
+- jfs: fix uaf in jfs_evict_inode (git-fixes).
+- commit 4a45faa
+
+- jfs: fix array-index-out-of-bounds in dbAdjTree (git-fixes).
+- commit 8299bf8
+
+- jfs: fix slab-out-of-bounds Read in dtSearch (git-fixes).
+- commit 1662dc0
+
+- UBSAN: array-index-out-of-bounds in dtSplitRoot (git-fixes).
+- commit 40de905
+
+- FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree (git-fixes).
+- commit cfc648a
+
+- x86/cpufeatures: Add SEV-SNP CPU feature (jsc#PED-5122).
+- Refresh patches.suse/kabi-reserve-cpuid-leaves.patch.
+- commit ecc8bfa
+
+- crypto: ccp: Add the SNP_SET_CONFIG command (jsc#PED-5122).
+- crypto: ccp: Add the SNP_COMMIT command (jsc#PED-5122).
+- crypto: ccp: Add the SNP_PLATFORM_STATUS command (jsc#PED-5122).
+- x86/cpufeatures: Enable/unmask SEV-SNP CPU feature
+  (jsc#PED-5122).
+- KVM: SEV: Make AVIC backing, VMSA and VMCB memory allocation
+  SNP safe (jsc#PED-5122).
+- crypto: ccp: Add panic notifier for SEV/SNP firmware shutdown
+  on kdump (jsc#PED-5122).
+- iommu/amd: Clean up RMP entries for IOMMU pages during SNP
+  shutdown (jsc#PED-5122).
+- crypto: ccp: Handle legacy SEV commands when SNP is enabled
+  (jsc#PED-5122).
+- crypto: ccp: Handle non-volatile INIT_EX data when SNP is
+  enabled (jsc#PED-5122).
+- crypto: ccp: Handle the legacy TMR allocation when SNP is
+  enabled (jsc#PED-5122).
+- x86/sev: Introduce an SNP leaked pages list (jsc#PED-5122).
+- crypto: ccp: Provide an API to issue SEV and SNP commands
+  (jsc#PED-5122).
+- crypto: ccp: Add support to initialize the AMD-SP for SEV-SNP
+  (jsc#PED-5122).
+- crypto: ccp: Define the SEV-SNP commands (jsc#PED-5122).
+- x86/sev: Adjust the directmap to avoid inadvertent RMP faults
+  (jsc#PED-5122).
+- x86/sev: Add helper functions for RMPUPDATE and PSMASH
+  instruction (jsc#PED-5122).
+- x86/fault: Dump RMP table information when RMP page faults occur
+  (jsc#PED-5122).
+- x86/traps: Define RMP violation #PF error code (jsc#PED-5122).
+- x86/fault: Add helper for dumping RMP entries (jsc#PED-5122).
+- x86/sev: Add RMP entry lookup helpers (jsc#PED-5122).
+- x86/mtrr: Don't print errors if MtrrFixDramModEn is set when
+  SNP enabled (jsc#PED-5122).
+- x86/sev: Add SEV-SNP host initialization support (jsc#PED-5122).
+- iommu/amd: Don't rely on external callers to enable IOMMU SNP
+  support (jsc#PED-5122).
+- x86/speculation: Do not enable Automatic IBRS if SEV-SNP is
+  enabled (jsc#PED-5122).
+- x86/sme: Fix memory encryption setting if enabled by default
+  and not overridden (jsc#PED-5122).
+- x86/mm: Fix memory encryption features advertisement
+  (jsc#PED-5122).
+- x86/sev: Harden #VC instruction emulation somewhat
+  (jsc#PED-5122).
+- x86/CPU/AMD: Add X86_FEATURE_ZEN5 (jsc#PED-5122).
+- x86/CPU/AMD: Drop now unused CPU erratum checking function
+  (jsc#PED-5122).
+- x86/CPU/AMD: Get rid of amd_erratum_1485 (jsc#PED-5122).
+- x86/CPU/AMD: Get rid of amd_erratum_400 (jsc#PED-5122).
+- x86/CPU/AMD: Get rid of amd_erratum_383 (jsc#PED-5122).
+- x86/CPU/AMD: Get rid of amd_erratum_1054 (jsc#PED-5122).
+- x86/CPU/AMD: Move the DIV0 bug detection to the Zen1 init
+  function (jsc#PED-5122).
+- x86/CPU/AMD: Move Zenbleed check to the Zen2 init function
+  (jsc#PED-5122).
+- x86/CPU/AMD: Rename init_amd_zn() to init_amd_zen_common()
+  (jsc#PED-5122).
+- x86/CPU/AMD: Call the spectral chicken in the Zen2 init function
+  (jsc#PED-5122).
+- x86/CPU/AMD: Move erratum 1076 fix into the Zen1 init function
+  (jsc#PED-5122).
+- x86/CPU/AMD: Move the Zen3 BTC_NO detection to the Zen3 init
+  function (jsc#PED-5122).
+- x86/CPU/AMD: Carve out the erratum 1386 fix (jsc#PED-5122).
+- x86/CPU/AMD: Add ZenX generations flags (jsc#PED-5122).
+- x86/cpu/intel_epb: Don't rely on link order (jsc#PED-5122).
+- x86/barrier: Do not serialize MSR accesses on AMD
+  (jsc#PED-5122).
+- x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs
+  (jsc#PED-5122).
+- commit 708312f
+
+- usb: xhci-plat: fix usb disconnect issue after s4 (git-fixes).
+- usb: hub: Add quirk to decrease IN-ep poll interval for
+  Microchip USB491x hub (git-fixes).
+- tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE
+  (git-fixes).
+- spmi: mediatek: Fix UAF on device remove (git-fixes).
+- spmi: mtk-pmif: Serialize PMIF status check and command
+  submission (git-fixes).
+- watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for
+  IT8784/IT8786 (git-fixes).
+- wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
+  (git-fixes).
+- wifi: cfg80211: free beacon_ies when overridden from hidden BSS
+  (git-fixes).
+- wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices
+  (git-fixes).
+- wifi: ath12k: fix and enable AP mode for WCN7850 (git-fixes).
+- wifi: ath11k: fix race due to setting
+  ATH11K_FLAG_EXT_IRQ_ENABLED too early (git-fixes).
+- wifi: ath9k: Fix potential array-index-out-of-bounds read in
+  ath9k_htc_txstatus() (git-fixes).
+- wifi: wfx: fix possible NULL pointer dereference in
+  wfx_set_mfp_ap() (git-fixes).
+- wifi: mt76: mt7996: add PCI IDs for mt7992 (git-fixes).
+- wifi: mt76: connac: fix EHT phy mode check (git-fixes).
+- wifi: rt2x00: correct wrong BBP register in RxDCOC calibration
+  (git-fixes).
+- wifi: rt2x00: restart beacon queue when hardware reset
+  (git-fixes).
+- wifi: rtw89: fix timeout calculation in rtw89_roc_end()
+  (git-fixes).
+- thermal: core: Fix thermal zone suspend-resume synchronization
+  (git-fixes).
+- commit 556e60c
+
+- libsubcmd: Fix memory leak in uniq() (git-fixes).
+- misc: lis3lv02d_i2c: Add missing setting of the reg_ctrl
+  callback (git-fixes).
+- PCI: switchtec: Fix stdev_release() crash after surprise hot
+  remove (git-fixes).
+- PCI: Fix 64GT/s effective data rate calculation (git-fixes).
+- PCI: Only override AMD USB controller if required (git-fixes).
+- PCI/AER: Decode Requester ID when no error info found
+  (git-fixes).
+- i3c: master: cdns: Update maximum prescaler value for i2c clock
+  (git-fixes).
+- mailbox: arm_mhuv2: Fix a bug for mhuv2_sender_interrupt
+  (git-fixes).
+- leds: trigger: panic: Don't register panic notifier if creating
+  the trigger failed (git-fixes).
+- mfd: ti_am335x_tscadc: Fix TI SoC dependencies (git-fixes).
+- media: i2c: imx335: Fix hblank min/max values (git-fixes).
+- media: ddbridge: fix an error code problem in ddb_probe
+  (git-fixes).
+- media: amphion: remove mutext lock in condition of wait_event
+  (git-fixes).
+- media: rkisp1: resizer: Stop manual allocation of
+  v4l2_subdev_state (git-fixes).
+- media: rkisp1: Fix IRQ disable race issue (git-fixes).
+- media: rkisp1: Store IRQ lines (git-fixes).
+- media: rkisp1: Fix IRQ handler return values (git-fixes).
+- media: rkisp1: Drop IRQF_SHARED (git-fixes).
+- media: uvcvideo: Fix power line control for SunplusIT camera
+  (git-fixes).
+- media: uvcvideo: Fix power line control for a Chicony camera
+  (git-fixes).
+- media: rockchip: rga: fix swizzling for RGB formats (git-fixes).
+- media: stk1160: Fixed high volume of stk1160_dbg messages
+  (git-fixes).
+- soc: xilinx: fix unhandled SGI warning message (git-fixes).
+- soc: xilinx: Fix for call trace due to the usage of
+  smp_processor_id() (git-fixes).
+- net: phy: at803x: fix passing the wrong reference for
+  config_intr (git-fixes).
+- PCI: Add no PM reset quirk for NVIDIA Spectrum devices
+  (git-fixes).
+- net: phy: micrel: fix ts_info value in case of no phc
+  (git-fixes).
+- pstore/ram: Fix crash when setting number of cpus to an odd
+  number (git-fixes).
+- PNP: ACPI: fix fortify warning (git-fixes).
+- regulator: core: Only increment use_count when enable_count
+  changes (git-fixes).
+- commit 1095bc9
+
+- drm/amdgpu: Fix missing error code in 'gmc_v6/7/8/9_0_hw_init()'
+  (git-fixes).
+- drm/amdkfd: Fix 'node' NULL check in
+  'svm_range_get_range_boundaries()' (git-fixes).
+- drm/amdgpu: Release 'adev->pm.fw' before return in
+  'amdgpu_device_need_post()' (git-fixes).
+- drm/amdgpu: Fix with right return code '-EIO' in
+  'amdgpu_gmc_vram_checking()' (git-fixes).
+- drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table'
+  in 'get_platform_power_management_table()' (git-fixes).
+- drm/amdgpu: fix avg vs input power reporting on smu7
+  (git-fixes).
+- drm/amdkfd: Fix lock dependency warning with srcu (git-fixes).
+- drm/amdkfd: Fix lock dependency warning (git-fixes).
+- i2c: rk3x: Adjust mask/value offset for i2c2 on rv1126
+  (git-fixes).
+- hwmon: (nct6775) Fix fan speed set failure in automatic mode
+  (git-fixes).
+- drm/amdgpu: apply the RV2 system aperture fix to RN/CZN as well
+  (git-fixes).
+- drm/amdkfd: Fix iterator used outside loop in
+  'kfd_add_peer_prop()' (git-fixes).
+- drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()'
+  (git-fixes).
+- drm/amdgpu: Fix '*fw' from request_firmware() not released in
+  'amdgpu_ucode_request()' (git-fixes).
+- drm/amdgpu: Let KFD sync with VM fences (git-fixes).
+- drm/amd/display: Fix minor issues in BW Allocation Phase2
+  (git-fixes).
+- drm/amdgpu: Fix ecc irq enable/disable unpaired (git-fixes).
+- drm/amd/display: make flip_timestamp_in_us a 64-bit variable
+  (git-fixes).
+- drm: using mul_u32_u32() requires linux/math64.h (git-fixes).
+- drm/msm/dpu: fix writeback programming for YUV cases
+  (git-fixes).
+- commit 9877917
+
+- powerpc: iommu: Bring back table group release_ownership()
+  call (git-fixes).
+- drm/tegra: Do not assume that a NULL domain means no DMA IOMMU
+  (git-fixes).
+- iommu: Allow ops->default_domain to work when !CONFIG_IOMMU_DMA
+  (git-fixes).
+- commit ba460b4
+
+- drm/msm/dpu: Ratelimit framedone timeout msgs (git-fixes).
+- drm/msm/dpu: enable writeback on SM8450 (git-fixes).
+- drm/msm/dpu: enable writeback on SM8350 (git-fixes).
+- drm/msm/dp: Add DisplayPort controller for SM8650 (git-fixes).
+- drm/msm/dsi: Enable runtime PM (git-fixes).
+- drm/amdkfd: only flush mes process context if mes support is
+  there (git-fixes).
+- drm/amdgpu: fix ftrace event amdgpu_bo_move always move on
+  same heap (git-fixes).
+- drm/amdkfd: fix mes set shader debugger process management
+  (git-fixes).
+- drm/amd/display: For prefetch mode > 0, extend prefetch if
+  possible (git-fixes).
+- drm/amd/display: Fix MST PBN/X.Y value calculations (git-fixes).
+- drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind
+  time (git-fixes).
+- drm/mipi-dsi: Fix detach call without attach (git-fixes).
+- drm/framebuffer: Fix use of uninitialized variable (git-fixes).
+- drm/drm_file: fix use of uninitialized variable (git-fixes).
+- drm/bridge: anx7625: Fix Set HPD irq detect window to 2ms
+  (git-fixes).
+- drm/panel-edp: Add override_edid_mode quirk for generic edp
+  (git-fixes).
+- drm/amd/display: Fix tiled display misalignment (git-fixes).
+- crypto: stm32/crc32 - fix parsing list of devices (git-fixes).
+- Documentation/sphinx: fix Python string escapes (git-fixes).
+- commit 63f49fd
+
+- 9p: Fix initialisation of netfs_inode for 9p (git-fixes).
+- clk: imx: clk-imx8qxp: fix LVDS bypass, pixel and phy clocks
+  (git-fixes).
+- clk: mmp: pxa168: Fix memory leak in pxa168_clk_init()
+  (git-fixes).
+- clk: hi3620: Fix memory leak in hi3620_mmc_clk_init()
+  (git-fixes).
+- ASoC: amd: Add new dmi entries for acp5x platform (git-fixes).
+- ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument (git-fixes).
+- ALSA: hda: intel-dspcfg: add filters for ARL-S and ARL
+  (git-fixes).
+- ALSA: hda: Refer to correct stream index at loops (git-fixes).
+- accel/habanalabs: add support for Gaudi2C device (git-fixes).
+- Bluetooth: L2CAP: Fix possible multiple reject send (git-fixes).
+- Bluetooth: hci_sync: fix BR/EDR wakeup bug (git-fixes).
+- Bluetooth: ISO: Avoid creating child socket if PA sync is
+  terminating (git-fixes).
+- Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks
+  for QCA2066 (git-fixes).
+- crypto: octeontx2 - Fix cptvf driver cleanup (git-fixes).
+- crypto: p10-aes-gcm - Avoid -Wstringop-overflow warnings
+  (git-fixes).
+- ACPI: NUMA: Fix the logic of getting the fake_pxm value
+  (git-fixes).
+- ACPI: extlog: fix NULL pointer dereference check (git-fixes).
+- ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on
+  synchronous events (git-fixes).
+- ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
+  (git-fixes).
+- commit 2d4658b
+
+- rpm/mkspec: sort entries in _multibuild
+  Otherwise it creates unnecessary diffs when tar-up-ing. It's of course
+  due to readdir() using "random" order as served by the underlying
+  filesystem.
+  See for example:
+  https://build.opensuse.org/request/show/1144457/changes
+- commit d1155de
+
+- tick-sched: Fix idle and iowait sleeptime accounting vs CPU (bsc#1219497)
+- commit c0129ec
+
+- blacklist.conf: add 'nvme: fix error-handling for io_uring
+  nvme-passthrough'
+- commit 36e1796
+
+- nvme-rdma: Fix transfer length when write_generate/read_verify
+  are 0 (git-fixes).
+- nvme: trace: avoid memcpy overflow warning (git-fixes).
+- nvmet: re-fix tracing strncpy() warning (git-fixes).
+- nvme: fix max_discard_sectors calculation (git-fixes).
+- nvmet-tcp: fix a missing endianess conversion in
+  nvmet_tcp_try_peek_pdu (git-fixes).
+- nvme-pci: fix sleeping function called from interrupt context
+  (git-fixes).
+- Revert "nvme-fc: fix race between error recovery and creating
+  association" (git-fixes).
+- nvme: blank out authentication fabrics options if not configured
+  (git-fixes).
+- nvme: catch errors from nvme_configure_metadata() (git-fixes).
+- nvme-tcp: only evaluate 'tls' option if TLS is selected
+  (git-fixes).
+  Refresh:
+  - patches.suse/nvme-tcp-fix-compile-time-checks-for-TLS-mode.patch
+- nvme-auth: set explanation code for failure2 msgs (git-fixes).
+- commit 542cb02
+
+- scsi: lpfc: Update lpfc version to 14.2.0.17 (bsc#1219582).
+- scsi: lpfc: Move determination of vmid_flag after VMID
+  reinitialization completes (bsc#1219582).
+- scsi: lpfc: Reinitialize an NPIV's VMID data structures after
+  FDISC (bsc#1219582).
+- scsi: lpfc: Change VMID driver load time parameters to read only
+  (bsc#1219582).
+- commit a28d317
+
+- ceph: select FS_ENCRYPTION_ALGS if FS_ENCRYPTION (bsc#1219567).
+- ceph_wait_on_conflict_unlink(): grab reference before dropping
+  - >d_lock (bsc#1219566).
+- commit 9d8ca8e
+
+- afs: Hide silly-rename files from userspace (git-fixes).
+- commit 7f411ab
+
+- ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL
+  (git-fixes).
+- ASoC: amd: yc: Add DMI quirk for MSI Bravo 15 C7VF (git-fixes).
+- ASoC: qcom: sc8280xp: limit speaker volumes (git-fixes).
+- ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287
+  thinkpads (git-fixes).
+- ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx
+  (git-fixes).
+- ALSA: hda/realtek: Fix the external mic not being recognised
+  for Acer Swift 1 SF114-32 (git-fixes).
+- ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision
+  (git-fixes).
+- ALSA: hda/realtek - Add speaker pin verbtable for Dell dual
+  speaker platform (git-fixes).
+- ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter
+  (git-fixes).
+- ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power
+  (git-fixes).
+- commit 3a5699c
+
+- misc: fastrpc: Mark all sessions as invalid in cb_remove
+  (git-fixes).
+- serial: max310x: prevent infinite while() loop in port startup
+  (git-fixes).
+- serial: max310x: fail probe if clock crystal is unstable
+  (git-fixes).
+- serial: max310x: improve crystal stable clock detection
+  (git-fixes).
+- serial: max310x: set default value when reading clock ready bit
+  (git-fixes).
+- usb: typec: tcpm: fix the PD disabled case (git-fixes).
+- usb: ucsi_acpi: Fix command completion handling (git-fixes).
+- usb: ucsi: Add missing ppm_lock (git-fixes).
+- usb: ulpi: Fix debugfs directory leak (git-fixes).
+- Revert "usb: typec: tcpm: fix cc role at port reset"
+  (git-fixes).
+- USB: hub: check for alternate port before enabling
+  A_ALT_HNP_SUPPORT (git-fixes).
+- usb: chipidea: core: handle power lost in workqueue (git-fixes).
+- usb: dwc3: gadget: Fix NULL pointer dereference in
+  dwc3_gadget_suspend (git-fixes).
+- usb: core: Prevent null pointer dereference in
+  update_port_device_state (git-fixes).
+- xhci: fix off by one check when adding a secondary interrupter
+  (git-fixes).
+- usb: host: xhci-plat: Add support for
+  XHCI_SG_TRB_CACHE_SIZE_QUIRK (git-fixes).
+- dmaengine: fix is_slave_direction() return false when
+  DMA_DEV_TO_DEV (git-fixes).
+- dmaengine: fsl-qdma: Fix a memory leak related to the queue
+  command DMA (git-fixes).
+- dmaengine: fsl-qdma: Fix a memory leak related to the status
+  queue DMA (git-fixes).
+- dmaengine: ti: k3-udma: Report short packet errors (git-fixes).
+- dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools
+  (git-fixes).
+- phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
+  (git-fixes).
+- phy: renesas: rcar-gen3-usb2: Fix returning wrong error code
+  (git-fixes).
+- commit a23ce22
+
+- ASoC: cs35l56: Firmware file must match the version of preloaded
+  firmware (git-fixes).
+- commit 726969d
+
+- ASoC: cs35l56: Wake transactions need to be issued twice
+  (git-fixes).
+- commit 92aa6aa
+
+- drm/amd/display: Add NULL check for kzalloc in
+  'amdgpu_dm_atomic_commit_tail()' (git-fixes).
+- drm/amd: Don't init MEC2 firmware when it fails to load
+  (git-fixes).
+- Input: atkbd - do not skip atkbd_deactivate() when skipping
+  ATKBD_CMD_GETID (git-fixes).
+- Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping
+  ATKBD_CMD_GETID (git-fixes).
+- Input: bcm5974 - check endpoint type before starting traffic
+  (git-fixes).
+- ALSA: hda: cs35l56: Firmware file must match the version of
+  preloaded firmware (git-fixes).
+- ASoC: cs35l56: Allow more time for firmware to boot (git-fixes).
+- ASoC: cs35l56: Load tunings for the correct speaker models
+  (git-fixes).
+- ASoC: cs35l56: Fix misuse of wm_adsp 'part' string for silicon
+  revision (git-fixes).
+- ASoC: cs35l56: Fix for initializing ASP1 mixer registers
+  (git-fixes).
+- ASoC: cs35l56: Remove unused hibernate wake constants
+  (git-fixes).
+- commit a79a167
+
+- ALSA: hda: cs35l56: Initialize all ASP1 registers (git-fixes).
+- ASoC: cs35l56: Fix default SDW TX mixer registers (git-fixes).
+- ASoC: cs35l56: Fix to ensure ASP1 registers match cache
+  (git-fixes).
+- ASoC: cs35l56: Remove buggy checks from
+  cs35l56_is_fw_reload_needed() (git-fixes).
+- ASoC: cs35l56: Don't add the same register patch multiple times
+  (git-fixes).
+- ASoC: cs35l56: cs35l56_component_remove() must clean up wm_adsp
+  (git-fixes).
+- ASoC: cs35l56: cs35l56_component_remove() must clear
+  cs35l56->component (git-fixes).
+- ASoC: wm_adsp: Fix firmware file search order (git-fixes).
+- ASoC: sun4i-spdif: Fix requirements for H6 (git-fixes).
+- ASoC: codecs: lpass-wsa-macro: fix compander volume hack
+  (git-fixes).
+- commit 210b81e
+
+- ALSA: hda: cs35l56: Fix filename string field layout
+  (git-fixes).
+- ALSA: hda: cs35l56: Fix order of searching for firmware files
+  (git-fixes).
+- ASoC: codecs: wsa883x: fix PA volume control (git-fixes).
+- ASoC: codecs: wcd938x: handle deferred probe (git-fixes).
+- ASoC: codecs: wcd938x: fix headphones volume controls
+  (git-fixes).
+- ALSA: usb-audio: Sort quirk table entries (git-fixes).
+- ALSA: usb-audio: add quirk for RODE NT-USB+ (git-fixes).
+- ALSA: usb-audio: fix typo (git-fixes).
+- ALSA: hda/cs8409: Suppress vmaster control for Dolphin models
+  (git-fixes).
+- commit cbd1581
+
+- workqueue: Provide one lock class key per work_on_cpu() callsite
+  (bsc#1219510).
+- commit cc7032e
+
+- workqueue: Override implicit ordered attribute in
+  workqueue_apply_unbound_cpumask() (bsc#1219509).
+- commit 6b333df
+
+- perf/arm-cmn: Fix the unhandled overflow status of counter 4 to 7 (bsc#1219496)
+- commit 2ad8787
+
+- Update patches.suse/sbsa_gwdt-Calculate-timeout-with-64-bit-math.patch (git-fixes, bsc#1219470)
+  Add reference to bsc#1219470.
+- commit f55db61
+
+- Update patches.suse/i2c-designware-Disable-TX_EMPTY-irq-while-waiting-fo.patch (git-fixes, bsc#1219473)
+  Add reference to bsc#1219473.
+- commit 4fc714a
+
+- net: phy: realtek: add support for RTL8126A-integrated 5Gbps
+  PHY (bsc#1217417).
+- r8169: add support for RTL8126A (bsc#1217417).
+- commit cff22d0
+
+- r8169: fix rtl8125b PAUSE frames blasting when suspended
+  (bsc#1217417).
+- commit 1d2e69e
+
+- nfc: nci: free rx_data_reassembly skb on NCI device cleanup
+  (git-fixes).
+- HID: bpf: actually free hdev memory after attaching a HID-BPF
+  program (git-fixes).
+- HID: bpf: remove double fdget() (git-fixes).
+- HID: i2c-hid-of: fix NULL-deref on failed power up (git-fixes).
+- HID: hidraw: fix a problem of memory leak in hidraw_release()
+  (git-fixes).
+- firewire: core: correct documentation of fw_csr_string()
+  kernel API (git-fixes).
+- regulator: ti-abb: don't use
+  devm_platform_ioremap_resource_byname for shared interrupt
+  register (git-fixes).
+- serial: sc16is7xx: improve do/while loop in sc16is7xx_irq()
+  (git-fixes).
+- serial: sc16is7xx: remove obsolete loop in sc16is7xx_port_irq()
+  (git-fixes).
+- serial: sc16is7xx: fix invalid sc16is7xx_lines bitfield in
+  case of probe error (git-fixes).
+- serial: sc16is7xx: fix unconditional activation of THRI
+  interrupt (git-fixes).
+- commit 5ceb45c
+
+- supported.conf: Add new VFIO modules
+- commit 0e15e54
+
+- vfio/pds: Add missing PCI_IOV depends (jsc#PED-7779
+  jsc#PED-7780).
+- vfio/pds: Fix calculations in pds_vfio_dirty_sync (jsc#PED-7779
+  jsc#PED-7780).
+- Refresh patches.suse/vfio-Move-iova_bitmap-into-iommufd.
+- commit d637959
+
+- selftests/bpf: user_ringbuf.c define c_ringbuf_size
+  (jsc#PED-6811).
+- commit 777a0e5
+
+- Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"
+  (bsc#1219141).
+- fnic: move fnic_fnic_flush_tx() to a work queue (bsc#1219141).
+- commit 43e1290
+
+- xen-netback: don't produce zero-size SKB frags (CVE-2023-46838,
+  XSA-448, bsc#1218836).
+- commit b4061c7
+
+- Refresh
+  patches.suse/usb-typec-tcpm-Support-multiple-capabilities.patch.
+  Fixes an error that I made backporting.
+  It leads to an unused variable warning.
+  Does not really hurt, but should not happen
+- commit 2ce740a
+
+- fanotify: allow "weak" fsid when watching a single filesystem (bsc#1218177).
+- commit 1ae4770
+
+- fanotify: store fsid in mark instead of in connector (bsc#1218177).
+- commit 6a1149a
+
+- s390/pci: Use dma-iommu layer (jsc#PED-7779 jsc#PED-7780).
+- Update config files.
+- commit 5632afd
+
+- maple_tree: replace data before marking dead in split and
+  spanning store (bsc#1219404).
+- maple_tree: change mas_adopt_children() parent usage
+  (bsc#1219404).
+- maple_tree: introduce mas_tree_parent() definition
+  (bsc#1219404).
+- maple_tree: introduce mas_put_in_tree() (bsc#1219404).
+- maple_tree: reorder replacement of nodes to avoid live lock
+  (bsc#1219404).
+- maple_tree: add hex output to maple_arange64 dump (bsc#1219404).
+- maple_tree: fix the arguments to __must_hold() (bsc#1219404).
+- maple_tree: use MAS_BUG_ON() from mas_topiary_range()
+  (bsc#1219404).
+- maple_tree: use MAS_BUG_ON() when setting a leaf node as a
+  parent (bsc#1219404).
+- maple_tree: add debug BUG_ON and WARN_ON variants (bsc#1219404).
+- maple_tree: add format option to mt_dump() (bsc#1219404).
+- maple_tree: clean up mas_parent_enum() and rename to
+  mas_parent_type() (bsc#1219404).
+- commit eb22d39
+
+- vfio: Move iova_bitmap into iommufd (jsc#PED-7779 jsc#PED-7780).
+- Update config files.
+- commit 999dadf
+
+- iommufd: Do not UAF during iommufd_put_object() (jsc#PED-7779
+  jsc#PED-7780).
+- iommufd: Add iommufd_ctx to iommufd_put_object() (jsc#PED-7779
+  jsc#PED-7780).
+- iommufd/selftest: Fix _test_mock_dirty_bitmaps() (jsc#PED-7779
+  jsc#PED-7780).
+- vfio: Drop vfio_file_iommu_group() stub to fudge around a KVM
+  wart (jsc#PED-7779 jsc#PED-7780).
+- vfio/pds: Fix possible sleep while in atomic context
+  (jsc#PED-7779 jsc#PED-7780).
+- vfio/pds: Fix mutex lock->magic != lock warning (jsc#PED-7779
+  jsc#PED-7780).
+- iommu: Fix printk arg in of_iommu_get_resv_regions()
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/vt-d: Set variable intel_dirty_ops to static (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/vt-d: Fix incorrect cache invalidation for mm notification
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/vt-d: Add MTL to quirk list to skip TE disabling
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/vt-d: Make context clearing consistent with context
+  mapping (jsc#PED-7779 jsc#PED-7780).
+- iommu/vt-d: Disable PCI ATS in legacy passthrough mode
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/vt-d: Omit devTLB invalidation requests when TES=0
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/vt-d: Support enforce_cache_coherency only for empty
+  domains (jsc#PED-7779 jsc#PED-7780).
+- iommu: Avoid more races around device probe (jsc#PED-7779
+  jsc#PED-7780).
+- MAINTAINERS: list all Qualcomm IOMMU drivers in the QUALCOMM
+  IOMMU entry (jsc#PED-7779 jsc#PED-7780).
+- iommu: Flow ERR_PTR out from __iommu_domain_alloc()
+  (jsc#PED-7779 jsc#PED-7780).
+- s390/pci: Fix reset of IOMMU software counters (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/dma: Use a large flush queue and timeout for
+  shadow_on_flush (jsc#PED-7779 jsc#PED-7780).
+- iommu/dma: Allow a single FQ in addition to per-CPU FQs
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/s390: Disable deferred flush for ISM devices (jsc#PED-7779
+  jsc#PED-7780).
+- s390/pci: prepare is_passed_through() for dma-iommu
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu: Allow .iotlb_sync_map to fail and handle s390's -ENOMEM
+  return (jsc#PED-7779 jsc#PED-7780).
+- iommu/dart: Remove the force_bypass variable (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/dart: Call apple_dart_finalize_domain() as part of
+  alloc_paging() (jsc#PED-7779 jsc#PED-7780).
+- iommu/dart: Convert to domain_alloc_paging() (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/dart: Move the blocked domain support to a global static
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/dart: Use static global identity domains (jsc#PED-7779
+  jsc#PED-7780).
+- iommufd: Convert to alloc_domain_paging() (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/vt-d: Use ops->blocked_domain (jsc#PED-7779 jsc#PED-7780).
+- iommu/vt-d: Update the definition of the blocking domain
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu: Move IOMMU_DOMAIN_BLOCKED global statics to
+  ops->blocked_domain (jsc#PED-7779 jsc#PED-7780).
+- iommu: change iommu_map_sgtable to return signed values
+  (jsc#PED-7779 jsc#PED-7780).
+- powerpc/iommu: Do not do platform domain attach atctions after
+  probe (jsc#PED-7779 jsc#PED-7780).
+- iommu: Fix return code in iommu_group_alloc_default_domain()
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu: Do not use IOMMU_DOMAIN_DMA if CONFIG_IOMMU_DMA is not
+  enabled (jsc#PED-7779 jsc#PED-7780).
+- iommu: Remove duplicate include (jsc#PED-7779 jsc#PED-7780).
+- iommu/iova: Manage the depot list size (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/iova: Make the rcache depot scale better (jsc#PED-7779
+  jsc#PED-7780).
+- iommu: Improve map/unmap sanity checks (jsc#PED-7779
+  jsc#PED-7780).
+- iommu: Retire map/unmap ops (jsc#PED-7779 jsc#PED-7780).
+- iommu/tegra-smmu: Update to {map,unmap}_pages (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/sun50i: Update to {map,unmap}_pages (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/rockchip: Update to {map,unmap}_pages (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/omap: Update to {map,unmap}_pages (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/exynos: Update to {map,unmap}_pages (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/omap: Convert to generic_single_device_group()
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/ipmmu-vmsa: Convert to generic_single_device_group()
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/rockchip: Convert to generic_single_device_group()
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/sprd: Convert to generic_single_device_group()
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/sun50i: Convert to generic_single_device_group()
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu: Add generic_single_device_group() (jsc#PED-7779
+  jsc#PED-7780).
+- iommu: Remove useless group refcounting (jsc#PED-7779
+  jsc#PED-7780).
+- iommu: Convert remaining simple drivers to domain_alloc_paging()
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu: Convert simple drivers with DOMAIN_DMA to
+  domain_alloc_paging() (jsc#PED-7779 jsc#PED-7780).
+- iommu: Add ops->domain_alloc_paging() (jsc#PED-7779
+  jsc#PED-7780).
+- iommu: Add __iommu_group_domain_alloc() (jsc#PED-7779
+  jsc#PED-7780).
+- iommu: Require a default_domain for all iommu drivers
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/sun50i: Add an IOMMU_IDENTITIY_DOMAIN (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/mtk_iommu: Add an IOMMU_IDENTITIY_DOMAIN (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/ipmmu: Add an IOMMU_IDENTITIY_DOMAIN (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/qcom_iommu: Add an IOMMU_IDENTITIY_DOMAIN (jsc#PED-7779
+  jsc#PED-7780).
+- iommu: Remove ops->set_platform_dma_ops() (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/msm: Implement an IDENTITY domain (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/omap: Implement an IDENTITY domain (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/tegra-smmu: Support DMA domains in tegra (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/tegra-smmu: Implement an IDENTITY domain (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/exynos: Implement an IDENTITY domain (jsc#PED-7779
+  jsc#PED-7780).
+- iommu: Allow an IDENTITY domain as the default_domain in ARM32
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu: Reorganize iommu_get_default_domain_type() to respect
+  def_domain_type() (jsc#PED-7779 jsc#PED-7780).
+- iommu/mtk_iommu_v1: Implement an IDENTITY domain (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/tegra-gart: Remove tegra-gart (jsc#PED-7779 jsc#PED-7780).
+- iommu/fsl_pamu: Implement a PLATFORM domain (jsc#PED-7779
+  jsc#PED-7780).
+- iommu: Add IOMMU_DOMAIN_PLATFORM for S390 (jsc#PED-7779
+  jsc#PED-7780).
+- powerpc/iommu: Setup a default domain and remove
+  set_platform_dma_ops (jsc#PED-7779 jsc#PED-7780).
+- iommu: Add IOMMU_DOMAIN_PLATFORM (jsc#PED-7779 jsc#PED-7780).
+- iommu: Add iommu_ops->identity_domain (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/amd: Remove DMA_FQ type from domain allocation path
+  (jsc#PED-7779 jsc#PED-7780).
+- Revert "iommu: Fix false ownership failure on AMD systems with
+  PASID activated" (jsc#PED-7779 jsc#PED-7780).
+- iommu/amd: Remove unused EXPORT_SYMBOLS (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/amd: Remove amd_iommu_device_info() (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/amd: Remove PPR support (jsc#PED-7779 jsc#PED-7780).
+- iommu/amd: Remove iommu_v2 module (jsc#PED-7779 jsc#PED-7780).
+- iommu/amd: Initialize iommu_device->max_pasids (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/amd: Enable device ATS/PASID/PRI capabilities
+  independently (jsc#PED-7779 jsc#PED-7780).
+- iommu/amd: Introduce iommu_dev_data.flags to track device
+  capabilities (jsc#PED-7779 jsc#PED-7780).
+- iommu/amd: Introduce iommu_dev_data.ppr (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/amd: Rename ats related variables (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/amd: Modify logic for checking GT and PPR features
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/amd: Consolidate feature detection and reporting logic
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/amd: Miscellaneous clean up when free domain (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/amd: Do not set amd_iommu_pgtable in pass-through mode
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/amd: Introduce helper functions for managing GCR3 table
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/amd: Refactor protection domain allocation code
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/amd: Consolidate logic to allocate protection domain
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/amd: Consolidate timeout pre-define to amd_iommu_type.h
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/amd: Remove unused amd_io_pgtable.pt_root variable
+  (jsc#PED-7779 jsc#PED-7780).
+- Revert "iommu/vt-d: Remove unused function" (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/vt-d: debugfs: Support dumping a specified page table
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/vt-d: debugfs: Create/remove debugfs file per {device,
+  pasid} (jsc#PED-7779 jsc#PED-7780).
+- iommu/vt-d: debugfs: Dump entry pointing to huge page
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/vt-d: Remove unused function (jsc#PED-7779 jsc#PED-7780).
+- iommu/virtio: Add __counted_by for struct viommu_request and
+  use struct_size() (jsc#PED-7779 jsc#PED-7780).
+- dt-bindings: arm-smmu: Add SM7150 GPU SMMUv2 (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/arm-smmu-v3-sva: Remove bond refcount (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/arm-smmu-v3-sva: Remove unused iommu_sva handle
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/arm-smmu-v3: Rename cdcfg to cd_table (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/arm-smmu-v3: Update comment about STE liveness
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/arm-smmu-v3: Cleanup arm_smmu_domain_finalise
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/arm-smmu-v3: Move CD table to arm_smmu_master
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/arm-smmu-v3: Refactor write_ctx_desc (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/arm-smmu-v3: move stall_enabled to the cd table
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/arm-smmu-v3: Encapsulate ctx_desc_cfg init in
+  alloc_cd_tables (jsc#PED-7779 jsc#PED-7780).
+- iommu/arm-smmu-v3: Replace s1_cfg with cdtab_cfg (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/arm-smmu-v3: Move ctx_desc out of s1_cfg (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/arm-smmu-qcom: Add SM7150 SMMUv2 (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/arm-smmu-qcom: Add SDM670 MDSS compatible (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/tegra-smmu: Drop unnecessary error check for for
+  debugfs_create_dir() (jsc#PED-7779 jsc#PED-7780).
+- iommufd: Organize the mock domain alloc functions closer to
+  Joerg's tree (jsc#PED-7779 jsc#PED-7780).
+- iommufd/selftest: Fix page-size check in iommufd_test_dirty()
+  (jsc#PED-7779 jsc#PED-7780).
+- iommufd: Add iopt_area_alloc() (jsc#PED-7779 jsc#PED-7780).
+- iommufd: Fix missing update of domains_itree after splitting
+  iopt_area (jsc#PED-7779 jsc#PED-7780).
+- iommu/vt-d: Disallow read-only mappings to nest parent domain
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/vt-d: Add nested domain allocation (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/vt-d: Set the nested domain to a device (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/vt-d: Make domain attach helpers to be extern
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/vt-d: Add helper to setup pasid nested translation
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/vt-d: Add helper for nested domain allocation
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/vt-d: Extend dmar_domain to support nested domain
+  (jsc#PED-7779 jsc#PED-7780).
+- iommufd: Add data structure for Intel VT-d stage-1 domain
+  allocation (jsc#PED-7779 jsc#PED-7780).
+- iommu/vt-d: Enhance capability check for nested parent domain
+  allocation (jsc#PED-7779 jsc#PED-7780).
+- iommufd/selftest: Add coverage for IOMMU_HWPT_ALLOC with nested
+  HWPTs (jsc#PED-7779 jsc#PED-7780).
+- iommufd/selftest: Add nested domain allocation for mock domain
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu: Add iommu_copy_struct_from_user helper (jsc#PED-7779
+  jsc#PED-7780).
+- iommufd: Add a nested HW pagetable object (jsc#PED-7779
+  jsc#PED-7780).
+- iommu: Pass in parent domain with user_data to domain_alloc_user
+  op (jsc#PED-7779 jsc#PED-7780).
+- iommufd: Share iommufd_hwpt_alloc with IOMMUFD_OBJ_HWPT_NESTED
+  (jsc#PED-7779 jsc#PED-7780).
+- iommufd: Derive iommufd_hwpt_paging from iommufd_hw_pagetable
+  (jsc#PED-7779 jsc#PED-7780).
+- iommufd/device: Wrap IOMMUFD_OBJ_HWPT_PAGING-only configurations
+  (jsc#PED-7779 jsc#PED-7780).
+- iommufd: Rename IOMMUFD_OBJ_HW_PAGETABLE to
+  IOMMUFD_OBJ_HWPT_PAGING (jsc#PED-7779 jsc#PED-7780).
+- iommu: Add IOMMU_DOMAIN_NESTED (jsc#PED-7779 jsc#PED-7780).
+- iommufd: Only enforce cache coherency in
+  iommufd_hw_pagetable_alloc (jsc#PED-7779 jsc#PED-7780).
+- iommufd/selftest: Test IOMMU_HWPT_GET_DIRTY_BITMAP_NO_CLEAR flag
+  (jsc#PED-7779 jsc#PED-7780).
+- iommufd/selftest: Test out_capabilities in IOMMU_GET_HW_INFO
+  (jsc#PED-7779 jsc#PED-7780).
+- iommufd/selftest: Test IOMMU_HWPT_GET_DIRTY_BITMAP (jsc#PED-7779
+  jsc#PED-7780).
+- iommufd/selftest: Test IOMMU_HWPT_SET_DIRTY_TRACKING
+  (jsc#PED-7779 jsc#PED-7780).
+- iommufd/selftest: Test IOMMU_HWPT_ALLOC_DIRTY_TRACKING
+  (jsc#PED-7779 jsc#PED-7780).
+- iommufd/selftest: Expand mock_domain with dev_flags
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/vt-d: Access/Dirty bit support for SS domains
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/amd: Access/Dirty bit support in IOPTEs (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/amd: Add domain_alloc_user based domain allocation
+  (jsc#PED-7779 jsc#PED-7780).
+- iommufd: Add a flag to skip clearing of IOPTE dirty
+  (jsc#PED-7779 jsc#PED-7780).
+- iommufd: Add capabilities to IOMMU_GET_HW_INFO (jsc#PED-7779
+  jsc#PED-7780).
+- iommufd: Add IOMMU_HWPT_GET_DIRTY_BITMAP (jsc#PED-7779
+  jsc#PED-7780).
+- iommufd: Add IOMMU_HWPT_SET_DIRTY_TRACKING (jsc#PED-7779
+  jsc#PED-7780).
+- iommufd: Add a flag to enforce dirty tracking on attach
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu: Add iommu_domain ops for dirty tracking (jsc#PED-7779
+  jsc#PED-7780).
+- iommufd/iova_bitmap: Move symbols to IOMMUFD namespace
+  (jsc#PED-7779 jsc#PED-7780).
+- vfio/iova_bitmap: Export more API symbols (jsc#PED-7779
+  jsc#PED-7780).
+- iommufd: Correct IOMMU_HWPT_ALLOC_NEST_PARENT description
+  (jsc#PED-7779 jsc#PED-7780).
+- iommufd/selftest: Rework TEST_LENGTH to test min_size explicitly
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/vt-d: Add domain_alloc_user op (jsc#PED-7779
+  jsc#PED-7780).
+- iommufd/selftest: Add domain_alloc_user() support in iommu mock
+  (jsc#PED-7779 jsc#PED-7780).
+- iommufd: Support allocating nested parent domain (jsc#PED-7779
+  jsc#PED-7780).
+- iommufd: Flow user flags for domain allocation to
+  domain_alloc_user() (jsc#PED-7779 jsc#PED-7780).
+- iommufd: Use the domain_alloc_user() op for domain allocation
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu: Add new iommu op to create domains owned by userspace
+  (jsc#PED-7779 jsc#PED-7780).
+- iommufd/selftest: Iterate idev_ids in mock_domain's alloc_hwpt
+  test (jsc#PED-7779 jsc#PED-7780).
+- iommufd: Fix spelling errors in comments (jsc#PED-7779
+  jsc#PED-7780).
+- vfio/mtty: Enable migration support (jsc#PED-7779 jsc#PED-7780).
+- vfio/mtty: Overhaul mtty interrupt handling (jsc#PED-7779
+  jsc#PED-7780).
+- vfio: Fix smatch errors in vfio_combine_iova_ranges()
+  (jsc#PED-7779 jsc#PED-7780).
+- vfio/cdx: Add parentheses between bitwise AND expression and
+  logical NOT (jsc#PED-7779 jsc#PED-7780).
+- vfio/mlx5: Activate the chunk mode functionality (jsc#PED-7779
+  jsc#PED-7780).
+- vfio/mlx5: Add support for READING in chunk mode (jsc#PED-7779
+  jsc#PED-7780).
+- vfio/mlx5: Add support for SAVING in chunk mode (jsc#PED-7779
+  jsc#PED-7780).
+- vfio/mlx5: Pre-allocate chunks for the STOP_COPY phase
+  (jsc#PED-7779 jsc#PED-7780).
+- vfio/mlx5: Rename some stuff to match chunk mode (jsc#PED-7779
+  jsc#PED-7780).
+- vfio/mlx5: Enable querying state size which is > 4GB
+  (jsc#PED-7779 jsc#PED-7780).
+- vfio/mlx5: Refactor the SAVE callback to activate a work only
+  upon an error (jsc#PED-7779 jsc#PED-7780).
+- vfio/mlx5: Wake up the reader post of disabling the SAVING
+  migration file (jsc#PED-7779 jsc#PED-7780).
+- vfio: use __aligned_u64 in struct vfio_device_ioeventfd
+  (jsc#PED-7779 jsc#PED-7780).
+- vfio: use __aligned_u64 in struct vfio_device_gfx_plane_info
+  (jsc#PED-7779 jsc#PED-7780).
+- vfio: trivially use __aligned_u64 for ioctl structs
+  (jsc#PED-7779 jsc#PED-7780).
+- vfio-cdx: add bus mastering device feature support (jsc#PED-7779
+  jsc#PED-7780).
+- vfio: add bus master feature to device feature ioctl
+  (jsc#PED-7779 jsc#PED-7780).
+- cdx: add support for bus mastering (jsc#PED-7779 jsc#PED-7780).
+- commit 5461635
+
+- PM: sleep: Fix possible deadlocks in core system-wide PM code
+  (git-fixes).
+- commit 186fd19
+
+- async: Introduce async_schedule_dev_nocall() (git-fixes).
+- commit 3d2402e
+
+- async: Split async_schedule_node_domain() (git-fixes).
+- commit 02d0aec
+
+- vfio/pci: Clear VFIO_IRQ_INFO_NORESIZE for MSI-X (jsc#PED-7785).
+- vfio/pci: Support dynamic MSI-X (jsc#PED-7785).
+- vfio/pci: Probe and store ability to support dynamic MSI-X
+  (jsc#PED-7785).
+- vfio/pci: Use bitfield for struct vfio_pci_core_device flags
+  (jsc#PED-7785).
+- vfio/pci: Update stale comment (jsc#PED-7785).
+- vfio/pci: Remove interrupt context counter (jsc#PED-7785).
+- vfio/pci: Use xarray for interrupt context storage
+  (jsc#PED-7785).
+- vfio/pci: Move to single error path (jsc#PED-7785).
+- vfio/pci: Prepare for dynamic interrupt context storage
+  (jsc#PED-7785).
+- vfio/pci: Remove negative check on unsigned vector
+  (jsc#PED-7785).
+- vfio/pci: Consolidate irq cleanup on MSI/MSI-X disable
+  (jsc#PED-7785).
+- commit bb72f32
+
+- serial: sc16is7xx: change EFR lock to operate on each channels
+  (git-fixes).
+- Refresh
+  patches.suse/serial-sc16is7xx-convert-from-_raw_-to-_noinc_-regma.patch.
+- commit b43ff48
+
+- serial: core: Simplify uart_get_rs485_mode() (git-fixes).
+- Refresh
+  patches.suse/serial-core-imx-do-not-set-RS485-enabled-if-it-is-no.patch.
+- commit 52b3d86
+
+- selftests: bonding: do not test arp/ns target with mode
+  balance-alb/tlb (git-fixes).
+- selftests: netdevsim: fix the udp_tunnel_nic test (git-fixes).
+- selftests: net: fix rps_default_mask with >32 CPUs (git-fixes).
+- selftest: Don't reuse port for SO_INCOMING_CPU test (git-fixes).
+- selftests: bonding: Increase timeout to 1200s (git-fixes).
+- nouveau/vmm: don't set addr on the fail path to avoid warning
+  (git-fixes).
+- rtc: cmos: Use ACPI alarm for non-Intel x86 systems too
+  (git-fixes).
+- soundwire: fix initializing sysfs for same devices on different
+  buses (git-fixes).
+- soundwire: bus: introduce controller_id (git-fixes).
+- serial: core: set missing supported flag for RX during TX GPIO
+  (git-fixes).
+- serial: sc16is7xx: convert from _raw_ to _noinc_ regmap
+  functions for FIFO (git-fixes).
+- serial: sc16is7xx: remove unused line structure member
+  (git-fixes).
+- serial: sc16is7xx: remove global regmap from struct
+  sc16is7xx_port (git-fixes).
+- serial: sc16is7xx: remove wasteful static buffer in
+  sc16is7xx_regmap_name() (git-fixes).
+- serial: sc16is7xx: improve regmap debugfs by using one regmap
+  per port (git-fixes).
+- iio: adc: ad7091r: Enable internal vref if external vref is
+  not supplied (git-fixes).
+- thermal: intel: hfi: Add syscore callbacks for system-wide PM
+  (git-fixes).
+- mmc: mmc_spi: remove custom DMA mapped buffers (git-fixes).
+- mmc: core: Use mrq.sbc in close-ended ffu (git-fixes).
+- scripts/get_abi: fix source path leak (git-fixes).
+- thermal: intel: hfi: Disable an HFI instance when all its CPUs
+  go offline (git-fixes).
+- thermal: intel: hfi: Refactor enabling code into helper
+  functions (git-fixes).
+- serial: core: fix kernel-doc for uart_port_unlock_irqrestore()
+  (git-fixes).
+- serial: sc16is7xx: Use port lock wrappers (git-fixes).
+- serial: core: Provide port lock wrappers (git-fixes).
+- thermal: trip: Drop lockdep assertion from
+  thermal_zone_trip_id() (git-fixes).
+- thermal: core: Store trip pointer in struct thermal_instance
+  (git-fixes).
+- thermal: trip: Drop redundant trips check from
+  for_each_thermal_trip() (git-fixes).
+- commit 9cd2e11
+
+- drm/amdgpu/pm: Fix the power source flag error (git-fixes).
+- drm/amd/display: Fix uninitialized variable usage in core_link_
+  'read_dpcd() & write_dpcd()' functions (git-fixes).
+- gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04
+  (git-fixes).
+- drm/amd/display: Align the returned error code with legacy DP
+  (git-fixes).
+- drm/amd/display: Port DENTIST hang and TDR fixes to OTG disable
+  W/A (git-fixes).
+- drm/amd/display: Fix late derefrence 'dsc' check in
+  'link_set_dsc_pps_packet()' (git-fixes).
+- drm/amd/display: Fix variable deferencing before NULL check
+  in edp_setup_replay() (git-fixes).
+- drm/amdgpu: correct the cu count for gfx v11 (git-fixes).
+- iio: adc: ad7091r: Allow users to configure device events
+  (git-fixes).
+- iio: adc: ad7091r: Set alert bit in config register (git-fixes).
+- drm: Don't unref the same fb many times by mistake due to
+  deadlock handling (git-fixes).
+- drm/panel-edp: drm/panel-edp: Fix AUO B116XTN02 name
+  (git-fixes).
+- drm/panel-edp: drm/panel-edp: Fix AUO B116XAK01 name and timing
+  (git-fixes).
+- drm/panel-edp: Add AUO B116XTN02, BOE NT116WHM-N21,836X2,
+  NV116WHM-N49 V8.0 (git-fixes).
+- docs: kernel_abi.py: fix command injection (git-fixes).
+- crypto: api - Disallow identical driver names (git-fixes).
+- commit 38dac4b
+
+- kernel-source: Fix description typo
+- commit 8abff35
+
+- nvmet-tcp: Fix the H2C expected PDU len calculation
+  (bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536
+  CVE-2023-6356).
+- nvmet-tcp: remove boilerplate code (bsc#1217987 bsc#1217988
+  bsc#1217989 CVE-2023-6535 CVE-2023-6536 CVE-2023-6356).
+- nvmet-tcp: fix a crash in nvmet_req_complete() (bsc#1217987
+  bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536
+  CVE-2023-6356).
+- nvmet-tcp: Fix a kernel panic when host sends an invalid H2C
+  PDU length (bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535
+  CVE-2023-6536 CVE-2023-6356).
+- commit abe1056
+
+- usb: typec: tcpm: Fix sink caps op current check (git-fixes).
+- commit 0565e82
+
+- usb: typec: tcpm: Support multiple capabilities (jsc#PED-6054).
+- usb: hub: Replace hardcoded quirk value with BIT() macro
+  (jsc#PED-6054).
+- commit b09eb06
+
+- usb: typec: tcpm: skip checking port->send_discover in PD3.0
+  (git-fixes).
+- commit 7e54159
+
+- vfio: Compile vfio_group infrastructure optionally (jsc#PED-7779
+  jsc#PED-7780).
+- Update config files.
+- commit 31c540c
+
+- clocksource: disable watchdog checks on TSC when TSC is watchdog
+  (bsc#1215885).
+- commit 277f89c
+
+- rswitch: Fix imbalance phy_power_off() calling (git-fixes).
+- commit 537c1a6
+
+- rswitch: Fix renesas_eth_sw_remove() implementation (git-fixes).
+- commit b476e28
+
+- nfp: flower: avoid rmmod nfp crash issues (git-fixes).
+- commit 3a0449b
+
+- net: phy: mscc: macsec: reject PN update requests (git-fixes).
+- commit ccf5c28
+
+- mlxsw: fix mlxsw_sp2_nve_vxlan_learning_set() return type
+  (git-fixes).
+- commit e16a1ab
+
+- iommu: Avoid unnecessary cache invalidations (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/vt-d: Avoid memory allocation in iommu_suspend()
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/apple-dart: Handle DMA_FQ domains in attach_dev()
+  (jsc#PED-7779 jsc#PED-7780).
+- dt-bindings: arm-smmu: Fix SDM630 clocks description
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/arm-smmu-v3: Avoid constructing invalid range commands
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/mediatek: Fix share pgtable for iova over 4GB
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu: Explicitly include correct DT includes (jsc#PED-7779
+  jsc#PED-7780).
+- iommu: Optimise PCI SAC address trick (jsc#PED-7779
+  jsc#PED-7780).
+- iommu: Avoid locking/unlocking for iommu_probe_device()
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu: Split iommu_group_add_device() (jsc#PED-7779
+  jsc#PED-7780).
+- iommu: Always destroy the iommu_group during
+  iommu_release_device() (jsc#PED-7779 jsc#PED-7780).
+- iommu: Do not export iommu_device_link/unlink() (jsc#PED-7779
+  jsc#PED-7780).
+- iommu: Move the iommu driver sysfs setup into
+  iommu_init/deinit_device() (jsc#PED-7779 jsc#PED-7780).
+- iommu: Add iommu_init/deinit_device() paired functions
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu: Simplify the __iommu_group_remove_device() flow
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu: Inline iommu_group_get_for_dev() into
+  __iommu_probe_device() (jsc#PED-7779 jsc#PED-7780).
+- iommu: Use iommu_group_ref_get/put() for dev->iommu_group
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu: Have __iommu_probe_device() check for already probed
+  devices (jsc#PED-7779 jsc#PED-7780).
+- iommu/amd: Rearrange DTE bit definations (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/amd: Remove unsued extern declaration
+  amd_iommu_init_hardware() (jsc#PED-7779 jsc#PED-7780).
+- iommu/amd: Enable PPR/GA interrupt after interrupt handler setup
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/amd: Consolidate PPR log enablement (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/amd: Disable PPR log/interrupt in iommu_disable()
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/amd: Enable separate interrupt for PPR and GA log
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/amd: Refactor IOMMU interrupt handling logic for Event,
+  PPR, and GA logs (jsc#PED-7779 jsc#PED-7780).
+- iommu/amd: Handle PPR log overflow (jsc#PED-7779 jsc#PED-7780).
+- iommu/amd: Generalize log overflow handling (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/amd/iommu_v2: Clear pasid state in free path (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/vt-d: Remove unused extern declaration
+  dmar_parse_dev_scope() (jsc#PED-7779 jsc#PED-7780).
+- iommu/vt-d: Fix to convert mm pfn to dma pfn (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/vt-d: Remove rmrr check in domain attaching device path
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu: Prevent RESV_DIRECT devices from blocking domains
+  (jsc#PED-7779 jsc#PED-7780).
+- dmaengine/idxd: Re-enable kernel workqueue under DMA API
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/vt-d: Add set_dev_pasid callback for dma domain
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/vt-d: Prepare for set_dev_pasid callback (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/vt-d: Make prq draining code generic (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/vt-d: Remove pasid_mutex (jsc#PED-7779 jsc#PED-7780).
+- iommu/vt-d: Add domain_flush_pasid_iotlb() (jsc#PED-7779
+  jsc#PED-7780).
+- iommu: Move global PASID allocation from SVA to core
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu: Generalize PASID 0 for normal DMA w/o PASID (jsc#PED-7779
+  jsc#PED-7780).
+- dt-bindings: arm-smmu: Fix MSM8998 clocks description
+  (jsc#PED-7779 jsc#PED-7780).
+- dt-bindings: iommu: qcom,iommu: Add QSMMUv2 and MSM8976
+  compatibles (jsc#PED-7779 jsc#PED-7780).
+- dt-bindings: iommu: qcom,iommu: Add qcom,ctx-asid property
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/arm-smmu-qcom: Add SM6375 SMMUv2 (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/arm-smmu-qcom: Add SM6350 DPU compatible (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/arm-smmu-qcom: Add SM6375 DPU compatible (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/arm-smmu-qcom: Sort the compatible list alphabetically
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/qcom: Add support for QSMMUv2 and QSMMU-500 secured
+  contexts (jsc#PED-7779 jsc#PED-7780).
+- iommu/qcom: Index contexts by asid number to allow asid 0
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/qcom: Use the asid read from device-tree if specified
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/arm-smmu: Clean up resource handling during Qualcomm
+  context probe (jsc#PED-7779 jsc#PED-7780).
+- iommu/arm-smmu-v3: Change vmid alloc strategy from bitmap to
+  ida (jsc#PED-7779 jsc#PED-7780).
+- iommu: rockchip: Allocate tables from all available memory
+  for IOMMU v2 (jsc#PED-7779 jsc#PED-7780).
+- iommu/ipmmu-vmsa: Allow PCIe devices (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/ipmmu-vmsa: Convert to read_poll_timeout_atomic()
+  (jsc#PED-7779 jsc#PED-7780).
+- MAINTAINERS: iommu/mediatek: Update the header file name
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/mediatek: mt8188: Add iova_region_larb_msk (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/mediatek: Add MT8188 IOMMU Support (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/mediatek: Add enable IOMMU SMC command for INFRA masters
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/mediatek: Adjust mtk_iommu_config flow (jsc#PED-7779
+  jsc#PED-7780).
+- dt-bindings: mediatek: mt8188: Add binding for MM & INFRA IOMMU
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/apple-dart: mark apple_dart_pm_ops static (jsc#PED-7779
+  jsc#PED-7780).
+- iommufd/selftest: Don't leak the platform device memory when
+  unloading the module (jsc#PED-7779 jsc#PED-7780).
+- iommu/vt-d: Implement hw_info for iommu capability query
+  (jsc#PED-7779 jsc#PED-7780).
+- iommufd/selftest: Add coverage for IOMMU_GET_HW_INFO ioctl
+  (jsc#PED-7779 jsc#PED-7780).
+- iommufd: Add IOMMU_GET_HW_INFO (jsc#PED-7779 jsc#PED-7780).
+- iommu: Add new iommu op to get iommu hardware information
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu: Move dev_iommu_ops() to private header (jsc#PED-7779
+  jsc#PED-7780).
+- iommufd: Remove iommufd_ref_to_users() (jsc#PED-7779
+  jsc#PED-7780).
+- iommufd/selftest: Make the mock iommu driver into a real driver
+  (jsc#PED-7779 jsc#PED-7780).
+- vfio: Support IO page table replacement (jsc#PED-7779
+  jsc#PED-7780).
+- iommufd/selftest: Add IOMMU_TEST_OP_ACCESS_REPLACE_IOAS coverage
+  (jsc#PED-7779 jsc#PED-7780).
+- iommufd: Add iommufd_access_replace() API (jsc#PED-7779
+  jsc#PED-7780).
+- iommufd: Use iommufd_access_change_ioas in
+  iommufd_access_destroy_object (jsc#PED-7779 jsc#PED-7780).
+- iommufd: Add iommufd_access_change_ioas(_id) helpers
+  (jsc#PED-7779 jsc#PED-7780).
+- iommufd: Allow passing in iopt_access_list_id to
+  iopt_remove_access() (jsc#PED-7779 jsc#PED-7780).
+- vfio: Do not allow !ops->dma_unmap in vfio_pin/unpin_pages()
+  (jsc#PED-7779 jsc#PED-7780).
+- iommufd/selftest: Add a selftest for IOMMU_HWPT_ALLOC
+  (jsc#PED-7779 jsc#PED-7780).
+- iommufd/selftest: Return the real idev id from selftest
+  mock_domain (jsc#PED-7779 jsc#PED-7780).
+- iommufd: Add IOMMU_HWPT_ALLOC (jsc#PED-7779 jsc#PED-7780).
+- iommufd/selftest: Test iommufd_device_replace() (jsc#PED-7779
+  jsc#PED-7780).
+- iommufd: Make destroy_rwsem use a lock class per object type
+  (jsc#PED-7779 jsc#PED-7780).
+- iommufd: Add iommufd_device_replace() (jsc#PED-7779
+  jsc#PED-7780).
+- iommu: Introduce a new iommu_group_replace_domain() API
+  (jsc#PED-7779 jsc#PED-7780).
+- iommufd: Reorganize iommufd_device_attach into
+  iommufd_device_change_pt (jsc#PED-7779 jsc#PED-7780).
+- iommufd: Fix locking around hwpt allocation (jsc#PED-7779
+  jsc#PED-7780).
+- iommufd: Allow a hwpt to be aborted after allocation
+  (jsc#PED-7779 jsc#PED-7780).
+- iommufd: Add enforced_cache_coherency to
+  iommufd_hw_pagetable_alloc() (jsc#PED-7779 jsc#PED-7780).
+- iommufd: Move putting a hwpt to a helper function (jsc#PED-7779
+  jsc#PED-7780).
+- iommufd: Make sw_msi_start a group global (jsc#PED-7779
+  jsc#PED-7780).
+- iommufd: Use the iommufd_group to avoid duplicate MSI setup
+  (jsc#PED-7779 jsc#PED-7780).
+- iommufd: Keep track of each device's reserved regions instead
+  of groups (jsc#PED-7779 jsc#PED-7780).
+- iommu: Export iommu_get_resv_regions() (jsc#PED-7779
+  jsc#PED-7780).
+- iommufd: Replace the hwpt->devices list with iommufd_group
+  (jsc#PED-7779 jsc#PED-7780).
+- iommufd: Add iommufd_group (jsc#PED-7779 jsc#PED-7780).
+- iommufd: Move isolated msi enforcement to iommufd_device_bind()
+  (jsc#PED-7779 jsc#PED-7780).
+- vfio/pds: Send type for SUSPEND_STATUS command (jsc#PED-7779
+  jsc#PED-7780).
+- vfio/pds: fix return value in pds_vfio_get_lm_file()
+  (jsc#PED-7779 jsc#PED-7780).
+- pds_core: Fix function header descriptions (jsc#PED-7779
+  jsc#PED-7780).
+- vfio: align capability structures (jsc#PED-7779 jsc#PED-7780).
+- vfio/type1: fix cap_migration information leak (jsc#PED-7779
+  jsc#PED-7780).
+- vfio/fsl-mc: Use module_fsl_mc_driver macro to simplify the code
+  (jsc#PED-7779 jsc#PED-7780).
+- vfio/cdx: Remove redundant initialization owner in
+  vfio_cdx_driver (jsc#PED-7779 jsc#PED-7780).
+- vfio/pds: Add Kconfig and documentation (jsc#PED-7779
+  jsc#PED-7780).
+- vfio/pds: Add support for firmware recovery (jsc#PED-7779
+  jsc#PED-7780).
+- vfio/pds: Add support for dirty page tracking (jsc#PED-7779
+  jsc#PED-7780).
+- vfio/pds: Add VFIO live migration support (jsc#PED-7779
+  jsc#PED-7780).
+- vfio/pds: register with the pds_core PF (jsc#PED-7779
+  jsc#PED-7780).
+- pds_core: Require callers of register/unregister to pass PF
+  drvdata (jsc#PED-7779 jsc#PED-7780).
+- vfio/pds: Initial support for pds VFIO driver (jsc#PED-7779
+  jsc#PED-7780).
+- vfio: Commonize combine_ranges for use in other VFIO drivers
+  (jsc#PED-7779 jsc#PED-7780).
+- kvm/vfio: avoid bouncing the mutex when adding and deleting
+  groups (jsc#PED-7779 jsc#PED-7780).
+- kvm/vfio: ensure kvg instance stays around in
+  kvm_vfio_group_add() (jsc#PED-7779 jsc#PED-7780).
+- docs: vfio: Add vfio device cdev description (jsc#PED-7779
+  jsc#PED-7780).
+- vfio: Move the IOMMU_CAP_CACHE_COHERENCY check in
+  __vfio_register_dev() (jsc#PED-7779 jsc#PED-7780).
+- vfio: Add VFIO_DEVICE_[AT|DE]TACH_IOMMUFD_PT (jsc#PED-7779
+  jsc#PED-7780).
+- vfio: Add VFIO_DEVICE_BIND_IOMMUFD (jsc#PED-7779 jsc#PED-7780).
+- vfio: Avoid repeated user pointer cast in
+  vfio_device_fops_unl_ioctl() (jsc#PED-7779 jsc#PED-7780).
+- iommufd: Add iommufd_ctx_from_fd() (jsc#PED-7779 jsc#PED-7780).
+- vfio: Test kvm pointer in _vfio_device_get_kvm_safe()
+  (jsc#PED-7779 jsc#PED-7780).
+- vfio: Add cdev for vfio_device (jsc#PED-7779 jsc#PED-7780).
+- vfio: Move device_del() before waiting for the last vfio_device
+  registration refcount (jsc#PED-7779 jsc#PED-7780).
+- vfio: Move vfio_device_group_unregister() to be the first
+  operation in unregister (jsc#PED-7779 jsc#PED-7780).
+- vfio-iommufd: Add detach_ioas support for emulated VFIO devices
+  (jsc#PED-7779 jsc#PED-7780).
+- iommufd/device: Add iommufd_access_detach() API (jsc#PED-7779
+  jsc#PED-7780).
+- vfio-iommufd: Add detach_ioas support for physical VFIO devices
+  (jsc#PED-7779 jsc#PED-7780).
+- vfio: Record devid in vfio_device_file (jsc#PED-7779
+  jsc#PED-7780).
+- vfio-iommufd: Split bind/attach into two steps (jsc#PED-7779
+  jsc#PED-7780).
+- vfio-iommufd: Move noiommu compat validation out of
+  vfio_iommufd_bind() (jsc#PED-7779 jsc#PED-7780).
+- vfio: Make vfio_df_open() single open for device cdev path
+  (jsc#PED-7779 jsc#PED-7780).
+- vfio: Add cdev_device_open_cnt to vfio_group (jsc#PED-7779
+  jsc#PED-7780).
+- vfio: Block device access via device fd until device is opened
+  (jsc#PED-7779 jsc#PED-7780).
+- vfio: Pass struct vfio_device_file * to vfio_device_open/close()
+  (jsc#PED-7779 jsc#PED-7780).
+- kvm/vfio: Accept vfio device file from userspace (jsc#PED-7779
+  jsc#PED-7780).
+- kvm/vfio: Prepare for accepting vfio device fd (jsc#PED-7779
+  jsc#PED-7780).
+- vfio: Accept vfio device file in the KVM facing kAPI
+  (jsc#PED-7779 jsc#PED-7780).
+- vfio: Refine vfio file kAPIs for KVM (jsc#PED-7779
+  jsc#PED-7780).
+- vfio: Allocate per device file structure (jsc#PED-7779
+  jsc#PED-7780).
+- vfio/pci: Allow passing zero-length fd array in
+  VFIO_DEVICE_PCI_HOT_RESET (jsc#PED-7779 jsc#PED-7780).
+- vfio/pci: Copy hot-reset device info to userspace in the
+  devices loop (jsc#PED-7779 jsc#PED-7780).
+- vfio/pci: Extend VFIO_DEVICE_GET_PCI_HOT_RESET_INFO for vfio
+  device cdev (jsc#PED-7779 jsc#PED-7780).
+- vfio: Add helper to search vfio_device in a dev_set
+  (jsc#PED-7779 jsc#PED-7780).
+- vfio: Mark cdev usage in vfio_device (jsc#PED-7779
+  jsc#PED-7780).
+- iommufd: Add helper to retrieve iommufd_ctx and devid
+  (jsc#PED-7779 jsc#PED-7780).
+- iommufd: Add iommufd_ctx_has_group() (jsc#PED-7779
+  jsc#PED-7780).
+- iommufd: Reserve all negative IDs in the iommufd xarray
+  (jsc#PED-7779 jsc#PED-7780).
+- vfio/pci: Move the existing hot reset logic to be a helper
+  (jsc#PED-7779 jsc#PED-7780).
+- vfio/pci: Update comment around group_fd get in
+  vfio_pci_ioctl_pci_hot_reset() (jsc#PED-7779 jsc#PED-7780).
+- commit 5a8a192
+
+- x86/tsc: Extend watchdog check exemption to 4-Sockets platform (jsc#PED-7786).
+- commit 8c26887
+
+- qlcnic: replace deprecated strncpy with strscpy (jsc#PED-6886).
+- commit 2cd64fa
+
+- drivers: base: Free devm resources when unregistering a device
+  (jsc#PED-6054)
+- Refresh
+  patches.suse/kernfs-fix-missing-kernfs_iattr_rwsem-locking.patch.
+- commit 1ff927f
+
+- lib/string_helpers: Add kstrdup_and_replace() helper
+  (jsc#PED-6054).
+- commit 425f257
+
+- vfio/cdx: add support for CDX bus (jsc#PED-7779 jsc#PED-7780).
+- Update config files.
+- commit 1dda3a4
+
+- vfio/platform: Cleanup Kconfig (jsc#PED-7779 jsc#PED-7780).
+- Update config files.
+- commit 20a24ad
+
+- vfio/fsl: Create Kconfig sub-menu (jsc#PED-7779 jsc#PED-7780).
+- vfio/pci: Cleanup Kconfig (jsc#PED-7779 jsc#PED-7780).
+- vfio/pci-core: Add capability for AtomicOp completer support
+  (jsc#PED-7779 jsc#PED-7780).
+- vfio/pci: Also demote hiding standard cap messages (jsc#PED-7779
+  jsc#PED-7780).
+- vfio/pci: Clear VFIO_IRQ_INFO_NORESIZE for MSI-X (jsc#PED-7779
+  jsc#PED-7780).
+- vfio/pci: Support dynamic MSI-X (jsc#PED-7779 jsc#PED-7780).
+- vfio/pci: Probe and store ability to support dynamic MSI-X
+  (jsc#PED-7779 jsc#PED-7780).
+- vfio/pci: Use bitfield for struct vfio_pci_core_device flags
+  (jsc#PED-7779 jsc#PED-7780).
+- vfio/pci: Update stale comment (jsc#PED-7779 jsc#PED-7780).
+- vfio/pci: Remove interrupt context counter (jsc#PED-7779
+  jsc#PED-7780).
+- vfio/pci: Use xarray for interrupt context storage (jsc#PED-7779
+  jsc#PED-7780).
+- vfio/pci: Move to single error path (jsc#PED-7779 jsc#PED-7780).
+- vfio/pci: Prepare for dynamic interrupt context storage
+  (jsc#PED-7779 jsc#PED-7780).
+- vfio/pci: Remove negative check on unsigned vector (jsc#PED-7779
+  jsc#PED-7780).
+- vfio/pci: Consolidate irq cleanup on MSI/MSI-X disable
+  (jsc#PED-7779 jsc#PED-7780).
+- vfio/pci: demote hiding ecap messages to debug level
+  (jsc#PED-7779 jsc#PED-7780).
+- commit 35c9b4b
+
+- iommu: Fix crash during syfs iommu_groups/N/type (jsc#PED-7779
+  jsc#PED-7780).
+- commit ccef64e
+
+- device property: Clarify usage scope of some struct
+  fwnode_handle members (jsc#PED-6054).
+- commit a9856b6
+
+- iommu/amd: Remove extern from function prototypes (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/amd: Use BIT/BIT_ULL macro to define bit fields
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/amd: Fix DTE_IRQ_PHYS_ADDR_MASK macro (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/amd: Fix compile error for unused function (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/amd: Improving Interrupt Remapping Table Invalidation
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/amd: Do not Invalidate IRT when IRTE caching is disabled
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/amd: Remove the unused struct amd_ir_data.ref
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/amd: Switch amd_iommu_update_ga() to use modify_irte_ga()
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/amd: Update copyright notice (jsc#PED-7779 jsc#PED-7780).
+- iommu/amd: Use page mode macros in fetch_pte() (jsc#PED-7779
+  jsc#PED-7780).
+- iommu: Tidy the control flow in iommu_group_store_type()
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu: Remove __iommu_group_for_each_dev() (jsc#PED-7779
+  jsc#PED-7780).
+- iommu: Allow IOMMU_RESV_DIRECT to work on ARM (jsc#PED-7779
+  jsc#PED-7780).
+- iommu: Consolidate the default_domain setup to one function
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu: Revise iommu_group_alloc_default_domain() (jsc#PED-7779
+  jsc#PED-7780).
+- iommu: Consolidate the code to calculate the target default
+  domain type (jsc#PED-7779 jsc#PED-7780).
+- iommu: Remove the assignment of group->domain during default
+  domain alloc (jsc#PED-7779 jsc#PED-7780).
+- iommu: Do iommu_group_create_direct_mappings() before attach
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu: Fix iommu_probe_device() to attach the right domain
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu: Replace iommu_group_do_dma_first_attach with
+  __iommu_device_set_domain (jsc#PED-7779 jsc#PED-7780).
+- iommu: Remove iommu_group_do_dma_first_attach() from
+  iommu_group_add_device() (jsc#PED-7779 jsc#PED-7780).
+- iommu: Replace __iommu_group_dma_first_attach() with set_domain
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu: Use __iommu_group_set_domain() in
+  iommu_change_dev_def_domain() (jsc#PED-7779 jsc#PED-7780).
+- iommu: Use __iommu_group_set_domain() for __iommu_attach_group()
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu: Make __iommu_group_set_domain() handle error unwind
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu: Add for_each_group_device() (jsc#PED-7779 jsc#PED-7780).
+- iommu: Replace iommu_group_device_count() with
+  list_count_nodes() (jsc#PED-7779 jsc#PED-7780).
+- iommu: Suppress empty whitespaces in prints (jsc#PED-7779
+  jsc#PED-7780).
+- iommu: Use flush queue capability (jsc#PED-7779 jsc#PED-7780).
+- iommu: Add a capability for flush queue support (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/iova: Optimize iova_magazine_alloc() (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/vt-d: Remove commented-out code (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/vt-d: Remove two WARN_ON in domain_context_mapping_one()
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/vt-d: Handle the failure case of dmar_reenable_qi()
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/vt-d: Remove unnecessary (void*) conversions (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/fsl: Use driver_managed_dma to allow VFIO to work
+  (jsc#PED-7779 jsc#PED-7780).
+- iommu/fsl: Move ENODEV to fsl_pamu_probe_device() (jsc#PED-7779
+  jsc#PED-7780).
+- iommu/fsl: Always allocate a group for non-pci devices
+  (jsc#PED-7779 jsc#PED-7780).
+- dt-bindings: arm-smmu: Add SDX75 SMMU compatible (jsc#PED-7779
+  jsc#PED-7780).
+- dt-bindings: arm-smmu: Add SM6375 GPU SMMU (jsc#PED-7779
+  jsc#PED-7780).
+- dt-bindings: iommu: arm,smmu: enable clocks for sa8775p Adreno
+  SMMU (jsc#PED-7779 jsc#PED-7780).
+- iommu/arm-smmu-v3: Set TTL invalidation hint better
+  (jsc#PED-7779 jsc#PED-7780).
+- commit 9bad5bb
+
+- driver core: make device_is_dependent() static (jsc#PED-6054).
+- commit d020041
+
+- driver core: Replace kstrdup() + strreplace() with
+  kstrdup_and_replace() (jsc#PED-6054).
+- commit 3214968
+
+- usb: typec: tcpm: Refactor the PPS APDO selection
+  (jsc#PED-6054).
+- commit ec52f17
+
+- usb: typec: tcpm: add get max power support (jsc#PED-6054).
+- usb: typec: tcpm: fix cc role at port reset (git-fixes).
+- commit 0ea7d31
+
+- usb: typec: change altmode SVID to u16 entry (jsc#PED-6054).
+- commit 37d29a2
+
+- usb: typec: tcpm: add tcpm_port_error_recovery symbol
+  (jsc#PED-6054).
+- commit a85d742
+
+- usb: typec: intel_pmc_mux: enable sysfs usb role access
+  (jsc#PED-6054).
+- commit 8dfd45f
+
+- usb: typec: tcpm: reset counter when enter into unattached
+  state after try role (git-fixes).
+- commit e166f48
+
+- usb: typec: tcpm: not sink vbus if operational current is 0mA
+  (git-fixes).
+- commit ca613ac
+
+- cpu/hotplug: Increase the number of dynamic states (jsc#PED-7789).
+- commit c2f3ebe
+
+- thunderbolt: Keep link as asymmetric if preferred by hardware
+  (jsc#PED-6054).
+- commit 49c8848
+
+- thunderbolt: Disable PCIe extended encapsulation upon teardown
+  properly (jsc#PED-6054).
+- commit 46ca554
+
+- thunderbolt: Make PCIe tunnel setup and teardown follow CM guide
+  (jsc#PED-6054).
+- commit 8e6fc8d
+
+- thunderbolt: Improve logging when DisplayPort resource is
+  added due to hotplug (jsc#PED-6054).
+- commit d195201
+
+- tracing: Add kabi placeholders (git-fixes).
+- commit fe66dad
+
+- kernel/crash_core.c: make __crash_hotplug_lock static
+  (git-fixes).
+- commit b795e50
+
+- Update config files: disable CONFIG_USELIB (bsc#1219222)
+  It's only for the old libc5. Let's reduce the possible attack surfaces.
+- commit a92262c
+
+- kexec: drop dependency on ARCH_SUPPORTS_KEXEC from CRASH_DUMP
+  (git-fixes).
+- commit 2b8e009
+
+- thunderbolt: Use tb_dp_read_cap() to read DP_COMMON_CAP as well
+  (jsc#PED-6054).
+- commit 817c431
+
+- thunderbolt: Disable CL states only when actually needed
+  (jsc#PED-6054).
+- commit 12f7c4b
+
+- thunderbolt: Transition link to asymmetric only when both
+  sides support it (jsc#PED-6054).
+- commit c0db739
+
+- thunderbolt: Log XDomain link speed and width (jsc#PED-6054).
+- thunderbolt: Move width_name() helper to tb.h (jsc#PED-6054).
+- commit 3864ca8
+
+- wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
+  (CVE-2023-47233 bsc#1216702).
+- commit 358e411
+
+- thunderbolt: Handle lane bonding of Gen 4 XDomain links properly
+  (jsc#PED-6054).
+- commit 903c24d
+
+- thunderbolt: Unwind TMU configuration if
+  tb_switch_set_tmu_mode_params() fails (jsc#PED-6054).
+- commit beff1a5
+
+- net: dsa: qca8k: fix potential MDIO bus conflict when accessing
+  internal PHYs via management frames (git-fixes).
+- commit 652abc9
+
+- thunderbolt: Remove duplicated re-assignment of pointer 'out'
+  (jsc#PED-6054).
+- commit 051cc47
+
+- net: dsa: qca8k: fix regmap bulk read/write methods on big
+  endian systems (git-fixes).
+- commit 72d26f3
+
+- net: ethernet: mediatek: disable irq before schedule napi
+  (git-fixes).
+- commit be9ea94
+
+- net: stmmac: dwmac-stm32: fix resume on STM32 MCU (git-fixes).
+- commit 70db3b0
+
+- net: ethernet: ti: am65-cpsw: Fix error code in
+  am65_cpsw_nuss_init_tx_chns() (git-fixes).
+- commit 654c23c
+
+- rswitch: Fix PHY station management clock setting (git-fixes).
+- commit b773ebb
+
+- sky2: Make sure there is at least one frag_addr available
+  (git-fixes).
+- commit 77a9b4b
+
+- net: dsa: mv88e6xxx: Avoid EEPROM timeout when EEPROM is absent
+  (git-fixes).
+- commit 9713936
+
+- drivers/net: process the result of hdlc_open() and add call
+  of hdlc_close() in uhdlc_close() (git-fixes).
+- commit 09258c6
+
+- net: hinic: Fix warning-hinic_set_vlan_fliter() warn: variable
+  dereferenced before check 'hwdev' (git-fixes).
+- commit 6fc3024
+
+- net/mlx5e: fix a potential double-free in fs_any_create_groups
+  (jsc#PED-3311).
+- net/mlx5e: fix a double-free in arfs_create_groups
+  (jsc#PED-3311).
+- net/mlx5e: Ignore IPsec replay window values on sender side
+  (jsc#PED-3311).
+- net/mlx5e: Allow software parsing when IPsec crypto is enabled
+  (jsc#PED-3311).
+- net/mlx5: Use mlx5 device constant for selecting CQ period
+  mode for ASO (jsc#PED-3311).
+- net/mlx5: DR, Can't go to uplink vport on RX rule
+  (jsc#PED-3311).
+- net/mlx5: DR, Use the right GVMI number for drop action
+  (jsc#PED-3311).
+- net/mlx5: Bridge, fix multicast packets sent to uplink
+  (jsc#PED-3311).
+- net/mlx5: Fix a WARN upon a callback command failure
+  (jsc#PED-3311).
+- net/mlx5e: Fix peer flow lists handling (jsc#PED-3311).
+- net/mlx5e: Fix inconsistent hairpin RQT sizes (jsc#PED-3311).
+- net/mlx5e: Fix operation precedence bug in port timestamping
+  napi_poll context (jsc#PED-3311).
+- net/mlx5: Fix query of sd_group field (jsc#PED-3311).
+- net/mlx5e: Use the correct lag ports number when creating TISes
+  (jsc#PED-3311).
+- i40e: update xdp_rxq_info::frag_size for ZC enabled Rx queue
+  (jsc#PED-4874).
+- i40e: set xdp_rxq_info::frag_size (jsc#PED-4874).
+- ice: update xdp_rxq_info::frag_size for ZC enabled Rx queue
+  (jsc#PED-4876).
+- intel: xsk: initialize skb_frag_t::bv_offset in ZC drivers
+  (jsc#PED-4874).
+- ice: remove redundant xdp_rxq_info registration (jsc#PED-4876).
+- i40e: handle multi-buffer packets that are shrunk by xdp prog
+  (jsc#PED-4874).
+- ice: work on pre-XDP prog frag count (jsc#PED-4876).
+- xsk: make xsk_buff_pool responsible for clearing xdp_buff::flags
+  (jsc#PED-4874).
+- net: fill in MODULE_DESCRIPTION()s for rvu_mbox (jsc#PED-6931).
+- dpll: fix register pin with unregistered parent pin
+  (jsc#PED-6079).
+- dpll: fix userspace availability of pins (jsc#PED-6079).
+- dpll: fix pin dump crash for rebound module (jsc#PED-6079).
+- dpll: fix broken error path in
+  dpll_pin_alloc(..) (jsc#PED-6079).
+- idpf: distinguish vports by the dev_port attribute
+  (jsc#PED-6716).
+- bnxt_en: Fix possible crash after creating sw mqprio TCs
+  (jsc#PED-7574).
+- bnxt_en: Prevent kernel warning when running offline self test
+  (jsc#PED-7574).
+- bnxt_en: Fix RSS table entries calculation for P5_PLUS chips
+  (jsc#PED-7574).
+- bnxt_en: Fix memory leak in bnxt_hwrm_get_rings()
+  (jsc#PED-7574).
+- bnxt_en: Wait for FLR to complete during probe (jsc#PED-7574).
+- RDMA/efa: Add EFA query MR support (jsc#PED-6864).
+- RDMA/erdma: Add hardware statistics support (jsc#PED-6864).
+- RDMA/erdma: Introduce dma pool for hardware responses of CMDQ
+  requests (jsc#PED-6864).
+- IB/iser: iscsi_iser.h: fix kernel-doc warning and spellos
+  (jsc#PED-6864).
+- IB/ipoib: Fix mcast list locking (jsc#PED-6864).
+- RDMA/hns: Add a max length of gid table (jsc#PED-6864).
+- RDMA/hns: Response dmac to userspace (jsc#PED-6864).
+- RDMA/hns: Rename the interrupts (jsc#PED-6864).
+- RDMA/siw: Call orq_get_current if possible (jsc#PED-6864).
+- RDMA/siw: Set qp_state in siw_query_qp (jsc#PED-6864).
+- RDMA/siw: Reduce memory usage of struct siw_rx_stream
+  (jsc#PED-6864).
+- RDMA/siw: Move tx_cpu ahead (jsc#PED-6864).
+- RDMA/IPoIB: Add tx timeout work to recover queue stop situation
+  (jsc#PED-6864).
+- RDMA/IPoIB: Fix error code return in ipoib_mcast_join
+  (jsc#PED-6864).
+- RDMA/rtrs: Use %pe to print errors (jsc#PED-6864).
+- RDMA/rtrs-clt: Use %pe to print errors (jsc#PED-6864).
+- RDMA/rtrs-clt: Add warning logs for RDMA events (jsc#PED-6864).
+- RDMA/hns: Support SW stats with debugfs (jsc#PED-6864).
+- RDMA/hns: Add debugfs to hns RoCE (jsc#PED-6864).
+- RDMA/siw: Update comments for siw_qp_sq_process (jsc#PED-6864).
+- RDMA/siw: Introduce siw_destroy_cep_sock (jsc#PED-6864).
+- RDMA/siw: Only check attrs->cap.max_send_wr in siw_create_qp
+  (jsc#PED-6864).
+- RDMA/siw: Fix typo (jsc#PED-6864).
+- RDMA/siw: Remove siw_sk_save_upcalls (jsc#PED-6864).
+- RDMA/siw: Cleanup siw_accept (jsc#PED-6864).
+- RDMA/siw: Introduce siw_free_cm_id (jsc#PED-6864).
+- RDMA/siw: Introduce siw_cep_set_free_and_put (jsc#PED-6864).
+- RDMA/siw: Add one parameter to siw_destroy_cpulist
+  (jsc#PED-6864).
+- RDMA/siw: Introduce SIW_STAG_MAX_INDEX (jsc#PED-6864).
+- RDMA/siw: Factor out siw_rx_data helper (jsc#PED-6864).
+- RDMA/siw: No need to check term_info.valid before call
+  siw_send_terminate (jsc#PED-6864).
+- RDMA/siw: Remove rcu from siw_qp (jsc#PED-6864).
+- RDMA/siw: Remove goto lable in siw_mmap (jsc#PED-6864).
+- RDMA/siw: Use iov.iov_len in kernel_sendmsg (jsc#PED-6864).
+- RDMA/siw: Introduce siw_update_skb_rcvd (jsc#PED-6864).
+- RDMA/siw: Introduce siw_get_page (jsc#PED-6864).
+- RDMA/irdma: Use crypto_shash_digest() in
+  irdma_ieq_check_mpacrc() (jsc#PED-4862).
+- RDMA/siw: Use crypto_shash_digest() in siw_qp_prepare_tx()
+  (jsc#PED-6864).
+- RDMA/hfi1: Copy userspace arrays safely (jsc#PED-6864).
+- RDMA/siw: Use ib_umem_get() to pin user pages (jsc#PED-6864).
+- vsock/virtio: use skb_frag_*() helpers (jsc#PED-5505).
+- virtio/vsock: send credit update during setting SO_RCVLOWAT
+  (jsc#PED-5505).
+- virtio/vsock: fix logic which reduces credit update messages
+  (jsc#PED-5505).
+- gve: Remove dependency on 4k page size (bsc#1214479).
+- gve: Add page size register to the register_page_list command
+  (bsc#1214479).
+- gve: Remove obsolete checks that rely on page size
+  (bsc#1214479).
+- gve: Deprecate adminq_pfn for pci revision 0x1 (bsc#1214479).
+- gve: Perform adminq allocations through a dma_pool
+  (bsc#1214479).
+- gve: add gve_features_check() (bsc#1214479).
+- PCI: Add Alibaba Vendor ID to linux/pci_ids.h (jsc#PED-6864).
+- vsock/virtio: fix "comparison of distinct pointer types lacks
+  a cast" warning (jsc#PED-5505).
+- net: fill in MODULE_DESCRIPTION()s for SOCK_DIAG modules
+  (jsc#PED-5505).
+- virtio/vsock: Fix uninit-value in virtio_transport_recv_pkt()
+  (jsc#PED-5505).
+- RDMA: Annotate struct rdma_hw_stats with __counted_by
+  (jsc#PED-6864).
+- vsock: enable setting SO_ZEROCOPY (jsc#PED-5505).
+- vsock/loopback: support MSG_ZEROCOPY for transport
+  (jsc#PED-5505).
+- vsock/virtio: support MSG_ZEROCOPY for transport (jsc#PED-5505).
+- vhost/vsock: support MSG_ZEROCOPY for transport (jsc#PED-5505).
+- vsock: enable SOCK_SUPPORT_ZC bit (jsc#PED-5505).
+- vsock: check for MSG_ZEROCOPY support on send (jsc#PED-5505).
+- vsock: read from socket's error queue (jsc#PED-5505).
+- vsock: set EPOLLERR on non-empty error queue (jsc#PED-5505).
+- vsock/virtio: MSG_ZEROCOPY flag support (jsc#PED-5505).
+- vsock/virtio: non-linear skb handling for tap (jsc#PED-5505).
+- vsock/virtio: support to send non-linear skb (jsc#PED-5505).
+- vsock/virtio/vhost: read data from non-linear skb
+  (jsc#PED-5505).
+- vsock: send SIGPIPE on write to shutdowned socket
+  (jsc#PED-5505).
+- vsock: Remove unused function declarations (jsc#PED-5505).
+- virtio/vsock: support MSG_PEEK for SOCK_SEQPACKET
+  (jsc#PED-5505).
+- virtio/vsock: rework MSG_PEEK for SOCK_STREAM (jsc#PED-5505).
+- commit 0dfd8ae
+
+- arm64: entry: fix ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD (git-fixes)
+- commit a6327d2
+
+- arm64: entry: Simplify tramp_alias macro and tramp_exit routine (git-fixes)
+- commit 33427e9
+
+- tracing/trigger: Fix to return error if failed to alloc snapshot
+  (git-fixes).
+- commit 5235870
+
+- tracing: Ensure visibility when inserting an element into
+  tracing_map (git-fixes).
+- commit 8d0199c
+
+- bpf: Limit the number of kprobes when attaching program to
+  multiple kprobes (git-fixes).
+- commit 405ad58
+
+- ring-buffer: Do not record in NMI if the arch does not support
+  cmpxchg in NMI (git-fixes).
+- commit 5299cd1
+
+- tracing: Fix uaf issue when open the hist or hist_debug file
+  (git-fixes).
+- commit 74ab383
+
+- arm64: entry: Preserve/restore X29 even for compat tasks (git-fixes)
+- commit c87e6ab
+
+- tracing: Add size check when printing trace_marker output
+  (git-fixes).
+- commit b4fc359
+
+- tracing: Have large events show up as '' instead of nothing
+  (git-fixes).
+- commit 89b3b19
+
+- tracing: relax trace_event_eval_update() execution with
+  cond_resched() (git-fixes).
+- commit 598ec62
+
+- ring-buffer: Do not attempt to read past "commit" (git-fixes).
+- commit 32b2fd5
+
+- ring-buffer: Avoid softlockup in ring_buffer_resize()
+  (git-fixes).
+- commit 522e4dc
+
+- arm64: Rename ARM64_WORKAROUND_2966298 (git-fixes)
+  Refresh cpu_hwcaps reservation and enable WORKAROUND_SPECULATIVE_UNPRIV_LOAD.
+  ".. The workaround isn't necessary if page table isolation (KPTI) is
+  enabled, but for simplicity it will be. Page table isolation should
+  normally be disabled for Cortex-A520 as it supports the CSV3 feature
+  and the E0PD feature (used when KASLR is enabled).  ..."
+- commit 3a5b06f
+
+- rpm/constraints.in: set jobs for riscv to 8
+  The same workers are used for x86 and riscv and the riscv builds take
+  ages. So align the riscv jobs count to x86.
+- commit b2c82b9
+
+- cgroup_freezer: cgroup_freezing: Check if not frozen
+  (bsc#1219338).
+- commit 6549fad
+
+- Update patches.suse/arm64-sdei-abort-running-SDEI-handlers-during-crash.patch (git-fixes, bsc#1219254)
+  Add reference to bsc#1219254.
+- commit 6a70510
+
+- perf: arm_cspmu: Reject events meant for other PMUs (bsc#1219247)
+- commit faa4288
+
+- Update patches.suse/arm64-arm-arm_pmuv3-perf-Don-t-truncate-64-bit-regis.patch (git-fixes, bsc#1219246)
+  Add reference to bsc#1219246
+- commit 9f6d94a
+
+- platform/x86: ISST: Reduce noise for missing numa information
+  in logs (bsc#1219285).
+- commit 070f01e
+
+- supported.conf: Mark lz4* related modules as supported (bsc#1217030)
+  Those are used by zram and other modules.
+- commit 7165080
+
+- selftests: mm: hugepage-vmemmap fails on 64K page size systems
+  (bsc#1219286).
+- commit f1ce7e1
+
+- r8169: respect userspace disabling IFF_MULTICAST (git-fixes).
+- commit 29e98eb
+
+- net: phylink: initialize carrier state at creation (git-fixes).
+- commit 4a57df5
+
+- net: stmmac: xgmac: Enable support for multiple Flexible PPS
+  outputs (git-fixes).
+- commit 7a5f412
+
+- ipvlan: properly track tx_errors (git-fixes).
+- commit 9072c00
+
+- tsnep: Fix tsnep_request_irq() format-overflow warning
+  (git-fixes).
+- commit 7127754
+
+- net: renesas: rswitch: Add spin lock protection for irq {un}mask
+  (git-fixes).
+- commit 57d1654
+
+- net: renesas: rswitch: Add runtime speed change support
+  (git-fixes).
+- commit b524173
+
+- net: phy: Provide Module 4 KSZ9477 errata (DS80000754C)
+  (git-fixes).
+- commit 4eb114e
+
+- net: phy: micrel: Move KSZ9477 errata fixes to PHY driver
+  (git-fixes).
+- commit 3919cda
+
+- net: phy: Fix deadlocking in phy_error() invocation (git-fixes).
+- commit f16a410
+
+- net: phy: avoid kernel warning dump when stopping an errored
+  PHY (git-fixes).
+- commit deb85a0
+
+- r8152: add vendor/device ID pair for ASUS USB-C2500 (git-fixes).
+- commit 0834d50
+
+- Refresh and enable
+  patches.suse/sched-fair-Increase-wakeup_gran-if-current-task-has-not-executed-the-minimum-granularity.patch.
+- commit d4cda80
+
+- =?UTF-8?q?cxl/region=EF=BC=9AFix=20overflow=20issue=20in?=
+  =?UTF-8?q?=20alloc=5Fhpa()?= (git-fixes).
+- genirq: Initialize resend_node hlist for all interrupt
+  descriptors (git-fixes).
+- clocksource: Skip watchdog check for large watchdog intervals
+  (git-fixes).
+- commit 79eca77
+
+- Add alt-commit to platform x86 p2sb patch (git-fixes)
+- commit f23ac66
+
+- platform/x86/intel/ifs: Call release_firmware() when handling
+  errors (git-fixes).
+- platform/x86: intel-uncore-freq: Fix types in sysfs callbacks
+  (git-fixes).
+- drm/i915/psr: Only allow PSR in LPSP mode on HSW non-ULT
+  (git-fixes).
+- commit c877cc1
+
+- drm/bridge: parade-ps8640: Make sure we drop the AUX mutex in
+  the error case (git-fixes).
+- commit 8520b33
+
+- cpufreq/amd-pstate: Fix setting scaling max/min freq values
+  (git-fixes).
+- drm: bridge: samsung-dsim: Don't use FORCE_STOP_STATE
+  (git-fixes).
+- Revert "drivers/firmware: Move sysfb_init() from device_initcall
+  to subsys_initcall_sync" (git-fixes).
+- drm/bridge: anx7625: Ensure bridge is suspended in disable()
+  (git-fixes).
+- drm/bridge: parade-ps8640: Ensure bridge is suspended in
+  .post_disable() (git-fixes).
+- drm/bridge: sii902x: Fix audio codec unregistration (git-fixes).
+- drm/bridge: sii902x: Fix probing race issue (git-fixes).
+- drm/panel: samsung-s6d7aa0: drop DRM_BUS_FLAG_DE_HIGH for
+  lsl080al02 (git-fixes).
+- drm: panel-simple: add missing bus flags for Tianma
+  tm070jvhg[30/33] (git-fixes).
+- drm/bridge: parade-ps8640: Wait for HPD when doing an AUX
+  transfer (git-fixes).
+- drm/exynos: gsc: minor fix for loop iteration in
+  gsc_runtime_resume (git-fixes).
+- drm/exynos: fix accidental on-stack copy of exynos_drm_plane
+  (git-fixes).
+- dt-bindings: display: samsung,exynos-mixer: Fix 'regs' typo
+  (git-fixes).
+- Revert "drm/i915/dsi: Do display on sequence later on icl+"
+  (git-fixes).
+- firmware: arm_scmi: Use xa_insert() when saving raw queues
+  (git-fixes).
+- firmware: arm_scmi: Check mailbox/SMT channel for consistency
+  (git-fixes).
+- spi: fix finalize message on error return (git-fixes).
+- spi: spi-cadence: Reverse the order of interleaved write and
+  read operations (git-fixes).
+- spi: bcm-qspi: fix SFDP BFPT read by usig mspi read (git-fixes).
+- spi: intel-pci: Remove Meteor Lake-S SoC PCI ID from the list
+  (git-fixes).
+- gpio: eic-sprd: Clear interrupt after set the interrupt type
+  (git-fixes).
+- net: phy: micrel: populate .soft_reset for KSZ9131 (git-fixes).
+- commit 04f99fe
+
+- net: sched: sch_qfq: Use non-work-conserving warning handler
+  (CVE-2023-4921 bsc#1215275).
+- commit 24b313c
+
+- mkspec: Use variant in constraints template
+  Constraints are not applied consistently with kernel package variants.
+  Add variant to the constraints template as appropriate, and expand it
+  in mkspec.
+- commit cc68ab9
+
+- Update
+  patches.suse/drm-atomic-Fix-potential-use-after-free-in-nonb.patch
+  (jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
+  jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477
+  jsc#PED-5511 jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 bsc#1219120
+  CVE-2023-51043).
+- commit 9891763
+
+- fjes: fix memleaks in fjes_hw_setup (git-fixes).
+- wifi: iwlwifi: fix a memory corruption (git-fixes).
+- wifi: mac80211: fix potential sta-link leak (git-fixes).
+- clocksource/drivers/timer-ti-dm: Fix make W=n kerneldoc warnings
+  (git-fixes).
+- serial: 8250_exar: Set missing rs485_supported flag (git-fixes).
+- bus: mhi: ep: Use slab allocator where applicable (git-fixes).
+- pwm: stm32: Fix enable count for clk in .probe() (git-fixes).
+- pwm: stm32: Use hweight32 in stm32_pwm_detect_channels
+  (git-fixes).
+- clk: renesas: rzg2l: Check reset monitor registers (git-fixes).
+- clk: renesas: rzg2l-cpg: Reuse code in rzg2l_cpg_reset()
+  (git-fixes).
+- drm/tidss: Fix dss reset (git-fixes).
+- drm/tidss: Check for K2G in in dispc_softreset() (git-fixes).
+- drm/tidss: Return error value from from softreset (git-fixes).
+- drm/tidss: Move reset to the end of dispc_init() (git-fixes).
+- wifi: mwifiex: fix uninitialized firmware_stat (git-fixes).
+- wifi: mwifiex: add extra delay for firmware ready (git-fixes).
+- cpufreq: scmi: process the result of
+  devm_of_clk_add_hw_provider() (git-fixes).
+- cpuidle: haltpoll: Do not enable interrupts when entering idle
+  (git-fixes).
+- gpio: sysfs: drop the mention of gpiochip_find() from sysfs code
+  (git-fixes).
+- gpiolib: provide gpio_device_find() (git-fixes).
+- gpiolib: make gpio_device_get() and gpio_device_put() public
+  (git-fixes).
+- commit 3a58ed2
+
+- scsi: lpfc: Limit IRQ vectors to online cpus if kdump kernel
+  (bsc#1218180).
+- commit 955ec78
+
+- rpm/constraints.in: add static multibuild packages
+  Commit 841012b049a5 (rpm/mkspec: use kernel-source: prefix for
+  constraints on multibuild) added "kernel-source:" prefix to the
+  dynamically generated kernels. But there are also static ones like
+  kernel-docs. Those fail to build as the constraints are still not
+  applied.
+  So add the prefix also to the static ones.
+  Note kernel-docs-rt is given kernel-source-rt prefix. I am not sure it
+  will ever be multibuilt...
+- commit c2e0681
+
+- xsk: make struct xsk_cb_desc available outside
+  CONFIG_XDP_SOCKETS (jsc#PED-4876).
+- commit ca48ebb
+
+- ext4: fix warning in ext4_dio_write_end_io() (bsc#1219163).
+- ext4: properly sync file size update after O_SYNC direct IO
+  (bsc#1219163).
+- ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow
+  (bsc#1219165).
+- ext4: add two helper functions extent_logical_end() and
+  pa_logical_end() (bsc#1219165).
+- commit 16340ba
+
+- blk-wbt: Fix detection of dirty-throttled tasks (bsc#1218272).
+- commit 497a3db
+
+- i2c: tegra: Fix failure during probe deferral cleanup (jsc#PED-7377)
+- commit e1a3e42
+
+- i2c: tegra: Share same DMA channel for RX and TX (jsc#PED-7377)
+- commit 60c8e2f
+
+- cpufreq: tegra194: remove redundant AND with cpu_online_mask (jsc#PED-7377)
+- commit 2b048f4
+
+- cpufreq: tegra194: use refclk delta based loop instead of udelay (jsc#PED-7377)
+- commit b4d7280
+
+- cpufreq: tegra194: save CPU data to avoid repeated SMP calls (jsc#PED-7377)
+- commit 0414ad1
+
+- hwmon: (ina3221) Add support for channel summation disable (jsc#PED-7377)
+- commit ea00bac
+
+- memory: tegra: Set BPMP msg flags to reset IPC channels (jsc#PED-7377)
+- commit e67ef95
+
+- memory: tegra: Add Tegra234 clients for RCE and VI (jsc#PED-7377)
+- commit faa58f6
+
+- pinctrl: tegra: Consistently refer to SoC data (jsc#PED-7377)
+- commit a8faf7c
+
+- firmware: tegra: bpmp: Add support for DRAM MRQ GSCs (jsc#PED-7377)
+- commit 408475f
+
+- gpio: tegra186: Check PMC driver status before any request (jsc#PED-7377)
+- commit 3b10a2a
+
+- gpio: tegra186: Check GPIO pin permission before access. (jsc#PED-7377)
+- commit 0ce1a89
+
+- PCI: tegra194: Add interconnect support in Tegra234 (jsc#PED-7377)
+- commit d74fa9b
+
+- memory: tegra: make icc_set_bw return zero if BWMGR not supported (jsc#PED-7377)
+- commit 734a54f
+
+- memory: tegra: Add dummy implementation on Tegra194 (jsc#PED-7377)
+- commit d4119f8
+
+- memory: tegra: Make CPU cluster BW request a multiple of MC channels (jsc#PED-7377)
+- commit 312222e
+
+- dt-bindings: tegra: Add ICC IDs for dummy memory clients (jsc#PED-7377)
+- commit c75c8a3
+
+- memory: tegra: Add software memory clients in Tegra234 (jsc#PED-7377)
+- commit 1ccc65b
+
+- memory: tegra: Add memory clients for Tegra234 (jsc#PED-7377)
+- commit f35b21d
+
+- memory: tegra: Add interconnect support for DRAM scaling in Tegra234 (jsc#PED-7377)
+- commit ccec3a6
+
+- soc/tegra: fuse: Fix Tegra234 fuse size (jsc#PED-7377)
+- commit 7495f5c
+
+- soc/tegra: pmc: Add AON SW Wake support for Tegra234 (jsc#PED-7377)
+- commit 156c05b
+
+- soc/tegra: fuse: Add support for Tegra264 (jsc#PED-7377)
+- commit 920ec24
+
+- supported.conf: Add UCSI CCG module in base image (jsc#PED-7377)
+  This module is needed for Nvidia Orin platforms.
+- commit 5f1a01b
+
+- rpm: Use run_if_exists for all external scriptlets
+  With that the scriptlets do not need to be installed for build.
+- commit 25edd65
+
+- rpm/constraints.in: raise memory constraints
+  Build statistics show that most architectures already need more than 2 GB.
+  Require 4 GB except s390x where the memory usage is much lower and we might
+  have trouble finding any compliant worker.
+- commit 71aefb3
+
kernel-firmware
+- More update on version 20240201 (git commit 3677750467cb):
+  * linux-firmware: wilc1000: update WILC1000 firmware to v16.1.2
+  * rtl_nic: add firmware for RTL8126A (bsc#1217417)
+  * qcom: Add Audio firmware for SM8550 HDK
+
+- Update to version 20240201 (git commit 1b24d7d3379b):
+  * linux-firmware: intel: Add IPU6 firmware binaries
+  * ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.37
+  * Revert "amdgpu: DMCUB updates for various AMDGPU ASICs"
+  * amdgpu: update SMU 13.0.0 firmware
+  * amdgpu: update PSP 13.0.0 firmware
+  * amdgpu: update GC 11.0.0 firmware
+  * brcm: Add brcmfmac43430-sdio.xxx.txt nvram for the Chuwi Hi8 (CWI509) tablet
+  * amdgpu: DMCUB updates for various AMDGPU ASICs
+
+- Update to version 20240126 (git commit 8fa621d2f9c1):
+  * qcom: Add Audio firmware for SM8650 MTP
+  * linux-firmware: Add firmware for Cirrus CS35L41 on HP Consumer Laptops
+  * Intel Bluetooth: Make spacing consistent with rest of WHENCE
+  * amdgpu: update raven2 firmware
+  * amdgpu: update raven firmware
+  * amdgpu: update SDMA 5.2.7 firmware
+  * amdgpu: update PSP 13.0.8 firmware
+  * amdgpu: update VCN 3.1.2 firmware
+  * amdgpu: update SDMA 5.2.6 firmware
+  * amdgpu: update PSP 13.0.5 firmware
+  * amdgpu: update GC 10.3.6 firmware
+  * amdgpu: add GC 11.0.1 rlc_1 firmware
+  * amdgpu: update vega20 firmware
+  * amdgpu: update VCN 4.0.0 firmware
+  * amdgpu: update SMU 13.0.0 firmware
+  * amdgpu: update PSP 13.0.0 firmware
+  * amdgpu: update GC 11.0.0 firmware
+  * amdgpu: update vega12 firmware
+  * amdgpu: update vega10 firmware
+  * amdgpu: update beige goby firmware
+  * amdgpu: update picasso firmware
+  * amdgpu: update dimgrey cavefish firmware
+  * amdgpu: update vangogh firmware
+  * amdgpu: update navy flounder firmware
+  * amdgpu: update green sardine firmware
+  * amdgpu: update sienna cichlid firmware
+  * amdgpu: update PSP 13.0.11 firmware
+  * amdgpu: update GC 11.0.4 firmware
+  * amdgpu: update VCN 4.0.2 firmware
+  * amdgpu: update PSP 13.0.4 firmware
+  * amdgpu: update GC 11.0.1 firmware
+  * amdgpu: update arcturus firmware
+  * amdgpu: update navi14 firmware
+  * amdgpu: add VCN 4.0.3 firmware
+  * amdgpu: add SDMA 4.4.2 firmware
+  * amdgpu: add SMU 13.0.6 firmware
+  * amdgpu: add PSP 13.0.6 firmware
+  * amdgpu: Add GC 9.4.3 firmware
+  * amdgpu: update renoir firmware
+  * amdgpu: update VCN 4.0.4 firmware
+  * amdgpu: update SMU 13.0.7 firmware
+  * amdgpu: update PSP 13.0.7 firmware
+  * amdgpu: update GC 11.0.2 firmware
+  * amdgpu: update navi12 firmware
+  * amdgpu: update yellow carp firmware
+  * amdgpu: update SMU 13.0.10 firmware
+  * amdgpu: update SDMA 6.0.3 firmware
+  * amdgpu: update PSP 13.0.10 firmware
+  * amdgpu: update GC 11.0.3 firmware
+  * amdgpu: update navi10 firmware
+  * amdgpu: update aldebaran firmware
+  * linux-firmware: Update AMD cpu microcode
+  * RTL8192E: Remove old realtek WiFi firmware
+- Update aliases
+
kexec-tools
+- kexec-dont-use-kexec_file_load-on-xen.patch (bsc#1218590)
+
kimageformats
+- Update to 5.114.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.114.0
+- Changes since 5.113.0:
+  * avif: new quality settings
+  * Update CI template
+  * HEIF plug-in extended to support HEJ2 format
+
+- Update to 5.113.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.113.0
+- No code change since 5.112.0
+
+- Update to 5.112.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.112.0
+- No code change since 5.111.0
+
+- Update to 5.111.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.111.0
+- Changes since 5.110.0:
+  * avif: support repetition count
+  * raw: fix multi image load
+  * hdr: fix oss-fuzz issue 62197
+  * hdr: fix crash (oss-fuzz)
+  * xcf: fix crash (oss-fuzz issue 62075)
+  * xcf: fix oss-fuzz issue
+
+- Update to 5.110.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.110.0
+- Changes since 5.109.0:
+  * QOI: Advertise write support in the desktop file
+  * qoi: write support backported from master
+  * xcf: format v12 support (kf5)
+  * Support libavif 1.0
+  * exr: multiple fixes (kf5)
+  * Fix missing qoi.desktop
+  * qoi: fix buffer overflow kf5
+  * Renamed qoi.h to qoi_p.h
+  * Minor improvements
+  * Add support for the QOI image format
+  * Set linear color space and round fix
+- Drop patch, merged upstream
+  * 0001-Support-libavif-1.0.patch
+
+- Add patch to support avif 1.0:
+  * 0001-Support-libavif-1.0.patch
+
+- Update to 5.109.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.109.0
+- Changes since 5.108.0:
+  * psd: Fix UB type punning (kde#471829)
+  * Treat 3-channel MCH images as CMY images
+  * Add explicit moc includes to sources for moc-covered headers
+
+- Update to 5.108.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.108.0
+- Changes since 5.107.0:
+  * jxl: add support for libjxl v0.9, drop support for old 0.6.1
+  * Remove qt6 CI builds
+
+- Update to 5.107.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.107.0
+- Changes since 5.106.0:
+  * pcx: multiple fixes (2)
+  * Avoid unnecessary conversions
+  * RGB/SGI writer: fix alpha detection and image limit size
+  * TGA writer: fix alpha detection and performance improvements
+  * pcx: multiple fixes
+  * PCX: Fix reading of the extended palette (kde#463951)
+
+- Update to 5.106.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.106.0
+- Changes since 5.105.0:
+  * Fix wrong alpha conversion (kde#468288)
+
+- Update to 5.105.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.105.0
+- Changes since 5.104.0:
+  * psd: Fix alpha blending (KF5)
+
+- Update to 5.104.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.104.0
+- No code change since 5.103.0
+
+- Update to 5.103.0
+  * New feature release
+  * For more details please see:
+  * https://kde.org/announcements/frameworks/5/5.103.0
+- Changes since 5.102.0:
+  * psd: conversion speed improvements (kf5)
+  * Fix writing TGA alpha depth flag
+  * HDR support removed from RAW plugin
+  * heif: reject invalid files with zero size
+
libavif
+- update to 1.0.3:
+  * Rewrite the fix for memory errors fixed in 1.0.2
+  * CVE-2023-6704: Fix use-after-free errors (boo#1218303)
+  * src/reformat.c: Allocate the threadData array directly
+
+- update to 1.0.2:
+  * Update avifCropRectConvertCleanApertureBox() to the revised
+    requirements in ISO/IEC 23000-22:2019/Amd. 2:2021 Section
+    7.3.6.7.
+  * CVE-2023-6350: Out of bounds memory to alphaItemIndices (boo#1217614)
+  * CVE-2023-6351: use-after-free in colorProperties (boo#1217615)
+- drop fix-gdkpixbuf.patch
+
+- Update to 1.0.0:
+  * Incompatible changes:
+    + The clli member was added to the avifImage struct.
+    + The repetitionCount member was added to the avifEncoder and avifDecoder
+    structs.
+    + The quality and qualityAlpha members were added to the avifEncoder struct.
+    + Check that functions returning pointers do not return NULL before accessing
+    those pointers.
+    + Check the return value of avifEncoderSetCodecSpecificOption().
+    + The maxThreads member was added to the avifRGBImage struct.
+    + Check the return value of avifRGBImageAllocatePixels(), avifRWDataRealloc(),
+    avifRWDataSet(), avifImageSetProfileICC(), avifImageSetMetadataExif() and
+    avifImageSetMetadataXMP().
+    + The meaning of the keyframeInterval member of avifEncoder struct has changed
+    slightly. When set to a value of "n",
+    Before: It forces a keyframe on every nth frame.
+    After: Any set of "n" consecutive frame will have at least one keyframe
+    (every nth frame may or may not be a keyframe).
+  * Added:
+    + Add clli metadata read and write support
+    + Add repetitionCount member to avifEncoder and avifDecoder structs to specify
+    the number of repetitions for animated image sequences.
+    + Add quality and qualityAlpha to avifEncoder. Note: minQuantizer,
+    maxQuantizer, minQuantizerAlpha, and maxQuantizerAlpha are deprecated. Code
+    should be updated to set quality (and qualityAlpha if applicable) and leave
+    minQuantizer, maxQuantizer, minQuantizerAlpha, and maxQuantizerAlpha
+    initialized to the default values.
+    + The --target-size flag in avifenc was added to adapt the quality so that the
+    output file size is as close to the given number of bytes as possible.
+    + Add the public API function avifImageIsOpaque() in avif.h.
+    + Add the public API functions avifImagePlane(), avifImagePlaneRowBytes(),
+    avifImagePlaneWidth(), and avifImagePlaneHeight() in avif.h.
+    + Add API for multi-threaded YUV to RGB color conversion.
+    + Allow lossless 4:0:0 on grayscale input.
+    + Add avifenc --no-overwrite flag to avoid overwriting output file.
+    + Add avifenc --clli flag to set clli.
+    + Add support for all transfer functions when using libsharpyuv.
+  * Changed:
+    + Exif and XMP metadata is exported to PNG and JPEG files by default,
+    except XMP payloads larger than 65502 bytes in JPEG.
+    + The --grid flag in avifenc can be used for images that are not evenly divided
+    into cells.
+    + Change the encoder to write the boxes within the "stbl" box in the order of
+    stsd, stts, stsc, stsz, stco, stss.
+    + avifImageRGBToYUV() and avifImageYUVToRGB() handle avifImage bit depths 8, 10,
+    12 and now also 16. Files read by apps/shared/ can output 16-bit avifImage
+    instances.
+    + avifImageCreate(), avifImageCreateEmpty(), avifEncoderCreate() and other
+    internal functions now return NULL if a memory allocation failed.
+    + avifEncoderSetCodecSpecificOption() now returns avifResult instead of void to
+    report memory allocation failures.
+- Add fix-gdkpixbuf.patch.
+
+- Add BuildRequires pkgconfig(libwebp) to enable libsharpyuv
+
+- Update to version 0.11.1:
+  * Changed:
+  - avifincrtest_helpers: Cast 64-bit offset to size_t
+  - avifmetadatatest: don't include avif/internal.h
+  - avifrgbtoyuvtest: skip if no libsharpyuv
+  - Disable tests that may fail if the codec is not aom (#1176)
+
+- Remove unused BuildRequires on nasm
+- Remove indirect/incorrect Buildrequires on zlib
+- add direct glib Buildrequires
+
+- Update to version 0.11.0:
+  * There are incompatible ABI changes in this release. The
+    alphaRange member was removed from the avifImage struct. The
+    chromaDownsampling and avoidLibYUV members were added to the
+    avifRGBImage struct. The imageDimensionLimit member was added
+    to the avifDecoder struct. avifImageCopy() and
+    avifImageAllocatePlanes() signatures changed. It is necessary
+    to recompile your code. Also check the return values of
+    avifImageCopy() and avifImageAllocatePlanes().
+  * Added:
+  - Add man pages for avifenc and avifdec
+  - Add the avifChannelIndex type alias for enum avifChannelIndex
+  - Add avifChromaDownsampling enum
+  - Add chromaDownsampling field to avifRGBImage struct
+  - Add support for AVIF_RGB_FORMAT_RGB_565
+  - Add imageDimensionLimit field to avifDecoder struct
+  - Add autoTiling field to avifEncoder struct
+  - Add new avifResult codes AVIF_RESULT_CANNOT_CHANGE_SETTING
+    and AVIF_RESULT_INCOMPATIBLE_IMAGE
+  - Add new enum constants AVIF_PIXEL_FORMAT_COUNT and
+    AVIF_RGB_FORMAT_COUNT
+  - avifdec: Add --dimension-limit, which specifies the image
+    dimension limit (width or height) that should be tolerated
+  - avifenc: Add --sharpyuv, which enables "sharp" RGB to YUV420
+    conversion, which reduces artifacts caused by 420 chroma
+    downsampling. Needs libsharpyuv (part of the libwebp
+    repository) at compile time.
+  - avifenc: Add --ignore-exif and --ignore-xmp flags.
+  - avifenc: Add --autotiling, which sets --tilerowslog2 and
+  - -tilecolslog2 automatically.
+  - avifenc: Input Exif orientation is converted to irot/imir by
+    default.
+  * Changed:
+  - Fix memory leaks of metadata on avifenc exit
+  - Update the handling of 'lsel' and progressive decoding to
+    AVIF spec v1.1.0
+  - Treat an absent lsel and layer_id == 0xFFFF equivalently for
+    backward compatibility with earlier drafts of AVIF spec
+    v1.1.0
+  - Set libavif's own default value of cfg.rc_end_usage for
+    libaom
+  - Set the libaom-specific option -a tune=ssim by default
+  - Bump cmake_minimum_required from 3.5 to 3.13
+  - Fix https://crbug.com/oss-fuzz/48135
+  - Use several new libyuv functions in reformat_libyuv.c
+  - Fix SVT-AV1's issue 1957 related to uninitialized variables
+    crashing the encoder
+  - Update aom.cmd: v3.5.0
+  - Update rav1e.cmd: v0.5.1
+  - Update svt.cmd/svt.sh: v1.2.1
+  - Update libgav1.cmd: v0.18.0
+  - Update libyuv.cmd: f9fda6e7 (version 1844)
+  - avifImageCopy() and avifImageAllocatePlanes() now return
+    avifResult instead of void to report invalid parameters or
+    memory allocation failures.
+  - avifImageRGBToYUV() now uses libyuv fast paths by default. It
+    may slightly change conversion results. The old behavior can
+    be restored by setting avifRGBImage::chromaDownsampling to
+    AVIF_CHROMA_DOWNSAMPLING_BEST_QUALITY and
+    avifRGBImage::avoidLibYUV to AVIF_TRUE.
+  - avifRGBImage::chromaUpsampling now only applies to
+    conversions that need upsampling chroma from 4:2:0 or 4:2:2
+    and has no impact on the use of libyuv.
+  - Set avifRGBImage::avoidLibYUV accordingly to control the use
+    of libyuv.
+  - avifenc: Set the YUV format to 4:0:0 for grayscale PNGs
+  - Support updating encoder settings and codec-specific options
+    during encoding
+  - Disable AVIF_STRICT_CLAP_VALID and AVIF_STRICT_PIXI_REQUIRED
+    in the JNI wrapper
+  - avifdec: Return proper exit code in "info" mode
+  - In avifenc and avifdec, treat all arguments that start with
+    '-' as options
+  - Exif and XMP metadata is imported from PNG and JPEG files.
+  - avifImageSetMetadataExif() parses the Exif metadata and
+    converts any Exif orientation found into transformFlags, irot
+    and imir values.
+  - Write 'auxi' box for animated images with alpha channel
+  - Write 'auxv' as handler_type for alpha channel track
+  - Use PNG_COLOR_TYPE_GRAY for 8-bit grayscale output
+  - Replace repeated subtraction by modulo in calcGCD
+  - Change avifImageCreate to take uint32_t instead of int
+    parameters
+  - When writing an image sequence, check if it's safe to cast
+    width and height to uint16_t
+  - Allow clamped grid cells in avifEncoderAddImageGrid()
+  * Removed:
+  - alphaRange field was removed from the avifImage struct. It it
+    presumed that alpha plane is always full range.
+  - The avifCodecConfigurationBox struct becomes a private type
+    for libavif internal use
+- Bump lib_soversion global (also in baselibs.conf) to 15 following
+  upstream change.
+- Use ldconfig_scriptlets for post(un) handling.
+
+- Enable libyuv on TW
+
+- update to 0.10.1:
+  * tests/docker/build.sh: Build SVT-AV1 using cmake and ninja directly
+  * Fix a Visual Studio 2017 compiler warning in src\reformat.c: warning C4204:
+    nonstandard extension used: non-constant aggregate initializer
+  * Fix the help message of avifdec: --index takes a value
+
+- Update to version 0.10.0
+  * See https://github.com/AOMediaCodec/libavif/blob/v0.10.0/CHANGELOG.md
+    for a complete changelog or check the CHANGELOG.md in the doc directory.
+
+- Disable libaom and use rav1e by default
+  * As PHP 8.1 has AVIF support, use rav1e by default as it is more
+    secure being written in Rust.
+
libcbor
+- Merge change from SLE15 SP4 made by pgajdos@suse.com on
+  Tue Apr  5 14:36:56 UTC 2022:
-  + libcbor.1
+  + libcbor.3
-- Add libcbor-0.5.0-fix-lib.patch to not build shared lib twice
-  and make package build reproducible (boo#1102408)
+- Update to 0.10.1:
+  * BREAKING: Fix cbor_copy leaking memory and creating invalid items when the allocator fails.
+  * BREAKING: Improved half-float encoding for denormalized numbers. [#208]
+  * Make the buffer_size optional in cbor_serialize_alloc [#205]
+  * Fix a potential memory leak when the allocator fails during array or map decoding [#224]
+  * Fix a memory leak when the allocator fails when adding chunks to indefinite bytestrings.
+  * Fix a memory leak when the allocator fails when adding chunks to indefinite strings
+  * Fix cbor_build_tag illegal memory behavior when the allocator fails
+  * Add a new cbor_serialized_size API
+  * Reworked cbor_serialize_alloc to allocate the exact amount of memory necessary upfront
+
+- Install manual page in the correct man section
+
+- fix duplicate src package name issue on multibuild
+
+- update to 0.9.0:
+  * Improved pkg-config paths handling
+  * Use explicit math.h linkage
+  * BREAKING: Fixed handling of items that exceed the host size_t range
+  * cbor_decode explicitly checks size to avoid overflows (previously broken,
+    potentially resulting in erroneous decoding on affected systems)
+- split docs into multibuild flavor to avoid build cycle via openssh<->
+  python-pyOpenSSL <-> python-cryptography
+
+- Update to version 0.8.0
+  * BREAKING: Fix cbor_tag_item not increasing the reference count
+    on the tagged item reference it returns
+  * BREAKING: CBOR_DECODER_EBUFFER removed from cbor_decoder_status
+    + cbor_stream_decode will set CBOR_DECODER_NEDATA instead if the
+    input buffer is empty
+  * Fix cbor_stream_decode to set cbor_decoder_result.required to
+    the minimum number of input bytes necessary to receive the next
+    callback (as long as at least one byte was passed)
+  * Fixed several minor manpage issue
+
+- Update to version 0.7.0
+  * Too many changes to list, see included CHANGELOG.md file
+- 0.6.0 includes patch by bwiedemann@suse.com to not build shared
+  lib twice and make package build reproducible (boo#1102408,
+  gh#PJK/libcbor#72)
+
+- remove documentation build with doxygen
libgcrypt
+- add libgcrypt-no-deprecated-grep-alias.patch
+
+- Update to 1.10.3:
+  * Bug fixes:
+  - Fix public key computation for other EdDSA curves. [rC469919751d6e]
+  - Remove out of core handler diagnostic in FIPS mode. [T6515]
+  - Check that the digest size is not zero in gcry_pk_sign_md and
+    gcry_pk_verify_md. [T6539]
+  - Make store an s-exp with \0 is considered to be binary. [T6747]
+  - Various constant-time improvements.
+  * Portability:
+  - Use getrandom call only when supported by the platform. [T6442]
+  - Change the default for --with-libtool-modification to never. [T6619]
+  * Release-info: https://dev.gnupg.org/T6817
+  * Remove patch upstream libgcrypt-1.10.0-out-of-core-handler.patch
+
+- Do not pull revision info from GIT when autoconf is run. This
+  removes the -unknown suffix after the version number.
+  * Add libgcrypt-nobetasuffix.patch [bsc#1216334]
+
libinput
+- Update to release 1.25
+  * Change how left-handed settings are handled for tablets: If
+    libwacom does not contain a definition for a tablet yet,
+    libinput defaults to enabling a left-handed setting.
+  * Quirks for laptops from Dell, Google, Graviton, HP, HUAWEI,
+    Lenovo and Razer, gadgets like the RollerMouse Pro3 and virtual
+    machines like GNOME Boxes, VirtualBox or Virtual Machine
+    Manager are included.
+
libmspack
-- chmextract.c add anti "../" and leading slash protection to chmextract
-  (CVE-2018-18586.patch, bsc#1113040)
-  * cve-2018-18586.patch
-
-- There is an off-by-one error in the CHM PMGI/PMGL chunk number validity
-  checks, which could lead to denial of service
-  (CVE-2018-14679, bsc#1103032)
-  * libmspack-CVE-2018-14679.patch
-- Bad KWAJ file header extensions could cause a one or two byte overwrite
-  (CVE-2018-14681, bsc#1103032).
-  * libmspack-CVE-2018-14681.patch
-- There is an off-by-one error in the TOLOWER() macro for CHM decompression
-  (CVE-2018-14682, bsc#1103032).
-  * libmspack-CVE-2018-14682.patch
-
-- add libmspack-0.6alpha-CVE-2019-1010305.patch to fix a buffer
-  overflow in chmd_read_headers(): a CHM file name beginning "::"
-  but shorter than 33 bytes will lead to reading past the
-  freshly-allocated name buffer - checks for specific control
-  filenames didn't take length into account [bsc#1141680]
-  [CVE-2019-1010305]
-
-- Enable build-time tests (bsc#1130489)
-  * Added patch libmspack-failing-tests.patch
-
-- Added patches:
-  * libmspack-resize-buffer.patch -- CAB block input buffer is one
-    byte too small for maximal Quantum block.
-  * libmspack-fix-bounds-checking.patch --  Fix off-by-one bounds
-    check on CHM PMGI/PMGL chunk numbers and reject empty filenames.
-  * libmspack-reject-blank-filenames.patch -- Avoid returning CHM
-    file entries that are "blank" because they have embedded null
-    bytes.
-  * (the last two patches were modified by removing unneeded part
-    in order to make them more independent)
-- Fixed bugs:
-  * CVE-2018-18584 (bsc#1113038)
-  * CVE-2018-18585 (bsc#1113039)
+- The following bugs and CVEs are not affecting TW:
+  * CVE-2018-18584
+  * CVE-2018-18585
+  * CVE-2018-18586
+  * CVE-2019-1010305
+  * bsc#1113038
+  * bsc#1113039
+  * bsc#1113040
+  * bsc#1130489
+  * bsc#1141680
+
+- Update to version 0.11:
+  * see https://github.com/kyz/libmspack/blob/master/libmspack/ChangeLog
+    for a full changelog
+
+- Update to version 0.10.1
+  * Bugfix release, no functional changes
+
+- Update to version 0.10:
+  * Fix Heap buffer overflow in chmd_read_headers()
+  * Fix memory exhausted in chmd_read_headers()
+  * Fix memory exhausted in oabd_decompress()
+
+- Update to version 0.9.1:
+  * Fix bug in decompressing data to get to the correct folder
+    offset when the folder is LZX compressed (0.8 regression).
+  * Build system cleanup
+  * Testsuite available
+  * Does not install testing tools and examples by default.
+- Rename mspack-tools to mspack-examples to follow upstream change.
+
+- Update to version 0.8:
+  * New parameter MSCABD_PARAM_SALVAGE which permits salvaging
+    badly damaged files rather than rejecting them outright.
+  * Fix the above 38912-byte Quantum CAB block bug.
+  * Reject blank CHM filenames that are blank because they have
+    embedded null bytes.
+  * chmextract: Protect from absolute/relative pathnames in CHM
+    files.
+
+- Update to version 0.7 (bsc#1103032):
+  * Fix 1 or 2 byte overwrite by bad KWAJ file header extensions
+    (CVE-2018-14681).
+  * Fix 1 byte overread by character U+0100 in a CHM filename
+    (CVE-2018-14682).
+  * Reject blank CHM filenames (CVE-2018-14680).
+  * Fix off-by-1 in CHM PMGI/PMGL chunk number validity checks,
+    which could cause a crash (CVE-2018-14679).
libmtp
+- updated to 1.1.21 release
+  Bugs fixed:
+  - Fix LIBMTP_STORAGE_SORTBY_MAXSPACE not working (copy-paste mistake)
+  - fix warnings regarding mismatched parameter docs
+  - fix comment above  sort_storage_bysort_storage_by
+  - Revert "ptp_pack_string: check string length for no iconv situation"
+  - remove dependency on ptp.h
+  - fixed paste error vendor/product id
+  - libusb-glue: check return value of ptp_init_send_memory_handler
+  - ptp_pack_string: check string length for no iconv situation
+  - ptp-pack: fix ucs2str overflow
+  Features:
+  - add a LIBMTP_FreeMemory function that wraps free()
+  - added functions to get device by serial number
+  - added serial number of device to output of 'mtp-files'
+  - added optional serial number parameter to 'mtp-getfile'
+  - added optional serial number parameter to 'mtp-delfile'
+  - feat: Add LIBMTP_Get_Children() to read the list of raw IDs of a folder.
+  - merge a patch from google https://source.chromium.org/chromiumos/chromiumos/codesearch/+/main:src/third_party/chromiumos-overlay/media-libs/libmtp/files/libmtp-1.1.20-10_remove_nexus_s_from_device_list.patch
+  - several new devices added, some device renaming for consistency.
+
+- updated to 1.1.20 release
+  - again more USB ids added
+  - some smaller bugfixes
+
+- updated to 1.1.19 release
+  - Lots of USB ids added, especially Garmin devices
+  - use a local libusb context, not the global one
+  - various bugfixes
+
+- updated to 1.1.18 release
+  - new USB ids
+  - mtp-getfile and mtp-delfile new parameter
+  - report "error 6" as "busy / blocked by another device"
+
+- updated to 1.1.17 release
+  - new USB Ids
+  - various bugfixes
+
+- Small packaging cleanup
+
-- include-config-h.patch: always include "config.h" first
-
-- updated to 1.1.7
-  - Soname libmtp.so.9.2.0 - binary compatible, new interfaces
-    have been added.
-  - Compilation fixes for older GCC and non-GCC compilers.
-  - Finalize >4GB file transfer changes so this works now.
-  - A new API to check for device capabilities has been added.
-  - Sync in latest upstream ptp2 changes.
-  - Support for USB 3.0! (A patch adding async buffering was
-    reverted after deemed instable by Debian.)
-  - Some migration toward the new API in the examples.
-  - Use parent storage if available as default storage media.
-  - Force reset on close for Android devices.
-  - Handle integrated USB hubs in mtp-probe.
-  - Devices, devices, devices...
-- mtpz-use-LIBMTP_ERROR-instead-of-LIBMTP_INFO.patch: is upstream
-- music-players.h: use up to date 1.1.7 version again.
-
-- Tell doxygen to stop producing files with timestamps.
-- define udev macros only if not already there.
-
-- music-players.h: Updated to the device database of the current GIT level
-  to support more MTP devices (bnc#854328)
-
-- Use LIBMTP_ERROR instead of LIBMTP_INFO function in mtpz_loaddata
-  (mtpz.c) to dont get junk in the udev rule when generating the rule.
-  add: mtpz-use-LIBMTP_ERROR-instead-of-LIBMTP_INFO.patch
-
-- updated to 1.1.6
-  - Soname libmtp.so.9.1.0 - binary compatible, new interfaces
-    have been added.
-  - Devices, devices, devices... I think I had a hundred (no kidding)
-    reports for the Nexus 4. It seems hackers just love this device
-    and cannot wait for me to spin a new libmtp.
-  - More careful autoprobing code for Linux, running around in
-    sysfs to try to avoid opening non-MTP devices. The libusb devs
-    do not uniformly like this idea but what shall I do? People
-    still want their devices to autodetect. Any hints welcome,
-    any patches will be reviewed.
-  - Interface extenstions from Philip Langdale to support the
-    Android in-place read/write extensions. This will be used by
-    GVFS for editing files etc, it is actually very useful when
-    treating the MTP device as a "real" filesystem. It only works
-    on Android devices with Google's MTP stack, but hey, that is
-    a fair share of the MTP devices used today.
-  - Several fixes and memory leaks fixed by Lei Zhang courtesy if
-    the Chromebook project, thanks Google!
-  - Windows Phone 8 should work out of the box.
-- remove upstream libmtp_motoRazr.patch
-
-- add support for Motorola Droid Razr M (XT 907)
-
-- mtp-probe no longer working in factory, wrong udev dir.
-
-- updated to 1.1.5
-  - Soname libmtp.so.9.0.5 - binary compatible
-  - Stop forcing altinterface 0! That bug has been around like
-    forever and libgphoto2 never did this. It screws up some
-    Samsung devices and is the prime reason for releasing this
-    update so soon after 1.1.4 as I know a lot of people out there
-    have Samsung devices!
-  - Integrated Sajid Anwars hard long-term work on MTPZ. There are
-    no secret keys or certificates inside libmtp, if you need these
-    to talk to your MTPZ device (Zune models, Windows Phones) you
-    need to get a file of secrets from some other place, preferably
-    Microsoft.
-  - Expose getthumbnail method and the Add Storage events as needed
-    for a GNOME VFS project by Philip Langdale.
-  - Rearrange and try to understand some SONY device modes again
-    and again.
-  - A udev script fix from Alessio Treglia to avoid poking around
-    on Canon EOS 3D.
-  - Devices, devices, devices...
-- Add libgrypt buildrequires for MTPZ support
-
-- updated to 1.1.4
-  - various bugfixes, especially in Samsung *
-  - lots of new ids
-
-- updated to 1.1.3
-  - Soname libmtp.so.9.0.3 - binary compatible.
-  - Probably nailed the bugs in the Samsung Galaxy Tab S2 family
-    of devices. Ignacio Martinez helped us fixing this!
-  - Build fixes by Alessio Treglia and others.
-  - A horde of new devices in the database.
-
-- Remove redundant tags/sections per specfile guideline suggestions
-
-- updated to 1.1.2
-  * device updates
-  * ported to use libusb 1.0
-  * Autodetect "sony.net" devices
-
-- Remove redundant tags/sections (authors list, already in package
-  as a file); put %description after %package
-- Parallel build with %_smp_mflags
-
-- add support for Galaxy Nexus
-
-- updated to 1.1.1
-  * device updates
-
-- updated to 1.1.0
-  * lots of new devices
-  * IAD (0xfe class) device detection
-- drop HAL FDI snippets
-- libmtp8 -> libmtp9
-
-- fixed typos in descriptions of libmtp.spec
-
-- updated to 1.0.6
-  * even less aggressive mtp probing (not detecting nearly all
-    devices as MTP) bnc#668986
-  * some more USB ids
-
-- do not greedily match all PTP cameras in the udev rules.
-
-- updated to 1.0.4 incremental release
-  * new ids
-  * bugfixes
-  * new udev rules for new udev
-
-- updated to 1.0.3 incremental release
-  * some new ids
-  * some smaller bugfixes
-- buildrequre pkg-config
-
-- updated to intermediate snapshot
-  * Samsung fixes and new ids
-  * various small bugfixes
-
-- updated to 1.0.2 bugfix release
-  * new ids: Samsung, Archos, Blackberry, ...
-  * bugfixes
-
-- updated to 1.0.1 bugfix release
-  * last patches included
-  * some more bug flags for devices
-
-- bugfixes to "fast metadata loading" method
-
-- upgraded to 1.0.0 release
-  * More USB ids
-  * libmtp.so.8.3.0 library interface
-  * New functions:
-    LIBMTP_Get_File_To_Handler
-    LIBMTP_Send_File_From_Handler
-    LIBMTP_Get_Track_To_Handler
-    LIBMTP_Send_Track_From_Handler
-    functions to get/send files/tracks from/to handler functions.
-    External handling of individual properties:
-    LIBMTP_Is_Property_Supported to check if a certain property is
-    supported on a certain device.
-    LIBMTP_Get_Allowed_Property_Values to get alowed range/enum of a
-    property value.
-    LIBMTP_Get_Representative_Sample_Format will now get the size
-    parameter to allow us to determine the maximum size for a
-    representative sample.
-  * Added modificationdate to file and track structs.
-  * Added LIBMTP_FILETYPE_ALBUM and LIBMTP_FILETYPE_PLAYLIST filetypes.
-  * Numerous Windows portability fixes.
-  * Marcus Meissner rewrote the PTP object handling and metadata caching
-    functions from libgphoto2 and fixed up the ugly largefile handling.
-  * Various minor bug fixes.
-
-- upgraded to 0.3.7
-  * compatible library interface libmtp.8.2.2
-  * stores albums and playlists in the default
-    music folder if no default folder for albums resp.
-    playlists has been detected.
-  * an error report from RedHat BZ
-    http://bugzilla.redhat.com/show_bug.cgi?id=485627
-    led to strange code for detecting anonymous OGG files
-    being rewritten to handle NULL filenames and filenames
-    that do not exceed 4 chars.
-  * patch from Marcus to fix an issue
-    with retransmit originally reported by Florent Pillet.
-  * discovered a new device that cannot even
-    read out battery level but still claims to be able to.
-- upgraded to 0.3.6
-  * Compatible API libmtp.so.8.2.1
-  * Several bug fixes to the examples
-  * Improved Windows and *BSD support
-  * Proper device flags to handle Toshiba players (hopefully)
-  * New devices and flag settings
-  * Nothing new from a programmers point of view
-- upgraded to 0.3.5
-  * Bumped soname to libmtp.so.8.2.0
-  - Only interface change:
-  * Change metadata const*const to *const to allow playlist_id to be
-    modified by LIBMTP_Update_Playlist. Shouldn't affect any code out
-    there really.
-  - New features and bugfixes:
-  * Allow for playlists with zero tracks on them (also in update).
-  * Get folders to a flat list and we get O(n) searching instead of
-    the previous O(n^2) algorithm! The rest is janitorial changes.
-
libnvme
+- Update to version 1.8+0.gbff7dda:
+  * linux: Explicitly initialize auto-cleanup variables
+  * example: fix mi identify failed with error cntid
+  * tree: do not issue an error when subsys lookup fails during scanning
+  * types: Add controller properties CMBEBS, CMBSWTP and NSSD
+  * tests: Add sample NBFT table from Dell PowerEdge R660
+  * tests: Add sample NBFT table from Dell PowerEdge R760
+  * tests: Fix diffs output for duplicate HFI entries
+  * nbft: avoid duplicate entries in ssns->hfis
+  * nbft: Fix (struct nbft_info_subsystem_ns).num_hfis off-by-one
+  * test: read and dump sysfs tar file
+  * nvme: allow to overwrite hostnqn and hostid
+  * nvme: allow to overwrite base sysfs path
+  * json: dump the output to the user selected filedescriptor
+  * libnvme: export nvme_dump_tree
+  * fabrics: add 'concat' option
+  * mi: set correct rc and errno when crc mismatch
+  * tree: use logical block size for lba
+  * json-schema: add keyring and tls_key details (bsc#1219086)
+  * build: checkout full repo for checkpatch
+  * linux: avoid segfault in check-tls-key due to null hostnqn/subsysnqn (bsc#1219086)
+  * meson.build: fixup 'join' syntax
+  * util: Explicitly initialize auto-cleanup variables
+  * tree: Explicitly initialize auto-cleanup variables
+  * linux: Explicitly initialize auto-cleanup variables
+  * fabrics: Explicitly initialize auto-cleanup variables
+  * util: Added function to find specific UUID in UUID list.
+  * build: fix release python tag match
+- Disable new unit test which is not running stable in OSB
+  * add 0001-build-disable-sysfs-test.patch
+
+- Update to version 1.7.1+0.g13ba383:
+  * tree: do no free ns on error in nvme_ns_init
+
+- Update to version 1.7+0.gf38b1d7:
+  * tree: do not open blk device on default
+  * tree: read all attributes from sysfs when available
+  * ioctl: set data length when retrieving LBA status
+  * types: fix regression for vendor-specific field in nvme_id_ns
+  * util: use cleanup functions
+  * linux: use cleanup functions
+  * json: use cleanup functions
+  * fabrics: use cleanup functions
+  * tree: use cleanup functions
+  * cleanup: add cleanup functions
+  * tree: fix incorrect return value
+  * tree: Fix clearing application strings
+  * libnvme: reshuffle nvme_generate_tls_key_identity()
+  * libnvme: fixup error codes
+  * libnvme: Implement 'nvme_generate_tls_key_identity()'
+  * libnvme: support NVMe TLS identities version 1 (bsc#1219086)
+  * libnvme: Add base64 functions
+  * libnvme: separate out 'gen_tls_identity' and reshuffle 'derive_nvme_keys'
+  * libnvme: separate out a function 'select_hmac'
+  * libnvme: fix a memory leak when calling read_ssns()
+  * libnvme: fix a memory leak in read_discovery()
+  * fabrics: avoid redundant args in nvme_discovery_log()
+  * fabrics: have nvmf_get_discovery_log() call nvmf_get_discovery_wargs()
+  * fabrics: fetch smaller Discovery Log Page header
+  * fabrics: avoid redundant Get Log Page on retry
+  * fabrics: clear RAE for discovery log page commands
+  * json-schema: add keyring and tls_key details (bsc#1219086)
+  * types: add Host Behavior Support field definitions
+  * mi: Cast values to u32 if shift overflows int
+  * types: Cast values to u32 if shift overflows int
+  * test: Avoid unaligned pointer dereferences
+  * nbft: Avoid unaligned pointer dereferences
+  * types: add cross-namespace copy formats, status codes, ONCS bits
+  * nvme: Add length field to Hkdf-Expand-Label computation
+  * ioctl: use lsp arg in nvme_get_log_boot_partition
+  * fabrics: use SECTYPE to determine whether to use TLS (bsc#1219086)
+  * fabrics: Allocate aligned payloads for id_ctrl and discovery log calls
+  * linux: Allocate aligned payloads for id_ctrl and id_ns calls
+  * ioctl: MSB variable-size storage/reference tags
+
libpng16
-- security update
-- added patches
-  CVE-2019-7317 [bsc#1124211]
-  + libpng16-CVE-2019-7317.patch
+- Update to version 1.6.40:
+  * Fixed the eXIf chunk multiplicity checks.
+  * Fixed a memory leak in pCAL processing.
+  * Corrected the validity report about tRNS inside png_get_valid().
+  * Fixed various build issues on *BSD, Mac and Windows.
+  * Updated the configurations and the scripts for continuous integration.
+  * Cleaned up the code, the build scripts, and the documentation.
+
+- do not use NEON instructions [bsc#1211176]
+
+- Fix license tag to libpng-2.0.
+
+- Fix build: some*.la files are symlinks. Adjust spec to use
+  find -type f,l
+
+- switch to pkgconfig(zlib) to allow alternative providers as well
+- build with glibc hwcaps optimized libs
+
+- Update to version 1.6.39:
+  * cmake: Default to PNG_ARM_NEON=off for arm targets.
+  + Turn large PNG chunks into benign errors.
+  + Update, rename and clean up various scripts.
+  + tools: Fix a buffer overflow involving a file name in pngfix.
+  + tools: Fix a memory leak in pngcp.
+
+- update to 1.6.38:
+  * Added configurations and scripts for continuous integration.
+  * Fixed various errors in the handling of tRNS, hIST and eXIf.
+  * Implemented many stability improvements across all platforms.
+  * Updated the internal documentation.
+
+- switch source url to https
+
+- install rpm macros in %{_rpmmacrodir} [bsc#1185661]
+- call spec-cleaner
+
+- enable hardware optimizations (such as SSE)
+
+- make check actually works under asan
+
+- version update to 1.6.37
+  Fixed a use-after-free vulnerability (CVE-2019-7317) in png_image_free.
+  Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette.
+  Fixed a memory leak in pngtest.c.
+  Fixed two vulnerabilities (CVE-2018-14048, CVE-2018-14550) in
+    contrib/pngminus; refactor.
+  Changed the license of contrib/pngminus to MIT; refresh makefile and docs.
+    (Contributed by Willem van Schaik)
+  Added makefiles for AddressSanitizer-enabled builds.
+- deleted patches
+  - libpng-arm-free.patch (upstreamed)
+- fixes [bsc#1121624] CVE-2019-6129 and [bsc#1124211] CVE-2019-7317
+
+- fix arm build [bsc#1121829]
+  + libpng-arm-free.patch
-- usecase example: [bsc#1121624]
+
+- update to 1.6.36:
+  Replaced the remaining uses of png_size_t with size_t (Cosmin)
+    Fixed the calculation of row_factor in png_check_chunk_length
+    (reported by Thuan Pham in SourceForge issue #278)
+    Added missing parentheses to a macro definition
+    (suggested by "irwir" in GitHub issue #216)
+    Optimized png_do_expand_palette for ARM processors.
+    Improved performance by around 10-22% on a recent ARM Chromebook.
+    (Contributed by Richard Townsend, ARM Holdings)
+    Fixed manipulation of machine-specific optimization options.
+    (Contributed by Vicki Pfau)
+    Used memcpy instead of manual pointer arithmetic on Intel SSE2.
+    (Contributed by Samuel Williams)
+    Fixed build errors with MSVC on ARM64.
+    (Contributed by Zhijie Liang)
+    Fixed detection of libm in CMakeLists.
+    (Contributed by Cameron Cawley)
+    Fixed incorrect creation of pkg-config file in CMakeLists.
+    (Contributed by Kyle Bentley)
+    Fixed the CMake build on Windows MSYS by avoiding symlinks.
+    Fixed a build warning on OpenBSD.
+    (Contributed by Theo Buehler)
+    Fixed various typos in comments.
+    (Contributed by "luz.paz")
+    Raised the minimum required CMake version from 3.0.2 to 3.1.
+    Removed yet more of the vestigial support for pre-ANSI C compilers.
+    Removed ancient makefiles for ancient systems that have been broken
+    across all previous libpng-1.6.x versions.
+    Removed the Y2K compliance statement and the export control
+    information.
+    Applied various code style and documentation fixes.
+- removed patches
+  * libpng16-CVE-2018-13785.patch (upstreamed)
+- cannot find upstream tarball signature, asked upstream for
+  clarification
+- %{libname} package provides libpng = %{version} again
+  [bsc#1079342]
+
libpwquality
+- add: prereq "pam-config" in baselibs.conf
+  * post scriptlet in pam_pwquality-32bit runs: pam-config
+
librsvg
+- Update to version 2.57.1:
+  + Fix small-caps and bump the version of Pango required to 1.50.0.
+  + Fix panic when using negative scaling transforms on the
+    toplevel.
+  + Support "var(--foo, #aabbcc)" just for colors.  This is the
+    minimum required to render color SVG emoji fonts that provide
+    color fallbacks, but it is not yet full support for CSS var().
+  + Fix the VS2017 build.
+  + Update cairo-rs.
+  + Update the project metadata files.
+
libsecret
+- Update to version 0.21.2:
+  + Support GnuTLS as an alternative crypto backend.
+  + Fix LeakSanitizer issues.
+  + secret-tool: Verify that the parsed stdin password is vaild
+    UTF-8.
+  + Fix markup syntax for SecretSchema.
+  + Public secret_attributes_validate method.
+  + Updated translations.
+
+- Use %patch -p N instead of deprecated %patchN.
+
libsolv
+- build for multiple python versions [jsc#PED-6218]
+- bump version to 0.7.28
+
libsoup
+- Update to version 3.4.4:
+  + Improve HTTP/2 performance when a lot of buffering happens
+  + Support building libnghttp2 as a subproject
+
+- Update to version 3.4.3:
+  + Fix incorrect UTF-8 encoding for params in headers
+  + Numerous HTTP/2 fixes and improvements
+  + Fix possible crashes in connection management
+  + Fix small leak in SoupServer
+  + Fix the possibility of empty HTTP/2 frames being sent
+
+- Update to version 3.4.2:
+  + Revert changes to request cancellation.
+
+- Update to version 3.4.1:
+  + Fix HTTP/2 on platforms with unsigned char.
+  + Change request cancellation to be handled earlier.
+  + Add names to GSources and source tags to GTasks to aid
+    debugging.
+- Run meson_test macro for all arches.
+
+- Update to version 3.4.0:
+  + Fix possible crash in SoupContentSniffer.
+  + Fix socket leak.
+  + Add missing annotation to
+    soup_header_g_string_append_param_quoted().
+
+- Update to version 3.3.1:
+  + Fix regression in `SoupCookieJar` not handling valid Secure
+    cookies.
+  + Fix crash when skipping HTTP/1 response stream with chunked
+    enconding.
+  + Change Session to unqueue finished items earlier without an
+    extra MainContext iteration.
+
+- Update to version 3.3.0:
+  + Add `SoupMessage::got-body-data` signal to monitor progress of
+    reads
+  + Add `soup_session_send_and_splice()` and
+    `soup_session_send_and_splice_async()` convenience APIs
+  + Add `soup_message_set_force_http1()` and
+    `soup_message_get_force_http1()` APIs
+  + Change `soup_cookie_copy()` to not retain default ports
+  + Ensure `SoupServerMessage` socket is available in websocket
+    handler
+  + Fix `soup_message_new()` not erroring when URI has an empty
+    host
+  + Fix thread-saftey issues in `SoupConnectionAuth`
+  + Fix various connection leaks
+  + Fix the possibility of sending invalid empty
+    `Sec-WebSocket-Protocol` header
+  + Fix IO errors not being handled on `CONNECT` messages
+  + Numerous improvements to cookies:
+  - Add support for cookie prefixes (`__Secure-` and `__Host-`)
+  - Reject cookies with control characters in name or value
+  - Reject `SameSite=None` cookies without `Secure`
+  - Change `soup_cookie_parse()` to be more strict about what is
+    considered whitespace
+  - Change default SameSite value to `Lax`
+  - Fix `soup_cookie_equal()` with `NULL` path
+
+- Update to version 3.2.2:
+  + Various HTTP/2 Fixes:
+  - Fix `content-sniffed` not being emitted for resources without
+    content.
+  - Fix leak of SoupServerConnection when stolen.
+- Enable tests on 32-bit again, fixed upstream.
+
+- Update to version 3.2.1:
+  + When built against nghttp2 1.50.0+ be relaxed about header
+    whitespace.
+  + Fix possible crash when cancelling an HTTP/2 message.
+  + Fix regresion where soup_server_message_get_socket() could
+    return NULL.
+  + Fix minor memory leak.
+- Disable tests on 32-bit while waiting for
+  https://gitlab.gnome.org/GNOME/libsoup/-/issues/309
+
+- Update to version 3.2.0:
+  + No changes, stable bump only.
+
+- Update to version 3.1.4:
+  + Numerous improvements to HTTP/2 reliablity.
+  + Fix `http` proxy authentication with default proxy resolver.
+  + Fix undefined ``ssize_t`` with MSVC.
+
+- Update to version 3.1.3:
+  + Fix compile error when `SOUP_VERSION_MAX_ALLOWED` is defined.
+- Changes from version 3.1.2:
+  + Replace HTTP/2 tests using Quart with internal HTTP/2 server
+    tests.
+  + Improve version macros including adding ability to define
+    `SOUP_DISABLE_DEPRECATION_WARNINGS`.
+- Drop -D http2_tests=disabled meson paramter: no longer supported.
+- Drop 299.patch: merged upstream.
+
+- Update to version 3.1.1:
+  + Reintroduce some thread-safety to SoupSession (see
+    https://libsoup.org/libsoup-3.0/client-thread-safety.html)
+  + Add SoupServerMessage:tls-peer-certificate and
+    SoupServerMessage:tls-peer-certificate-errors
+  + Port docs to gi-docgen
+  + Update documentation.
+- Replace pkgconfig(gtk-doc) with pkgconfig(gi-docgen)
+  BuildRequires (and update options passed to meson) following
+  upstreams port.
+- Add 299.patch: multithread-test: show error information in case
+  of request failure. multithread-test: skip proxy tests if apache
+  is not available.
+- Use ldconfig_scriptlets for post(un) handling.
+
+- Update to version 3.0.8:
+  + Fix `http` proxy authentication with default proxy resolver.
+  + Numerous improvments to HTTP/2 reliability.
+
+- Update to version 3.0.7:
+  + Fix leak in SoupAuthNTLM.
+  + Fix constructing SoupAuthNTLM objects.
+  + Disable mutual negotiation in SoupAuthNegotiate.
+  + http2:
+  - Do not advertise the `h2` protocool for proxy connections.
+  - Remove left-over headers when HTTP/1 redirects to HTTP/2.
+  - Handle HTTP_1_1_REQUIRED error.
+  - Read request bodies synchronously for sync requests.
+  - Properly handle server sending shut down GOAWAY.
+  + tests:
+  - Remove dependency on Apache's PHP module.
+  - Depend upon Apache's http2 module.
+
+- Update to version 3.0.6:
+  + Misc HTTP/2 fixes.
+  + Add PUT/POST support to examples/get.
+  + Add `--user-agent` option to examples/get.
+  + Misc meson improvements.
+  + Fix build with Visual Studio.
+
+- Update to version 3.0.5:
+  + Misc HTTP/2 fixes.
+  + Fix missing files for installed-tests.
+  + Fix SoupServer not properly handling invalid percent encoded
+    paths.
+  + Fix other areas not properly handling invalid percent encoded
+    paths.
+  + Fix SoupLogger:max-body-size of 0 meaning log nothing.
+
libsoup2
+- Add ced3c5d8.patch: Fix build with libxml2-2.12.0 and clang-17.
+
libssh2_org
+- Always add the KEX pseudo-methods "ext-info-c" and "kex-strict-c-v00@openssh.com"
+  when configuring custom method list. [bsc#1218971, CVE-2023-48795]
+  * The strict-kex extension is announced in the list of available
+    KEX methods. However, when the default KEX method list is modified
+    or replaced, the extension is not added back automatically.
+  * Add libssh2_org-CVE-2023-48795-ext.patch
+
libstorage-ng
+- merge gh#openSUSE/libstorage-ng#985
+- log locale
+- 4.5.188
+
+- merge gh#openSUSE/libstorage-ng#984
+- log some languange environmant variables
+- log some language environment variables
+- 4.5.187
+
+- Translated using Weblate (Georgian) (bsc#1149754)
+- 4.5.186
+
+- Translated using Weblate (Swedish) (bsc#1149754)
+- 4.5.185
+
+- Translated using Weblate (Czech) (bsc#1149754)
+- 4.5.184
+
+- Translated using Weblate (Slovak) (bsc#1149754)
+- 4.5.183
+
+- merge gh#openSUSE/libstorage-ng#983
+- fixed typo
+- 4.5.182
+
+- Translated using Weblate (Dutch) (bsc#1149754)
+- 4.5.181
+
+- Translated using Weblate (Japanese) (bsc#1149754)
+
+- Translated using Weblate (Catalan) (bsc#1149754)
+
+- merge gh#openSUSE/libstorage-ng#982
+- updated pot and po files
+- 4.5.180
+
+- Translated using Weblate (Georgian) (bsc#1149754)
+- 4.5.179
+
+- merge gh#openSUSE/libstorage-ng#981
+- fix reusing volume group name (bsc#1219266)
+- 4.5.178
+
+- merge gh#openSUSE/libstorage-ng#980
+- added experimental support for bcachefs
+- 4.5.177
+
+- Translated using Weblate (Swedish) (bsc#1149754)
+- 4.5.176
+
+- Translated using Weblate (Indonesian) (bsc#1149754)
+- 4.5.175
+
+- merge gh#openSUSE/libstorage-ng#979
+- allow to get Arch object from SystemInfo
+- make testcase more robust
+- coding style
+- 4.5.174
+
+- Translated using Weblate (Russian) (bsc#1149754)
+- 4.5.173
+
+- merge gh#openSUSE/libstorage-ng#978
+- added get_linux_partition_id() taking Arch parameter
+- make git ignore javascript in generated documentation
+- coding style
+- cleanup
+- 4.5.172
+
+- merge gh#openSUSE/libstorage-ng#977
+- provide light_probe function with SystemInfo parameter
+- 4.5.171
+
+- merge gh#openSUSE/libstorage-ng#976
+- make more use of new SystemCmd interface
+- use in-class member initialization
+- inhibit colored output from udevadm
+- fixed typos
+- 4.5.170
+
+- merge gh#openSUSE/libstorage-ng#975
+- reduce number of udevadm settle calls during probing
+- use in-class member initialization
+- proved probe function taking SystemInfo as an additional argument
+- fixed typos
+- moved code
+- 4.5.169
+
+- Translated using Weblate (Slovak) (bsc#1149754)
+- 4.5.168
+
+- Translated using Weblate (Dutch) (bsc#1149754)
+
+- Translated using Weblate (Japanese) (bsc#1149754)
+
+- Translated using Weblate (Czech) (bsc#1149754)
+
+- Translated using Weblate (Catalan) (bsc#1149754)
+
+- merge gh#openSUSE/libstorage-ng#974
+- updated pot and po files
+- 4.5.167
+
+- merge gh#openSUSE/libstorage-ng#973
+- fixed typos
+- 4.5.166
+
+- merge gh#openSUSE/libstorage-ng#972
+- added note about nvme json output
+- 4.5.165
+
+- merge gh#openSUSE/libstorage-ng#971
+- adapted to changed nvme json output (bsc#1218306)
+- 4.5.164
+
+- merge gh#openSUSE/libstorage-ng#970
+- consistent (and original) naming of bcache operations
+- coding style
+- improved logging
+- updated integration tests
+- fixed typo
+- 4.5.163
+
+- merge gh#openSUSE/libstorage-ng#969
+- factor out common code
+- 4.5.162
+
libxml2
+- Security fix (CVE-2024-25062, bsc#1219576) use-after-free in XMLReader
+  * Added libxml2-CVE-2024-25062.patch
+
libzypp
+- tui: allow to access the underlying ostream of out::Info.
+- Add MLSep: Helper to produce not-NL-terminated multi line
+  output.
+- version 17.31.31 (22)
+
+- applydeltaprm: Create target directory if it does not exist
+  (bsc#1219442)
+- Add ProblemSolution::skipsPatchesOnly (for openSUSE/zypper#514)
+- Fix problems with EINTR in ExternalDataSource::getline (fixes
+  bsc#1215698)
+- version 17.31.30 (22)
+
+- CheckAccessDeleted: fix running_in_container detection
+  (bsc#1218782)
+- Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime
+  (bsc#1218831)
+- Make Wakeup class EINTR safe.
+- Add a way to cancel media operations on shutdown
+  (openSUSE/zypper#522)
+  This patch adds a mechanism to signal libzypp that a shutdown was
+  requested, usually when CTRL+C was pressed by the user. Currently
+  only the media backend will utilize this, but can be extended to
+  all code paths that use g_poll() to wait for events.
+- Manually poll fds for curl in MediaCurl.
+  Using curl_easy_perform does not give us the required control on
+  when we want to cancel a download. Switching to the MultiCurl
+  implementation with a external poll() event loop will give us
+  much more freedom and helps us to improve our Ctrl+C handling.
+- Move reusable curl poll code to curlhelper.h.
+- version 17.31.29 (22)
+
+- Fix to build with libxml 2.12.x (fixes #505)
+- version 17.31.28 (22)
+
mozilla-nss
+- update to NSS 3.90.2
+  * bmo#1780432 - (CVE-2023-5388) Timing attack against RSA
+    decryption in TLS. (bsc#1216198)
+  * bmo#1867408 - add a defensive check for large ssl_DefSend
+    return values.
+
multipath-tools
-- Update to version 0.9.7+77+suse.8a169ba:
+- Update to version 0.9.8~1+82+suse.dcd98a3:
+  * Adapt package version such that it shows as a 0.9.8 prerelease
+  * Add missing udev rules file
+
+- Update to version 0.9.7+148+suse.9780ae0:
+  * 11-dm-mpath.rules: Fix quoting mistake (bsc#1219142)
+
+- Update to version 0.9.7+148+suse.7d9953e.obscpio
+  * This is a multipath-tools 0.9.8 pre-release
+  * fix fast_io_fail for Infinibox (bsc#1219348)
+  * Fix activation of LVM volume groups during coldplug (bsc#1219142)
+
+- Update to version 0.9.7+140+suse.2d78457:
+  * This is a multipath-tools 0.9.8 pre-release
+  * Socket activation via multipathd.socket has been disabled by default
+    because it has undesirable side effects on systems without multipath.
+    Users with multipath hardware should enable multipathd.service
+  * The restorequeueing CLI command now only enables queueing if
+    disablequeueing had been sent before
+  * Avoid multipathd hang during map flush
+  * multipathd now tracks the queueing mode of maps in its internal features string
+  * Improve error messages in 'multipathd -k'
+  * Fix segfault in autoresize code (bsc#1219289)
+  * Fix missing map reloads (bsc#1219796)
+  * Documentation fixes, spelling fixes, minor code fixes
+
+- Update to version 0.9.7+93+suse.e2f2272:
+  * avoid setting queue_if_no_path on multipath maps for which the
+    no_path_retry timeout has expired
+  * the interactive commands "restorequeueing map X" and
+    "restorequeing maps" now only affect maps that had queueing
+    manually disabled using "disablequeuing maps" or
+    "disablequeuing map X" beforehand
+  * Spelling fixes
netpbm
+- added patches
+  fix CVE-2017-5849 [bsc#1022790], CVE-2017-5849 [bsc#1022791]
+  + netpbm-use-byrow-when-needed.patch
+
nvme-cli
+- Update to version 2.8:
+  * nvme-print-json: append array object in json_support_log
+  * sed: Add plugin for basic SED Opal operations (jsc#PED-5061)
+  * don't include newlines in already wrapped text
+  * nvme: do not include meta data for PRACT=1 and MD=8 (version 2)
+  * create-ns: align the namespaces to 1Mib boundaries when using SI suffixes
+  * doc: Fix config-schema.json's URL
+  * plugins/solidigm: Compressing vs-internal-log log files into zip file.
+  * nbft: do not issue an error if ACPI tables are missing
+  * nbft: fixup include for libnvme
+  * doc: Fix short option name for cfg-file
+  * completions: added Solidigm plugin to autocomplete scripts
+  * nvme: Remove unused cfg argument from NVME_ARGS() macro
+  * nvme: fix directive receive identify offsets
+  * nvme-fabrics: enable option 'concat'
+  * build: Update libnvme wrap
+  * plugins/wdc: Add Debug Log Collection Support
+  * nbft: fix tcp/dhcp address fallback retry (bsc#1218873)
+  * nvme: use correct telemetry log size
+  * nvme-print: fix typo in list verbose output (bsc#1219086)
+  * nvme: print inserted tls key for check-tls-key (bsc#1219086)
+  * plugins/wdc: Plugin fixes and updates
+  * fabrics: move hostid/hostnqn warnings to verbose level (bsc#1219086)
+
+- Update to version 2.7.1:
+  * nvme-print-json: Revert field name changes (bsc#1218306)
+
+- Update to version 2.7:
+  * nvme-print-json: include vs for identify namespace
+  * nvme-print-stdout: enhance connect message (bsc#1219086)
+  * fabrics: fix connect error if hostid file does not exist (bsc#1219086)
+  * fabrics: fix invalid output format error during nvme connect (bsc#1219086)
+  * wdc: Fix vs-smart-add-log Command for SN650 and SN655
+  * nvme: restric hmac options for gen-tls-key (bsc#1219086)
+  * wdc: Fix UUID index fallback mechanism
+  * plugins/ocp: Add OCP Telemetry String log page, Telemetry log page
+  * completions: Add bash completions for telemetry string log page
+  * plugins/solidigm: Added OCP 2.0 compatibility version command
+  * plugins/solidigm: Added OCP 2.0 vs-drive-info command.
+  * plugins/ocp: Fix printing order of various Latency Monitor Log buckets
+  * nvme: validate output format split status from flag return value
+  * nvme: simplify cleanup_nvme_dev()
+  * cleanup: remove unused cleanup_charp()
+  * wdc: Add support for SN861 2nd pci device id
+  * nvme: replace libhugetlbfs with mmap and madvise
+  * util/mem: move alloc helper to util section
+  * nvme: auto cleanup filedescriptors
+  * nvme: auto cleanup buffers
+  * nvme: return error code in get_persistent_event_log
+  * nvme: sanitize nvme-gen-tls-key
+  * nvme: print out the resulting TLS identity for 'nvme check-tls-key'
+  * nvme: Add version '1' identifier for nvme-gen-tls-key
+  * subprojects/libnvme: update wrapper for TP8018
+  * plugins/solidigm: Added re_sku_count smart atrribute
+  * doc: Fix nvme-connect manpage --application option string
+  * plugins/ocp: changed command clear-pcie-correctable-error-counters to match OCP 2.0 spec.
+  * plugins/solidigm: Added command to clear PCIe Correctable Error Counters according to OCP 2.0
+  * plugins/ocp: Reorganized clear feature code for better reuse
+  * nvme: fixup length calculation for 'nvme gen-tls-key --secret'
+  * doc: remove invalid hostkey info for --dhchap-secret
+  * nvme-print-json: use human helper everywhere
+  * nvme-print-json: remove obj_print helper
+  * plugins/ocp: update nvme_show_select_result call
+  * mailmap: only show contributer's name
+  * nvme-print-json: Change to report status and message in array
+  * nvme-print-json: Change to report feature select in array
+  * nvme-print-json: Change to report error and data in array
+  * nvme-print-json: Add show_init/finish calls to report features in array
+  * nvme-print: Add nvme_show_error_status() to merge error message and status
+  * nvme-print-json: Use r instead of root and use obj_add_***(r, ..., ...)
+  * nvme-print-json: Delete static const char string global variables
+  * nvme-print-json: Add remaining controller registers readable format
+  * nvme-print-json: Add readable format cap, vs, cc, csts, nssr and crto registers
+  * nvme-print-json: Combine duplicated json key and val string variables
+  * nvme-print-json: Replase json_array_add_value_string() to array_add_str()
+  * nvme-print-json: Replase json_object_add_value_uint128() to obj/root_add_uint128()
+  * nvme-print-json: Replase json_object_add_value_object() to obj/root_add_obj()
+  * nvme-print-json: Replase json_array_add_value_object() to array_add_obj()
+  * nvme-print-json: Replase json_object_add_value_array() to obj/root_add_array()
+  * nvme-print-json: Replase json_object_add_value_uint() to obj/root_add_uint()
+  * nvme-print-json: Replase json_object_add_value_int() to obj/root_add_int()
+  * nvme-print-json: Replase json_object_add_value_uint64() to obj/root_add_uint64()
+  * nvme-print-json: Replase json_object_add_value_string() to obj/root_add_str()
+  * nvme-print-json: Update feature_show_fields_*** to use root/obj_add_***()
+  * nvme-print-json: Update lba_status_log to use root_add_***() and obj_add_***()
+  * nvme-print-json: Replace lba_status_log printf() to root_add_result()
+  * nvme-print-json: Add list_item print function
+  * nvme-print-json: Add lba_status_info print function
+  * nvme-print-json: Add lba_range print function
+  * nvme-print-json: Add id_ctrl_rpmbs print function
+  * nvme-print-json: Unify json_list and jroot object names to root
+  * nvme-print-json: Add json_zns_changed print function
+  * nvme-print-json: Add root_add_result() to output result message
+  * nvme-print-json: Split persistent_event_log print function
+  * nvme-print-json: Remove unnecessary string newline code
+  * nvme-print-json: Replace effects_log_list print to use json_print()
+  * nvme-print-json: Print persistent_event_log no log data result correctly
+  * nvme-print-json: Add static "result" and "erorr" strings variables
+  * nvme-print-json: Add single_property printf function
+  * nvme: Replace get feature command stderr output to nvme_show_error()
+  * nvme-print-json: Change d() output to use d_json()
+  * nvme: Fix get-feature command mixed stdout and json outputs
+  * nvme-print-json: Add remaining feature fields print functions
+  * nvme-print-json: Update formatting and codying style
+  * build: Add -std=c99 to CFLAGS for muon on CentOS 7
+  * fabrics: add udev rule to avoid renaming nbft interfaces
+  * fabrics: autoconnect: add service unit for connecting NBFT subsystems
+  * fabrics: autoconnect: explicitly express module dependency
+  * Updates to codeql config
+  * libnvme-wrap: exit on VOID_FN lookup failure
+  * plugins/ocp:Added the ocp C6h feature api
+  * plugin/ocp_fid_c6h:Added the ocp C6h feature api
+  * nvme-copy: support cross-namespace copy
+  * nvme/plugins: fix mismatch operator
+  * nvme: fix overflow possiblity
+  * nvme: reduce identify cmd issue
+  * nvme: allow set-features to take input from stdin
+  * Fix common misspellings from codespell project
+  * nvme-print: Correct to print correct ascii character string length
+  * print-stdout: print Host Behavior Support correctly
+  * build: Bump libnvme wrap
+  * plugins/solidigm: Added support for temperature statistics log page
+  * Add support for codeql sweeps
+  * doc: Add virt-mgmt command
+  * doc: Add id-uuid command
+  * doc: Add list-secondary command
+  * doc: Add id-ns-granularity command
+  * doc: Add nvme commands --output-format and --verbose options
+  * completions: Add nvme-mi-recv nad nvme-mi-send commands completions
+  * completions: Change short option -o and -v duplicated to upper case
+  * doc: Change short option -o and -v duplicated to upper case
+  * nvme: Change short option -o and -v duplicated to upper case
+  * nvme: Change phy-rx-eom-log command to use NVME_ARGS instead
+  * plugins/memblaze: Add smart-log-add and latency-feature functions
+  * plugins/solidigm: internal-logs Telemetry auto detect last data area.
+  * nvme: Change to use NVME_FLBAS_META_EXT() macro to check flbas value
+  * nvme-print-json: Add host memory buffer and timestamp features print functions
+  * nvme-print-json: Add feature fields print functions
+  * nvme-print-json: Add TMPTH feature print function
+  * nvme-print-json: Add show_feature_fields print function
+  * nvme-print-json: Add select_result print function
+  * nvme-print-json: Use json_print to print and free object
+  * nvme-print-json: Add lba_status print function
+  * nvme-print-json: Combine variable definition and setting value
+  * nvme-print-json: Add id_iocs print function
+  * nvme-print-stdout: Fix coding style errors
+  * nvme-print-json: Add directive print function
+  * nvme: Fixed segmentation fault when getting host initiated telemetry
+  * plugins/wdc: enhanced SN861 device support
+  * plugins/wdc: cleanup line lengths
+  * nvme: do not include meta data for PRACT=1 and MD=8
+  * nvme: use block-count arg if provided
+  * build: bump libnvme to disable tests option
+  * build: Add static build on CI target
+  * nvme-print: Add nvme_zns_start_zone_list() API function
+  * nvme-print: Add nvme_zns_finish_zone_list() API function
+  * nvme-print-binary: Set list function to NULL if unimplemented
+  * nvme-print-json: Change order list functions and set NULL if unimplemented
+  * nvme-print-stdout: Fix to set stdout_list_item print function missed
+  * plugins/solidigm: log page name extraction using nvme_log_to_string function
+  * nvme-print: Added missing logpage names in nvme_log_to_string function
+  * udev-rules: rename netapp udev rule (bsc#1219086)
+  * udev-rules: set ctrl_loss_tmo to -1 for ONTAP NVMe/TCP (bsc#1219086)
+- Remove upstreamed patches
+  * remove 0001-fabrics-autoconnect-add-service-unit-for-connecting-.patch
+  * remove 0002-fabrics-add-udev-rule-to-avoid-renaming-nbft-interfa.patch
+- Update spec file
+  * remove libhugetblfs depedency
+  * update NetApp udev rule file name
+
-  * udev-rule: apply round-robin iopolicy on i/o subsystems alone
+  * udev-rule: apply round-robin iopolicy on i/o subsystems alone (bsc#1215994) (bsc#1219086)
-  * fabrics: For TCP/RDMA, compare IP addresses with nvme_ipaddrs_eq()
-  * fabrics: lookup_discovery_ctrl() must look under host and not root
+  * fabrics: For TCP/RDMA, compare IP addresses with nvme_ipaddrs_eq() (bsc#1213768)
+  * fabrics: lookup_discovery_ctrl() must look under host and not root (bsc#1213768)
-  * fabrics: only look for matching ctrl on same host
+  * fabrics: only look for matching ctrl on same host (bsc#1213768)
openssh
+- Added openssh-cve-2023-51385.patch (bsc#1218215, CVE-2023-51385).
+  This limits the use of shell metacharacters in host- and
+  user names.
+
openssl-1_1
+- Security fix: [bsc#1219243, CVE-2024-0727]
+  * Add NULL checks where ContentInfo data can be NULL
+  * Add openssl-CVE-2024-0727.patch
+
+- Remove "Provides: openssl(cli)" because the executable has been renamed
+  to openssl-1_1.
+
+- Because OpenSSL 1.1.1 is no longer default, let's rename engine
+  directories to contain version of OpenSSL and let unversioned for
+  the default OpenSSL. [bsc#1194187, bsc#1207472, bsc#1218933]
+  * /etc/ssl/engines.d ->  /etc/ssl/engines1.1.d
+  * /etc/ssl/engdef.d -> /etc/ssl/engdef1.1.d
+  * Update patches:
+  - openssl-1_1-ossl-sli-002-ran-make-update.patch
+  - openssl-1_1-use-include-directive.patch
+
+- Set OpenSSL 3.0 as the default openssl [jsc#PED-6570]
+  * For compatibility with OpenSSL 3.0, the OpenSSL master
+    configuration file openssl.cnf has been renamed to
+    openssl-1_1.cnf. The executables openssl, c_rehash, CA.pl and
+    tsget.pl have been also renamed to openssl-1_1, c_rehash-1_1,
+    CA-1_1.pl and tsget-1_1.pl, respectively.
+  * Add openssl-1_1-devel as conflicting with libopenssl-3-devel
+  * Add openssl-1_1-openssl-config.patch
+
+- Skip SHA1 test in 20-test_dgst.t when in FIPS mode
+  * Add openssl-Skip_SHA1-test-in-FIPS-mode.patch
+
+- Performance enhancements for cryptography from OpenSSL 3.x
+  [jsc#PED-5086, jsc#PED-3514]
+  * Add patches:
+  - openssl-ec-Use-static-linkage-on-nistp521-felem_-square-mul-.patch
+  - openssl-ec-56-bit-Limb-Solinas-Strategy-for-secp384r1.patch
+  - openssl-ec-powerpc64le-Add-asm-implementation-of-felem_-squa.patch
+  - openssl-ecc-Remove-extraneous-parentheses-in-secp384r1.patch
+  - openssl-powerpc-ecc-Fix-stack-allocation-secp384r1-asm.patch
+  - openssl-Improve-performance-for-6x-unrolling-with-vpermxor-i.patch
+
+- Update to 1.1.1w: (jsc#PED-6559)
+  * Fix POLY1305 MAC implementation corrupting XMM registers on Windows.
+  The POLY1305 MAC (message authentication code) implementation in OpenSSL
+  does not save the contents of non-volatile XMM registers on Windows 64
+  platform when calculating the MAC of data larger than 64 bytes. Before
+  returning to the caller all the XMM registers are set to zero rather than
+  restoring their previous content. The vulnerable code is used only on newer
+  x86_64 processors supporting the AVX512-IFMA instructions.
+  The consequences of this kind of internal application state corruption can
+  be various - from no consequences, if the calling application does not
+  depend on the contents of non-volatile XMM registers at all, to the worst
+  consequences, where the attacker could get complete control of the
+  application process. However given the contents of the registers are just
+  zeroized so the attacker cannot put arbitrary values inside, the most likely
+  consequence, if any, would be an incorrect result of some application
+  dependent calculations or a crash leading to a denial of service.
+  (CVE-2023-4807)
+- Removed patches, already upstream
+  * openssl-1_1-Fix-file-operations-in-c_rehash.patch
+  * openssl-CVE-2022-0778-tests.patch
+  * openssl-CVE-2022-0778.patch
+  * openssl-CVE-2022-1292.patch
+  * openssl-CVE-2022-2097.patch
+  * openssl-CVE-2022-4304.patch
+  * openssl-CVE-2022-4450-1of2.patch
+  * openssl-CVE-2022-4450-2of2.patch
+  * openssl-CVE-2023-0215-1of4.patch
+  * openssl-CVE-2023-0215-2of4.patch
+  * openssl-CVE-2023-0215-3of4.patch
+  * openssl-CVE-2023-0215-4of4.patch
+  * openssl-CVE-2023-0286.patch
+  * openssl-CVE-2023-2650.patch
+  * openssl-1_1-CVE-2023-3817.patch
+  * openssl-Update-further-expiring-certificates.patch
+- Renamed openssl-1_1-FIPS-default-RFC7919.patch
+  to openssl-1_1-paramgen-default_to_rfc7919.patch
+
+- Add missing FIPS patches from SLE:
+  * Add patches:
+  - bsc1185319-FIPS-KAT-for-ECDSA.patch
+  - bsc1198207-FIPS-add-hash_hmac-drbg-kat.patch
+  - openssl-1.1.1-fips-fix-memory-leaks.patch
+  - openssl-1_1-FIPS-PBKDF2-KAT-requirements.patch
+  - openssl-1_1-FIPS_drbg-rewire.patch
+  - openssl-1_1-Zeroization.patch
+  - openssl-1_1-fips-drbg-selftest.patch
+  - openssl-1_1-fips-list-only-approved-digest-and-pubkey-algorithms.patch
+  - openssl-1_1-jitterentropy-3.4.0.patch
+  - openssl-1_1-ossl-sli-000-fix-build-error.patch
+  - openssl-1_1-ossl-sli-001-fix-faults-preventing-make-update.patch
+  - openssl-1_1-ossl-sli-002-ran-make-update.patch
+  - openssl-1_1-ossl-sli-003-add-sli.patch
+  - openssl-1_1-ossl-sli-004-allow-aes-xts-256.patch
+  - openssl-1_1-ossl-sli-005-EC_group_order_bits.patch
+  - openssl-1_1-ossl-sli-006-rsa_pkcs1_padding.patch
+  - openssl-1_1-ossl-sli-007-pbkdf2-keylen.patch
+  - openssl-1_1-ossl-sli-008-pbkdf2-salt_pass_iteration.patch
+  - openssl-1_1-serialize-jitterentropy-calls.patch
+  - openssl-1_1-shortcut-test_afalg_aes_cbc.patch
+  - openssl-DH.patch
+  - openssl-FIPS-KAT-before-integrity-tests.patch
+  - openssl-fips-DH_selftest_shared_secret_KAT.patch
+  - openssl-fips-kdf-hkdf-selftest.patch
+  - openssl-kdf-selftest.patch
+  - openssl-kdf-ssh-selftest.patch
+  - openssl-kdf-tls-selftest.patch
+  - openssl-s_client-check-ocsp-status.patch
+  * Modify patches:
+  - openssl-1.1.1-fips.patch
+  - openssl-1_1-FIPS-fix-error-reason-codes.patch
+  * Remove patches:
+  - openssl-add_rfc3526_rfc7919.patch
+  - openssl-fips-dont_run_FIPS_module_installed.patch
+  - openssl-fips_fix_selftests_return_value.patch
+  * Add build and runtime dependency on jitterentropy
+- Pass over with spec-cleaner
+
+- Update to 1.1.1v:
+  * Fix DH_check() excessive time with over sized modulus
+    (bsc#1213487, CVE-2023-3446). The function DH_check() performs
+    various checks on DH parameters. One of those checks confirms
+    that the modulus ("p" parameter) is not too large. Trying to use
+    a very large modulus is slow and OpenSSL will not normally use
+    a modulus which is over 10,000 bits in length. However the
+    DH_check() function checks numerous aspects of the key or
+    parameters that have been supplied. Some of those checks use the
+    supplied modulus value even if it has already been found to be
+    too large. A new limit has been added to DH_check of 32,768 bits.
+    Supplying a key/parameters with a modulus over this size will
+    simply cause DH_check() to fail.
+  * Update openssl.keyring with the OTC members that sign releases
+  * Rebase openssl-1_1-openssl-config.patch
+  * Remove security patches fixed upstream:
+  - openssl-CVE-2023-3446.patch
+  - openssl-CVE-2023-3446-test.patch
+- Update to 1.1.1u:
+  * Mitigate for the time it takes for `OBJ_obj2txt` to translate gigantic
+    OBJECT IDENTIFIER sub-identifiers to canonical numeric text form.
+    OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
+    numeric text form.  For gigantic sub-identifiers, this would take a very
+    long time, the time complexity being O(n^2) where n is the size of that
+    sub-identifier.  (CVE-2023-2650, bsc#1211430)
+    To mitigitate this, `OBJ_obj2txt()` will only translate an OBJECT
+    IDENTIFIER to canonical numeric text form if the size of that OBJECT
+    IDENTIFIER is 586 bytes or less, and fail otherwise.
+    The basis for this restriction is RFC 2578 (STD 58), section 3.5. OBJECT
+    IDENTIFIER values, which stipulates that OBJECT IDENTIFIERS may have at
+    most 128 sub-identifiers, and that the maximum value that each sub-
+    identifier may have is 2^32-1 (4294967295 decimal).
+    For each byte of every sub-identifier, only the 7 lower bits are part of
+    the value, so the maximum amount of bytes that an OBJECT IDENTIFIER with
+    these restrictions may occupy is 32 * 128 / 7, which is approximately 586
+    bytes.
+    Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
+  * Reworked the Fix for the Timing Oracle in RSA Decryption
+    (CVE-2022-4304, bsc#1207534). The previous fix for this timing side
+    channel turned out to cause a severe 2-3x performance regression in the
+    typical use case compared to 1.1.1s. The new fix uses existing constant
+    time code paths, and restores the previous performance level while fully
+    eliminating all existing timing side channels. The fix was developed by
+    Bernd Edlinger with testing support by Hubert Kario.
+  * Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention that
+    it does not enable policy checking. Thanks to David Benjamin for
+    discovering this issue. (CVE-2023-0466, bsc#1209873)
+  * Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention that
+    it does not enable policy checking. Thanks to David Benjamin for
+    discovering this issue. (CVE-2023-0466, bsc#1209873)
+  * Fixed an issue where invalid certificate policies in leaf certificates are
+    silently ignored by OpenSSL and other certificate policy checks are
+    skipped for that certificate. A malicious CA could use this to
+    deliberately assert invalid certificate policies in order to circumvent
+    policy checking on the certificate altogether.
+    (CVE-2023-0465, bsc#1209878)
+  * Limited the number of nodes created in a policy tree to mitigate against
+    CVE-2023-0464.  The default limit is set to 1000 nodes, which should be
+    sufficient for most installations.  If required, the limit can be
+    adjusted by setting the OPENSSL_POLICY_TREE_NODES_MAX build time define
+    to a desired maximum number of nodes or zero to allow unlimited growth.
+    (CVE-2023-0464, bsc#1209624)
+  * Rebased patch openssl-1_1-openssl-config.patch
+  * Removed patches:
+  - openssl-CVE-2023-0464.patch
+  - openssl-CVE-2023-0465.patch
+  - openssl-CVE-2023-0466.patch
+  * Update openssl.keyring with key
+    A21F AB74 B008 8AA3 6115 2586 B8EF 1A6B A9DA 2D5C (Tomas Mraz)
+
+- FIPS: Merge libopenssl1_1-hmac package into the library [bsc#1185116]
+
+- Update to 1.1.1t:
+  * Fixed X.400 address type confusion in X.509 GeneralName.
+    There is a type confusion vulnerability relating to X.400 address processing
+    inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
+    but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
+    vulnerability may allow an attacker who can provide a certificate chain and
+    CRL (neither of which need have a valid signature) to pass arbitrary
+    pointers to a memcmp call, creating a possible read primitive, subject to
+    some constraints. Refer to the advisory for more information. Thanks to
+    David Benjamin for discovering this issue. [bsc#1207533, CVE-2023-0286]
+    This issue has been fixed by changing the public header file definition of
+    GENERAL_NAME so that x400Address reflects the implementation. It was not
+    possible for any existing application to successfully use the existing
+    definition; however, if any application references the x400Address field
+    (e.g. in dead code), note that the type of this field has changed. There is
+    no ABI change.
+  * Fixed Use-after-free following BIO_new_NDEF.
+    The public API function BIO_new_NDEF is a helper function used for
+    streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
+    to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
+    be called directly by end user applications.
+    The function receives a BIO from the caller, prepends a new BIO_f_asn1
+    filter BIO onto the front of it to form a BIO chain, and then returns
+    the new head of the BIO chain to the caller. Under certain conditions,
+    for example if a CMS recipient public key is invalid, the new filter BIO
+    is freed and the function returns a NULL result indicating a failure.
+    However, in this case, the BIO chain is not properly cleaned up and the
+    BIO passed by the caller still retains internal pointers to the previously
+    freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
+    then a use-after-free will occur. This will most likely result in a crash.
+    [bsc#1207536, CVE-2023-0215]
+  * Fixed Double free after calling PEM_read_bio_ex.
+    The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
+    decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
+    data. If the function succeeds then the "name_out", "header" and "data"
+    arguments are populated with pointers to buffers containing the relevant
+    decoded data. The caller is responsible for freeing those buffers. It is
+    possible to construct a PEM file that results in 0 bytes of payload data.
+    In this case PEM_read_bio_ex() will return a failure code but will populate
+    the header argument with a pointer to a buffer that has already been freed.
+    If the caller also frees this buffer then a double free will occur. This
+    will most likely lead to a crash.
+    The functions PEM_read_bio() and PEM_read() are simple wrappers around
+    PEM_read_bio_ex() and therefore these functions are also directly affected.
+    These functions are also called indirectly by a number of other OpenSSL
+    functions including PEM_X509_INFO_read_bio_ex() and
+    SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
+    internal uses of these functions are not vulnerable because the caller does
+    not free the header argument if PEM_read_bio_ex() returns a failure code.
+    [bsc#1207538, CVE-2022-4450]
+    [Kurt Roeckx, Matt Caswell]
+  * Fixed Timing Oracle in RSA Decryption.
+    A timing based side channel exists in the OpenSSL RSA Decryption
+    implementation which could be sufficient to recover a plaintext across
+    a network in a Bleichenbacher style attack. To achieve a successful
+    decryption an attacker would have to be able to send a very large number
+    of trial messages for decryption. The vulnerability affects all RSA padding
+    modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
+    [bsc#1207534, CVE-2022-4304]
+  * Rebased openssl-1_1-openssl-config.patch
+  * Update openssl.keyring with key
+    7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C (Richard Levitte)
+
+- Updated openssl.keyring with key A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C
+- Update to 1.1.1s:
+  * Fixed a regression introduced in 1.1.1r version not refreshing the
+    certificate data to be signed before signing the certificate.
+- Update to 1.1.1r:
+  * Fixed the linux-mips64 Configure target which was missing the
+    SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
+    platform.
+  * Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was
+    causing incorrect results in some cases as a result.
+  * Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
+    report correct results in some cases
+  * Fixed a regression introduced in 1.1.1o for re-signing certificates with
+    different key sizes
+  * Added the loongarch64 target
+  * Fixed a DRBG seed propagation thread safety issue
+  * Fixed a memory leak in tls13_generate_secret
+  * Fixed reported performance degradation on aarch64. Restored the
+    implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
+    32-bit lane assignment in CTR mode") for 64bit targets only, since it is
+    reportedly 2-17% slower and the silicon errata only affects 32bit targets.
+    The new algorithm is still used for 32 bit targets.
+  * Added a missing header for memcmp that caused compilation failure on some
+    platforms
+
+- update to 1.1.1q:
+  * [CVE-2022-2097, bsc#1201099]
+  * Addresses situations where AES OCB fails to encrypt some bytes
+
+- Update to 1.1.1p:
+  * bsc#1185637 - updated certificates required for testing that failed
+    when date is later than 1 June 2022
+  - removed openssl-update_expired_certificates.patch
+  * [bsc#1200550, CVE-2022-2068] - more shell code injection issues in c_rehash
+
+- Update to 1.1.1o: [CVE-2022-1292, bsc#1199166]
+  * Fixed a bug in the c_rehash script which was not properly sanitising
+    shell metacharacters to prevent command injection.
+  * Rebased openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch
+  * Rebased openssl-s390x-assembly-pack-add-support-for-pcc-and-kma-inst.patch
+- Added openssl-update_expired_certificates.patch
+  * Openssl failed tests because of expired certificates.
+  * bsc#1185637
+  * Sourced from https://github.com/openssl/openssl/pull/18446/commits
+
+- Update to 1.1.1m:
+  * Avoid loading of a dynamic engine twice.
+  * Prioritise DANE TLSA issuer certs over peer certs
+- Rebased patches:
+  * openssl-1.1.1-evp-kdf.patch
+  * openssl-1.1.1-system-cipherlist.patch
+
+- Drop openssl-no-date.patch
+  Upstream added support for reproducible builds via SOURCE_DATE_EPOCH in
+  https://github.com/openssl/openssl/commit/8a8d9e190533ee41e8b231b18c7837f98f1ae231
+  thereby making this patch obsolete as builds *should* still be reproducible.
+
perl-IO-Socket-SSL
+- Fix the test t/core.t to build with OpenSSL 3.2.0. [bsc#1218342]
+  * https://github.com/noxxi/p5-io-socket-ssl/issues/147
+  * Add perl-IO-Socket-SSL-Openssl32.patch
+
+- updated to 2.084
+  see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
+  2.084 2023/11/06
+  - various fixes for edge cases and build: #136, #141, #142, #143, #145
+  - update documentation to reflect default SSL_version
+
perl-Net-SSLeay
+- Use constants X509_VERSION_3 and X509_REQ_VERSION_1 when available (#GH-449)
+  * Add Use-constants-X509_VERSION_3-and-X509_REQ_VERSION_1-when-available.patch
+
+- updated to 1.92
+  see /usr/share/doc/packages/perl-Net-SSLeay/Changes
+  1.92 2022-01-12
+  - New stable release incorporating all changes from developer releases 1.91_01
+  to 1.91_03.
+  - Summary of major changes since version 1.90:
+  - Net::SSLeay now supports stable releases of OpenSSL 3.0.
+  - OpenSSL 3.0.0 introduces the concept of "providers", which contain
+  cryptographic algorithm implementations. Many outdated, deprecated and/or
+  insecure algorithms have been moved to the "legacy" provider, which may
+  need to be loaded explicitly in order to use them with Net::SSLeay. See
+  "Low level API: OSSL_LIB_CTX and OSSL_PROVIDER related functions" in the
+  Net::SSLeay module documentation for details.
+  - Net::SSLeay's built-in PEM_get_string_PrivateKey() function depends on
+  algorithms that have moved to the legacy provider described above; if
+  OpenSSL has been compiled without the legacy provider, the tests
+  t/local/33_x509_create_cert.t and t/local/63_ec_key_generate_key.t will
+  fail when the test suite is run.
+  - TLS 1.1 and below may only be used at security level 0 as of OpenSSL
+  3.0.0; if a minimum required security level is imposed (e.g. in an
+  OpenSSL configuration file managed by the operating system), the tests
+  t/local/44_sess.t and t/local/45_exporter.t will fail when the test suite
+  is run.
+  - Net::SSLeay now supports stable releases of LibreSSL from the 3.2 - 3.4
+  series (with the exception of 3.2.2 and 3.2.3 - see "COMPATIBILITY" in the
+  Net::SSLeay module documentation for details).
+  - The TLS 1.3 implementation in LibreSSL 3.1 - 3.3, parts of which are
+  enabled by default, is not fully compatible with the libssl API and may
+  not function as expected with Net::SSLeay; see "KNOWN BUGS AND CAVEATS"
+  in the Net::SSLeay module documentation for details.
+  - A number of new libcrypto/libssl constants and functions are now exposed,
+  including SSL_CTX_set_keylog_callback() and SSL_CTX_set_msg_callback(),
+  which are helpful when debugging TLS handshakes. See the release notes for
+  the 1.91 developer releases below for a full list of newly-exposed
+  constants and functions.
+  1.91_03 2022-01-10
+  - Avoid misclassifying Clang as GCC in Test::Net::SSLeay's can_thread()
+  function. This fixes test failures in 61_threads-cb-crash.t and
+  62_threads-ctx_new-deadlock.t on OpenBSD and FreeBSD (and possibly other OSes
+  too). Fixes GH-350.
+  - Add the following constants for OpenSSL_version():
+  - OPENSSL_CPU_INFO
+  - OPENSSL_FULL_VERSION_STRING
+  - OPENSSL_MODULES_DIR
+  - OPENSSL_VERSION_STRING
+  These constants are new in OpenSSL 3.0.0 release.
+  - Update test 03_use.t to print information returned by the new constants.
+  - Add more information to 03_use.t print output, including printing
+  OPENSSL_VERSION_NUMBER as a 32bit hex number.
+  - Add the following constants for OPENSSL_info() added in OpenSSL 3.0.0.
+  - OPENSSL_INFO_CONFIG_DIR
+  - OPENSSL_INFO_CPU_SETTINGS
+  - OPENSSL_INFO_DIR_FILENAME_SEPARATOR
+  - OPENSSL_INFO_DSO_EXTENSION
+  - OPENSSL_INFO_ENGINES_DIR
+  - OPENSSL_INFO_LIST_SEPARATOR
+  - OPENSSL_INFO_MODULES_DIR
+  - OPENSSL_INFO_SEED_SOURCE
+  - Expose OPENSSL_info(), OPENSSL_version_major(),
+  OPENSSL_version_minor(), OPENSSL_version_patch(),
+  OPENSSL_version_pre_release() and
+  OPENSSL_version_build_metadata() added in OpenSSL
+  3.0.0. Update 03_use.t diagnostics and 04_basic.t tests to
+  use these functions.
+  - Clarify documentation of OpenSSL_version_num(), SSLeay(),
+  SSLeay_version() and OpenSSL_version().
+  - Add notes to OpenSSL_version_num() and SSLeay() on how to
+  determine if the library is OpenSSL or LibreSSL and how to
+  interpret the version number these functions return.
+  - Add constants OPENSSL_VERSION_MAJOR, OPENSSL_VERSION_MINOR
+  and OPENSSL_VERSION_PATCH. Update
+  OPENSSL_version_major/minor/patch documentation to describe
+  how these library functions relate to Net-SSLeay compile
+  time constants. Add tests to verify the constants and
+  functions return equal values.
+  1.91_02 2021-12-29
+  - On OpenVMS, detect vendor SSL111 product based on OpenSSL 1.1.x.
+  - Cast the return value of OCSP_SINGLERESP_get0_id to fix a
+  const/non-const mismatch warning that broke the build on OpenVMS.
+  - Create SSL_CTXs with Test::Net::SSLeay's new_ctx() function for tests that
+  are broken with LibreSSL 3.2. Partially fixes GH-232.
+  - In 36_verify.t, account for the presence of the X509_V_FLAG_LEGACY_VERIFY
+  flag (signalling the use of the legacy X.509 verifier) in LibreSSL 3.2
+  versions from 3.2.4 onwards. Fixes the remainder of GH-232.
+  - Note in the Net::SSLeay documentation that the TLS 1.3 implementation in
+  LibreSSL 3.1 - 3.3, parts of which are enabled by default, is not
+  libssl-compatible. See the "KNOWN BUGS AND CAVEATS" section of
+  lib/Net/SSLeay.pod for details.
+  - Add constants for, but not limited to,
+  SSL_CTX_set_msg_callback and SSL_set_msg_callback functions:
+  SSL3_RT_* for record content types, SSL3_MT_* for Handshake
+  and ChangeCipherSpec message types, SSL2_VERSION to
+  complement the list of existing SSL and TLS version
+  constants and SSL2_MT_* for SSLv2 Handshake messages.
+  - Expose SSL_CTX_set_keylog_callback and
+  SSL_CTX_get_keylog_callback available with OpenSSL 1.1.1pre1
+  and later.
+  - Enhance 10_rand.t RAND_file_name tests: tests are no longer
+  affected by the runtime environment variables, HOME and
+  RANDFILE. These variables are insted controlled by the tests
+  with local %ENV. Problems related to RAND_file_name were
+  discussed in Github issue GH-152, and there might still be
+  cases when, for example, setuid is used because of OpenSSL's
+  use of glibc secure_getenv() and related functions. Address
+  RAND_file_name differences between OpenSSL versions. Note in
+  SSLeay.pod that RAND_file_name() can return undef with
+  LibreSSL and recent OpenSSL versions.
+  - Removed the following exportable symbols from SSLeay.pm:
+  - SESSION, clear_error and err have never been defined.
+  - add_session, flush_sessions and remove_session were
+  removed in Net::SSLeay 1.04
+  - Undocumented X509_STORE_CTX_set_flags() was removed in
+  Net::SSLeay 1.37 when X509_VERIFY_PARAM_* functions were
+  added. These are preferred over directly setting the flags.
+  - Clarified Changes entry for release 1.75 to state that
+  CTX_v2_new is not removed from Net::SSLeay. SSLv2 is
+  completely removed in OpenSSL 1.1.0.
+  - Beginning with OpenSSL 3.0.0-alpha17, SSL_CTX_get_options()
+  and related functions return uint64_t instead of long. For
+  this reason constant() in constant.c and Net::SSLeay must
+  also be able to return 64bit constants. Add uint64_t
+  definitions to typemap file and update constant() and
+  options functions to use uint64_t with OpenSSL 3.0.0 and
+  later when Perl is compiled with 64bit integers. With 32bit
+  integers, the functions remain as they are: constant()
+  functions return double and options functions return
+  long. This partially fixes GH-315, 32bit integer Perls need
+  to be handled separately.
+  - Work around macOS Monterey build failure during 'perl
+  Makefile.PL' that causes perl to exit with 'WARNING:
+  .../perl is loading libcrypto in an unsafe way' or similar
+  message. This fixes GH-329. Thanks to Daniel J. Luke for the
+  report and John Napiorkowski for additional help.
+  1.91_01 2021-10-24
+  - Correct X509_STORE_CTX_init() return value to integer. Previous
+  versions of Net::SSLeay return nothing.
+  - Update tests to call close() to avoid problems seen with
+  test 44_sess.t, and possibly other tests, running on older
+  Windows Perl versions. Also add some missing calls in tests
+  to shutdown and free ssl structures.
+  - Fix multiple formatting errors in the documentation for Net::SSLeay.
+  Thanks to John Jetmore.
+  - Check for presence of libssl headers in Makefile.PL, and exit with an
+  error instead of generating an invalid Makefile if they cannot be found.
+  Fixes RT#105189. Thanks to James E Keenan for the report.
+  - Added support for SSL_CTX_set_msg_callback/SSL_set_msg_callback
+  Thanks to Tim Aerts.
+  - Adjust time in ASN1_TIME_timet based on current offset to GMT to
+  address GH-148. Thanks to Steffen Ullrich.
+  - Multiple updates to tests to match OpenSSL 3.0 behaviour.
+  Thanks to Michal Josef Špaček.
+  - OpenSSL 3.0 related changes in tests include:
+  - TLSv1 and TLSv1.1 require security level 0 starting with 3.0 alpha 5.
+  - SSL_CTX_set_ciphersuites() and SSL_set_ciphersuites() ignore
+  unknown ciphersuites starting with 3.0 alpha 11.
+  - Error code and error string packing and formatting changes.
+  - PEM_get_string_PrivateKey default algorithm requires legacy provider.
+  - See OpenSSL manual page migration_guide(7) for more information about
+  changes in OpenSSL 3.0.
+  - Automatically detect OpenSSL installed via Homebrew on ARM-based macOS
+  systems. Thanks to Graham Knop for the patch.
+  - Account for the divergence in TLSv1.3 ciphersuite names between OpenSSL and
+  LibreSSL, which was causing failures of some TLSv1.3 tests with LibreSSL.
+  - In 36_verify.t, account for the presence of the X509_V_FLAG_LEGACY_VERIFY
+  flag (signalling the use of the legacy X.509 verifier) in LibreSSL 3.3.2 and
+  above.
+  - In 43_misc_functions.t, account for the fact that LibreSSL 3.2.0 and above
+  implement TLSv1.3 without exposing a TLS1_3_VERSION constant.
+  - Expose OpenSSL 3.0 functions
+  OSSL_LIB_CTX_get0_global_default, OSSL_PROVIDER_load,
+  OSSL_PROVIDER_try_load, OSSL_PROVIDER_unload,
+  OSSL_PROVIDER_available, OSSL_PROVIDER_do_all
+  OSSL_PROVIDER_get0_name and OSSL_PROVIDER_self_test.
+  Add test files 22_provider.t, 22_provider_try_load.t and
+  22_provider_try_load_zero_retain.t.
+  - With OpenSSL 3.0 and later, the legacy provider is loaded in
+  33_x509_create_cert.t to allow PEM_get_string_PrivateKey to
+  continue working until its default encryption method is
+  updated. Fixes GH-272 and closes GH-273.
+  - Remove the test suite's optional dependency on the non-core modules
+  Test::Exception, Test::NoWarnings and Test::Warn. Tests that verify
+  Net::SSLeay's behaviour when errors occur are now executed regardless of the
+  availability of these modules.
+  - Fully automate the process of changing the list of constants exported by
+  Net::SSLeay. Fixes GH-313.
+  - Perform function autoloading tests in the test suite. Fixes GH-311.
+  - In 36_verify.t, account for the fact that the X509_V_FLAG_LEGACY_VERIFY flag
+  (signalling the use of the legacy X.509 verifier) is no longer exposed as of
+  LibreSSL 3.4.1. Fixes GH-324.
+
+- Fix cpanspec.yml
+
+- Fix cpanspec.yml preamble section.
+
+- Fix autoupdate build:
+  * Add required build and test dependencies
+  * Update spec file and add cpanspec.yml
+
+- update to 1.90:
+  - New stable release incorporating all changes from developer releases
+    1.89_01 to 1.89_05.
+  - Summary of major changes since version 1.88:
+  - Formalised libssl version support policy: all stable versions of OpenSSL
+  in the 0.9.8 - 1.1.1 branches (with the exception of 0.9.8 - 0.9.8b) and
+  all stable releases of LibreSSL in the 2.0 - 3.1 series are supported.
+  The LibreSSL 3.2 series is not yet fully supported because its TLSv1.3
+  implementation is not currently libssl-compatible.
+  - Added support for LibreSSL on Windows when built with Visual C++.
+  - Exposed P_X509_CRL_add_extensions, several SSL_CIPHER functions, and
+  several stack functions.
+  - Fixed crashes in the callback functions CTX_set_next_proto_select_cb and
+  CTX_set_alpn_select_cb.
+  - The test suite is now compatible with OpenSSL 1.1.1e onwards, as well as
+  OpenSSL security level 2 (the default on many Linux distributions).
+
postgresql16
+- Upgrade to 16.2:
+  * bsc#1219679, CVE-2024-0985: Tighten security restrictions
+    within REFRESH MATERIALIZED VIEW CONCURRENTLY.
+    One step of a concurrent refresh command was run under weak
+    security restrictions. If a materialized view's owner could
+    persuade a superuser or other high-privileged user to perform a
+    concurrent refresh on that view, the view's owner could control
+    code executed with the privileges of the user running REFRESH.
+    Fix things so that all user-determined code is run as the
+    view's owner, as expected
+  * If you use GIN indexes, you may need to reindex after updating
+    to this release.
+  * LLVM 18 is now supported.
+  * https://www.postgresql.org/docs/release/16.2/
+
protobuf
-- Fix a potential DoS issue in protobuf-cpp and protobuf-python,
-  CVE-2022-1941, bsc#1203681
-  * Add protobuf-CVE-2022-1941.patch
-- Fix a potential DoS issue when parsing with binary data in
-  protobuf-java, CVE-2022-3171, bsc#1204256
-  * Add protobuf-CVE-2022-3171.patch
-- Refresh protobuf-CVE-2021-22570.patch
-- Backport changes from 3.16.x tree for apply recent CVE patches
-  * Add protobuf-51026d922970e06475f005b39287963594134b96.patch
-  * Add protobuf-6ee16a9c60e734104aeb738503fe3f411c97bd88.patch
-  * Add protobuf-73e0d748b9acdc40b693f2879ce82ecb1a849b81.patch
-  * Add protobuf-7bff8393cab939bfbb9b5c69b3fe76b4d83c41ee.patch
-  * Add protobuf-4f02f056b5cea99052bfdfb6698afe47a3cf2964.patch
-  * Add protobuf-763c3588740b97e8e80b1b1a1a2dc4f417647133.patch
-  * Add protobuf-6c92f9dff1807c142edf6780d775b58a3b078591.patch
-  * Add protobuf-4e93585e8bb234efeacb7737b8d080968c5ab91e.patch
-  * Add protobuf-58d4420e2dd8a3cd354fff9db0052881c25369ce.patch
-- Reorganize patch set ordering
-
-- Fix potential Denial of Service in protobuf-java in the parsing procedure
-  for binary data, CVE-2021-22569, bsc#1194530
-  * Add protobuf-improve-performance-of-parsing-unknown-fields-in-Java.patch
-
-- Fix incorrect parsing of nullchar in the proto symbol, CVE-2021-22570,
-  bsc#1195258
-  * Add protobuf-CVE-2021-22570.patch
+- update to 25.1:
+  * Raise warnings for deprecated python syntax usages
+  * Add support for extensions in CRuby, JRuby, and FFI Ruby
+  * Add support for options in CRuby, JRuby and FFI (#14594)
+- update to 25.0:
+  * Implement proto2/proto3 with editions
+  * Defines Protobuf compiler version strings as macros and
+    separates out suffix string definition.
+  * Add utf8_validation feature back to the global feature set.
+  * Setting up version updater to prepare for poison pills and
+    embedding version info into C++, Python and Java gencode.
+  * Merge the protobuf and upb Bazel repos
+  * Editions: Introduce functionality to protoc for generating
+    edition feature set defaults.
+  * Editions: Migrate edition strings to enum in C++ code.
+  * Create a reflection helper for ExtensionIdentifier.
+  * Editions: Provide an API for C++ generators to specify their
+    features.
+  * Editions: Refactor feature resolution to use an intermediate
+    message.
+  * Publish extension declarations with declaration
+    verifications.
+  * Editions: Stop propagating partially resolved feature sets to
+    plugins.
+  * Editions: Migrate string_field_validation to a C++ feature
+  * Editions: Include defaults for any features in the generated
+    pool.
+  * Protoc: parser rejects explicit use of map_entry option
+  * Protoc: validate that reserved range start is before end
+  * Protoc: support identifiers as reserved names in addition to
+    string literals (only in editions)
+  * Drop support for Bazel 5.
+  * Allow code generators to specify whether or not they support
+    editions.
+  [#] C++
+  * Set `PROTOBUF_EXPORT` on
+    `InternalOutOfLineDeleteMessageLite()`
+  * Update stale checked-in files
+  * Apply PROTOBUF_NOINLINE to declarations of some functions
+    that want it.
+  * Implement proto2/proto3 with editions
+  * Make JSON UTF-8 boundary check inclusive of the largest
+    possible UTF-8 character.
+  * Reduce `Map::size_type` to 32-bits. Protobuf containers can't
+    have more than that
+  * Defines Protobuf compiler version strings as macros and
+    separates out suffix string definition.
+  * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
+    oneof accessors.
+  * Fix bug in reflection based Swap of map fields.
+  * Add utf8_validation feature back to the global feature set.
+  * Setting up version updater to prepare for poison pills and
+    embedding version info into C++, Python and Java gencode.
+  * Add prefetching to arena allocations.
+  * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
+    repeated and map field accessors.
+  * Editions: Migrate edition strings to enum in C++ code.
+  * Create a reflection helper for ExtensionIdentifier.
+  * Editions: Provide an API for C++ generators to specify their
+    features.
+  * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
+    string field accessors.
+  * Editions: Refactor feature resolution to use an intermediate
+    message.
+  * Fixes for 32-bit MSVC.
+  * Publish extension declarations with declaration
+    verifications.
+  * Export the constants in protobuf's any.h to support DLL
+    builds.
+  * Implement AbslStringify for the Descriptor family of types.
+  * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
+    message field accessors.
+  * Editions: Stop propagating partially resolved feature sets to
+    plugins.
+  * Editions: Migrate string_field_validation to a C++ feature
+  * Editions: Include defaults for any features in the generated
+    pool.
+  * Introduce C++ feature for UTF8 validation.
+  * Protoc: validate that reserved range start is before end
+  * Remove option to disable the table-driven parser in protoc.
+  * Lock down ctype=CORD in proto file.
+  * Support split repeated fields.
+  * In OSS mode omit some extern template specializations.
+  * Allow code generators to specify whether or not they support
+    editions.
+  [#] Java
+  * Implement proto2/proto3 with editions
+  * Remove synthetic oneofs from Java gencode field accessor
+    tables.
+  * Timestamps.parse: Add error handling for invalid
+    hours/minutes in the timezone offset.
+  * Defines Protobuf compiler version strings as macros and
+    separates out suffix string definition.
+  * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
+    oneof accessors.
+  * Add missing debugging version info to Protobuf Java gencode
+    when multiple files are generated.
+  * Fix a bad cast in putBuilderIfAbsent when already present due
+    to using the result of put() directly (which is null if it
+    currently has no value)
+  * Setting up version updater to prepare for poison pills and
+    embedding version info into C++, Python and Java gencode.
+  * Fix a NPE in putBuilderIfAbsent due to using the result of
+    put() directly (which is null if it currently has no value)
+  * Update Kotlin compiler to escape package names
+  * Add MapFieldBuilder and change codegen to generate it and the
+    put{field}BuilderIfAbsent method.
+  * Introduce recursion limit in Java text format parsing
+  * Consider the protobuf.Any invalid if typeUrl.split("/")
+    returns an empty array.
+  * Mark `FieldDescriptor.hasOptionalKeyword()` as deprecated.
+  * Fixed Python memory leak in map lookup.
+  * Loosen upb for json name conflict check in proto2 between
+    json name and field
+  * Defines Protobuf compiler version strings as macros and
+    separates out suffix string definition.
+  * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
+    oneof accessors.
+  * Ensure Timestamp.ToDatetime(tz) has correct offset
+  * Do not check required field for upb python MergeFrom
+  * Setting up version updater to prepare for poison pills and
+    embedding version info into C++, Python and Java gencode.
+  * Merge the protobuf and upb Bazel repos
+  * Comparing a proto message with an object of unknown returns
+    NotImplemented
+  * Emit __slots__ in pyi output as a tuple rather than a list
+    for --pyi_out.
+  * Fix a bug that strips options from descriptor.proto in
+    Python.
+  * Raise warings for message.UnknownFields() usages and navigate
+    to the new add
+  * Add protobuf python keyword support in path for stub
+    generator.
+  * Add tuple support to set Struct
+  * ### Python C-Extension (Default)
+  * Comparing a proto message with an object of unknown returns
+    NotImplemented
+  * Check that ffi-compiler loads before using it to define
+    tasks.
+  [#] UPB (Python/PHP/Ruby C-Extension)
+  * Include .inc files directly instead of through a filegroup
+  * Loosen upb for json name conflict check in proto2 between
+    json name and field
+  * Add utf8_validation feature back to the global feature set.
+  * Do not check required field for upb python MergeFrom
+  * Merge the protobuf and upb Bazel repos
+  * Added malloc_trim() calls to Python allocator so RSS will
+    decrease when memory is freed
+  * Upb: fix a Python memory leak in ByteSize()
+  * Support ASAN detection on clang
+  * Upb: bugfix for importing a proto3 enum from within a proto2
+    file
+  * Expose methods needed by Ruby FFI using UPB_API
+  * Fix `PyUpb_Message_MergeInternal` segfault
-- Fix Requires for python3 to python3-six.
+- build against modern python on sle15
-- Add missing dependency of python subpackages on python-six
-  (bsc#1177127).
+- Build with source and target levels 8
+  * fixes build with JDK21
+- Install the pom file with the new %%mvn_install_pom macro
+- Do not install the pom-only artifacts, since the %%mvn_install_pom
+  macro resolves the variables at the install time
+
+- update to 23.4:
+  * Add dllexport_decl for generated default instance.
+  * Deps: Update Guava to 32.0.1
+
+- update to 23.3:
+  C++
+  * Regenerate stale files
+  * Use the same ABI for static and shared libraries on non-
+    Windows platforms
+  * Add a workaround for GCC constexpr bug
+  Objective-C
+  * Regenerate stale files
+  UPB (Python/PHP/Ruby C-Extension)
+  * Fixed a bug in `upb_Map_Delete()` that caused crashes in
+    map.delete(k) for Ruby when string-keyed maps were in use.
+  Compiler
+  * Add missing header to Objective-c generator
+  * Add a workaround for GCC constexpr bug
+  Java
+  * Rollback of: Simplify protobuf Java message builder by
+    removing methods that calls the super class only.
+  Csharp
+  * [C#] Replace regex that validates descriptor names
+- drop 0001-Use-the-same-ABI-for-static-and-shared-libraries-on-.patch (upstream)
+
+- Add patch to fix linking ThreadSafeArena:
+  * 0001-Use-the-same-ABI-for-static-and-shared-libraries-on-.patch
+- Drop the protobuf-source package, no longer used
+
+- update to 22.5:
+  C++
+  * Add missing cstdint header
+  * Fix: missing -DPROTOBUF_USE_DLLS in pkg-config (#12700)
+  * Avoid using string(JOIN..., which requires cmake 3.12
+  * Explicitly include GTest package in examples
+  * Bump Abseil submodule to 20230125.3 (#12660)
+- update to 22.4:
+  C++
+  * Fix libprotoc: export useful symbols from .so
+  * Fix btree issue in map tests.
+  Python
+  * Fix bug in _internal_copy_files where the rule would fail in
+    downstream repositories.
+  Other
+  * Bump utf8_range to version with working pkg-config (#12584)
+  * Fix declared dependencies for pkg-config
+  * Update abseil dependency and reorder dependencies to ensure
+    we use the version specified in protobuf_deps.
+  * Turn off clang::musttail on i386
+
+- drop python2 handling
+- fix version handling and package the private libs again
+
+- Fix confusion in versions
+
+- Mention the rpmlintrc file in the spec.
+
+- Make possible to build on older systems, like SLE12 that miss
+  some of the used macros.
+
+- update to v22.3
+  UPB (Python/PHP/Ruby C-Extension)
+  * Remove src prefix from proto import
+  * Fix .gitmodules to use the correct absl branch
+  * Remove erroneous dependency on googletest
+- update to 22.2:
+  Java
+  * Add version to intra proto dependencies and add kotlin stdlib
+    dependency
+  * Add $ back for osgi header
+  * Remove $ in pom files
+- update to 22.1:
+  * Add visibility of plugin.proto to python directory
+  * Strip "src" from file name of plugin.proto
+  * Add OSGi headers to pom files.
+  * Remove errorprone dependency from kotlin protos.
+  * Version protoc according to the compiler version number.
+- update to 22.0:
+  * This version includes breaking changes to: Cpp.
+    Please refer to the migration guide for information:
+    https://protobuf.dev/support/migration/#compiler-22
+  * [Cpp] Migrate to Abseil's logging library.
+  * [Cpp] `proto2::Map::value_type` changes to `std::pair`.
+  * [Cpp] Mark final ZeroCopyInputStream, ZeroCopyOutputStream,
+    and DefaultFieldComparator classes.
+  * [Cpp] Add a dependency on Abseil (#10416)
+  * [Cpp] Remove all autotools usage (#10132)
+  * [Cpp] Add C++20 reserved keywords
+  * [Cpp] Dropped C++11 Support
+  * [Cpp] Delete Arena::Init
+  * [Cpp] Replace JSON parser with new implementation
+  * [Cpp] Make RepeatedField::GetArena non-const in order to
+    support split RepeatedFields.
+  * long list of bindings specific fixes see
+    https://github.com/protocolbuffers/protobuf/releases/tag/v22.0
+- python sub packages version is set 4.22.3 as defined in
+  python/google/protobuf/__init__.py to stay compatible
+- skip python2 builds by default
+- drop patches:
+  * 10355.patch,
+  * gcc12-disable-__constinit-with-c++-11.patch (merged upstream)
+- added patches:
+  * add-missing-stdint-header.patch   added for compile fixes
+
+- Enable LTO (boo#1133277).
+
+- update to v21.12:
+  * Python
+  * Fix broken enum ranges (#11171)
+  * Stop requiring extension fields to have a sythetic oneof (#11091)
+  * Python runtime 4.21.10 not works generated code can not load valid
+    proto.
+
+- update to 21.11:
+  * Python
+  * Add license file to pypi wheels (#10936)
+  * Fix round-trip bug (#10158)
+
+- update to 21.10:
+  * Java
+  * Use bit-field int values in buildPartial to skip work on unset groups of
+    fields. (#10960)
+  * Mark nested builder as clean after clear is called (#10984)
+
+- update to 21.9:
+  * Ruby
+  * Replace libc strdup usage with internal impl to restore musl compat (#10818)
+  * Auto capitalize enums name in Ruby (#10454) (#10763)
+  * Other
+  * Fix for grpc.tools #17995 & protobuf #7474 (handle UTF-8 paths in argumentfile) (#10721)
+  * C++
+  * 21.x No longer define no_threadlocal on OpenBSD (#10743)
+  * Java
+  * Mark default instance as immutable first to avoid race during static initialization of default instances (#10771)
+  * Refactoring java full runtime to reuse sub-message builders and prepare to
+    migrate parsing logic from parse constructor to builder.
+  * Move proto wireformat parsing functionality from the private "parsing
+    constructor" to the Builder class.
+  * Change the Lite runtime to prefer merging from the wireformat into mutable
+    messages rather than building up a new immutable object before merging. This
+    way results in fewer allocations and copy operations.
+  * Make message-type extensions merge from wire-format instead of building up
+    instances and merging afterwards. This has much better performance.
+  * Fix TextFormat parser to build up recurring (but supposedly not repeated)
+    sub-messages directly from text rather than building a new sub-message and
+    merging the fully formed message into the existing field.
+
+- update to 21.6:
+  C++:
+  * Reduce memory consumption of MessageSet parsing
+
+- update to 21.5:
+  PHP
+  * Added getContainingOneof and getRealContainingOneof to descriptor.
+  * fix PHP readonly legacy files for nested messages
+  Python
+  * Fixed comparison of maps in Python.
+
+- add 10355.patch to fix soversioning
+
+- update to 21.4:
+  * Reduce the required alignment of ArenaString from 8 to 4
+
+- update to 21.3:
+  * C++
+  * Add header search paths to Protobuf-C++.podspec (#10024)
+  * Fixed Visual Studio constinit errors (#10232)
+  * Fix #9947: make the ABI compatible between debug and non-debug builds (#10271)
+  * UPB
+  * Allow empty package names (fixes behavior regression in 4.21.0)
+  * Fix a SEGV bug when comparing a non-materialized sub-message (#10208)
+  * Fix several bugs in descriptor mapping containers (eg. descriptor.services_by_name)
+  * for x in mapping now yields keys rather than values, to match Python
+    conventions and the behavior of the old library.
+  * Lookup operations now correctly reject unhashable types as map keys.
+  * We implement repr() to use the same format as dict.
+  * Fix maps to use the ScalarMapContainer class when appropriate
+  * Fix bug when parsing an unknown value in a proto2 enum extension (protocolbuffers/upb#717)
+  * PHP
+  * Add "readonly" as a keyword for PHP and add previous classnames to descriptor pool (#10041)
+  * Python
+  * Make //:protobuf_python and //:well_known_types_py_pb2 public (#10118)
+  * Bazel
+  * Add back a filegroup for :well_known_protos (#10061)
+
+- Update to 21.2:
+- C++
+  - cmake: Call get_filename_component() with DIRECTORY mode instead of PATH mode (#9614)
+  - Escape GetObject macro inside protoc-generated code (#9739)
+  - Update CMake configuration to add a dependency on Abseil (#9793)
+  - Fix cmake install targets (#9822)
+  - Use __constinit only in GCC 12.2 and up (#9936)
+- Java
+  - Update protobuf_version.bzl to separate protoc and per-language java … (#9900)
+- Python
+  - Increment python major version to 4 in version.json for python upb (#9926)
+  - The C extension module for Python has been rewritten to use the upb library.
+  - This is expected to deliver significant performance benefits, especially when
+    parsing large payloads. There are some minor breaking changes, but these
+    should not impact most users. For more information see:
+    https://developers.google.com/protocol-buffers/docs/news/2022-05-06#python-updates
+- PHP
+  - [PHP] fix PHP build system (#9571)
+  - Fix building packaged PHP extension (#9727)
+  - fix: reserve "ReadOnly" keyword for PHP 8.1 and add compatibility (#9633)
+  - fix: phpdoc syntax for repeatedfield parameters (#9784)
+  - fix: phpdoc for repeatedfield (#9783)
+  - Change enum string name for reserved words (#9780)
+  - chore: [PHP] fix phpdoc for MapField keys (#9536)
+  - Fixed PHP SEGV by not writing to shared memory for zend_class_entry. (#9996)
+- Ruby
+  - Allow pre-compiled binaries for ruby 3.1.0 (#9566)
+  - Implement respond_to? in RubyMessage (#9677)
+  - [Ruby] Fix RepeatedField#last, #first inconsistencies (#9722)
+  - Do not use range based UTF-8 validation in truffleruby (#9769)
+  - Improve range handling logic of RepeatedField (#9799)
+- Other
+  - Fix invalid dependency manifest when using descriptor_set_out (#9647)
+  - Remove duplicate java generated code (#9909)
+
+- Do not use %%autosetup, but %%setup and %%patch on other line
+  * Allows building on SLE-12-SP5
+
+- Add temporary patch gcc12-disable-__constinit-with-c++-11.patch
+  that addresses gh#protocolbuffers/protobuf#9916.
+
+- Remove change_desc_db.patch, because underlying bug in
+  gh#googleapis/python-api-core#372 has been fixed.
+
+- Update to 3.20.1:
+  - PHP
+  - Fix building packaged PHP extension (#9727)
+  - Fixed composer.json to only advertise compatibility with
+    PHP 7.0+. (#9819)
+  - Ruby
+  - Disable the aarch64 build on macOS until it can be fixed. (#9816)
+  - Other
+  - Fix versioning issues in 3.20.0
+- Update to 3.20.1:
+  - Ruby
+  - Dropped Ruby 2.3 and 2.4 support for CI and releases.
+    (#9311)
+  - Added Ruby 3.1 support for CI and releases (#9566).
+  - Message.decode/encode: Add recursion_limit option
+    (#9218/#9486)
+  - Allocate with xrealloc()/xfree() so message allocation is
+    visible to the
+  - Ruby GC. In certain tests this leads to much lower memory
+    usage due to more
+  - frequent GC runs (#9586).
+  - Fix conversion of singleton classes in Ruby (#9342)
+  - Suppress warning for intentional circular require (#9556)
+  - JSON will now output shorter strings for double and float
+    fields when possible
+  - without losing precision.
+  - Encoding and decoding of binary format will now work
+    properly on big-endian
+  - systems.
+  - UTF-8 verification was fixed to properly reject surrogate
+    code points.
+  - Unknown enums for proto2 protos now properly implement
+    proto2's behavior of
+  - putting such values in unknown fields.
+  - Java
+  - Revert "Standardize on Array copyOf" (#9400)
+  - Resolve more java field accessor name conflicts (#8198)
+  - Fix parseFrom to only throw InvalidProtocolBufferException
+  - InvalidProtocolBufferException now allows arbitrary wrapped
+    Exception types.
+  - Fix bug in FieldSet.Builder.mergeFrom
+  - Flush CodedOutputStream also flushes underlying
+    OutputStream
+  - When oneof case is the same and the field type is Message,
+    merge the
+  - subfield. (previously it was replaced.)’
+  - Add @CheckReturnValue to some protobuf types
+  - Report original exceptions when parsing JSON
+  - Add more info to @deprecated javadoc for set/get/has
+    methods
+  - Fix initialization bug in doc comment line numbers
+  - Fix comments for message set wire format.
+  - Kotlin
+  - Add test scope to kotlin-test for protobuf-kotlin-lite
+    (#9518)
+  - Add orNull extensions for optional message fields.
+  - Add orNull extensions to all proto3 message fields.
+  - Python
+  - Dropped support for Python < 3.7 (#9480)
+  - Protoc is now able to generate python stubs (.pyi) with
+  - -pyi_out
+  - Pin multibuild scripts to get manylinux1 wheels back
+    (#9216)
+  - Fix type annotations of some Duration and Timestamp
+    methods.
+  - Repeated field containers are now generic in field types
+    and could be used in type annotations.
+  - Protobuf python generated codes are simplified. Descriptors
+    and message classes' definitions are now dynamic created in
+    internal/builder.py.
+  - Insertion Points for messages classes are discarded.
+  - has_presence is added for FieldDescriptor in python
+  - Loosen indexing type requirements to allow valid index()
+    implementations rather than only PyLongObjects.
+  - Fix the deepcopy bug caused by not copying
+    message_listener.
+  - Added python JSON parse recursion limit (default 100)
+  - Path info is added for python JSON parse errors
+  - Pure python repeated scalar fields will not able to pickle.
+    Convert to list first.
+  - Timestamp.ToDatetime() now accepts an optional tzinfo
+    parameter. If specified, the function returns
+    a timezone-aware datetime in the given time zone. If
+    omitted or None, the function returns a timezone-naive UTC
+    datetime (as previously).
+  - Adds client_streaming and server_streaming fields to
+    MethodDescriptor.
+  - Add "ensure_ascii" parameter to json_format.MessageToJson.
+    This allows smaller JSON serializations with UTF-8 or other
+    non-ASCII encodings.
+  - Added experimental support for directly assigning numpy
+    scalars and array.
+  - Improve the calculation of public_dependencies in
+    DescriptorPool.
+  - [Breaking Change] Disallow setting fields to numpy
+    singleton arrays or repeated fields to numpy
+    multi-dimensional arrays. Numpy arrays should be indexed or
+    flattened explicitly before assignment.
+  - Compiler
+  - Migrate IsDefault(const std::string*) and
+    UnsafeSetDefault(const std::string*)
+  - Implement strong qualified tags for TaggedPtr
+  - Rework allocations to power-of-two byte sizes.
+  - Migrate IsDefault(const std::string*) and
+    UnsafeSetDefault(const std::string*)
+  - Implement strong qualified tags for TaggedPtr
+  - Make TaggedPtr Set...() calls explicitly spell out the
+    content type.
+  - Check for parsing error before verifying UTF8.
+  - Enforce a maximum message nesting limit of 32 in the
+    descriptor builder to
+  - guard against stack overflows
+  - Fixed bugs in operators for RepeatedPtrIterator
+  - Assert a maximum map alignment for allocated values
+  - Fix proto1 group extension protodb parsing error
+  - Do not log/report the same descriptor symbol multiple
+    times if it contains
+  - more than one invalid character.
+  - Add UnknownFieldSet::SerializeToString and
+    SerializeToCodedStream.
+  - Remove explicit default pointers and deprecated API from
+    protocol compiler
+  - Arenas
+  - Change Repeated*Field to reuse memory when using arenas.
+  - Implements pbarenaz for profiling proto arenas
+  - Introduce CreateString() and CreateArenaString() for
+    cleaner semantics
+  - Fix unreferenced parameter for MSVC builds
+  - Add UnsafeSetAllocated to be used for one-of string
+    fields.
+  - Make Arena::AllocateAligned() a public function.
+  - Determine if ArenaDtor related code generation is
+    necessary in one place.
+  - Implement on demand register ArenaDtor for
+    InlinedStringField
+  - C++
+  - Enable testing via CTest (#8737)
+  - Add option to use external GTest in CMake (#8736)
+  - CMake: Set correct sonames for libprotobuf-lite.so and
+    libprotoc.so (#8635) (#9529)
+  - Add cmake option protobuf_INSTALL to not install files
+    (#7123)
+  - CMake: Allow custom plugin options e.g. to generate mocks
+    (#9105)
+  - CMake: Use linker version scripts (#9545)
+  - Manually *struct Cord fields to work better with arenas.
+  - Manually destruct map fields.
+  - Generate narrower code
+  - Fix #9378 by removing
+  - shadowed cached_size field
+  - Remove GetPointer() and explicit nullptr defaults.
+  - Add proto_h flag for speeding up large builds
+  - Add missing overload for reference wrapped fields.
+  - Add MergedDescriptorDatabase::FindAllFileNames()
+  - RepeatedField now defines an iterator type instead of
+    using a pointer.
+  - Remove obsolete macros GOOGLE_PROTOBUF_HAS_ONEOF and
+    GOOGLE_PROTOBUF_HAS_ARENAS.
+  - PHP
+  - Fix: add missing reserved classnames (#9458)
+  - PHP 8.1 compatibility (#9370)
+  - C#
+  - Fix trim warnings (#9182)
+  - Fixes NullReferenceException when accessing
+    FieldDescriptor.IsPacked (#9430)
+  - Add ToProto() method to all descriptor classes (#9426)
+  - Add an option to preserve proto names in JsonFormatter
+    (#6307)
+  - Objective-C
+  - Add prefix_to_proto_package_mappings_path option. (#9498)
+  - Rename proto_package_to_prefix_mappings_path to
+    package_to_prefix_mappings_path. (#9552)
+  - Add a generation option to control use of forward
+    declarations in headers. (#9568)
+- Add change_desc_db.patch to fix
+  gh#googleapis/python-api-core#372 and
+  gh#protocolbuffers/protobuf#9867
+
+- Change Requires: zlib-devel to pkgconfig(zlib) so as not to conflict with libz-ng-compat1.
+
+- update to 3.19.4:
+  Python:
+  * Make libprotobuf symbols local on OSX to fix issue #9395 (#9435)
+  Ruby:
+  * Fixed a data loss bug that could occur when the number of optional fields
+    in a message is an exact multiple of 32
+  PHP:
+  * Fixed a data loss bug that could occur when the number of optional fields
+    in a message is an exact multiple of 32.
+
+- Update to 3.19.3:
+  C++:
+  * Make proto2::Message::DiscardUnknownFields() non-virtual
+  * Separate RepeatedPtrField into its own header file
+  * For default floating point values of 0, consider all bits significant
+  * Fix shadowing warnings
+  * Fix for issue #8484, constant initialization doesn't compile in msvc clang-cl environment
+  Java:
+  * Improve performance characteristics of UnknownFieldSet parsing
+  * For default floating point values of 0, consider all bits significant
+  * Annotate //java/com/google/protobuf/util/... with nullness annotations
+  * Use ArrayList copy constructor
+  Bazel:
+  * Ensure that release archives contain everything needed for Bazel
+  * Align dependency handling with Bazel best practices
+  Javascript:
+  * Fix ReferenceError: window is not defined when getting the global object
+  Ruby:
+  * Fix memory leak in MessageClass.encode
+  * Override Map.clone to use Map's dup method
+  * Ruby: build extensions for arm64-darwin
+  * Add class method Timestamp.from_time to ruby well known types
+  * Adopt pure ruby DSL implementation for JRuby
+  * Add size to Map class
+  * Fix for descriptor_pb.rb: google/protobuf should be required first
+  Python:
+  * Proto2 DecodeError now includes message name in error message
+  * Make MessageToDict convert map keys to strings
+  * Add python-requires in setup.py
+  * Add python 3.10
+
+- Remove two build requires that are not needed
+
+- Update to 3.17.3:
+  C++
+  * Introduce FieldAccessListener.
+  * Stop emitting boilerplate {Copy/Merge}From in each ProtoBuf class
+  * Provide stable versions of SortAndUnique().
+  * Make sure to cache proto3 optional message fields when they are cleared.
+  * Expose UnsafeArena methods to Reflection.
+  * Use std::string::empty() rather than std::string::size() > 0.
+  * [Protoc] C++ Resolved an issue where NO_DESTROY and CONSTINIT are in incorrect order (#8296)
+  * Fix PROTOBUF_CONSTINIT macro redefinition (#8323)
+  * Delete StringPiecePod (#8353)
+  * Create a CMake option to control whether or not RTTI is enabled (#8347)
+  * Make util::Status more similar to absl::Status (#8405)
+  * The ::pb namespace is no longer exposed due to conflicts.
+  * Allow MessageDifferencer::TreatAsSet() (and friends) to override previous
+  calls instead of crashing.
+  * Reduce the size of generated proto headers for protos with string or
+  bytes fields.
+  * Move arena() operation on uncommon path to out-of-line routine
+  * For iterator-pair function parameter types, take both iterators by value.
+  * Code-space savings and perhaps some modest performance improvements in
+  * RepeatedPtrField.
+  * Eliminate nullptr check from every tag parse.
+  * Remove unused _$name$cached_byte_size fields.
+  * Serialize extension ranges together when not broken by a proto field in the
+  middle.
+  * Do out-of-line allocation and deallocation of string object in ArenaString.
+  * Streamline ParseContext::ParseMessage to avoid code bloat and improve
+  performance.
+  * New member functions RepeatedField::Assign, RepeatedPtrField::{Add, Assign}.
+  on an error path.
+  * util::DefaultFieldComparator will be final in a future version of protobuf.
+  * Subclasses should inherit from SimpleFieldComparator instead.
+  Kotlin
+  * Introduce support for Kotlin protos (#8272)
+  * Restrict extension setter and getter operators to non-nullable T.
+  Java
+  * Fixed parser to check that we are at a proper limit when a sub-message has
+  finished parsing.
+  * updating GSON and Guava to more recent versions (#8524)
+  * Reduce the time spent evaluating isExtensionNumber by storing the extension
+  ranges in a TreeMap for faster queries. This is particularly relevant for
+  protos which define a large number of extension ranges, for example when
+  each tag is defined as an extension.
+  * Fix java bytecode estimation logic for optional fields.
+  * Optimize Descriptor.isExtensionNumber.
+  * deps: update JUnit and Truth (#8319)
+  * Detect invalid overflow of byteLimit and return InvalidProtocolBufferException as documented.
+  * Exceptions thrown while reading from an InputStream in parseFrom are now
+  included as causes.
+  * Support potentially more efficient proto parsing from RopeByteStrings.
+  * Clarify runtime of ByteString.Output.toStringBuffer().
+  * Added UnsafeByteOperations to protobuf-lite (#8426)
+  Python
+  * Add MethodDescriptor.CopyToProto() (#8327)
+  * Remove unused python_protobuf.{cc,h} (#8513)
+  * Start publishing python aarch64 manylinux wheels normally (#8530)
+  * Fix constness issue detected by MSVC standard conforming mode (#8568)
+  * Make JSON parsing match C++ and Java when multiple fields from the same
+  oneof are present and all but one is null.
+  * Fix some constness / char literal issues being found by MSVC standard conforming mode (#8344)
+  * Switch on "new" buffer API (#8339)
+  * Enable crosscompiling aarch64 python wheels under dockcross manylinux docker image (#8280)
+  * Fixed a bug in text format where a trailing colon was printed for repeated field.
+  * When TextFormat encounters a duplicate message map key, replace the current
+  one instead of merging.
+  Ruby
+  * Add support for proto3 json_name in compiler and field definitions (#8356)
+  * Fixed memory leak of Ruby arena objects. (#8461)
+  * Fix source gem compilation (#8471)
+  * Fix various exceptions in Ruby on 64-bit Windows (#8563)
+  * Fix crash when calculating Message hash values on 64-bit Windows (#8565)
+  General
+  * Support M1 (#8557)
+
+- Update to 3.15.8:
+  - Fixed memory leak of Ruby arena objects (#8461)
+
+- update to 3.15.7:
+  C++
+  * Remove the ::pb namespace (alias) (#8423)
+  Ruby
+  * Fix unbounded memory growth for Ruby <2.7 (#8429)
+  * Fixed message equality in cases where the message type is different (#8434)
+
+- Can't assume non-existence of python38 macros in Leap.
+  gh#openSUSE/python-rpm-macros#107
+  Test for suse_version instead. Only Tumbleweed has and needs the
+  python_subpackage_only support.
+
+- update to 3.15.6:
+  Ruby
+  * Fixed bug in string comparison logic (#8386)
+  * Fixed quadratic memory use in array append (#8379)
+  * Fixed SEGV when users pass nil messages (#8363)
+  * Fixed quadratic memory usage when appending to arrays (#8364)
+  * Ruby <2.7 now uses WeakMap too, which prevents memory leaks. (#8341)
+  * Fix for FieldDescriptor.get(msg) (#8330)
+  * Bugfix for Message.[] for repeated or map fields (#8313)
+  PHP
+  * read_property() handler is not supposed to return NULL (#8362)
+  Protocol Compiler
+  * Optional fields for proto3 are enabled by default, and no longer require
+    the --experimental_allow_proto3_optional flag.
+  C++
+  * Do not disable RTTI by default in the CMake build (#8377)
+  * Create a CMake option to control whether or not RTTI is enabled (#8361)
+  * Fix PROTOBUF_CONSTINIT macro redefinition (#8323)
+  * MessageDifferencer: fixed bug when using custom ignore with multiple
+    unknown fields
+  * Use init_seg in MSVC to push initialization to an earlier phase.
+  * Runtime no longer triggers -Wsign-compare warnings.
+  * Fixed -Wtautological-constant-out-of-range-compare warning.
+  * DynamicCastToGenerated works for nullptr input for even if RTTI is disabled
+  * Arena is refactored and optimized.
+  * Clarified/specified that the exact value of Arena::SpaceAllocated() is an
+    implementation detail users must not rely on. It should not be used in
+    unit tests.
+  * Change the signature of Any::PackFrom() to return false on error.
+  * Add fast reflection getter API for strings.
+  * Constant initialize the global message instances
+  * Avoid potential for missed wakeup in UnknownFieldSet
+  * Now Proto3 Oneof fields have "has" methods for checking their presence in
+    C++.
+  * Bugfix for NVCC
+  * Return early in _InternalSerialize for empty maps.
+  * Adding functionality for outputting map key values in proto path logging
+    output (does not affect comparison logic) and stop printing 'value' in the
+    path. The modified print functionality is in the
+    MessageDifferencer::StreamReporter.
+  * Fixed https://github.com/protocolbuffers/protobuf/issues/8129
+  * Ensure that null char symbol, package and file names do not result in a
+    crash.
+  * Constant initialize the global message instances
+  * Pretty print 'max' instead of numeric values in reserved ranges.
+  * Removed remaining instances of std::is_pod, which is deprecated in C++20.
+  * Changes to reduce code size for unknown field handling by making uncommon
+    cases out of line.
+  * Fix std::is_pod deprecated in C++20 (#7180)
+  * Fix some -Wunused-parameter warnings (#8053)
+  * Fix detecting file as directory on zOS issue #8051 (#8052)
+  * Don't include sys/param.h for _BYTE_ORDER (#8106)
+  * remove CMAKE_THREAD_LIBS_INIT from pkgconfig CFLAGS (#8154)
+  * Fix TextFormatMapTest.DynamicMessage issue#5136 (#8159)
+  * Fix for compiler warning issue#8145 (#8160)
+  * fix: support deprecated enums for GCC < 6 (#8164)
+  * Fix some warning when compiling with Visual Studio 2019 on x64 target (#8125)
+  Python
+  * Provided an override for the reverse() method that will reverse the internal
+    collection directly instead of using the other methods of the BaseContainer.
+  * MessageFactory.CreateProtoype can be overridden to customize class creation.
+  * Fix PyUnknownFields memory leak (#7928)
+  * Add macOS big sur compatibility (#8126)
+  JavaScript
+  * Generate `getDescriptor` methods with `*` as their `this` type.
+  * Enforce `let/const` for generated messages.
+  * js/binary/utils.js: Fix jspb.utils.joinUnsignedDecimalString to work with
+    negative bitsLow and low but non-zero bitsHigh parameter. (#8170)
+  PHP
+  * Added support for PHP 8. (#8105)
+  * unregister INI entries and fix invalid read on shutdown (#8042)
+  * Fix PhpDoc comments for message accessors to include "|null". (#8136)
+  * fix: convert native PHP floats to single precision (#8187)
+  * Fixed PHP to support field numbers >=2**28. (#8235)
+  * feat: add support for deprecated fields to PHP compiler (#8223)
+  * Protect against stack overflow if the user derives from Message. (#8248)
+  * Fixed clone for Message, RepeatedField, and MapField. (#8245)
+  * Updated upb to allow nonzero offset minutes in JSON timestamps. (#8258)
+  Ruby
+  * Added support for Ruby 3. (#8184)
+  * Rewrote the data storage layer to be based on upb_msg objects from the
+    upb library. This should lead to much better parsing performance,
+    particularly for large messages. (#8184).
+  * Fill out JRuby support (#7923)
+  * [Ruby] Fix: (SIGSEGV) gRPC-Ruby issue on Windows. memory alloc infinite
+    recursion/run out of memory (#8195)
+  * Fix jruby support to handle messages nested more than 1 level deep (#8194)
+  Java
+  * Avoid possible UnsupportedOperationException when using CodedInputSteam
+    with a direct ByteBuffer.
+  * Make Durations.comparator() and Timestamps.comparator() Serializable.
+  * Add more detailed error information for dynamic message field type
+    validation failure
+  * Removed declarations of functions declared in java_names.h from
+    java_helpers.h.
+  * Now Proto3 Oneof fields have "has" methods for checking their presence in
+    Java.
+  * Annotates Java proto generated *_FIELD_NUMBER constants.
+  * Add -assumevalues to remove JvmMemoryAccessor on Android.
+  C#
+  * Fix parsing negative Int32Value that crosses segment boundary (#8035)
+  * Change ByteString to use memory and support unsafe create without copy (#7645)
+  * Optimize MapField serialization by removing MessageAdapter (#8143)
+  * Allow FileDescriptors to be parsed with extension registries (#8220)
+  * Optimize writing small strings (#8149)
+
+- Updated URL to https://github.com/protocolbuffers/protobuf
+- Update to v3.14.0
+  Protocol Compiler
+  * The proto compiler no longer requires a .proto filename when it is not
+    generating code.
+  * Added flag `--deterministic_output` to `protoc --encode=...`.
+  * Fixed deadlock when using google.protobuf.Any embedded in aggregate options.
+  C++
+  * Arenas are now unconditionally enabled. cc_enable_arenas no longer has
+    any effect.
+  * Removed inlined string support, which is incompatible with arenas.
+  * Fix a memory corruption bug in reflection when mixing optional and
+    non-optional fields.
+  * Make SpaceUsed() calculation more thorough for map fields.
+  * Add stack overflow protection for text format with unknown field values.
+  * FieldPath::FollowAll() now returns a bool to signal if an out-of-bounds
+    error was encountered.
+  * Performance improvements for Map.
+  * Minor formatting fix when dumping a descriptor to .proto format with
+    DebugString.
+  * UBSAN fix in RepeatedField
+  * When running under ASAN, skip a test that makes huge allocations.
+  * Fixed a crash that could happen when creating more than 256 extensions in
+    a single message.
+  * Fix a crash in BuildFile when passing in invalid descriptor proto.
+  * Parser security fix when operating with CodedInputStream.
+  * Warn against the use of AllowUnknownExtension.
+  * Migrated to C++11 for-range loops instead of index-based loops where
+    possible. This fixes a lot of warnings when compiling with -Wsign-compare.
+  * Fix segment fault for proto3 optional
+  * Adds a CMake option to build `libprotoc` separately
+  Java
+  * Bugfix in mergeFrom() when a oneof has multiple message fields.
+  * Fix RopeByteString.RopeInputStream.read() returning -1 when told to read
+    0 bytes when not at EOF.
+  * Redefine remove(Object) on primitive repeated field Lists to avoid
+    autoboxing.
+  * Support "\u" escapes in textformat string literals.
+  * Trailing empty spaces are no longer ignored for FieldMask.
+  * Fix FieldMaskUtil.subtract to recursively remove mask.
+  * Mark enums with `@java.lang.Deprecated` if the proto enum has option
+    `deprecated = true;`.
+  * Adding forgotten duration.proto to the lite library
+  Python
+  * Print google.protobuf.NullValue as null instead of "NULL_VALUE" when it is
+    used outside WKT Value/Struct.
+  * Fix bug occurring when attempting to deep copy an enum type in python 3.
+  * Add a setuptools extension for generating Python protobufs
+  * Remove uses of pkg_resources in non-namespace packages
+  * [bazel/py] Omit google/__init__.py from the Protobuf runtime
+  * Removed the unnecessary setuptools package dependency for Python package
+  * Fix PyUnknownFields memory leak
+  PHP
+  * Added support for "==" to the PHP C extension
+  * Added `==` operators for Map and Array
+  * Native C well-known types
+  * Optimized away hex2bin() call in generated code
+  * New version of upb, and a new hash function wyhash in third_party
+  * add missing hasOneof method to check presence of oneof fields
+  Go:
+  * Update go_package options to reference google.golang.org/protobuf module.
+  C#:
+  * annotate ByteString.CopyFrom(ReadOnlySpan<byte>) as SecuritySafeCritical
+  * Fix C# optional field reflection when there are regular fields too
+  * Fix parsing negative Int32Value that crosses segment boundary
+  Javascript:
+  * JS: parse (un)packed fields conditionally
+- from version 3.13.0
+  PHP:
+  * The C extension is completely rewritten. The new C extension has significantly
+    better parsing performance and fixes a handful of conformance issues. It will
+    also make it easier to add support for more features like proto2 and proto3 presence.
+  * The new C extension does not support PHP 5.x. PHP 5.x users can still use pure-PHP.
+  C++:
+  * Removed deprecated unsafe arena string accessors
+  * Enabled heterogeneous lookup for std::string keys in maps.
+  * Removed implicit conversion from StringPiece to std::string
+  * Fix use-after-destroy bug when the Map is allocated in the arena.
+  * Improved the randomness of map ordering
+  * Added stack overflow protection for text format with unknown fields
+  * Use std::hash for proto maps to help with portability.
+  * Added more Windows macros to proto whitelist.
+  * Arena constructors for map entry messages are now marked "explicit"
+    (for regular messages they were already explicit).
+  * Fix subtle aliasing bug in RepeatedField::Add
+  * Fix mismatch between MapEntry ByteSize and Serialize with respect to unset
+    fields.
+  Python:
+  * JSON format conformance fixes:
+  * Reject lowercase t for Timestamp json format.
+  * Print full_name directly for extensions (no camelCase).
+  * Reject boolean values for integer fields.
+  * Reject NaN, Infinity, -Infinity that is not quoted.
+  * Base64 fixes for bytes fields: accept URL-safe base64 and missing padding.
+  * Bugfix for fields/files named "async" or "await".
+  * Improved the error message when AttributeError is returned from __getattr__
+    in EnumTypeWrapper.
+  Java:
+  * Fixed a bug where setting optional proto3 enums with setFooValue() would
+    not mark the value as present.
+  * Add Subtract function to FieldMaskUtil.
+  C#:
+  * Dropped support for netstandard1.0 (replaced by support for netstandard1.1).
+    This was required to modernize the parsing stack to use the `Span<byte>`
+    type internally
+  * Add `ParseFrom(ReadOnlySequence<byte>)` method to enable GC friendly
+    parsing with reduced allocations and buffer copies
+  * Add support for serialization directly to a `IBufferWriter<byte>` or
+    to a `Span<byte>` to enable GC friendly serialization.
+    The new API is available as extension methods on the `IMessage` type
+  * Add `GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE` define to make
+    generated code compatible with old C# compilers (pre-roslyn compilers
+    from .NET framework and old versions of mono) that do not support
+    ref structs. Users that are still on a legacy stack that does
+    not support C# 7.2 compiler might need to use the new define
+    in their projects to be able to build the newly generated code
+  * Due to the major overhaul of parsing and serialization internals,
+    it is recommended to regenerate your generated code to achieve the best
+    performance (the legacy generated code will still work, but might incur
+    a slight performance penalty).
+
+- Fix the python subpackage generation
+  gh#openSUSE/python-rpm-macros#79
+
+- Support multiple python3 flavors gh#openSUSE/python-rpm-macros#66
+
+- Update to version 3.12.3; notable changes since 3.11.4:
+  Protocol Compiler
+  * [experimental] Singular, non-message typed fields in proto3 now support
+    presence tracking. This is enabled by adding the "optional" field label and
+    passing the --experimental_allow_proto3_optional flag to protoc.
+  * For usage info, see docs/field_presence.md.
+  * During this experimental phase, code generators should update to support
+    proto3 presence, see docs/implementing_proto3_presence.md for instructions.
+  * Allow duplicate symbol names when multiple descriptor sets are passed on
+    the command-line, to match the behavior when multiple .proto files are passed.
+  * Deterministic `protoc --descriptor_set_out` (#7175)
+  Objective-C
+  * Tweak the union used for Extensions to support old generated code. #7573
+  * Fix for the :protobuf_objc target in the Bazel BUILD file. (#7538)
+  * [experimental] ObjC Proto3 optional support (#7421)
+  * Block subclassing of generated classes (#7124)
+  * Use references to Obj C classes instead of names in descriptors. (#7026)
+  * Revisit how the WKTs are bundled with ObjC. (#7173)
+  C++
+  * Simplified the template export macros to fix the build for mingw32. (#7539)
+  * [experimental] Added proto3 presence support.
+  * New descriptor APIs to support proto3 presence.
+  * Enable Arenas by default on all .proto files.
+  * Documented that users are not allowed to subclass Message or MessageLite.
+  * Mark generated classes as final; inheriting from protos is strongly discouraged.
+  * Add stack overflow protection for text format with unknown fields.
+  * Add accessors for map key and value FieldDescriptors.
+  * Add FieldMaskUtil::FromFieldNumbers().
+  * MessageDifferencer: use ParsePartial() on Any fields so the diff does not
+    fail when there are missing required fields.
+  * ReflectionOps::Merge(): lookup messages in the right factory, if it can.
+  * Added Descriptor::WellKnownTypes enum and Descriptor::well_known_type()
+    accessor as an easier way of determining if a message is a Well-Known Type.
+  * Optimized RepeatedField::Add() when it is used in a loop.
+  * Made proto move/swap more efficient.
+  * De-virtualize the GetArena() method in MessageLite.
+  * Improves performance of json_stream_parser.cc by factor 1000 (#7230)
+  * bug: #7076 undefine Windows OUT and OPTIONAL macros (#7087)
+  * Fixed a bug in FieldDescriptor::DebugString() that would erroneously print
+    an "optional" label for a field in a oneof.
+  * Fix bug in parsing bool extensions that assumed they are always 1 byte.
+  * Fix off-by-one error in FieldOptions::ByteSize() when extensions are present.
+  * Clarified the comments to show an example of the difference between
+    Descriptor::extension and DescriptorPool::FindAllExtensions.
+  * Add a compiler option 'code_size' to force optimize_for=code_size on all
+    protos where this is possible.
+  Ruby
+  * Re-add binary gems for Ruby 2.3 and 2.4. These are EOL upstream, however
+    many people still use them and dropping support will require more
+    coordination.
+  * [experimental] Implemented proto3 presence for Ruby. (#7406)
+  * Stop building binary gems for ruby <2.5 (#7453)
+  * Fix for wrappers with a zero value (#7195)
+  * Fix for JSON serialization of 0/empty-valued wrapper types (#7198)
+  * Call "Class#new" over rb_class_new_instance in decoding (#7352)
+  * Build extensions for Ruby 2.7 (#7027)
+  * assigning 'nil' to submessage should clear the field. (#7397)
+  Java
+  * [experimental] Added proto3 presence support.
+  * Mark java enum _VALUE constants as @Deprecated if the enum field is deprecated
+  * reduce <clinit> size for enums with allow_alias set to true.
+  * Sort map fields alphabetically by the field's key when printing textproto.
+  * Fixed a bug in map sorting that appeared in -rc1 and -rc2 (#7508).
+  * TextFormat.merge() handles Any as top level type.
+  * Throw a descriptive IllegalArgumentException when calling
+    getValueDescriptor() on enum special value UNRECOGNIZED instead of
+    ArrayIndexOutOfBoundsException.
+  * Fixed an issue with JsonFormat.printer() where setting printingEnumsAsInts()
+    would override the configuration passed into includingDefaultValueFields().
+  * Implement overrides of indexOf() and contains() on primitive lists returned
+    for repeated fields to avoid autoboxing the list contents.
+  * Add overload to FieldMaskUtil.fromStringList that accepts a descriptor.
+  * [bazel] Move Java runtime/toolchains into //java (#7190)
+  Python
+  * [experimental] Added proto3 presence support.
+  * [experimental] fast import protobuf module, only works with cpp generated code linked in.
+  * Truncate 'float' fields to 4 bytes of precision in setters for pure-Python
+    implementation (C++ extension was already doing this).
+  * Fixed a memory leak in C++ bindings.
+  * Added a deprecation warning when code tries to create Descriptor objects
+    directly.
+  * Fix unintended comparison between bytes and string in descriptor.py.
+  * Avoid printing excess digits for float fields in TextFormat.
+  * Remove Python 2.5 syntax compatibility from the proto compiler generated _pb2.py module code.
+  * Drop 3.3, 3.4 and use single version docker images for all python tests (#7396)
+  JavaScript
+  * Fix js message pivot selection (#6813)
+  PHP
+  * Persistent Descriptor Pool (#6899)
+  * Implement lazy loading of php class for proto messages (#6911)
+  * Correct @return in Any.unpack docblock (#7089)
+  * Ignore unknown enum value when ignore_unknown specified (#7455)
+  C#
+  * [experimental] Add support for proto3 presence fields in C# (#7382)
+  * Mark GetOption API as obsolete and expose the "GetOptions()" method on descriptors instead (#7491)
+  * Remove Has/Clear members for C# message fields in proto2 (#7429)
+  * Enforce recursion depth checking for unknown fields (#7132)
+  * Fix conformance test failures for Google.Protobuf (#6910)
+  * Cleanup various bits of Google.Protobuf (#6674)
+  * Fix latest ArgumentException for C# extensions (#6938)
+  * Remove unnecessary branch from ReadTag (#7289)
+  Other
+  * Add a proto_lang_toolchain for javalite (#6882)
+  * [bazel] Update gtest and deprecate //external:{gtest,gtest_main} (#7237)
+  * Add application note for explicit presence tracking. (#7390)
+  * Howto doc for implementing proto3 presence in a code generator. (#7407)
+
+- Python: Add requirement on python-six
+
+- Update to version 3.11.4; notable changes since 3.9.2:
+  * C++: Make serialization method naming consistent
+  * C++: Moved ShutdownProtobufLibrary() to message_lite.h. For
+    backward compatibility a declaration is still available
+    in stubs/common.h, but users should prefer message_lite.h
+  * C++: Removed non-namespace macro EXPECT_OK()
+  * C++: Removed mathlimits.h from stubs in favor of using
+    std::numeric_limits from C++11
+  * C++: Support direct pickling of nested messages
+  * C++: Disable extension code gen for C#
+  * C++: Switch the proto parser to the faster MOMI parser
+  * C++: Unused imports of files defining descriptor extensions
+    will now be reported
+  * C++: Add proto2::util::RemoveSubranges to remove multiple
+    subranges in linear time
+  * C++: Support 32 bit values for ProtoStreamObjectWriter to Struct
+  * C++: Removed the internal-only header coded_stream_inl.h and
+    the internal-only methods defined there
+  * C++: Enforced no SWIG wrapping of descriptor_database.h
+    (other headers already had this restriction)
+  * C++: Implementation of the equivalent of the MOMI parser for
+    serialization. This removes one of the two serialization
+    routines, by making the fast array serialization routine
+    completely general. SerializeToCodedStream can now be
+    implemented in terms of the much much faster array
+    serialization. The array serialization regresses slightly,
+    but when array serialization is not possible this wins big
+  * C++: Add move constructor for Reflection's SetString
+  * Java: Remove the usage of MethodHandle, so that Android users
+    prior to API version 26 can use protobuf-java
+  * Java: Publish ProGuard config for javalite
+  * Java: Include unknown fields when merging proto3 messages in
+    Java lite builders
+  * Java: Have oneof enums implement a separate interface (other
+    than EnumLite) for clarity
+  * Java: Opensource Android Memory Accessors
+  * Java: Change ProtobufArrayList to use Object[] instead of
+    ArrayList for 5-10% faster parsing
+  * Java: Make a copy of JsonFormat.TypeRegistry at the protobuf
+    top level package. This will eventually replace
+    JsonFormat.TypeRegistry
+  * Java: Add Automatic-Module-Name entries to the Manifest
+  * Python: Add float_precision option in json format printer
+  * Python: Optionally print bytes fields as messages in unknown
+    fields, if possible
+  * Python: Experimental code gen (fast import protobuf module)
+    which only work with cpp generated code linked in
+  * Python: Add descriptor methods in descriptor_pool are deprecated
+  * Python: Added delitem for Python extension dict
+  * JavaScript: Remove guard for Symbol iterator for jspb.Map
+  * JavaScript: Remove deprecated boolean option to getResultBase64String()
+  * JavaScript: Change the parameter types of binaryReaderFn in
+    ExtensionFieldBinaryInfo to (number, ?, ?)
+  * JavaScript: Create dates.ts and time_of_days.ts to mirror Java
+    versions. This is a near-identical conversion of
+    c.g.type.util.{Dates,TimeOfDays} respectively
+  * JavaScript: Migrate moneys to TypeScript
+  * PHP: Increase php7.4 compatibility
+  * PHP: Implement lazy loading of php class for proto messages
+  * Ruby: Support hashes for struct initializers
+  * C#: Experimental proto2 support is now officially available
+  * C#: Change _Extensions property to normal body rather than expression
+  * Objective C: Remove OSReadLittle* due to alignment requirements
+  * Other: Override CocoaPods module to lowercase
+  * further bugfixes and optimisations
python3
+- Refresh CVE-2023-27043-email-parsing-errors.patch to
+  gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
+
qemu
+- Try to solve the qemu-kvm dependency issues on all arches
+  (see, e.g., bsc#1218684)
+  * [openSUSE][RPM] Create the legacy qemu-kvm symlink for all arches
+
+- Update the service file to use OBS-scm (by fvogt)
+- Various fixes:
+  * [openSUSE][RPM] Fix enabling features on non-x86_64 (bsc#1220011, bsc#1219818)
+  * [openSUSE][RPM] Disable test-crypto-secret in linux-user build
+  * [openSUSE] Update ipxe submodule reference (bsc#1219733, bsc#1219722)
+  * [openSUSE][RPM] spec: allow building without spice
+
+- Fix a build issue of OVMF caused by
+  https://gitlab.com/qemu-project/qemu/-/issues/2064:
+  * target/i386: fix incorrect EIP in PC-relative translation blocks
+  * target/i386: Do not re-compute new pc with CF_PCREL
+
+- Update to latest upstream release, 8.2.0:
+  The full list of changes are available at: https://wiki.qemu.org/ChangeLog/8.2
+  Highlights include:
+  * New virtio-sound device emulation
+  * New virtio-gpu rutabaga device emulation used by Android emulator
+  * New hv-balloon for dynamic memory protocol device for Hyper-V guests
+  * New Universal Flash Storage device emulation
+  * Network Block Device (NBD) 64-bit offsets for improved performance
+  * dump-guest-memory now supports the standard kdump format
+  * ARM: Xilinx Versal board now models the CFU/CFI, and the TRNG device
+  * ARM: CPU emulation support for cortex-a710 and neoverse-n2
+  * ARM: architectural feature support for PACQARMA3, EPAC, Pauth2, FPAC,
+    FPACCOMBINE, TIDCP1, MOPS, HBC, and HPMN0
+  * HPPA: CPU emulation support for 64-bit PA-RISC 2.0
+  * HPPA: machine emulation support for C3700, including Astro memory
+    controller and four Elroy PCI bridges
+  * LoongArch: ISA support for LASX extension and PRELDX instruction
+  * LoongArch: CPU emulation support for la132
+  * RISC-V: ISA/extension support for AIA virtualization support via KVM,
+    and vector cryptographic instructions
+  * RISC-V: Numerous extension/instruction cleanups, fixes, and reworks
+  * s390x: support for vfio-ap passthrough of crypto adapter for
+    protected
+    virtualization guests
+  * Tricore: support for TC37x CPU which implements ISA v1.6.2
+  * Tricore: support for CRCN, FTOU, FTOHP, and HPTOF instructions
+  * x86: Zen support for PV console and network devices
+- Patch added (from upstream stable tree):
+  * include/ui/rect.h: fix qemu_rect_init() mis-assignment
+
rav1e
+- Update to version 0.6.6:
+  * Sync the assembly with dav1d
+  * Additional improvements and cleanups
+  * Overall speed-up typically 5.2%
+- Change soname to 0_6, and at the same time set min version for
+  cargo-c BuildRequires to > 0.9.26, as this is needed for the new
+  soname to be built correctly.
+- Modernize _service and spec to more current way of doing rust
+  packaging.
+- Use ldconfig_scriptlets macro for post(un) handling.
+- Fix license tag to BSD-2-Clause AND ISC
+
+- Fix license tag to BSD-2-Clause and AOMPL-1.0.
+
+- Update to version 0.6.4+0:
+  * Safety critical bounds checking is off-by-one in sgrproj_box_ab_internal
+  * Initialize `low` array in a more rust-like way in `kmeans`
+  * Rework mutable borrows for symbol_with_update
+  * Drop explicit size for macro symbol_with_update
+  * Use const generics for CDFContextLog
+  * Fix undefined behavior in CDFContextLogOps
+  * ec: Simplify lr_compute function
+  * Use a bit counter instead of a byte counter in WriterRecorder
+  * Minimize bounds checks in pred functions
+  * Use generics for BD-8 on sgrproj functions
+  * Use saturating_sub in sgrproj_sum_finish
+  * Move bounds checks out of hot loop in sgrproj
+  * Ensure quantizer values are non-zero with a const fn
+  * Optimize base quants using NonZero integers (#3115)
+  * Move quant tables to separate file to improve organization (#3113)
+  * Use is_power_of_two method in divu_gen
+  * Fix rounding issue in HBD CDEF code
+  * Hint that creating a region from an empty plane is unlikely
+  * Minor optimization to take_slice
+  * Clean up cdef_dist
+  * Minor optimizations
+  * Optimizations for weighted_sse
+  * Add HBD AVX2 assembly for SAD (#3099)
+  * ec: Manually inline `msb()` and `ilog()` for clarity (#3104)
+  * Comment regarding cnt being unused
+  * Improve naming
+  * Use a bit counter instead of a byte counter in EC
+  * Add 10-bit cdef_dist ASM
+  * Optimise sad_plane_internal
+  * Save some bounds checks on me_stats
+  * Minor optimization to av1_get_mv_joint
+  * Use chunks_exact for performance in diff method
+  * Integrate CfL AC x86 assembly functions
+  * benches: Fix alignment issue for cfl_rdo
+  * Move luma_ac to predict module
+  * Extract luma_ac_internal with const generics
+  * Optimise plane::as_region
+  * Optimise BlockSize::from_width_and_height_opt
+  * Improve vectorization in get_sad
+  * Template entropy coding functions to help optimiser
+  * Enable SSE2/AVX512ICL put/prep/avg x86 assembly
+  * Enable AVX2 12-bit Inverse Transform x86 assembly
+  * Enable new SSE4.1 HBD Inverse Transform x86 assembly
+  * Pin assert_cmd, predicates and clap in Cargo.toml for rust 1.60.0
+  * Prepare for release
+  * Fix header coding for level_idx < 7.
+
+- Update to version 0.6.2+0:
+  * Prepare for release
+  * Fix new clippy lints for Rust 1.66
+  * Drop BUILT_TIME_UTC
+  * Shorten progress text
+  * Bump built to 0.5.2
+  * Make git2 optional
+  * Simplify the version string
+  * Specify default threads behavior
+  * Fix the capi deps
+- Removed dependency on libgit2
+  * Added rav1e-cargo-no-git-default.patch
+
+- Update to version 0.6.1+0:
+  * Fix the capi deps
+  * Revert "x86: Disable 8x16 16bpc inverse transforms for SSE4.1"
+  * inverse_transform_add: Align to dav1d EOB convention
+  * x86: Disable 8x16 16bpc inverse transforms for SSE4.1
+  * CI: Fix up deploy workflow
+  * Add C API for level.
+  * Add level to API and CLI.
+  * CI: Correct format of target_cpu for x86_64 in deploy workflow
+  * Produced optimized binary versions from CI
+  * Write level stored in sequence struct.
+  * Bump actions/download-artifact from 2 to 3
+  * Bump actions/upload-artifact from 2 to 3
+  * Bump actions/cache from 2 to 3
+  * Update deps
+  * Update cargo-c binaries url
+  * Add Dependabot configuration for GitHub Actions updates
+  * tests: Add three-pass encode with target bitrate
+  * Add SIMD helpers to speed up Rust get_sad (#3050)
+  * Replace last 16x4 and 4x16 avx2 hbd satd intrinsics with asm (#3051)
+  * x86: Add AVX2 HBD SATD asm for 8x8-transformed blocks (#3048)
+  * Bump minimum rustc to 1.60, required by clap 4
+  * Update clap to 4.0
+  * Remove unused regex dependency
+  * Cleanup log level parsing
+  * Replace actions-rs/toolchain with dtolnay/rust-toolchain
+  * Remove action-rs/cargo
+  * rate: Retire and separate TwoPassOutParams
+  * rate: Estimate target quantizer on first pass
+  * segmentation: Reset min_segment on data update
+  * Replace AVX2 HBD SATD intrinsics with ASM, for some block sizes (#3039)
+  * Remove arrayref dependency
+  * Fix new clippy lints
+  * Move v_frame to its own repository
+  * Add scales and segment thresholds to dump_lookahead_data
+  * Fix UB in pred_max test
+  * Delete build.sh
+  * bin: Admit more than 2 encoder passes
+  * Create new speed level 8, drop level 7
+  * Keep the version line compatible with 0.5
+  * Add back shorthand for `--verbose` and `--quiet` (#3022)
+  * Mention cargo-criterion
+  * Bump criterion version
+  * Update to criterion non-deprecated api
+  * Prepare for 0.6.0 release
+  * bin: Bring --photon-noise out from under unstable feature
+  * Update guide on how to produce target-specific builds
+  * CI: Deploy rav1e-ch binary tuned for modern x86_64
+  * build: Handle absent CARGO_CFG_TARGET_FEATURE
+  * Calculate geometric mean for DistortionScale::inv_mean()
+  * Convert plane-level distortion scales to fixed-point
+  * Expand precision of DistortionScale to Q14
+  * Preserve intermediate precision in get_weighted_sse
+  * Add DistortionScale::blog64()
+  * Bump several dependencies
+  * Remove duplicated constants
+  * Remove aq_strength configuration
+  * logexp: Correct integer part in blog32_q11
+  * logexp: Correct rounding bias in blog32_q11
+  * Fix new clippy lints from Rust nightly (#3006)
+  * Use approximate binary log in Q11 for segmentation_optimize
+  * Add polynomial approximations of a binary exponential and logarithm.
+  * segmentation: Avoid reallocation in collect::<Box<[_]>>()
+  * logexp: Add a fixed-point binary log in Q24 for u32 to i32
+  * logexp: Rewrite blog64 so that it is const
+  * rate: Pivot to util::logexp functions
+  * logexp: Add assertion for q57 input range
+  * logexp: Add binary exponential in Q24 format, saturated to 47 bits.
+  * logexp: Add conversions between 64-bit Q57 and 32-bit Q24.
+  * logexp: Add tests for bexp64 and blog64
+  * logexp: Add 64-bit binary exponentiation and logarithm in Q57.
+  * kmeans: Split k-independent inner loop into its own function
+  * kmeans: Tidy up all but the inner loop
+  * segmentation: Change precision of log(scale) to Q23
+  * Add missing code for segmentation with --tune Psnr
+  * Derive segments by k-means of spatiotemporal scales
+  * Add an implementation for k-means
+  * Remove vergen and use built to provide the same information
+  * Updating QUALITY_&_SPEED_FEATURES document in regards to libaom
+  * Adjust chroma offsets for frame-mean spatiotemporal scale
+  * Compute segmentation map thresholds from the offsets
+  * Implement From<f64> for DistortionScale
+  * Use fixed-sized array in luma/chroma pred mode counts (#2989)
+  * Add T.35 metadata C API.
+  * Bump console + dav1d-sys + system-deps
+  * CI: Pull in dev packages from Ubuntu Kinetic
+  * Implement SegmentationLevel::Full again
+  * segmentation: Limit minimum segment to avoid lossless mode
+  * Use spatiotemporal scales relative to frame mean
+  * Clean up encode_partition_topdown() (#2984)
+  * CI: Fix clippy:borrow_deref_ref warnings
+  * CI: Fix clippy::manual_range_contains warnings
+  * CI: Fix clippy::derive_partial_eq_without_eq warnings
+  * Fix aarch64 satd compilation on gcc
+  * Remove always-true if statement in encode_partition_topdown() (#2980)
+  * Add aarch64 NEON 8-bit SATD assembly for 4x4-transformed block sizes (#2972)
+  * Retune constants for ssim_boost
+  * Add enhanced version info
+  * Add T.35 metadata support.
+  * Simplify badges in README
+  * Remove travis badge
+  * CI: Switch to codecov
+  * CI: Do not consider crates directory for code coverage
+  * Stabilize the --film-grain-table parameter
+  * Compute segmentation offsets dynamically
+  * CI: macos-11 is the latest version
+  * CI: Update checkout action to v3
+  * CI: Remove if construct to skip CI
+  * Remove unused .travis CI
+  * Remove unmaintained gitlab CI
+  * CI: Remove default linker paths on Windows
+  * CI: Deploy rav1e-ch in a new job
+  * CI: Improve Windows toolchains
+  * Optimize `BlockSize::from_width_and_height_opt`
+  * Use external crate for grain table generation and parsing
+  * Optimize write_uleb128 function
+  * ci: Use release-no-lto profile for gnu deploy on Windows
+  * Add a release-no-lto profile
+  * Avoid taking ownership of Arc<Frame<T>> in scenechange API (#2958)
+  * Disable undocumented_unsafe_blocks lint due to false positive regression
+  * Rewrite argument parsing to use Clap's derives
+  * Reuse plane allocations in estimate_intra_costs (#2957)
+  * Use a RwLock in frame_me_stats
+  * Replace as_tile_state_mut with a an apply function
+  * Simplify full_pixel_me
+  * Simplify the tile iterator
+  * Simplify the lifetime
+  * Move TileStateMut::enc_stats where is used
+  * Do not double collect the stats
+  * Simplify the tiler lifetimes
+  * Reuse me stats for lookahead
+  * Merge estimate_motion and motion_estimation into one function
+  * x86: Fix relocations in `sad_plane`
+  * Bump versions of aom and dav1d in CI (#2953)
+  * x86: Reduce code size in 8-bit film grain AVX-512 asm
+  * x86: Add high bit-depth film grain AVX-512 (Ice Lake) asm
+  * arm: Only produce the PAC/BTI .note section when targeting ELF
+  * arm: Add comments to #endif and #else in nonobvious cases
+  * arm: itx: Do clipping in all narrowing downshifts
+  * x86: Add 8-bit film grain AVX-512 (Ice Lake) asm
+  * build: Make "film_grain" vs "filmgrain" DSP file names consistent
+  * x86: Fix data being stored below the stack pointer in SSSE3 itx asm
+  * x86: Remove redundant labels and undefs in SSSE3 itx asm
+  * x86: Update x86inc.asm
+  * arm64: Add Armv8.3-A PAC support to assembly files
+  * x86: Add high bit-depth ipred filter AVX-512 (Ice Lake) asm
+  * x86: Add high bit-depth pal_pred AVX-512 (Ice Lake) asm
+  * x86: Add high bit-depth ipred smooth AVX-512 (Ice Lake) asm
+  * x86: Add high bit-depth ipred paeth AVX-512 (Ice Lake) asm
+  * x86/itx: Add 16x16 12bpc AVX2 transforms
+  * x86: Add mc.resize AVX-512 (Ice Lake) asm
+  * x86: Improve high bit-depth film grain AVX2 asm
+  * x86: Improve 8-bit film grain AVX2 asm
+  * x86: Fix overflow in 10-bit IDCT4
+  * arm32: mc16: Fix out of bounds reads/writes in 8tap/bilin w2/w4 for vertical OBMC
+  * arm32: mc: Fix out of bounds reads/writes in 8tap/bilin w2/w4 for vertical OBMC
+  * arm64: mc16: Fix out of bounds reads/writes in 8tap/bilin w2/w4 for vertical OBMC
+  * arm64: mc: Fix out of bounds reads/writes in 8tap/bilin w2/w4 for vertical OBMC
+  * x86: Add high bitdepth mc(t)_scaled SSSE3 asm
+  * x86: Fix branch condition in high bit-depth put_bilin.h SSSE3 asm
+  * x86: Improve AVX2 generate_grain asm
+  * x86: Add 10-bit sgr AVX-512 (Ice Lake) asm
+  * x86: Add 8-bit mc(t)_scaled SSSE3 32-bit asm
+  * x86/itx: Add 16x8 12bpc AVX2 transforms
+  * x86/itx: Add 8x16 12bpc AVX2 transforms
+  * AArch64 Neon: Replace XTN, XTN2 pairs with single UZP1
+  * AArch64 Neon: Use CMLT instead of SSHR to compute sign
+  * x86: Fix AVX/SSE state transitions in AVX-512 4x4 inverse transforms
+  * x86: Add high bitdepth wiener AVX-512 (Ice Lake) asm
+  * x86/itx: Add 16x4 12bpc AVX2 transforms
+  * x86/itx: Add 4x16 12bpc AVX2 transforms
+  * x86/itx: Convert 8bpc WHT to SSE2
+  * x86: Fix edge padding in wiener_filter7_16bpc_ssse3
+  * x86: Add high bitdepth mc blend AVX-512 (Ice Lake) asm
+  * x86: Add high bitdepth mc warp_affine_8x8 AVX-512 (Ice Lake) asm
+  * x86: Add high bitdepth mc bidir AVX-512 (Ice Lake) asm
+  * x86: Add high bitdepth mc bilin/8-tap AVX-512 (Ice Lake) asm
+  * x86/itx: Add 8x8 12bpc AVX2 transforms
+  * x86/itx: Add 8x4 12bpc AVX2 transforms
+  * x86/itx: Add 4x8 12bpc AVX2 transforms
+  * x86: Fix invalid memory access in cdef_filter_8x8_8bpc_avx512icl
+  * x86/itx: Add clipping to iadst 4x16
+  * Remove lpf_stride parameter from LR filters
+  * Allow CDEF and LR to run sbrows in parallel
+  * arm64: Add Armv8.5-A BTI support to assembly files
+  * arm64: Change br instructions to ret for function returns
+  * x86/itx: Add 12-bit 4x4 transforms in AVX2
+  * x86/itx: Rename rax to r6
+  * x86/itx: Name constants more explicit
+  * x86: Add deblock loop filters AVX-512 (Ice Lake) asm
+  * x86: Add sgr AVX-512 (Ice Lake) asm
+  * x86: Add wiener_filter AVX-512 (Ice Lake) asm
+  * x86: Add ipred_filter AVX-512 (Ice Lake) asm
+  * x86: Add ipred dc/h/v/paeth/smooth/pal_pred AVX-512 (Ice Lake) asm
+  * x86: Add inverse transforms AVX-512 (Ice Lake) asm
+  * x86: Add blend AVX-512 (Ice Lake) asm
+  * x86: Add warp_affine_8x8 AVX-512 (Ice Lake) asm
+  * x86: Add mc 8-tap AVX-512 (Ice Lake) asm
+  * x86: Add mc put_bilin AVX-512 (Ice Lake) asm
+  * x86: Remove the option to disable AVX-512
+  * x86: Add high bitdepth mc(t)_scaled AVX2 asm
+  * Simplify sgr_x_by_x calculations
+  * x86: Optimize shifts in 8-bit wiener_filter asm
+  * Support distinct 10 and 12 bit inverse transform implementations
+  * fix-up: x86: Add put/prep_bilin_scaled AVX2 asm
+  * fix-up: x86: Add bpc suffix to mc functions
+  * x86: Add high bitdepth cfl_ac_444 AVX2 asm
+  * x86: Improve high bitdepth cfl_ac AVX2 asm
+  * x86: Automatically convert SSE asm to AVX when compiling for AVX targets
+  * x86: Add 8-bit w_mask_422 and w_mask_444 SSSE3 asm
+  * x86: Improve high bitdepth cdef_filter AVX2 asm
+  * x86: Prefer tzcnt over bsr in cdef sec_shift calculations
+  * x86/itx: 64x64 inverse dct transforms hbd/sse4
+  * x86/itx: 64x32 inverse dct transforms hbd/sse4
+  * x86/itx: 64x16 inverse dct transforms hbd/sse4
+  * x86/itx: 32x64 inverse dct transforms hbd/sse4
+  * x86/itx: 16x64 inverse dct transforms hbd/sse4
+  * x86: Add high bitdepth cdef_filter SSSE3 asm
+  * cdef: Remove redundant clipping
+  * itx/x86: rewrite .transpose4x8packed so it uses only m0-3,4&6
+  * itx/x86: replace idct8x8.transpose with idct8x4.transpose4x8packed
+  * x86/itx: add 1/sqrt(2) (rect2) multiply macro
+  * x86/itx: share pass2 loop between {16,32}x32 dct^2 functions
+  * x86/itx: combine .write_8x8 and .round{1,2,3,4} into a single function
+  * x86/itx: combine .write_8x4 and .round{1,2} into a single function
+  * x86/itx: split dct/adst/identity pass=2 implementations for 16x8
+  * x86/itx: 32x32 inverse dct transforms hbd/sse4
+  * x86/itx: 32x16 inverse dct transforms hbd/sse4
+  * x86/itx: 32x8 inverse dct transforms hbd/sse4
+  * x86/itx: 16x32 inverse dct transforms hbd/sse4
+  * x86/itx: 8x32 inverse dct transforms hbd/sse4
+  * x86: Add high bitdepth mc.resize SSSE3 asm
+  * x86: Fix minor things in mc.resize_8bpc_ssse3
+  * x86: Add high bitdepth mc.resize AVX2 asm
+  * x86: Add minor improvement to mc.resize_8bpc_avx2
+  * x86: Add bpc suffix to mc functions
+  * x86/itx: merge pass=2 rounding and writing operations
+  * x86/itx: 32x{8,16,32} & {8,16}x32 idtx transforms hbd/sse4
+  * x86/itx: replace .transpose8x8 with 2 calls to .transpose4x8packed
+  * x86/itx: document third argument in INV_TXFM_WxH_FN macros
+  * x86: Rewrite sgr8 SSSE3 asm
+  * x86: Add minor improvements to sgr16 SSSE3 asm
+  * x86/itx: 16x16 inverse transforms hbd/sse4
+  * x86/itx: 16x8 inverse transforms hbd/sse4
+  * x86/itx: 16x4 inverse transforms hbd/sse4
+  * x86inc: Support memory operands in src1 in 3-operand instructions
+  * x86inc: Add stack probing on Windows
+  * Properly fix LOAD_MM_PERMUTATION for AVX-512
+  * Replace abs() as unsigned with dedicated alternative.
+  * v_frame: Disable missing const fn clippy lint
+  * ci: Ignore tools for code coverage analysis
+  * ci: Ignore asm for code coverage analysis
+  * Reimplement sad_row as sad_plane (#2943)
+  * Remove explicit VEX coding from sad ASM (#2941)
+  * Rewrite x86 SAD row intrinsics in ASM
+  * Split `write_coeffs_lv_map` into smaller functions
+  * ci: Do not consider some directories for coverage
+  * Remove unused lifetime.
+  * ci: Enable source-based code coverage
+  * Silence unused variable warning.
+  * Use to_le_bytes in copy_to_raw_u8 (#2932)
+  * Improve codegen of copy_from_raw_u8 (#2930)
+  * Use const generics for downscale factor (#2927)
+  * Implement grain synthesis via photon noise tables
+  * Treat paths as OsString.
+  * Change muxer to use AsRef<Path> arguments.
+  * Remove a broken hawktracer annotation
+  * Break the scenechange module into smaller parts
+  * Add a mock around rayon for disabling threading
+  * Disable missing const fn clippy lint
+  * Use 64-bits for calculating 8x8 variance
+  * Avoid temporary allocation of block importance costs
+  * Remove unnecessary clones from metrics calculation
+  * rate: add assertion for q57 input range (#2911)
+  * Change non-square partition to search below the threshold
+  * Move complex pred modes for keyframes to s2
+  * Fix memory leak when temporal RDO not in use
+  * Enable suboptimal_flops clippy lint (#2908)
+  * Also apply custom clippy lints to ivf and v_frame
+  * Fixes to existing clippy lints
+  * Enable linting functions that could be const
+  * Enable extra documentation lints
+  * Organize existing clippy lints
+  * Avoid multiple inlining of residual loop in SAD intrinsics (#2903)
+  * Improve storage of invalid and SEF frame invariants
+  * Fix pyramid and frame type tests
+  * Fix unnecessary auto-vectorization in residual loop of SAD intrinsics (#2897)
+  * Use a debian mirror with https support
+  * Update aom version and shasums for CI
+  * New clippy fixes from Rust 1.59
+  * Fix new deprecation warnings from Clap 3.1.0
+  * Cache and reuse intra costs from scenechange (#2895)
+  * Init Motion Est: Refine mvs when subsampling reduced
+  * Fix confusing scale factor (#2891)
+  * Speed up estimate_inter_costs again (#2890)
+  * Speed up estimate_inter_costs (#2889)
+  * Handle edges by cropping in initial motion estimation
+  * Simplify importance block sum in `estimate_importance_block_difference` (#2885)
+  * Add safety asserts for mc assembly callers
+  * Update to Edition 2021
+  * Bump minimum Rustc to 1.56
+  * Omit loop restoration on fully skipped areas
+  * Fix new clippy lints
+  * Improve codegen of `Plane::downsampled`
+  * Fix scale of motion estimation threshold
+  * Use const generics for stride_sse
+  * Make the doctests compile only
+  * Put doctests code in a separate test
+  * Bump minimum rust version to 1.54.0
+  * Update to clap3
+  * Refactor TxfmType to not have an invalid variant
+  * Improve codegen of av1_round_shift_array
+  * Use const generics for hadamard transforms (#2877)
+  * Add x86 assembly for cdef distortion
+  * Fix underflow that can occur in cdef distortion
+  * Use cdef_dist on smaller block and edges
+  * Display info for all y4m error types
+  * Allow passing cropped blocks sad and satd
+  * Fix overflow in cdef distortion
+  * Refactor `BlockSize` to not have an invalid variant (#2866)
+  * Skip transform mode search based on transform cost estimate
+  * Improve autovectorization of `downscale_in_place`
+  * Fix doc comments in speedsettings.rs
+  * Change non_square_partition feature to a threshold
+  * Silence repetitive warning on Rust nightly
+  * Do not call put/prep avx2 functions for ssse3
+  * Organize speed settings into sub-structs
+  * Mark SpeedSettings struct as non-exhaustive
+  * Refactor the SpeedSettings impl
+  * Merge `no_scene_detection` and `fast_scene_detection` into one field
+  * Move rdo_lookahead_frames to SpeedSettings
+  * CI: Update to libaom to 3.2.0-2
+  * Update a help message to be more relevant (#2853)
+  * Fix stable clippy lints for Rust 1.57
+  * Use nasm-rs for nasm version check
+  * Better autovectorization of `spatiotemporal_scale`
+  * CI: Run cargo-c in offline mode
+  * Replace float sqrt+divide with fixed point rsqrt
+  * Perform UMH before resorting to full search
+  * CI: Always use latest grcov version
+  * CI: Always use latest cargo-c version
+  * Extend the rayon API mock to include scope()
+  * CI: Move to Debian Unstable for aom and dav1d
+
+- resolve bsc#1194113 (CVE-2018-25023)
+- resolve bsc#1194119 (CVE-2021-45710)
+
s390-tools
+- Upgrade s390-tools to version 2.31 (jsc#PED-3275, jsc#PED-3223)
+- General:
+  * common.mak: Set default C/C++ standard to gnu11/gnu++11
+- Add new tools / libraries:
+  * pvapconfig: Tool to automatically configure APQNs in SE KVM guests
+  * s390-tools: Provide pre-commit configuration
+- Changes of existing tools:
+  * cpuplugd: Adjust to CPU 0 being no longer hotpluggable
+  * dbginfo.sh: Check for Dynamic Partition Mode
+  * dbginfo.sh: Update man page and copyright
+  * rust/pv: Add user-data signing and verifying
+  * rust/pvsecret: Add user defined signatures and verifications
+  * zdev/dracut: Consolidate device configuration
+- Bug Fixes:
+  * dbginfo.sh: Fix relative path on script copy
+  * libkmipclient: Fix build with libxml2-2.12.0
+  * pvsecret: Fix panic if empty file is used as host key document
+  * rust/pv: Fix 'elided_lifetimes_in_associated_constant' warning
+
+- Updated read_values.c (bsc#1219227)
+
samba
+- Remove -x from bash shebang update-apparmor-samba-profile;
+  (bsc#1218431).
+
+- Update to 4.19.4
+  * net changesecretpw cannot set the machine account password if
+    secrets.tdb is empty; (bso#13577).
+  * For generating doc, take, if defined, env XML_CATALOG_FILES;
+    (bso#15540).
+  * Trivial C typo in nsswitch/winbind_nss_netbsd.c; (bso#15541).
+  * vfs_linux_xfs is incorrectly named; (bso#15542).
+  * systemd stumbled over copyright-message at smbd startup;
+    (bso#15377).
+  * Following intermediate abolute share-local symlinks is
+    broken; (bso#15505).
+  * ctdb RELEASE_IP causes a crash in release_ip if a connection
+    to a non-public address disconnects first; (bso#15523).
+  * shadow_copy2 broken when current fileset's directories are
+    removed; (bso#15544).
+  * smbd does not detect ctdb public ipv6 addresses for
+    multichannel exclusion; (bso#15534).
+  * 'force user = localunixuser' doesn't work if 'allow trusted
+    domains = no' is set; (bso#15469).
+  * smbget debug logging doesn't work; (bso#15525).
+  * smget: username in the smburl and interactive password entry
+    doesn't work; (bso#15532).
+  * smbget auth function doesn't set values for password prompt
+    correctly; (bso#15538).
+  * Unable to copy and write files from clients to Ceph cluster
+    via SMB Linux gateway with Ceph VFS module; (bso#15440).
+  * Multichannel refresh network information; (bso#15547).
+
+- Update to 4.19.3
+  * sid_strings test broken by unix epoch > 1700000000;
+    (bso#15520).
+  * smbd crashes if asked to return full information on close of
+    a stream handle with delete on close disposition set;
+    (bso#15487).
+  * smbd: fix close order of base_fsp and stream_fsp in
+    smb_fname_fsp_destructor(); (bso#15521).
+  * Improve logging for failover scenarios; (bso#15499).
+  * Files without "read attributes" NFS4 ACL permission are not
+    listed in directories; (bso#15093).
+  * CVE-2018-14628 [SECURITY] Deleted Object tombstones visible
+    in AD LDAP to normal users; (bso#13595).
+  * Kerberos TGS-REQ with User2User does not work for normal
+    accounts; (bso#15492).
+  * vfs_gpfs stat calls fail due to file system permissions;
+    (bso#15507).
+  * Samba doesn't build with Python 3.12; (bso#15513).
+
sg3_utils
+- Fix missing SCSI_MODEL and other fields for "sg_inq --export"
+  (bsc#1219874)
+
+- Fix spurious warning for non-SCSI devices (boo#1218666)
+- Add 00-scsi-sg3_config.rules to dracut.conf (jsc#PED-6226, bsc#1219289)
+
+- Upstream bug fixes for sg3_utils 1.48 (bsc#1218591)
+  * sg_turs: fix missing CDB on several codepaths
+  * sg_dd: fix bug that identified all block devices as NVME
+  * rescan-scsi-bus.sh: avoid root FS going read-only with
+    "rescan-scsi-bus.sh -r" (gh#doug-gilbert/sg3_utils#46)
+
shared-mime-info
+- Explicitly use gcc 13 on SLE.
+
+- Update to 2.4
+  * Restore mimetype name for *.bz2 and *.tar.bz2
+  * Improve detection of application/mac-binhex40
+  * Add application/x-msdownload and subtypes
+  * Add Windows app store types
+  * Give Windows Installer packages the package icon
+  * Lower priority for text/x-mpsub's magic, so it doesn't match
+    pcb-drillFile.drl
+  * Add application/x-powershell
+  * Add application/wasm
+  * Change comment of text/x-mpsub
+  * Change comment of text/x-mpl2
+  * Add text/x-component
+  * Give higher priority to the more specific image/apng magic
+  * Recognize *.jfif as image/jpeg
+  * Add application/its+xml
+  * Add text/x-vb
+  * Add text/x-basic
+  * Add new group "chemical" in update-mime-database
+  * Add mimetype for Protein Data Bank (pdb) files
+  * Remove too generic magic from application/x-pak
+  * Add application/json5
+  * Add text/vbscript.encode
+  * Add text/jscript.encode
+  * Add text/jscript as synonym of text/javascript
+  * Fix backwards relationship between text/javascript and
+    application/ecmascript
+  * Add application/vnd.cups-ppd
+  * Add application/x-ms-shortcut
+  * Give application/x-mswinurl the link icon
+
+- Update to version 2.3:
+  * Add DOS/Windows batch file type
+  * Add Gerber and Excellon drill files
+  * Add JPEG XR mime type
+  * Add Modrinth modpack
+  * Add OpenVPN profile
+  * Add Portable Font Resource application/font-tdpfr.
+  * Add TAK audio mime type
+  * Add application/vnd.microsoft.windows.thumbnail-cache
+  * Add application/vnd.ms-officetheme
+  * Add application/x-bzip for bzip2's deprecated predecessor bzip
+  * Add application/x-bzip3
+  * Add application/x-fishscript and application/x-nuscript
+  * Add application/x-ms-pdb
+  * Add application/x-zpaq
+  * Add definition and test file for StuffIt X archives.
+  * Add image/apng
+  * Add mime type for Typst files
+  * Add mimetype application/x-lmdb
+  * Add mimetype for Blueprint source code
+  * Add mimetype for CBOR
+  * Add mimetype for Devicetree source code
+  * Add mimetype for ERIS link files
+  * Add mimetype for Flattened Devicetree (binary)
+  * Add mimetype for Quite OK Image Format (QOI)
+  * Add perf data file type
+  * Add subclass information for .ppt and .xls
+  * Add support for newer AAXC Audible Audiobook format
+  * Add text/julia for Julia source code
+  * Add text/x-nim and text/x-nimscript
+  * Add todo.txt mime type
+  * Add two new languages
+  * Avoid meson errors when 'build-tools' is set to false
+  * Bump magic priority for application/ovf
+  * CI: Use dnf5 instead of dnf
+  * Change descriptions to say LibreOffice rather than OpenOffice
+  * Don't install man page on Windows
+  * Fix description for audio/x-xi
+  * Give application/x-raw-floppy-disk-image the floppy media icon
+  * Give generic optical disk images the optical media icon
+  * Identify .pdb files without a signature match as
+    application/vnd.palm
+  * Improve matching for message/rfc822
+  * Lengthen image/png magic
+  * Make application/pgp-* not inherit from text/plain
+  * Make application/vnd.squashfs a subclass of
+    application/vnd.efi.img
+  * Make update-mime-database compatible with MSVC (by porting it
+    to C++)
+  * Prefer application/java-archive to application/x-java-archive
+  * Prefer application/vnd.efi.img over
+    application/x-raw-disk-image
+  * Prefer application/vnd.efi.iso over application/x-cd-image
+  * Prefer audio/vnd.wave over audio/x-wav
+  * Prefer video/vnd.avi over video/x-msvideo
+  * Remove "##" magic for matlab files
+  * Rename application/x-bzip to application/x-bzip2
+  * Revert "use Title Case for mime type description"
+  * Update application/sieve.
+  * Updated to latest xdgmime
+  * add tiled map editor map and tileset files
+  * application/javascript: Rename to text/javascript
+  * application/vnd.dart: use IANA registered type
+  * application/vnd.dbf: use IANA registered type
+  * application/yaml: use IANA registered type
+  * audio/x-wav: Add missing sub-class relationship with
+    application/x-riff
+  * buildsystem - add options for building tests and translations
+  * ci: Use ci-templates to build image
+  * ci: Use detached pipelines
+  * icons for 3d model formats
+  * spec: Clarify that namespaceURI can be empty
+  * text/markdown: add x-office-document generic-icon
+  * text/vnd.familysearch.gedcom: use IANA registered type
+  * use Sentence case for mime type descriptions
+  * use Title Case for mime type description
+  * video/vnd.youtube.yt: add magic
+  * video/vnd.youtube.yt: use IANA registered type
+- Add generic c++_compiler BuildRequires: shared-mime-info now
+  depends on a c++ compiler.
+
+- Filter out dependency on /usr/bin/pkg-config: this package is
+  installed on basically all systems, but it also contains a .pc
+  file. Splitting this into a -devel package seems not reasonable.
+
sharutils
+- add sharutils-4.14.2-Pass-compilation-with-Werror-format-security.patch
+
+- No longer recommend -lang: supplements are in use.
+
+- Add -fcommon to optflags. This fixes (boo#1160292), and can be
+  removed if upstream releases a version which compiles with
+  - fno-common
+
+- Drop mailx BuildRequires. The "sync directories over mail" feature
+  has been removed in 4.11.1.
+
+- gnulib-libio.patch: Update gnulib for libio.h removal
+- Use %license for COPYING
+
-- remove useless automake dependency
-
-- add automake as buildrequire to avoid implicit dependency
-
-- Recommends instead of require lang package.
-
-- create sharutils-lang
-
-- Update to 4.11.1. Changes since 2.6.3:
-  4.11.1:
-  * mail-files was completely broken and cannot be in use.  Removed.
-    mailshar (its wrapper script) also remvoed.
-  4.10:
-  * test and handle clobber option correctly in generated scripts.
-  4.9:
-  * Fix up quoting some more in the shar script messages.
-    Translators will not have to worry over shell quoting any more.
-  4.7.1:
-  * uudecode will not create output file names with trailing white space
-  4.7:
-  * fix a grammatical typo in doc/uuencode.1
-  * relicense the product under GPL version 3.
-- Remove unneeded dummy.diff.
-- Prefix all patches with pacckage name.
-
-- updated patches to apply with fuzz=0
-
systemd
+- Import commit 3638837d2aff1d18dd677a9e663b379ccbbb7576
+  fbf9f32eb7 test/test-shutdown.py: optionally display the test I/Os in a dedicated log file
+  cd012774df test-69: send SIGTERM to ask systemd-nspawn to properly stop the container
+  d883b83244 man: Document ranges for distributions config files and local config file
+
+- Import commit 3638837d2aff1d18dd677a9e663b379ccbbb7576 (merge of v254.9)
+- Add 5012-Revert-macro-terminate-the-temporary-VA_ARGS_FOREACH.patch
+  The reverted commit introduced in v254.9 bumped the requirement on the version
+  of gcc from 4.7 to 8 which is not OK for a stable release, especially since
+  the backported commit does not fix any issue per se.
+
+- Move systemd-reboot.service from udev to the main package as this service is
+  useful in containers.
+
+- Update the version of libbpf dlopened by systemd (weak dependency) (bsc#1219440)
+
+- Remove gpt-auto generator (bsc#1218671)
+  The generator is not reliable when the devices it operates on are DM devices
+  and when ESP is mounted via /etc/fstab and it interfers badly in such cases.
+  Until SP6 this generator was present but remained disabled due to the fact
+  that "LoaderDevicePartUUID" EFI variable was not exported by Grub. Given this
+  fact and that SLE doesn't rely on this generator to mount any partitions on a
+  GPT disk, the generator is simply removed from udev for now.
+
+- Add patches that implement [jsc#PED-5659]
+  5003-cgroup-rename-TasksMax-structure-to-CGroupTasksMax.patch
+  5004-bus-print-properties-ignore-CGROUP_LIMIT_MAX-for-Mem.patch
+  5005-bus-print-properties-prettify-more-unset-properties.patch
+  5006-cgroup-Add-EffectiveMemoryMax-EffectiveMemoryHigh-an.patch
+  5007-test-Convert-rlimit-test-to-subtest-of-generic-limit.patch
+  5008-test-Add-effective-cgroup-limits-testing.patch
+  5009-cgroup-Restrict-effective-limits-with-global-resourc.patch
+  5010-cgroup-Rename-effective-limits-internal-table.patch
+  5011-cgroup-Add-EffectiveMemoryMax-compatibility-for-cgro.patch
+  They are temporarily put in quarantine to get broader testing but should be
+  eventually moved to the git repo (except the latest patch, which is SUSE
+  specific).
+
+- Add 5001-Revert-udev-update-devlink-with-the-newer-device-nod.patch
+    5002-Revert-udev-revert-workarounds-for-issues-caused-by-.patch
+  It seems that systemd upstream has a dubious way to fix broken code these
+  days... let's revert these hacks until a final decision is taken to solve
+  https://github.com/systemd/systemd/issues/28141. See also
+  https://github.com/systemd/systemd/pull/30075.
+
+- Remove pam-config call from post scriptlet of systemd-32bit as the full
+  package already does that.
+
+- Import commit 69555aed64578449a7c00aa9f6651faca26bdb7d (merge of v254.8)
+  It includes the following fix:
+    029272750f resolved: actually check authenticated flag of SOA transaction (bsc#1218297 CVE-2023-7008)
+  For a complete list of changes, visit:
+  https://github.com/openSUSE/systemd/compare/327b885182f19f795f3af635bce0adc264bfb334...69555aed64578449a7c00aa9f6651faca26bdb7d
+  - Update 1017-efi-workarounds-for-building-PEs-with-gcc7.patch
+
systemd-presets-common-SUSE
+- Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked
+  (bsc#1200731 ltc#198485 https://github.com/ibm-power-utilities/powerpc-utils/pull/84)
+  Support both the old and new service to avoid complex version interdependency.
+
util-linux
+- Add file conflict of util-linux-tty-tools and busybox-util-linux.
+
+- Upgrade to version 2.39.3 (PED-7694):
+  * libblkid: add support for bcachefs sub-device labels
+  * libblkid: detect large bcachefs superblocks
+  * libblkid: validate that NTFS sector_size is a power of two
+  * libblkid: report endianness for VXFS
+  * libmount: Fix regression when mounting with atime
+  * libmount: accept '\' as escape for options separator
+  * libmount: gracefully handle NULL path in mnt_resolve_target()
+  * libmount: report statx in features list
+  * libsmartcols: handle nameless tables in export format
+  * libuuid: avoid truncation of clocks.txt to improve performance
+  * lscpu: fix caches separator for --parse=<list>
+  * lscpu: Add Phytium FTC862 cpu model
+  * lsfd: fix the form for the optional argument of --inet option
+    in manpage
+  * lsfd: avoid a case of undefined behavior
+  * lsfd: fix a memory leak
+  * lslogins: fix -y option formatting in manpage
+  * more: avoid an out-of-bound access
+  * setpriv: fix some group argument completion
+  * setterm: avoid restoring flags from uninitialized memory
+  * umount: handle bindmounts during --recursive
+  * other changes, see:
+    https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.39/v2.39.3-ReleaseNotes
+  * Changes from 2.39.2:
+  * libblkid: fix topology chain types mismatch
+  * libmount:
+  * handle failure to apply flags as part of a mount operation
+  * improve EPERM interpretation
+  * update documentation for MNT_ERR_APPLYFLAGS
+  * use mount(2) for remount on Linux < 5.14
+  * use some MS_* flags as superblock flags
+  * setarch: add PER_LINUX_FDPIC fallback
+  * uuidd: improve man page for -cont-clock
+  * wall: do not error for ttys that do not exist
+  * zramctl: add hint about supported algorithms
+  * other changes, see:
+    https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.39/v2.39.2-ReleaseNotes
+  * Changes from 2.39.1:
+  * Various bug fixes including problem with parsing mount options.
+    https://www.kernel.org/pub/linux/utils/util-linux/v2.39/v2.39.1-ReleaseNotes
+  * Changes from 2.39:
+  * blkpr: New command to run persistent reservations ioctls on a device.
+  * pipesz: New command to set or examine pipe and FIFO buffer sizes.
+  * waitpid: New command to wait for arbitrary processes.
+  * mount, libmount: Supports new file descriptors based mount kernel API.
+  * mount, libmount: New mount options X-mount.idmap=, X-mount.auto-fstypes,
+    X-mount.{owner,group,mode}=, rootcontext=@target.
+  * renice: Supports posix-compliant -n (via POSIXLY_CORRECT) and add a new
+    option --relative.
+  * dmesg: Supports subsecond granularity for --since and --until.
+  * dmesg: Option --level accepts '+' prefix or postfix for a level name to specify
+    all higher or all lower levels.
+  * blkid, libblkid: Supports bcachefs.
+  * fstrim: New option --types to filter out by filesystem types.
+  * lsblk: --nvme and --virtio are new options to filter out devices.
+  * lsblk: Improves detection of hotplug and removable status.
+  * nsenter: New option --env for allowing environment variables inheritance.
+  * namei: New option -Z to report SELinux contexts.
+  * Many other new features and fixes. For complete list see
+    https://kernel.org/pub/linux/utils/util-linux/v2.39/v2.39-ReleaseNotes
+  * Changes from 2.38.1:
+  * column: fix buffer overflow when -l specified, fix greedy mode
+  on -l
+  * dmesg: fix --since and --until
+  * libmount: when moving a mount point, all sub mount entries in
+    utab should also be updated (bsc#1198731)
+  * libuuid: improve cache handling (bsc#1201959, PED-1150)
+  * lsblk: fix JSON output when without --bytes
+  * lsfd:fix crash triggered by an empty filter expression
+  * sulogin: fix includes (obsoletes linux-fs.patch)
+  * Many other fixes, improvements and code cleanup. For the
+    complete list see
+    https://www.kernel.org/pub/linux/utils/util-linux/v2.38/v2.38.1-ReleaseNotes
+  * Changes from 2.38:
+  * first release with translated util-linux man-pages
+  * mount: new options --mkdir as shortcut for X-mount.mkdir
+  * mount, libmount: new mount options X-mount.subdir=
+  * lsfd: new command
+  * dmesg: new option --json to print kernel log in JSON format
+  * libfdisk: improved to set correct CHS addresses in MBR
+  * fstrim: ignores all /ect/fstab entries with X-fstrim.notrim
+    (jsc#SLE-17942)
+  * hardlink: now supports reflinks and new option --method=
+  * hwclock: new command line options --param-get and --param-set
+  * irqtop: new option --cpu-stat
+  * libblkid: supports zoned disks for btrfs
+  * lsblk: new options --noempty to ignore all devices with zero
+    size, and --zoned to print information about zones
+  * mkswap: new option --quiet
+  * nsenter: new option --wdns to change working directory within
+    namespace
+  * rename: new options --all and --last to replace all or last
+    occurrences of expression rather than the first one
+  * su: now resets RLIMIT_AS, RLIMIT_{NICE,RTPRIO}, RLIMIT_FSIZE
+    and RLIMIT_NOFILE reourse limits.
+  * unshare: new options --map-users= and --map-groups= to map
+    block of group IDs; new option --map-auto to map the first
+    block of user IDs owned by the effective user from /etc/subuid
+  * wdctl: new options --setpregovernor to set pre-timeout governor
+    name, and --setpretimeout to set watchdog pre-timeout in
+    seconds
+  * Many other new features and fixes. For the complete list see
+    https://www.kernel.org/pub/linux/utils/util-linux/v2.38/v2.38-ReleaseNotes
+- Port patches/libmount-print-a-blacklist-hint-for-unknown-filesyst.patch
+- Drop upstreamed patches: util-linux-sulogin4bsc1175514.patch,
+  blockdev-remove-nbsp.patch,
+  util-linux-fstrim-implement-X-fstrim.notrim.patch,
+  util-linux-uuidd-fix-lock-state.patch,
+  util-linux-libuuid-extend-cache.patch (better upstream
+  implementation exists),
+  util-linux-uuidd-prevent-root-owning.patch (it should not happen
+  in the re-implemented libuuid),
+  util-linux-agetty-resolve-tty-if-stdin-is-specified.patch,
+  util-linux-libmount-moving-mount-point-sub-mounts.patch,
+  util-linux-libmount-fix-and-improve-utab-on-ms_move.patch,
+  util-linux-libuuid-uuid_parse-overrun.patch,
+  util-linux-libuuid-improve-cache-handling.patch,
+  util-linux-libuuid-continuous-clock-handling.patch,
+  util-linux-libuuid-check-clock-value.patch,
+  util-linux-fix-tests-when-at-symbol-in-path.patch,
+  util-linux-flock-limitations.patch,
+  util-linux-libuuid-avoid-truncate-clocks.txt-to-improve-perform.patch.
+- Disable failing check fadvise/drop on ppc64le (test file does not
+  appear in the kernel cache at all).
+
+- Minor multibuild fixes (PED-307):
+  * Restore /bin symlinks in util-linux-systemd.
+  * Restore compatibility supplements and split-provides.
+  * Update safety check instructions.
+  * Prevent propagating of structured comments to scriptlets.
+
+- Convert to multibuild (PED-307)
+
xorg-x11-server
-- U_bsc1218845-glx-Call-XACE-hooks-on-the-GLX-buffer.patch
-  * SELinux unlabeled GLX PBuffer (CVE-2024-0408, bsc#1218845)
-- U_bsc1218846-ephyr-xwayland-Use-the-proper-private-key-for-cursor.patch
-  * SELinux context corruption (CVE-2024-0409, bsc#1218846)
-
-- bsc1218582-0001-dix-allocate-enough-space-for-logical-button-maps.patch
-  * Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer
-    (CVE-2023-6816, bsc#1218582)
-- bsc1218583-0001-dix-Allocate-sufficient-xEvents-for-our-DeviceStateN.patch
-  bsc1218583-0002-dix-fix-DeviceStateNotify-event-calculation.patch
-  bsc1218583-0003-Xi-when-creating-a-new-ButtonClass-set-the-number-of.patch
-  * Reattaching to different master device may lead to out-of-bounds memory
-    access ((CVE-2024-0229, bsc#1218583)
-- bsc1218584-0001-Xi-flush-hierarchy-events-after-adding-removing-mast.patch
-  * Heap buffer overflow in XISendDeviceHierarchyEvent
-    (CVE-2024-21885, bsc#1218584)
-- bsc1218585-0001-Xi-do-not-keep-linked-list-pointer-during-recursion.patch
-  bsc1218585-0002-dix-when-disabling-a-master-float-disabled-slaved-de.patch
-  * Heap buffer overflow in DisableDevice (CVE-2024-21886, bsc#1218585)
+- Release 21.1.11 also covers fixes for security issue CVE-2022-46340
+  and bug numbers bsc#1205874, bsc#1217765
+
+- Release 21.1.11 covers fixes for the following bug numbers, which
+  are not mentioned in this changelog before: bsc#1218845,
+  bsc#1218846, bsc#1216261, bsc#1216133, bsc#1216135
+
+- Release 21.1.11 supersedes the following patches still used with
+  xorg-x11-server 21.1.4 on sle15-sp5/Leap 15.5 and not mentioned in
+  this changelog as superseded before:
+  * U_Xext-fix-invalid-event-type-mask-in-XTestSwapFakeInp.patch
+  * U_bsc1216133-mi-reset-the-PointerWindows-reference-on-screen-swit.patch
+  * U_bsc1216135-Xi-randr-fix-handling-of-PropModeAppend-Prepend.patch
+  * U_bsc1216261-0001-mi-fix-CloseScreen-initialization-order.patch
+  * U_bsc1216261-0002-fb-properly-wrap-unwrap-CloseScreen.patch
+  * U_bsc1216261-0003-dix-always-initialize-pScreen-CloseScreen.patch
+  * bsc1218582-0001-dix-allocate-enough-space-for-logical-button-maps.patch
+  * bsc1218583-0001-dix-Allocate-sufficient-xEvents-for-our-DeviceStateN.patch
+  * bsc1218583-0002-dix-fix-DeviceStateNotify-event-calculation.patch
+  * bsc1218583-0003-Xi-when-creating-a-new-ButtonClass-set-the-number-of.patch
+  * bsc1218584-0001-Xi-flush-hierarchy-events-after-adding-removing-mast.patch
+  * bsc1218585-0001-Xi-do-not-keep-linked-list-pointer-during-recursion.patch
+  * bsc1218585-0002-dix-when-disabling-a-master-float-disabled-slaved-de.patch
+  * U_bsc1218845-glx-Call-XACE-hooks-on-the-GLX-buffer.patch
+  * U_bsc1218846-ephyr-xwayland-Use-the-proper-private-key-for-cursor.patch
+
+- xserver sources of this release fixes segfault in Xvnc (bsc#1219311)
+
+- no longer (build-)require obsolete Xprint/XprintUtil
+
+- Update to version 21.1.11
+  * This release contains fixes for the issues reported in today's security
+    advisory: https://lists.x.org/archives/xorg/2024-January/061525.html
+  * CVE-2023-6816  (bsc#1218582)
+  * CVE-2024-0229  (bsc#1218583)
+  * CVE-2024-21885 (bsc#1218584)
+  * CVE-2024-21886 (bsc#1218585)
+  * CVE-2024-0408
+  * CVE-2024-0409
+- supersedes the following patches
+  * U_xephyr-Don-t-check-for-SeatId-anymore.patch
+  * U_bsc1217765-Xi-allocate-enough-XkbActions-for-our-buttons.patch
+  * U_bsc1217766-randr-avoid-integer-truncation-in-length-check-of-Pr.patch
-
-- Add missing fixes on U_bsc1217765-Xi-allocate-enough-XkbActions-for-our-buttons.patch
-  (bsc#1217765).
+  - ------------------------------------------------------------------
-- U_bsc1216261-0003-dix-always-initialize-pScreen-CloseScreen.patch
-  * fixes a regresion, which can trigger a segfault in Xwayland on
-    exit, introduced by
-    U_bsc1216261-0002-fb-properly-wrap-unwrap-CloseScreen.patch
-    (CVE-2023-5574, ZDI-CAN-21213, bsc#1216261)
-
-- U_bsc1216261-0001-mi-fix-CloseScreen-initialization-order.patch
-  U_bsc1216261-0002-fb-properly-wrap-unwrap-CloseScreen.patch
-  * Server Damage Object Use-After-Free Local Privilege Escalation
-    Vulnerability (CVE-2023-5574, ZDI-CAN-21213, bsc#1216261)
-
-- U_bsc1216133-mi-reset-the-PointerWindows-reference-on-screen-swit.patch
-  * Use-after-free bug in DestroyWindow (CVE-2023-5380, ZDI-CAN-21608,
-    bsc#1216133)
-- U_bsc1216135-Xi-randr-fix-handling-of-PropModeAppend-Prepend.patch
-  * fix handling of PropModeAppend/Prepend ((CVE-2023-5367, ZDI-CAN-22153,
-    bsc#1216135)
+- Update to version 21.1.9
+  * This release contains fixes for CVE-2023-5367, CVE-2023-5380
+    and CVE-2023-5574 as reported in today's security advisory:
+    https://lists.x.org/archives/xorg-announce/2023-October/003430.html
+- adjusted u_Use-better-fallbacks-to-generate-cookies-if-arc4rand.patch
+
+- Update to version 21.1.8 (CVE-2023-1393):
+  * This release contains the fix for CVE-2023-1393
+  * composite: Fix use-after-free of the COW
+  * xkbUtils: use existing symbol names instead of deleted
+    deprecated ones
+- Drop U_xserver-composite-Fix-use-after-free-of-the-COW.patch:
+  Fixed upstream
+- Switch back to tarball release, drop source service, add keyring
+  and sig files.
-- U_Xext-fix-invalid-event-type-mask-in-XTestSwapFakeInp.patch
-  * fixes regression introduced with security update for
-    CVE-2022-46340 (bsc#1205874)
+- Update to version xorg-server-21.1.7:
+  * This release contains the fix for CVE-2023-0494 in today's security
+    advisory:
+    https://lists.x.org/archives/xorg-announce/2023-February/003320.html
+    It also fixes a second possible OOB access during EnqueueEvent and a
+    crasher caused by ResourceClientBits not correctly honouring the
+    MaxClients value in the configuration file.
+- supersedes U_Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch,
+  U_xorg-server-oob-read-enqueue-event.patch
+- rename u_xorg-server-oob-read-enqueue-event.patch to
+  U_xorg-server-oob-read-enqueue-event.patch since it's already
+  upstream
+
+- Add u_xorg-server-oob-read-enqueue-event.patch: fix an
+  out-of-bounds read in EnqueueEvent.
+
+- Update to version xorg-server-21.1.6:
+  * xserver 21.1.6
+  * Xext: fix invalid event type mask in XTestSwapFakeInput
+  * xkb: fix some possible memleaks in XkbGetKbdByName
+  * xkb: proof GetCountedString against request length attacks
+  * xquartz: Fix some formatting
+  * XQuartz: stub: Call LSOpenApplication instead of fork()/exec()
+- drop the following upstream patches:
+  U_xkb-proof-GetCountedString-against-request-length-at.patch
+  U_xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch
+
+- Update to version xorg-server-21.1.5:
+  * xkb: reset the radio_groups pointer to NULL after freeing it
+  * Xi: avoid integer truncation in length check of ProcXIChangeProperty
+  * Xi: return an error from XI property changes if verification failed
+  * Xext: free the screen saver resource when replacing it
+  * Xext: free the XvRTVideoNotify when turning off from the same client
+  * Xi: disallow passive grabs with a detail > 255
+  * Xtest: disallow GenericEvents in XTestSwapFakeInput
+  * meson: Don't build COMPOSITE for XQuartz
+  * xquartz: Move default applications list outside of the main executable
+  * xquartz: Remove unused macro (X11LIBDIR)
+- drop the following upstream patches:
+  U_0007-xkb-reset-the-radio_groups-pointer-to-NULL-after-fre.patch
+  U_0002-Xi-return-an-error-from-XI-property-changes-if-verif.patch
+  U_0003-Xi-avoid-integer-truncation-in-length-check-of-ProcX.patch
+  U_0004-Xi-disallow-passive-grabs-with-a-detail-255.patch
+  U_0005-Xext-free-the-screen-saver-resource-when-replacing-i.patch
+  U_0006-Xext-free-the-XvRTVideoNotify-when-turning-off-from-.patch
+  U_0001-Xtest-disallow-GenericEvents-in-XTestSwapFakeInput.patch
+
xscreensaver
-- Update xscreensaver-disable-upgrade-nagging-message.patch to
-  cover new messages. (boo#1206345, bsc#1217318)
+- update to 6.08:
+  * fixes for other platforms
+
+- update to 6.07:
+  * New hacks, droste, skulloop, papercube and cubocteversion
+  * xscreensaver-settings was sometimes turning off the DPMS
+    checkbox
+  * Log pid of caller of deactivate command, to give a hint about
+    who is preventing the screen from blanking
+  * Updates to sphereeversion.
+  * Added some new map sources to mapscroller.
+  * Various other minor bug fixes.
+- leave a nice notice for a very angry upstream developer in
+  xscreensaver-disable-upgrade-nagging-message.patch
+- drop xscreensaver-bsc1204744.patch, included upstream
+
+- Drop obsolete patch (bsc#1203594).
+  - xscreensaver-slideshow-dri-detect.patch
+- Use autosetup
+
+- Added spec file changes to handle hard-coded PAM directories.
+  * bsc#1204744
-- Drop obsolete patch (bsc#1203594).
-  - xscreensaver-slideshow-dri-detect.patch
-- Use autosetup
+- Migration of PAM settings to /usr/lib/pam.d.
+
+- update to 6.06:
+  * New hack hextrail
+  * marbling works again
+  * Adjust old hacks for higher resolution displays
+  * X11: More robust desktop image grabbing.
+  * X11: Various improvements to xscreensaver-settings
+  * X11: Supports "Lock" messages from systemd, e.g. when
+    logind.conf has "HandleLidSwitch=lock" instead of "suspend".
+  * Retired thornbird, which is redundant with discrete.
+- drop xscreensaver-gtk3.patch, upstream
+
+- fix removal of nagging message boo#1206345
+
+- update to version 6.05.1:
+  * Cope with dumb DPMS settings that existed pre-startup.
+  * Silence new Perl warnings from xscreensaver-getimage-file.
+  * Fix sonar pthreads crash on recent Pi systems.
+  * Removed dependence on gdk-pixbuf-xlib-2.0.
+  * GTK 3 is now required.
+  * New hacks, nakagin and chompytower.
+  * Settings dialog shows diagnostics for bad image folders and
+    feeds.
+  * URLs for imageDirectory can now point at archive.org
+    collections.
+  * Sliders for various "Speed" preferences are easier to use.
+  * Settings dialog shows saver description below embedded preview.
+  * Better behavior when zero monitors are attached.
+  * Improvements to inhibiting blanking while videos are playing:
+    No longer necessary to hack GNOME and KDE to get them to not
+    usurp the org.freedesktop.ScreenSaver endpoint.
+  * unicrud displays character names.
+  * Updated webcollage.
+- Ignore selected unbrecognized options generated by %%configure
+  (xscreensaver-unrecognized-opts.patch).
+- Properly find gtk3 directories (xscreensaver-gtk3.patch).
+- Refresh xscreensaver-bug-reports.patch,
+  xscreensaver-default-screensaver.patch,
+  xscreensaver-fireworkx-man.patch.
+- Fix build with autoconf 2.71: call sed only after autoreconf.
+  autoconf 2.71 internally calls intltoolize again, overwriting
+  po/Makefile.in.in.
+
+- Copy config.rpath from gettext to have autoreconf work for autoconf
+  2.71
+
xz
-- Fix ZDI-CAN-16587 Fix escaping of malicious filenames
-  (ZDI-CAN-16587 bsc#1198062 CVE-2022-1271)
-  * bsc1198062.patch
+- Build static library on SLE
+
+- update to 5.4.6:
+  * Fixed a bug involving internal function pointers in liblzma
+    not being initialized to NULL. The bug can only be
+    triggered if lzma_filters_update() is called on a LZMA1
+    encoder, so it does not affect xz or any application known
+    to us that uses liblzma.
+  * Fixed a regression introduced in 5.4.2 that caused
+    encoding in the raw format to unnecessarily fail if --suffix
+    was not used. For instance, the following command no longer
+    reports that --suffix must be used:
+    echo foo | xz --format=raw --lzma2 | wc -c
+  * Fixed an issue on MinGW-w64 builds that prevented
+    reading from or writing to non-terminal character devices
+    like NUL.
+  * Added a new test.
+
+- Update to version 5.4.5:
+  * liblzma:
+  - Fixed an assertion failure that could be triggered by a large
+    unpadded_size argument. It was verified that there was no
+    other bug than the assertion failure.
+  - Fixed a bug that prevented building with Windows Vista
+    threading when __attribute__((__constructor__)) is not
+    supported.
+  * xz now properly handles special files such as "con" or "nul" on
+    Windows. Before this fix, the following wrote "foo" to the
+    console and deleted the input file "con_xz":
+    echo foo | xz > con_xz
+    xz --suffix=_xz --decompress con_xz
+  * Small fixes and improvements to the tests.
+  * Updated translations: Chinese (simplified) and Esperanto.
+
+- xznew: Remove bashsism.
+- build: pass CONFIG_SHELL=/bin/sh to configure: the posix tools
+  are setting the current SHELL as the shebang, which is overkill:
+  any posix compliant shell, aka /bin/sh, is sufficient.
+
+- Update to version 5.4.4:
+  * liblzma and xzdec can now build against WASI SDK when threading
+    support is disabled. xz and tests don't build yet.
+  * documentation update
+  * translations update
+
+- Update to version 5.4.3:
+  * Build system fixes
+  * Translation updates: Croatian
+- update signing key
+
+- Update license tag, there is GPL-3.0-or-later code too.
+
+- Update to version 5.4.2:
+  * All fixes from 5.2.11 that were not included in 5.4.1.
+  * If xz is built with support for the Capsicum sandbox but running
+    in an environment that doesn't support Capsicum, xz now runs
+    normally without sandboxing instead of exiting with an error.
+  * liblzma:
+  - Documentation was updated to improve the style, consistency,
+    and completeness of the liblzma API headers.
+  - The Doxygen-generated HTML documentation for the liblzma API
+    header files is now included in the source release and is
+    installed as part of "make install". All JavaScript is
+    removed to simplify license compliance and to reduce the
+    install size.
+  - Fixed a minor bug in lzma_str_from_filters() that produced
+    too many filters in the output string instead of reporting
+    an error if the input array had more than four filters. This
+    bug did not affect xz.
+  * Build systems:
+  - autogen.sh now invokes the doxygen tool via the new wrapper
+    script doxygen/update-doxygen, unless the command line option
+  - -no-doxygen is used.
+  - Added microlzma_encoder.c and microlzma_decoder.c to the
+    VS project files for Windows and to the CMake build. These
+    should have been included in 5.3.2alpha.
+  * Tests:
+  - Added a test to the CMake build that was forgotten in the
+    previous release.
+  - Added and refactored a few tests.
+  * Translations:
+  - Updated the Brazilian Portuguese translation.
+  - Added Brazilian Portuguese man page translation.
+
+- Build AVX2 enabled hwcaps library for x86_64-v3
+
+- update to 5.4.1:
+  * liblzma:
+  - Fixed the return value of lzma_microlzma_encoder() if the
+    LZMA options lc/lp/pb are invalid. Invalid lc/lp/pb options
+    made the function return LZMA_STREAM_END without encoding
+    anything instead of returning LZMA_OPTIONS_ERROR.
+  * Tests:
+  - Fixed test script compatibility with ancient /bin/sh
+    versions. Now the five test_compress_* tests should
+    no longer fail on Solaris 10.
+  - Added and refactored a few tests.
+  * Translations:
+  - Updated the Catalan and Esperanto translations.
+  - Added Korean and Ukrainian man page translations.
+
+- update to 5.4.0:
+    This bumps the minor version of liblzma because new features were
+    added. The API and ABI are still backward compatible with liblzma
+    5.2.x and 5.0.x.
+    Summary of new features added in the 5.3.x development releases:
+  * liblzma:
+  - Added threaded .xz decompressor lzma_stream_decoder_mt().
+    It can use multiple threads with .xz files that have multiple
+    Blocks with size information in Block Headers. The threaded
+    encoder in xz has always created such files.
+    Single-threaded encoder cannot store the size information in
+    Block Headers even if one used LZMA_FULL_FLUSH to create
+    multiple Blocks, so this threaded decoder cannot use multiple
+    threads with such files.
+    If there are multiple Streams (concatenated .xz files), one
+    Stream will be decompressed completely before starting the
+    next Stream.
+  - A new decoder flag LZMA_FAIL_FAST was added. It makes the
+    threaded decompressor report errors soon instead of first
+    flushing all pending data before the error location.
+  - New Filter IDs:
+  * LZMA_FILTER_ARM64 is for ARM64 binaries.
+  * LZMA_FILTER_LZMA1EXT is for raw LZMA1 streams that don't
+    necessarily use the end marker.
+  - Added lzma_str_to_filters(), lzma_str_from_filters(), and
+    lzma_str_list_filters() to convert a preset or a filter chain
+    string to a lzma_filter[] and vice versa. These should make
+    it easier to write applications that allow users to specify
+    custom compression options.
+  - Added lzma_filters_free() which can be convenient for freeing
+    the filter options in a filter chain (an array of lzma_filter
+    structures).
+  - lzma_file_info_decoder() to makes it a little easier to get
+    the Index field from .xz files. This helps in getting the
+    uncompressed file size but an easy-to-use random access
+    API is still missing which has existed in XZ for Java for
+    a long time.
+  - Added lzma_microlzma_encoder() and lzma_microlzma_decoder().
+    It is used by erofs-utils and may be used by others too.
+    The MicroLZMA format is a raw LZMA stream (without end marker)
+    whose first byte (always 0x00) has been replaced with
+    bitwise-negation of the LZMA properties (lc/lp/pb). It was
+    created for use in EROFS but may be used in other contexts
+    as well where it is important to avoid wasting bytes for
+    stream headers or footers. The format is also supported by
+    XZ Embedded (the XZ Embedded version in Linux got MicroLZMA
+    support in Linux 5.16).
+    The MicroLZMA encoder API in liblzma can compress into a
+    fixed-sized output buffer so that as much data is compressed
+    as can be fit into the buffer while still creating a valid
+    MicroLZMA stream. This is needed for EROFS.
+  - Added lzma_lzip_decoder() to decompress the .lz (lzip) file
+    format version 0 and the original unextended version 1 files.
+    Also lzma_auto_decoder() supports .lz files.
+  - lzma_filters_update() can now be used with the multi-threaded
+    encoder (lzma_stream_encoder_mt()) to change the filter chain
+    after LZMA_FULL_BARRIER or LZMA_FULL_FLUSH.
+  - In lzma_options_lzma, allow nice_len = 2 and 3 with the match
+    finders that require at least 3 or 4. Now it is internally
+    rounded up if needed.
+  - CLMUL-based CRC64 on x86-64 and E2K with runtime processor
+    detection. On 32-bit x86 it currently isn't available unless
+  - -disable-assembler is used which can make the non-CLMUL
+    CRC64 slower; this might be fixed in the future.
+  - Building with --disable-threads --enable-small
+    is now thread-safe if the compiler supports
+    __attribute__((__constructor__)).
+  * xz:
+  - Using -T0 (--threads=0) will now use multi-threaded encoder
+    even on a single-core system. This is to ensure that output
+    from the same xz binary is identical on both single-core and
+    multi-core systems.
+  - --threads=+1 or -T+1 is now a way to put xz into
+    multi-threaded mode while using only one worker thread.
+    The + is ignored if the number is not 1.
+  - A default soft memory usage limit is now used for compression
+    when -T0 is used and no explicit limit has been specified.
+    This soft limit is used to restrict the number of threads
+    but if the limit is exceeded with even one thread then xz
+    will continue with one thread using the multi-threaded
+    encoder and this limit is ignored. If the number of threads
+    is specified manually then no default limit will be used;
+    this affects only -T0.
+    This change helps on systems that have very many cores and
+    using all of them for xz makes no sense. Previously xz -T0
+    could run out of memory on such systems because it attempted
+    to reserve memory for too many threads.
+    This also helps with 32-bit builds which don't have a large
+    amount of address space that would be required for many
+    threads. The default soft limit for -T0 is at most 1400 MiB
+    on all 32-bit platforms.
+  - Previously a low value in --memlimit-compress wouldn't cause
+    xz to switch from multi-threaded mode to single-threaded mode
+    if the limit cannot otherwise be met; xz failed instead. Now
+    xz can switch to single-threaded mode and then, if needed,
+    scale down the LZMA2 dictionary size too just like it already
+    did when it was started in single-threaded mode.
+  - The option --no-adjust no longer prevents xz from scaling down
+    the number of threads as that doesn't affect the compressed
+    output (only performance). Now --no-adjust only prevents
+    adjustments that affect compressed output, that is, with
+  - -no-adjust xz won't switch from multi-threaded mode to
+    single-threaded mode and won't scale down the LZMA2
+    dictionary size.
+  - Added a new option --memlimit-mt-decompress=LIMIT. This is
+    used to limit the number of decompressor threads (possibly
+    falling back to single-threaded mode) but it will never make
+    xz refuse to decompress a file. This has a system-specific
+    default value because without any limit xz could end up
+    allocating memory for the whole compressed input file, the
+    whole uncompressed output file, multiple thread-specific
+    decompressor instances and so on. Basically xz could
+    attempt to use an insane amount of memory even with fairly
+    common files. The system-specific default value is currently
+    the same as the one used for compression with -T0.
+    The new option works together with the existing option
+  - -memlimit-decompress=LIMIT. The old option sets a hard limit
+    that must not be exceeded (xz will refuse to decompress)
+    while the new option only restricts the number of threads.
+    If the limit set with --memlimit-mt-decompress is greater
+    than the limit set with --memlimit-compress, then the latter
+    value is used also for --memlimit-mt-decompress.
+  - Added new information to the output of xz --info-memory and
+    new fields to the output of xz --robot --info-memory.
+  - In --lzma2=nice=NUMBER allow 2 and 3 with all match finders
+    now that liblzma handles it.
+  - Don't mention endianness for ARM and ARM-Thumb filters in
+  - -long-help. The filters only work for little endian
+    instruction encoding but modern ARM processors using
+    big endian data access still use little endian
+    instruction encoding. So the help text was misleading.
+    In contrast, the PowerPC filter is only for big endian
+    32/64-bit PowerPC code. Little endian PowerPC would need
+    a separate filter.
+  - Added decompression support for the .lz (lzip) file format
+    version 0 and the original unextended version 1. It is
+    autodetected by default. See also the option --format on
+    the xz man page.
+  - Sandboxing enabled by default:
+  * Capsicum (FreeBSD)
+  * pledge(2) (OpenBSD)
+  * Scripts now support the .lz format using xz.
+  * A few new tests were added.
+  * The liblzma-specific tests are now supported in CMake-based
+    builds too ("make test").
+
+- update to 5.2.10:
+  * xz: Don't modify argv[] when parsing the --memlimit* and
+  - -block-list command line options. This fixes confusing
+    arguments in process listing (like "ps auxf").
+  * GNU/Linux only: Use __has_attribute(__symver__) to detect if
+    that attribute is supported. This fixes build on Mandriva where
+    Clang is patched to define __GNUC__ to 11 by default (instead
+    of 4 as used by Clang upstream).
+  * liblzma:
+  - Fixed an infinite loop in LZMA encoder initialization
+    if dict_size >= 2 GiB.
+  - Fixed two cases of invalid free() that can happen if
+    a tiny allocation fails in encoder re-initialization
+    or in lzma_filters_update(). These bugs had some
+    similarities with the bug fixed in 5.2.7.
+  - Fixed lzma_block_encoder() not allowing the use of
+    LZMA_SYNC_FLUSH with lzma_code() even though it was
+    documented to be supported. The sync-flush code in
+    the Block encoder was already used internally via
+    lzma_stream_encoder(), so this was just a missing flag
+    in the lzma_block_encoder() API function.
+  - GNU/Linux only: Don't put symbol versions into static
+    liblzma as it breaks things in some cases (and even if
+    it didn't break anything, symbol versions in static
+    libraries are useless anyway). The downside of the fix
+    is that if the configure options --with-pic or --without-pic
+    are used then it's not possible to build both shared and
+    static liblzma at the same time on GNU/Linux anymore;
+    with those options --disable-static or --disable-shared
+    must be used too.
+- drop unused xz-devel-static which is no longer supported when using
+  - -with-pic (which is needed for shared libs)
+
+- Rename xz-static-devel -> xz-devel-static to follow the general
+  naming used in openSUSE.
+
+- Update to 5.2.8:
+  * xz:
+  - If xz cannot remove an input file when it should, this
+    is now treated as a warning (exit status 2) instead of
+    an error (exit status 1). This matches GNU gzip and it
+    is more logical as at that point the output file has
+    already been successfully closed.
+  - Fix handling of .xz files with an unsupported check type.
+    Previously such printed a warning message but then xz
+    behaved as if an error had occurred (didn't decompress,
+    exit status 1). Now a warning is printed, decompression
+    is done anyway, and exit status is 2. This used to work
+    slightly before 5.0.0. In practice this bug matters only
+    if xz has been built with some check types disabled. As
+    instructed in PACKAGERS, such builds should be done in
+    special situations only.
+  - Fix "xz -dc --single-stream tests/files/good-0-empty.xz"
+    which failed with "Internal error (bug)". That is,
+  - -single-stream was broken if the first .xz stream in
+    the input file didn't contain any uncompressed data.
+  - Fix displaying file sizes in the progress indicator when
+    working in passthru mode and there are multiple input files.
+    Just like "gzip -cdf", "xz -cdf" works like "cat" when the
+    input file isn't a supported compressed file format. In
+    this case the file size counters weren't reset between
+    files so with multiple input files the progress indicator
+    displayed an incorrect (too large) value.
+  * liblzma:
+  - API docs in lzma/container.h:
+  * Update the list of decoder flags in the decoder
+    function docs.
+  * Explain LZMA_CONCATENATED behavior with .lzma files
+    in lzma_auto_decoder() docs.
+  - OpenBSD: Use HW_NCPUONLINE to detect the number of
+    available hardware threads in lzma_physmem().
+  - Fix use of wrong macro to detect x86 SSE2 support.
+    __SSE2_MATH__ was used with GCC/Clang but the correct
+    one is __SSE2__. The first one means that SSE2 is used
+    for floating point math which is irrelevant here.
+    The affected SSE2 code isn't used on x86-64 so this affects
+    only 32-bit x86 builds that use -msse2 without -mfpmath=sse
+    (there is no runtime detection for SSE2). It improves LZMA
+    compression speed (not decompression).
+  - Fix the build with Intel C compiler 2021 (ICC, not ICX)
+    on Linux. It defines __GNUC__ to 10 but doesn't support
+    the __symver__ attribute introduced in GCC 10.
+  * Scripts: Ignore warnings from xz by using --quiet --no-warn.
+  This is needed if the input .xz files use an unsupported
+  check type.
+  * Translations:
+  - Updated Croatian and Turkish translations.
+  - One new translations wasn't included because it needed
+    technical fixes. It will be in upcoming 5.4.0. No new
+    translations will be added to the 5.2.x branch anymore.
+  - Renamed the French man page translation file from
+    fr_FR.po to fr.po and thus also its install directory
+    (like /usr/share/man/fr_FR -> .../fr).
+  - Man page translations for upcoming 5.4.0 are now handled
+    in the Translation Project.
+  * Update doc/faq.txt a little so it's less out-of-date.
+
+- Move localised man pages to lang subpackage
+
+- update to 5.2.7:
+  * liblzma:
+  - Add API doc note about the .xz decoder LZMA_MEMLIMIT_ERROR bug.
+  - Add dest and src NULL checks to lzma_index_cat.
+    The documentation states LZMA_PROG_ERROR can be returned from
+    lzma_index_cat. Previously, lzma_index_cat could not return
+    LZMA_PROG_ERROR. Now, the validation is similar to
+    lzma_index_append, which does a NULL check on the index
+    parameter.
+  - Fix copying of check type statistics in lzma_index_cat().
+    The check type of the last Stream in dest was never copied to
+    dest->checks (the code tried to copy it but it was done too late).
+    This meant that the value returned by lzma_index_checks() would
+    only include the check type of the last Stream when multiple
+    lzma_indexes had been concatenated.
+    In xz --list this meant that the summary would only list the
+    check type of the last Stream, so in this sense this was only
+    a visual bug. However, it's possible that some applications
+    use this information for purposes other than merely showing
+    it to the users in an informational message. I'm not aware of
+    such applications though and it's quite possible that such
+    applications don't exist.
+    Regular streamed decompression in xz or any other application
+    doesn't use lzma_index_cat() and so this bug cannot affect them.
+  - Stream decoder: Fix restarting after LZMA_MEMLIMIT_ERROR.
+    If lzma_code() returns LZMA_MEMLIMIT_ERROR it is now possible
+    to use lzma_memlimit_set() to increase the limit and continue
+    decoding. This was supposed to work from the beginning but
+    there was a bug. With other decoders (.lzma or threaded .xz)
+    this already worked correctly.
+  - lzma_filters_copy: Keep dest[] unmodified if an error occurs.
+    lzma_stream_encoder() and lzma_stream_encoder_mt() always assumed
+    this. Before this patch, failing lzma_filters_copy() could result
+    in free(invalid_pointer) or invalid memory reads in stream_encoder.c
+    or stream_encoder_mt.c.
+    To trigger this, allocating memory for a filter options structure
+    has to fail. These are tiny allocations so in practice they very
+    rarely fail.
+    Certain badness in the filter chain array could also make
+    lzma_filters_copy() fail but both stream_encoder.c and
+    stream_encoder_mt.c validate the filter chain before
+    trying to copy it, so the crash cannot occur this way.
+  - lzma_index_append: Add missing integer overflow check.
+    The documentation in src/liblzma/api/lzma/index.h suggests that
+    both the unpadded (compressed) size and the uncompressed size
+    are checked for overflow, but only the unpadded size was checked.
+    The uncompressed check is done first since that is more likely to
+    occur than the unpadded or index field size overflows.
+  - Vaccinate against an ill patch from RHEL/CentOS 7.
+  * xzgrep:
+  - Fix compatibility with old shells.
+    Turns out that some old shells don't like apostrophes (') inside
+    command substitutions. The problem was introduced by commits
+    69d1b3fc29677af8ade8dc15dba83f0589cb63d6 (2022-03-29),
+    bd7b290f3fe4faeceb7d3497ed9bf2e6ed5e7dc5 (2022-07-18), and
+    a648978b20495b7aa4a8b029c5a810b5ad9d08ff (2022-07-19).
+    5.2.6 is the only stable release that included
+    this problem.
+  * Translations: Add Turkish translation.
+
+- update to 5.2.6 (CVE-2022-1271, bsc#1198062):
+  * xz:
+  - The --keep option now accepts symlinks, hardlinks, and
+    setuid, setgid, and sticky files.
+  - When copying metadata from the source file to the destination
+    file, don't try to set the group (GID) if it is already set
+    correctly. This avoids a failure on OpenBSD (and possibly on
+    a few other OSes) where files may get created so that their
+    group doesn't belong to the user, and fchown(2) can fail even
+    if it needs to do nothing.
+  - Cap --memlimit-compress to 2000 MiB instead of 4020 MiB on
+    MIPS32 because on MIPS32 userspace processes are limited
+    to 2 GiB of address space.
+  * liblzma:
+  - Fixed a missing error-check in the threaded encoder. If a
+    small memory allocation fails, a .xz file with an invalid
+    Index field would be created. Decompressing such a file would
+    produce the correct output but result in an error at the end.
+    Thus this is a "mild" data corruption bug. Note that while
+    a failed memory allocation can trigger the bug, it cannot
+    cause invalid memory access.
+  - The decoder for .lzma files now supports files that have
+    uncompressed size stored in the header and still use the
+    end of payload marker (end of stream marker) at the end
+    of the LZMA stream. Such files are rare but, according to
+    the documentation in LZMA SDK, they are valid.
+    doc/lzma-file-format.txt was updated too.
+  - Improved 32-bit x86 assembly files:
+  * Support Intel Control-flow Enforcement Technology (CET)
+  * Use non-executable stack on FreeBSD.
+  * xzgrep:
+  - Fixed arbitrary command injection via a malicious filename
+    (CVE-2022-1271, ZDI-CAN-16587). A standalone patch for
+    this was released to the public on 2022-04-07. A slight
+    robustness improvement has been made since then and, if
+    using GNU or *BSD grep, a new faster method is now used
+    that doesn't use the old sed-based construct at all. This
+    also fixes bad output with GNU grep >= 3.5 (2020-09-27)
+    when xzgrepping binary files.
+  - Fixed detection of corrupt .bz2 files.
+  - Improved error handling to fix exit status in some situations
+    and to fix handling of signals: in some situations a signal
+    didn't make xzgrep exit when it clearly should have. It's
+    possible that the signal handling still isn't quite perfect
+    but hopefully it's good enough.
+  - Documented exit statuses on the man page.
+  - xzegrep and xzfgrep now use "grep -E" and "grep -F" instead
+    of the deprecated egrep and fgrep commands.
+  - Fixed parsing of the options -E, -F, -G, -P, and -X. The
+    problem occurred when multiple options were specied in
+    a single argument, for example,
+    echo foo | xzgrep -Fe foo
+    treated foo as a filename because -Fe wasn't correctly
+    split into -F -e.
+  - Added zstd support.
+  * xzdiff/xzcmp:
+  - Fixed wrong exit status. Exit status could be 2 when the
+    correct value is 1.
+  - Documented on the man page that exit status of 2 is used
+    for decompression errors.
+  - Added zstd support.
+  * xzless:
+  - Fix less(1) version detection. It failed if the version number
+    from "less -V" contained a dot.
+
+- use https urls.
+
+- Upgrade old rpm constructs.
+
+- Update to 5.2.5:
+  * liblzma:
+  - Fixed several C99/C11 conformance bugs. Now the code is clean
+    under gcc/clang -fsanitize=undefined. Some of these changes
+    might have a negative effect on performance with old GCC
+    versions or compilers other than GCC and Clang. The configure
+    option --enable-unsafe-type-punning can be used to (mostly)
+    restore the old behavior but it shouldn't normally be used.
+  - Improved API documentation of lzma_properties_decode().
+  - Added a very minor encoder speed optimization.
+  * xz:
+  - Fixed a crash in "xz -dcfv not_an_xz_file". All four options
+    were required to trigger it. The crash occurred in the
+    progress indicator code when xz was in passthru mode where
+    xz works like "cat".
+  - Fixed an integer overflow with 32-bit off_t. It could happen
+    when decompressing a file that has a long run of zero bytes
+    which xz would try to write as a sparse file. Since the build
+    system enables large file support by default, off_t is
+    normally 64-bit even on 32-bit systems.
+  - Fixes for --flush-timeout:
+  * Fix semi-busy-waiting.
+  * Avoid unneeded flushes when no new input has arrived
+    since the previous flush was completed.
+  - Added a special case for 32-bit xz: If --memlimit-compress is
+    used to specify a limit that exceeds 4020 MiB, the limit will
+    be set to 4020 MiB. The values "0" and "max" aren't affected
+    by this and neither is decompression. This hack can be
+    helpful when a 32-bit xz has access to 4 GiB address space
+    but the specified memlimit exceeds 4 GiB. This can happen
+    e.g. with some scripts.
+  - Capsicum sandbox is now enabled by default where available
+    (FreeBSD >= 10). The sandbox debug messages (xz -vv) were
+    removed since they seemed to be more annoying than useful.
+
+- Do not recommend lang package. The lang package already has a supplements.
+
+- Use FAT LTO objects in order to provide proper static library.
+- xz 5.2.4:
+  * liblzma:
+  - Allow 0 as memory usage limit instead of returning
+    LZMA_PROG_ERROR. Now 0 is treated as if 1 byte was specified,
+    which effectively is the same as 0.
+  - Use "noexcept" keyword instead of "throw()" in the public
+    headers when a C++11 (or newer standard) compiler is used.
+  - Added a portability fix for recent Intel C Compilers.
+  * xz:
+  - Fix "xz --list --robot missing_or_bad_file.xz" which would
+    try to print an unitialized string and thus produce garbage
+    output. Since the exit status is non-zero, most uses of such
+    a command won't try to interpret the garbage output.
+  - "xz --list foo.xz" could print "Internal error (bug)" in a
+    corner case where a specific memory usage limit had been set.
+
yast2-installation
+- Restore the selected products after reloading the package
+  manager, properly install all products for new modules and
+  extensions when upgrading from SLE12 (bsc#1218391)
+- 4.6.10
+
yast2-network
+- Consider firmware configured interfaces as non bridgeable
+  (bsc#1218595).
+- 4.6.8
+
yast2-packager
+- SLE HPC is not a base product anymore, it is replaced by
+  SLES + HPC module, added migration mapping (jsc#PED-7841)
+- 4.6.7
+
+- Fixed ERB template loading in self update, if the template
+  cannot be found using a relative path then fallback to the
+  absolute path (bsc#1219174)
+- 4.6.6
+
yast2-storage-ng
+- jsc#PED-6407
+  - new env variable YAST_REUSE_LVM for reusing LVM in new
+    installation. It can be used as linuxrc boot param.
+- 4.6.15
+