Packages changed:
  alsa (1.2.5.1 -> 1.2.6)
  cloud-init
  dbus-1-glib
  double-conversion (3.1.5 -> 3.1.6)
  fftw3 (3.3.9 -> 3.3.10)
  grub2
  kmod
  libXfixes
  perl-Try-Tiny (0.30 -> 0.31)
  qemu
  re2
  runc (1.0.2 -> 1.0.3)
  soundtouch (2.2 -> 2.3.1)
  sudo (1.9.7p2 -> 1.9.8p2)
  suse-module-tools (16.0.14+2 -> 16.0.16)
  tpm2.0-abrmd
  tpm2.0-tools

=== Details ===

==== alsa ====
Version update (1.2.5.1 -> 1.2.6)

- Update to version 1.2.6:
  lots of changes, including UCM and config updates and rawmidi
  framing mode support: for details, see below
  https://www.alsa-project.org/wiki/Changes_v1.2.5.1_v1.2.6#alsa-lib
- Add *.sig file for the source tarball

==== cloud-init ====

- Remove unneeded BuildRequires on python3-nose.

==== dbus-1-glib ====

- Add relevant dbus-1-glib-<targettype> provides/obsoletes also in
  baselibs.conf (boo#1193502).

==== double-conversion ====
Version update (3.1.5 -> 3.1.6)

- update to 3.1.6:
  * Features some code cleanups.
  * Adds the following new architectures: loongarch, xtensa, nios2, e2k.

==== fftw3 ====
Version update (3.3.9 -> 3.3.10)

- update to 3.3.10:
  * Fix bug that would cause 2-way SIMD (notably SSE2 in double precision)
    to attempt unaligned accesses in certain obscure cases, causing
    segfaults.
  * This test computes a pair of length-4 real->complex transforms where
    the second input is 5 real numbers away from the first input.  That
    is, there is a gap of one real number between the first and second
    input array.  The -oexhaustive level allow FFTW to attempt to
    compute this transform by reducing it to a pair of complex
    transforms of length 2, but now the second input is not aligned to a
    complex-number boundary.  The fact that 5 is odd is the problem.
  * The bug cannot occur in complex->complex transforms because the
    complex interface accepts strides in units of complex numbers, so
    strides are aligned by construction.

==== grub2 ====
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi

- Fix extent not found when initramfs contains shared extents (bsc#1190982)
  * 0001-fs-btrfs-Make-extent-item-iteration-to-handle-gaps.patch

==== kmod ====
Subpackages: libkmod2

- Ensure that kmod and packages linking to libkmod provide same features
  (bsc#1193430).

==== libXfixes ====

- update to version 6.0 is needed for GNOME41, particularly the
  gnome-settings-daemon's new feature to disconnect from Xwayland
  (JIRA #SLE-22829)

==== perl-Try-Tiny ====
Version update (0.30 -> 0.31)

- updated to 0.31
  see /usr/share/doc/packages/perl-Try-Tiny/Changes
  0.31      2021-11-23 20:29:12Z
  - plug Syntax::Keyword::Try and Feature::Compat::Try in the docs

==== qemu ====

* Patches added (bsc#1186256):
  qemu-binfmt-conf.sh-allow-overriding-SUS.patch
- cross-i386-binutils and cross-i386-gcc are not needed and were
  dropped from Factory - boo#1193424

==== re2 ====

- Use newer libs and GCC on Leap 15.3 & 15.4

==== runc ====
Version update (1.0.2 -> 1.0.3)

- Update to runc v1.0.3. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.3. CVE-2021-43784
  * A potential vulnerability was discovered in runc (related to an internal
    usage of netlink), however upon further investigation we discovered that
    while this bug was exploitable on the master branch of runc, no released
    version of runc could be exploited using this bug. The exploit required
    being able to create a netlink attribute with a length that would overflow a
    uint16 but this was not possible in any released version of runc. For more
    information see GHSA-v95c-p5hm-xq8f and CVE-2021-43784.
    Due to an abundance of caution we decided to do an emergency release with
    this fix, but to reiterate we do not believe this vulnerability was
    possible to exploit. Thanks to Felix Wilhelm from Google Project Zero for
    discovering and reporting this vulnerability so quickly.
  * Fixed inability to start a container with read-write bind mount of a
    read-only fuse host mount.
  * Fixed inability to start when read-only /dev in set in spec.
  * Fixed not removing sub-cgroups upon container delete, when rootless cgroup
    v2 is used with older systemd.
  * Fixed returning error from GetStats when hugetlb is unsupported (which
    causes excessive logging for kubernetes).

==== soundtouch ====
Version update (2.2 -> 2.3.1)

- update to 2.3.1:
  * Adjusted cmake build settings and header files that cmake installs
  * Disable setting "SOUNDTOUCH_ALLOW_NONEXACT_SIMD_OPTIMIZATION" by default. The
    original purpose of this setting was to avoid performance penalty due to
    unaligned SIMD memory accesses in old CPUs, but that is not any more issue in
    concurrent CPU SIMD implementations and having this setting enabled can cause
    slight compromise in result quality.
  * soundtouch.clear() to really clear whole processing pipeline state. Earlier
    individual variables were left uncleared, which caused slightly different
    result if the same audio stream were processed again after calling clear().
  * TDstretch to align initial offset position to be in middle of correlation
    search window. This ensures that with zero tempo change the output will be
    same as input.
  * Fix a bug in TDstrectch with too small initial skipFract value that
    occurred with certain processing parameter settings: Replace assert with
    assignment that corrects the situation.
  * Remove OpenMP "_init_threading" workaround from Android build as it's not
    needed with concurrent Android SDKs any more.

==== sudo ====
Version update (1.9.7p2 -> 1.9.8p2)

- update to 1.9.8p2
  * Fixed a potential out-of-bounds read with "sudo -i" when the
    target user's shell is bash.  This is a regression introduced
    in sudo 1.9.8.  Bug #998.
  * sudo_logsrvd now only sends a log ID for first command of a session.
    There is no need to send the log ID for each sub-command.
  * Fixed a few minor memory leaks in intercept mode.
  * Fixed a problem with sudo_logsrvd in relay mode if "store_first"
    was enabled when handling sub-commands.  A new zero-length journal
    file was created for each sub-command instead of simply using
    the existing journal file.
- update to 1.9.8p1
  * Fixed support for passing a prompt (sudo -p) or a login class
    (sudo -l) on the command line.  This is a regression introduced
    in sudo 1.9.8.  Bug #993.
  * Fixed a crash with "sudo ALL" rules in the LDAP and SSSD back-ends.
    This is a regression introduced in sudo 1.9.8.  Bug #994.
  * Fixed a compilation error when the --enable-static-sudoers configure
    option was specified.  This is a regression introduced in sudo
    1.9.8 caused by a symbol clash with the intercept and log server
    protobuf functions.
  * It is now possible to transparently intercepting sub-commands
    executed by the original command run via sudo.  Intercept support
    is implemented using LD_PRELOAD (or the equivalent supported by
    the system) and so has some limitations.  The two main limitations
    are that only dynamic executables are supported and only the
    execl, execle, execlp, execv, execve, execvp, and execvpe library
    functions are currently intercepted. Its main use case is to
    support restricting privileged shells run via sudo.
    To support this, there is a new "intercept" Defaults setting and
    an INTERCEPT command tag that can be used in sudoers.  For example:
    Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh
    Defaults!SHELLS intercept
    would cause sudo to run the listed shells in intercept mode.
    This can also be set on a per-rule basis.  For example:
    Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh
    chuck ALL = INTERCEPT: SHELLS
    would only apply intercept mode to user "chuck" when running one
    of the listed shells.
    In intercept mode, sudo will not prompt for a password before
    running a sub-command and will not allow a set-user-ID or
    set-group-ID program to be run by default.  The new
    intercept_authenticate and intercept_allow_setid sudoers settings
    can be used to change this behavior.
  * The new "log_subcmds" sudoers setting can be used to log additional
    commands run in a privileged shell.  It uses the same mechanism as
    the intercept support described above and has the same limitations.
  * The new "log_exit_status" sudoers setting can be used to log
    the exit status commands run via sudo.  This is also a corresponding
    "log_exit" setting in the sudo_logsrvd.conf eventlog stanza.
  * Support for logging sudo_logsrvd errors via syslog or to a file.
    Previously, most sudo_logsrvd errors were only visible in the
    debug log.
  * Better diagnostics when there is a TLS certificate validation error.
  * Using the "+=" or "-=" operators in a Defaults setting that takes
    a string, not a list, now produces a warning from sudo and a
    syntax error from inside visudo.
  * Fixed a bug where the "iolog_mode" setting in sudoers and sudo_logsrvd
    had no effect when creating I/O log parent directories if the I/O log
    file name ended with the string "XXXXXX".
  * Fixed a bug in the sudoers custom prompt code where the size
    parameter that was passed to the strlcpy() function was incorrect.
    No overflow was possible since the correct amount of memory was
    already pre-allocated.
  * The mksigname and mksiglist helper programs are now built with
    the host compiler, not the target compiler, when cross-compiling.
    Bug #989.
  * Fixed compilation error when the --enable-static-sudoers configure
    option was specified.  This was due to a typo introduced in sudo
    1.9.7.  GitHub PR #113.
- pack /usr/libexec/sudo/sudo/sudo_intercept.so

==== suse-module-tools ====
Version update (16.0.14+2 -> 16.0.16)

- Update to version 16.0.16:
  * modprobe.d: split conf files (jsc#SLE-21626, boo#1193059)
  - Rather than shipping two large files with modprobe.d options
    (00-system.conf and 50-blacklist.conf), ship multiple small
    per-module files. This makes it easier for users to override
    distribution defaults.
  * blacklist isst_if_mbox_msr (bsc#1187196)
  * boot-sysctl: make sure file exists (fix for containers)
  * remove blacklist entry for snd_bt87x (bsc#1192974, bsc#51718)

==== tpm2.0-abrmd ====
Subpackages: libtss2-tcti-tabrmd0 tpm2.0-abrmd-selinux

- Version 2.4.0
  + remover syslog deprecation warning (bsc#1185154)
  + cover update to 2.3.3 (jsc#SLE-17366)
  + contains reload fix (bsc#1166936~
  + fix tcti loading using short / long names (bsc#1159176)
- Warp selinux into a bcond

==== tpm2.0-tools ====

- The update to 5.2 fill also jsc#SLE-9515 (4.1) and jsc#SLE-17366 (4.3.0)
- Fix python3-PyYAML requirement
- Move the tests inside a bcond.  Disabled by default.