Packages changed:
  ImageMagick (7.1.0.51 -> 7.1.0.52)
  bash (5.2.2 -> 5.2.9)
  dhcp
  elfutils
  elfutils-debuginfod
  fwupd (1.8.6 -> 1.8.7)
  icewm (3.0.1 -> 3.2.0)
  irqbalance
  kernel-source (6.0.7 -> 6.0.8)
  keylime (6.5.3 -> 6.5.2)
  lcms2 (2.13.1 -> 2.14)
  libX11 (1.8.1 -> 1.8.2)
  libslirp
  python-pytz (2022.5 -> 2022.6)
  python-zope.interface (5.5.0 -> 5.5.1)
  python310
  python310-core
  rpm
  shadow (4.12.3 -> 4.13)

=== Details ===

==== ImageMagick ====
Version update (7.1.0.51 -> 7.1.0.52)
Subpackages: ImageMagick-config-7-SUSE libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10

- update to 7.1.0.52:
  * coders: Enable opening https files in mingw #5727
  * utilities: Enable support for unicode paths in mingw #5713
  upstream changelog:
  https://github.com/ImageMagick/Website/blob/main/ChangeLog.md#710-52---2022-11-06

==== bash ====
Version update (5.2.2 -> 5.2.9)
Subpackages: bash-doc bash-lang bash-sh

- Add upstream patches
  * bash52-003
    Command substitutions need to preserve newlines instead of replacing them
    with semicolons, especially in the presence of multiple here-documents.
  * bash52-004
    Bash needs to keep better track of nested brace expansions to avoid problems
    with quoting and POSIX semantics.
  * bash52-005
    Null pattern substitution replacement strings can cause a crash.
  * bash52-006
    In interactive shells, interrupting the shell while entering a command
    substitution can inhibit alias expansion.
  * bash52-007
    This patch fixes several problems with alias expansion inside command
    substitutions when in POSIX mode.
  * bash52-008
    Array subscript expansion can inappropriately quote brackets if the expression
    contains < or >.
  * bash52-009
    Bash arithmetic expansion should allow `@' and `*' to be used as associative
    array keys in expressions.

==== dhcp ====
Subpackages: dhcp-client

- Use %_rundir

==== elfutils ====
Subpackages: elfutils-lang libasm1 libdw1 libelf1

- align patches section
- remove date/time handling weirdness, elfutils does no longer
  use __DATE__ or __TIME__ (as proven by the newly added -Werror=date-time)

==== elfutils-debuginfod ====
Subpackages: debuginfod-profile libdebuginfod1

- align patches section
- remove date/time handling weirdness, elfutils does no longer
  use __DATE__ or __TIME__ (as proven by the newly added -Werror=date-time)

==== fwupd ====
Version update (1.8.6 -> 1.8.7)
Subpackages: fwupd-bash-completion fwupd-lang libfwupd2 typelib-1_0-Fwupd-2_0

- Update to version 1.8.7:
  + This release adds the following features:
  - Add a new HSI check for the leaked Lenovo 'Key Manifest'
    hashes
  - Measure system integrity when installing UEFI updates
  - Record more host DMI data when submitting a report for dbx
    failures
  - Use xz-compressed metadata to reduce bandwidth used by ~25%
  + This release fixes the following bugs:
  - Add documentation for three existing HSI attributes
  - Add re-insert requirement for Analogix devices
  - Allow parsing metadata more than 1MB in size
  - Do not follow symlinks when searching for ESP devices
  - Ensure the config file permission is correct for built-in
    plugins
  - Fix a compile failure when compiling without efiboot
  - Fix a regression when using fwuptool install-blob with FMAP
    firmware
  - Only count the Microsoft hashes when getting the dbx version
  - Only use the IFD when the system is Intel-based
  - Support loading CoSWID when only one role has been set
  + This release adds support for the following hardware:
  - Anker Thunderbolt 4 Mini Hub
  - ELAN haptic hardware
  - Fingerprint lenfy devices
  - Goodix GF3258WNC
  - Intel discrete GPUs (experimental)
  - More Star Labs laptops
  - QSI Godzilla Creek Reference Hub
- Stop passing conditional plugin_amt=disabled, no longer needed,
  nor recognized.

==== icewm ====
Version update (3.0.1 -> 3.2.0)
Subpackages: icewm-config-upstream icewm-default icewm-lang

- Update to version 3.2.0:
  * Fix for fullscreen wine programs where taskbar would not hide.
  * Ensure KeySysWinNext and KeySysWinPrev always work
    for rolled up windows which use the Globally Active focus model.
  * Give the Alt+Tab a 30 second history.
  * The next Alt+Tab will continue where the previous one left off.
  * Add "tabto" command to icesh move windows as tabs to a new frame.
  * Add "untab" command to icesh to move each tab to its own frame.
  * Add "stacking" and "reverse" commands to icesh.
  * Let icesh check all atoms in the -Property filter.
  * Support edge switching when dragging a window.
  * When switching to a tab with size limitations, adapt the frame geometry.
  * Fix maximize and fullscreen for tabs with different normal sizes.
  * Prevent the flashing when switching tabs.
  * Only popup the grouping menu on a task button on the first button click
    without key modifiers. This makes it easier to immediately select or
    minimize the active application by using the shift or control modifier.
  * Update the title bar shape when changing tabs.
  * Set common properties when adding another tab to a frame.
  * Always update the window list and _NET_CLIENT_LIST when adding more tabs.
  * Add special filtered view and flat rendering options to icewm-menu-fdo.
  * Updated translations.
- from version 3.1.0:
  * Add a winoption "frame" to automatically group application windows
    with the same "frame" value as tabs in a single frame.
  * Show indicators for the presence of tabs on the title bar.
  * Click on the title bar tab indicators to change tabs.
  * Give each tab its own set of winoptions.
  * Fix for merging a transient window as a tab to its owner window.
  * Preserve tray hints across restarts.
  * Preserve tabs across restarts.
  * Improve the Alt+Tab for tabbed frames.
  * When switching tabs, ensure that focus is preserved.
  * Add a MouseWinTabbing preference to merge tabs.
  * Let the window list support tabs.
  * Various improvements to the CMake build.
  * Updated translations.

==== irqbalance ====
Subpackages: irqbalance-ui

- add irqbalance-systemd-netlink.patch (related to bsc#1205308)

==== kernel-source ====
Version update (6.0.7 -> 6.0.8)

- Linux 6.0.8 (bsc#1012628).
- usb: dwc3: gadget: Force sending delayed status during soft
  disconnect (bsc#1012628).
- usb: dwc3: gadget: Don't delay End Transfer on delayed_status
  (bsc#1012628).
- RDMA/cma: Use output interface for net_dev check (bsc#1012628).
- IB/hfi1: Correctly move list in sc_disable() (bsc#1012628).
- RDMA/hns: Disable local invalidate operation (bsc#1012628).
- RDMA/hns: Fix NULL pointer problem in free_mr_init()
  (bsc#1012628).
- docs/process/howto: Replace C89 with C11 (bsc#1012628).
- RDMA/rxe: Fix mr leak in RESPST_ERR_RNR (bsc#1012628).
- NFSv4: Fix a potential state reclaim deadlock (bsc#1012628).
- NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (bsc#1012628).
- NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
  (bsc#1012628).
- SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed
  (bsc#1012628).
- NFSv4.2: Fixup CLONE dest file size for zero-length count
  (bsc#1012628).
- nfs4: Fix kmemleak when allocate slot failed (bsc#1012628).
- net: dsa: Fix possible memory leaks in dsa_loop_init()
  (bsc#1012628).
- RDMA/core: Fix null-ptr-deref in ib_core_cleanup()
  (bsc#1012628).
- RDMA/qedr: clean up work queue on failure in
  qedr_alloc_resources() (bsc#1012628).
- tools/nolibc: Fix missing strlen() definition and infinite
  loop with gcc-12 (bsc#1012628).
- net: dsa: fall back to default tagger if we can't load the
  one from DT (bsc#1012628).
- nfc: fdp: Fix potential memory leak in fdp_nci_send()
  (bsc#1012628).
- nfc: nxp-nci: Fix potential memory leak in nxp_nci_send()
  (bsc#1012628).
- nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
  (bsc#1012628).
- nfc: nfcmrvl: Fix potential memory leak in
  nfcmrvl_i2c_nci_send() (bsc#1012628).
- net: fec: fix improper use of NETDEV_TX_BUSY (bsc#1012628).
- ata: pata_legacy: fix pdc20230_set_piomode() (bsc#1012628).
- ata: palmld: fix return value check in palmld_pata_probe()
  (bsc#1012628).
- net: sched: Fix use after free in red_enqueue() (bsc#1012628).
- net: tun: fix bugs for oversize packet when napi frags enabled
  (bsc#1012628).
- netfilter: nf_tables: netlink notifier might race to release
  objects (bsc#1012628).
- netfilter: nf_tables: release flow rule object from commit path
  (bsc#1012628).
- sfc: Fix an error handling path in efx_pci_probe()
  (bsc#1012628).
- nfsd: fix nfsd_file_unhash_and_dispose (bsc#1012628).
- nfsd: fix net-namespace logic in __nfsd_file_cache_purge
  (bsc#1012628).
- net: lan966x: Fix the MTU calculation (bsc#1012628).
- net: lan966x: Adjust maximum frame size when vlan is
  enabled/disabled (bsc#1012628).
- net: lan966x: Fix FDMA when MTU is changed (bsc#1012628).
- net: lan966x: Fix unmapping of received frames using FDMA
  (bsc#1012628).
- ipvs: use explicitly signed chars (bsc#1012628).
- ipvs: fix WARNING in __ip_vs_cleanup_batch() (bsc#1012628).
- ipvs: fix WARNING in ip_vs_app_net_cleanup() (bsc#1012628).
- rose: Fix NULL pointer dereference in rose_send_frame()
  (bsc#1012628).
- mISDN: fix possible memory leak in mISDN_register_device()
  (bsc#1012628).
- isdn: mISDN: netjet: fix wrong check of device registration
  (bsc#1012628).
- btrfs: fix inode list leak during backref walking at
  resolve_indirect_refs() (bsc#1012628).
- btrfs: fix inode list leak during backref walking at
  find_parent_nodes() (bsc#1012628).
- btrfs: fix ulist leaks in error paths of qgroup self tests
  (bsc#1012628).
- netfilter: ipset: enforce documented limit to prevent allocating
  huge memory (bsc#1012628).
- Bluetooth: L2CAP: Fix use-after-free caused by
  l2cap_reassemble_sdu (bsc#1012628).
- Bluetooth: hci_conn: Fix CIS connection dst_type handling
  (bsc#1012628).
- Bluetooth: virtio_bt: Use skb_put to set length (bsc#1012628).
- Bluetooth: L2CAP: Fix memory leak in vhci_write (bsc#1012628).
- Bluetooth: hci_conn: Fix not restoring ISO buffer count on
  disconnect (bsc#1012628).
- net: mdio: fix undefined behavior in bit shift for
  __mdiobus_register (bsc#1012628).
- ibmvnic: Free rwi on reset success (bsc#1012628).
- stmmac: dwmac-loongson: fix invalid mdio_node (bsc#1012628).
- net/smc: Fix possible leaked pernet namespace in smc_init()
  (bsc#1012628).
- net, neigh: Fix null-ptr-deref in neigh_table_clear()
  (bsc#1012628).
- bridge: Fix flushing of dynamic FDB entries (bsc#1012628).
- ipv6: fix WARNING in ip6_route_net_exit_late() (bsc#1012628).
- vsock: fix possible infinite sleep in
  vsock_connectible_wait_data() (bsc#1012628).
- iio: adc: stm32-adc: fix channel sampling time init
    ... changelog too long, skipping 246 lines ...
- commit 0d318d5

==== keylime ====
Version update (6.5.3 -> 6.5.2)
Subpackages: keylime-config keylime-firewalld keylime-logrotate keylime-registrar keylime-tenant keylime-tpm_cert_store keylime-verifier python310-keylime

- Update to version v6.5.2:
  * cloud_verifier: This is the first PR to address the scalability problems uncovered in #1167, starting with `agent` status.
  * Bump version number
  * Add --retry 5 parameter to curl
  * create_mb_refstate: Check tpm2-tools version before running
  * create_mb_refstate: Print error messages
  * test_tpm: Skip event log parsing test if tpm2-tools is too old
  * installer: Enable installation on RHEL-9
  * Move the execution of external EK check script to cert_utils
  * Move EK cert verification to cert_utils
  * Make the tpm cert store path configurable
  * ima-policy-converter: Implement a basic test suite for conversion script
  * ima-policy-converter: Implement IMA policy conversion script
  * ima-policy-converter: Add empty reference IMA policy
  * ima: Accept x509 certificates if no Subject Key Identifier is available
  * test_tpm: Use doc strings for tests description
  * Test binary measured boot event log parsing
  * alpha renaming
  * shallow type fixes
  * ima_emulator_adapter: Print readable error if reading a PCR fails
  * tpm: Check whether hash_alg is in jsonout
  * Very limited code fixup/cleanup on keylime_tenant CLI
  * Set permissions of keylime_agent_secure.mount to 664
  * Disable dnf-makecache.timer to save RAM
  * tpm_bootlog_enrich: Get DevicePath length from LengthOfDevicePath
  * Disable dnf-makecache.service to save RAM
  * Fix for writing the same allow list twice during agent activation (#1150)
  * Fix improper handling of IMA policy bundle when none is provided
  * ima: Fix log evaluation on quick-succession execution of scripts
  * Add new tests to packit CI
  * Remove semantic-release action to stop erroneous releases
  * crypto: Provide input as bytes to encrypt
  * Revert "Revert "Revert "tenant: open file to send utf-8 encoded" (#1136)" (#1141)"
  * Update runtime_ima.rst
  * Back to 6.5.1
  * This PR fixes a bug that prevented 6.5.x verifiers from interacting with 6.2. agents
  * Revert "Revert "tenant: open file to send utf-8 encoded" (#1136)" (#1141)
  * Revert "tenant: open file to send utf-8 encoded" (#1136)
  * ca_util: allow users in the same group to read the created certificates and keys (#1138)
  * Update sample ima-policy to exclude overlayfs
  * installer: remove tarball option

==== lcms2 ====
Version update (2.13.1 -> 2.14)

- Added reverse-0001-fix-memory-leaks-on-testbed.patch to fix
  colord's i586 build failure
- Update to 2.14:
  * lcms2 now implements ICC specification 4.4
  * New multi-threaded plug-in
  * Several fixes to keep fuzzers happy
  * Removed check on DLL when CMS_NO_REGISTER_KEYWORD is used
  * Added more validation against broken profiles
  * Added more help to several tools
  * Revised documentation

==== libX11 ====
Version update (1.8.1 -> 1.8.2)
Subpackages: libX11-6 libX11-data libX11-xcb1

- Update to version 1.8.2
  * This is primarily a bug fix release, including further work on
    improving the thread-safety-constructor and making it work with
    software which had incorrectly called libX11 functions from
    inside X*IfEvent() calls.
- supersedes U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch

==== libslirp ====

- added patches
  fix https://gitlab.freedesktop.org/slirp/libslirp/-/issues/64
  + libslirp-semicolon.patch

==== python-pytz ====
Version update (2022.5 -> 2022.6)

- Update to 2022.6
  * IANA 2022f
  * Squashed 'tz/' changes from c4eb3fcf2..623631d84
  * Upgrade unittest asserts
  * Bump GitHub Actions
  * Add support for Python 3.11

==== python-zope.interface ====
Version update (5.5.0 -> 5.5.1)

- Update to version 5.5.1
  * Add support for final Python 3.11 release.

==== python310 ====
Subpackages: python310-curses python310-dbm

- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
  CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
  extremely long domain names.

==== python310-core ====
Subpackages: libpython3_10-1_0 python310-base

- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
  CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
  extremely long domain names.

==== rpm ====
Subpackages: librpmbuild9

- Add selinux_transactional_update.patch to ignore errors when setting
  file labels during transactional updates. They will be set upon
  reboot once the new policy is loaded (bsc#1204605)

==== shadow ====
Version update (4.12.3 -> 4.13)
Subpackages: libsubid4 login_defs

- Update to 4.13:
  * useradd.8: fix default group ID
  * Revert drop of subid_init()
  * Georgian translation
  * useradd: Avoid taking unneeded space: do not reset non-existent data
    in lastlog
  * relax username restrictions
  * selinux: check MLS enabled before setting serange
  * copy_tree: use fchmodat instead of chmod
  * copy_tree: don't block on FIFOs
  * add shell linter
  * copy_tree: carefully treat permissions
  * lib/commonio: make lock failures more detailed
  * lib: use strzero and memzero where applicable
  * Update Dutch translation
  * Don't test for NULL before calling free
  * Use libc MAX() and MIN()
  * chage: Fix regression in print_date
  * usermod: report error if homedir does not exist
  * libmisc: minimum id check for system accounts
  * fix usermod -rG x y wrongly adding a group
  * man: add missing space in useradd.8.xml
  * lastlog: check for localtime() return value
  * Raise limit for passwd and shadow entry length
  * Remove adduser-old.c
  * useradd: Fix buffer overflow when using a prefix
  * Don't warn when failed to open /etc/nsswitch.conf
- Remove patches we took from upstream pre-release:
  * shadow-copytree-usermod-fifo.patch
  * shadow-chage-format.patch
  * shadow-prefix-overflow.patch
- Remove chkname-regex.patch:
  Upstream now also relaxed the usernames requirements.
  They don't use regex for this but the result is similar.
  Plus they also check that the name is less than 32 characters long.
- Rebase useradd-userkeleton.patch