Packages changed:
  containerd (1.7.15 -> 1.7.17)
  curl
  docker-buildx (0.14.0 -> 0.14.1)
  gcc13 (13.2.1+git8761 -> 13.3.0+git8781)
  glibc
  kf6-qqc2-desktop-style
  libarchive
  libcap-ng (0.8.4 -> 0.8.5)
  llvm18 (18.1.5 -> 18.1.6)
  lvm2
  lvm2-device-mapper
  openssl-3
  permissions (1699_20240513 -> 1699_20240521)
  polkit-default-privs (1550+20240430.5327266 -> 1550+20240522.4ba9229)
  speech-dispatcher (0.12.0~rc2 -> 0.12.0~rc3)
  suse-module-tools (16.0.43 -> 16.0.44)
  udisks2 (2.10.0 -> 2.10.1)
  vlc
  xen (4.18.2_02 -> 4.18.2_04)

=== Details ===

==== containerd ====
Version update (1.7.15 -> 1.7.17)

- Update to containerd v1.7.17. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.17>
- Switch back to using tar_scm service. Aside from obs_scm using more bandwidth
  and storage than a locally-compressed tar.xz, it seems there's some weird
  issue with paths in obscpio that break our SLE-12-only patch.
- Rebase patches:
  * 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.16. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.16>
  CVE-2023-45288 bsc#1221400

==== curl ====
Subpackages: libcurl4

- Add split-provides for libcurl-devel -> libcurl-devel-doc.
- Spin documentation off to libcurl-devel-doc, this saves buildroots
  495 files and time (mandb is run in %posttrans).

==== docker-buildx ====
Version update (0.14.0 -> 0.14.1)

- Update to version 0.14.1:
  * Fix possible duplicate requests when setting up a connection to
    buildkit instance #2467
  * Fix error handling when merging multi-node build results #2424
  * Fix creating metadata file if --print is used #2422
  * Fix creating an empty image when "default load" and --print are
    both set #2421
  * Fix bake files that use same named context pointing to another
    target multiple times with different names #2444
  * Defer metrics provider setup to updated docker/cli library
    [#2460]

==== gcc13 ====
Version update (13.2.1+git8761 -> 13.3.0+git8781)

- Update to GCC 13.3 release

==== glibc ====
Subpackages: glibc-locale glibc-locale-base

- glibc-CVE-2024-33599-nscd-Stack-based-buffer-overflow-in-n.patch:
  nscd: Stack-based buffer overflow in netgroup cache
  (CVE-2024-33599, bsc#1223423, BZ #31677)
- glibc-CVE-2024-33600-nscd-Avoid-null-pointer-crashes-after.patch:
  nscd: Avoid null pointer crashes after notfound response
  (CVE-2024-33600, bsc#1223424, BZ #31678)
- glibc-CVE-2024-33600-nscd-Do-not-send-missing-not-found-re.patch:
  nscd: Do not send missing not-found response in addgetnetgrentX
  (CVE-2024-33600, bsc#1223424, BZ #31678)
- glibc-CVE-2024-33601-CVE-2024-33602-nscd-netgroup-Use-two.patch:
  netgroup: Use two buffers in addgetnetgrentX (CVE-2024-33601,
  CVE-2024-33602, bsc#1223425, BZ #31680)
- nscd-netgroup-cache-timeout.patch: Use time_t for return type of
  addgetnetgrentX (CVE-2024-33602, bsc#1223425)
- glibc-fix-cve-2024-33599.patch: renamed
- ulp-prologue-into-asm-functions.patch: Avoid creating ULP prologue
  for _start routine (bsc#1221940)
- utmp-time-bits.patch: login: structs utmp, utmpx, lastlog _TIME_BITS
  independence (BZ #30701)
- elf-parse-tunables.patch: elf: Only process multiple tunable once (BZ
  [#31686])

==== kf6-qqc2-desktop-style ====

- Update qqc2-desktop-style-lang obsoleted version

==== libarchive ====

- Fix bsdunzip test failing due to a locale issue
  * fix-bsdunzip-test.patch

==== libcap-ng ====
Version update (0.8.4 -> 0.8.5)

- Update to version 0.8.5:
  * Remove python global exception handler since it's deprecated
  * Make the utilities link against just built libraries
  * Remove unused macro in cap-ng.h
- Remove libcap-ng.rpmlintrc, it doesn't seem to be used any more.

==== llvm18 ====
Version update (18.1.5 -> 18.1.6)

- Update to version 18.1.6.
  * Fixes issues where LLVM is either generating the incorrect thunk
    for a function with aligned parameters or didn't correctly pass
    through the return value when StructRet was used.
  * `-Xclang -target-feature -Xclang +unaligned-scalar-mem` can be
    used to enable unaligned scalar memory accesses for CPUs that
    do not support unaligned vector accesses. `-mno-strict-align`
    will enable unaligned scalar and vector memory accesses.
  * Don't replace an aliasee with an alias that has weak linkage.
    This avoids incorrect linkage that can lead to using the wrong
    symbols during linking time.
  * Fixes build failures when compiling AVX512 code using
    `-march=native` on machines without AVX512. The problem was
    introduced in LLVM 18.1.5.
  * Fixes crash in AArch64 backend when having `true` or `false` as
    operand for `fcmp` instruction on IR level.
  * Fixes compiler crash when user specifies `-mno-evex512` with
    AVX512 features but no AVX512VL.
  * Fixes a bug that tries to do VBROADCAST_LOAD for `f16` without
    AVX2.
- Rebase llvm-do-not-install-static-libraries.patch.

==== lvm2 ====
Subpackages: liblvm2cmd2_03

- Use %patch -P N instead of deprecated %patchN syntax.

==== lvm2-device-mapper ====
Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03

- Use %patch -P N instead of deprecated %patchN syntax.

==== openssl-3 ====
Subpackages: libopenssl3

- Security fix: [bsc#1224388, CVE-2024-4603]
  * Check DSA parameters for excessive sizes before validating
  * Add openssl-CVE-2024-4603.patch

==== permissions ====
Version update (1699_20240513 -> 1699_20240521)
Subpackages: permctl permissions-config

- Update to version 1699_20240521:
  * permctl: return special exit code in --warn mode if entries need fixing

==== polkit-default-privs ====
Version update (1550+20240430.5327266 -> 1550+20240522.4ba9229)

- Update to version 1550+20240522.4ba9229:
  * whitelist gnome-remote-desktop (bsc#1222159)

==== speech-dispatcher ====
Version update (0.12.0~rc2 -> 0.12.0~rc3)

- Update to version 0.12.0~rc3:
  * Detect module failures from generic module.
  * Make the fallback espeak-ng and dummy modules hardcoded.
  * Better detect generic module failures to disable them.
  * pulse: Use asynchronous API to avoid buffer underruns.
  * generic: Make stripping punctuation use locale charset.
- Add speech-dispatcher-missing-return-vals.patch: add missing
  return statements.

==== suse-module-tools ====
Version update (16.0.43 -> 16.0.44)
Subpackages: suse-module-tools-scriptlets

- Update to version 16.0.44:
  * Include unblacklist in initramfs (bsc#1224320)
  * regenerate-initrd-posttrans: run update-bootloader --refresh for XEN
    (bsc#1223278)

==== udisks2 ====
Version update (2.10.0 -> 2.10.1)
Subpackages: libudisks2-0

- update to version 2.10.1
  - Update Ukrainian translation
  - tests: Wipe used devices for LVM2 RAID tests
  - tests: Settle down before checking the LVM RAID MissingPhysicalVolumes property
  - tests: Rescan vdevs after lvm raid tests
  - Update German translation
  - tests: Mark UDF fstab filesystem tests as unstable
  - tests: Add offline and online filesystem grow tests
  - doc: Clarify the Filesystem.Size property presence
  - udiskslinuxfilesystem: Force native tools for mounted XFS fs size retrieval
  - udiskslinuxfilesystem: Refactor internal whitelists
  - tests: Fix Python class invocation in nvme tests
  - udisksctl: Add "--no-partition-scan" option for "loop-setup" command
  - tests: Fix regex escaping
  - integration-test: Fix invalid escaping
  - tests: Mark LVM RAID tests as unstable
  - tests: Fix LSM drive objects crawl
  - iscsi: Fix login on firmware-discovered nodes
  - udiskslinuxmanager: Properly handle disabled modules
  - tests: Replace deprecated unittest assert calls
  - udisksctl: Guard object lookup
  - Update ka.po
  - udiskslinuxloop: Avoid warnings on empty loop devices
  - Update Polish translation
  - Limit getting filesystem size only to Ext and XFS
  - build: Check for gobject-introspection m4 macro presence
  - tests: start the polkitd mock with the corresponding user if it exists
  - Drop merged upstream patches:
    0001-doc-Clarify-the-Filesystem.Size-property-presence.patch
    0001-udiskslinuxfilesystem-Force-native-tools-for-mounted.patch
    0001-udiskslinuxfilesystem-Refactor-internal-whitelists.patch
    0001-tests-Mark-UDF-fstab-filesystem-tests-as-unstable.patch
    0001-tests-Add-offline-and-online-filesystem-grow-tests.patch

==== vlc ====
Subpackages: libvlc5 libvlccore9 vlc-noX vlc-qt

- Add 770789f2.patch: Fix missing cast in chromaprint
  (boo#1223909).

==== xen ====
Version update (4.18.2_02 -> 4.18.2_04)

- bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may
  trigger Xen bug check (XSA-454)
  6617d62c-x86-hvm-Misra-Rule-19-1-regression.patch
- Upstream bug fixes (bsc#1027519)
  6627a4ee-vRTC-UIP-set-for-longer-than-expected.patch
  6627a5fc-x86-MTRR-inverted-WC-check.patch
  662a6a4c-x86-spec-reporting-of-BHB-clearing.patch
  662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch
  663090fd-x86-gen-cpuid-syntax.patch
  663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch
  663a4f3e-x86-cpu-policy-migration-IceLake-to-CascadeLake.patch
  663d05b5-x86-ucode-distinguish-up-to-date.patch
  663eaa27-libxl-XenStore-error-handling-in-device-creation.patch