Packages changed:
  MozillaFirefox (129.0.1 -> 130.0.1)
  apr (1.7.4 -> 1.7.5)
  bind (9.20.1 -> 9.20.2)
  cairo
  git (2.46.0 -> 2.46.1)
  kernel-firmware-nvidia-gspx-G06-cuda
  kernel-source (6.10.9 -> 6.10.11)
  libdovi (3.2.0 -> 3.3.1)
  libeconf (0.7.2 -> 0.7.3)
  libsamplerate
  mdadm
  nbdkit (1.40.2 -> 1.40.3)
  nvidia-open-driver-G06-signed-cuda (555.42.06_k6.10.9_1 -> 555.42.06_k6.10.11_1)
  openSUSE-release (20240918 -> 20240923)
  osinfo-db
  patterns-media
  postgresql (16 -> 17)
  postgresql17 (16.3 -> 17~rc1)
  setools
  shim-leap
  swtpm
  usbutils
  virt-manager
  virt-v2v (2.5.9 -> 2.5.10)
  vte (0.76.3 -> 0.76.4)
  wpa_supplicant
  xml-commons-apis
  yast2-kdump (5.0.1 -> 5.0.2)
  yast2-storage-ng (5.0.17 -> 5.0.18)

=== Details ===

==== MozillaFirefox ====
Version update (129.0.1 -> 130.0.1)

- Firefox 130.0.1 Release
  https://www.mozilla.org/en-US/firefox/130.0.1/releasenotes
  * Enterprise: Added an enterprise policy to disable the
  * Firefox Labs* section in *Settings*. (bmo#1911826)
  * Fixed a recent regression causing some UI elements to
    be rendered as left-to-right instead of right-to-left for
    users of our Saraiki localization. (bmo#1917175)
  * Linux: Fixed black rendering of AVIF images when
    Firefox is built with GCC. (bmo#1916038)
- removed obsolete patches
  mozilla-bmo1916038.patch
- Mozilla Firefox 130.0
  https://www.mozilla.org/en-US/firefox/130.0/releasenotes
  MFSA 2024-39 (bsc#1229821)
  * CVE-2024-8385 (bmo#1911909)
    WASM type confusion involving ArrayTypes
  * CVE-2024-8381 (bmo#1912715)
    Type confusion when looking up a property name in a "with" block
  * CVE-2024-8388 (bmo#1902996, bmo#1839074, bmo#1865413, bmo#1868970,
    bmo#1873367, bmo#1877820, bmo#1884642, bmo#1886469, bmo#1894326,
    bmo#1894891, bmo#1897648)
    Fullscreen notice on Android could be hidden under various
    panels and OS prompts
  * CVE-2024-8382 (bmo#1906744)
    Internal event interfaces were exposed to web content when
    browser EventHandler listener callbacks ran
  * CVE-2024-8383 (bmo#1908496)
    Firefox did not ask before openings news: links in an
    external application
  * CVE-2024-8384 (bmo#1911288)
    Garbage collection could mis-color cross-compartment objects
    in OOM conditions
  * CVE-2024-8386 (bmo#1907032, bmo#1909163, bmo#1909529)
    SelectElements could be shown over another site if popups are
    allowed
  * CVE-2024-8387 (bmo#1857607, bmo#1911858, bmo#1914009)
    Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2,
    and Thunderbird 128.2
  * CVE-2024-8389 (bmo#1907230, bmo#1909367)
    Memory safety bugs fixed in Firefox 130
- requires NSS 3.103
- removed obsolete patches
  mozilla-bmo1898476.patch
  mozilla-bmo1907511.patch
- added mozilla-bmo1916038.patch to fix AVIF decoding (bsc#1230500)
- Update dependency on clang-devel from LLVM15 to LLVM18
- Added mozilla-bmo1746799.patch to fix incorrect audio volume scaling

==== apr ====
Version update (1.7.4 -> 1.7.5)

- version update to 1.7.5 [bsc#1229783] CVE-2023-49582
  * ) Unix: Implement apr_shm_perms_set() for the "POSIX shm_open()"
    and "classic mmap" shared memory implementations.  [Joe Orton,
    Ruediger Pluem]
  * ) Fix missing ';' for XML/HTML hex entities from apr_escape_entity().
    [Yann Ylavic]
  * ) Fix crash in apr_pool_create() with --enable-pool-debug=all|owner.
    [Yann Ylavic]
  * ) Improve platform detection by updating config.guess and config.sub.
    [Rainer Jung]
  * ) CMake: Add support for CMAKE_WARNING_AS_ERROR. [Ivan Zhakov]
  * ) CMake: Enable support for MSVC runtime library selection by abstraction.
    [Ivan Zhakov]
  * ) CMake: Export installed targets (libapr-1, apr-1, libaprapp-1, aprapp-1)
    to apr:: namespace. [Ivan Zhakov]
- modified patches
  % apr-visibility.patch (refreshed)
  % reproducible.patch (refreshed)

==== bind ====
Version update (9.20.1 -> 9.20.2)
Subpackages: bind-doc bind-utils

- Update to release 9.20.2
  New Features:
  * Support for Offline KSK implemented.
  * Add a new configuration option offline-ksk to enable Offline
    KSK key management. Signed Key Response (SKR) files created
    with dnssec-ksr (or other programs) can now be imported into
    named with the new rndc skr -import command. Rather than
    creating new DNSKEY, CDS, and CDNSKEY records and generating
    signatures covering these types, these records are loaded from
    the currently active bundle from the imported SKR.
  * The implementation is loosely based on
    draft-icann-dnssec-keymgmt-01.txt.
  * Print the full path of the working directory in startup log
    messages.
  * named now prints its initial working directory during startup,
    and the changed working directory when loading or reloading its
    configuration file, if it has a valid directory option defined.
  * Support a restricted key tag range when generating new keys.
  * When multiple signers are being used to sign a zone, it is
    useful to be able to specify a restricted range of key tags to
    be used by an operator to sign the zone. The range can be
    specified with tag-range in dnssec-policy’s keys (for named and
    dnssec-ksr) and with the new options dnssec-keyfromlabel -M and
    dnssec-keygen -M.
  Feature Changes:
  * Exempt prefetches from the fetches-per-zone and
    fetches-per-server quotas.
  * Fetches generated automatically as a result of prefetch are now
    exempt from the fetches-per-zone and fetches-per-server quotas.
    This should help in maintaining the cache from which query
    responses can be given.
  * Follow the number of CPUs set by taskset/cpuset.
  * Administrators may wish to constrain the set of cores that
    named runs on via the taskset, cpuset, or numactl programs (or
    equivalents on other OSes).
  * If the admin has used taskset, named now automatically uses the
    given number of CPUs rather than the system-wide count.
  Bug Fixes:
  * Delay the release of root privileges until after configuring
    controls.
  * Delay relinquishing root privileges until the control channel
    has been configured, for the benefit of systems that require
    root to use privileged port numbers. This mostly affects
    systems without fine- grained privilege systems (i.e., other
    than Linux).
  * Fix a rare assertion failure when shutting down incoming
    transfer.
  * A very rare assertion failure could be triggered when the
    incoming transfer was either forcefully shut down, or it
    finished during the printing of the details about the
    statistics channel. This has been fixed.
  * Fix algorithm rollover bug when there are two keys with the
    same keytag.
  * If there was an algorithm rollover and two keys of different
    algorithms shared the same keytags, there was the possibility
    that the check of whether the key matched a specific state
    could be performed against the wrong key. This has been fixed
    by not only checking for the matching key tag but also the key
    algorithm.
  * Fix an assertion failure in validate_dnskey_dsset_done().
  * Under rare circumstances, named could terminate unexpectedly
    when validating a DNSKEY resource record if the validation had
    been canceled in the meantime. This has been fixed.
  Known Issues:
  * Long-running tasks in offloaded threads (e.g. the loading of
    RPZ zones or processing zone transfers) may block the
    resolution of queries during these operations and cause the
    queries to time out. To work around the issue, the
    UV_THREADPOOL_SIZE environment variable can be set to a larger
    value before starting named. The recommended value is the
    number of RPZ zones (or number of transfers) plus the number of
    threads BIND should use, which is typically the number of CPUs.

==== cairo ====
Subpackages: libcairo-gobject2 libcairo-script-interpreter2 libcairo2

- Add b9eed915f9a67380e7ef9d8746656455c43f67e2.patch: cff: Don't
  fail if no local subs. Fix regression when writing PDFs with
  fonts.

==== git ====
Version update (2.46.0 -> 2.46.1)
Subpackages: git-core git-email git-svn git-web perl-Git

- Update to version 2.46.1;
  * "git checkout --ours" (no other arguments) complained that the
    option is incompatible with branch switching, which is technically
    correct, but found confusing by some users.  It now says that the
    user needs to give pathspec to specify what paths to checkout.
  * It has been documented that we avoid "VAR=VAL shell_func" and why.
  * "git add -p" by users with diff.suppressBlankEmpty set to true
    failed to parse the patch that represents an unmodified empty line
    with an empty line (not a line with a single space on it), which
    has been corrected.
  * "git rebase --help" referred to "offset" (the difference between
    the location a change was taken from and the change gets replaced)
    incorrectly and called it "fuzz", which has been corrected.
  * "git notes add -m '' --allow-empty" and friends that take prepared
    data to create notes should not invoke an editor, but it started
    doing so since Git 2.42, which has been corrected.
  * An expensive operation to prepare tracing was done in re-encoding
    code path even when the tracing was not requested, which has been
    corrected.
  * Perforce tests have been updated.
  * The credential helper to talk to OSX keychain sometimes sent
    garbage bytes after the username, which has been corrected.
  * A recent update broke "git ls-remote" used outside a repository,
    which has been corrected.
  * "git config --value=foo --fixed-value section.key newvalue" barfed
    when the existing value in the configuration file used the
    valueless true syntax, which has been corrected.
  * "git reflog expire" failed to honor annotated tags when computing
  reachable commits.
  * A flakey test and incorrect calls to strtoX() functions have been
    fixed.
  * Follow-up on 2.45.1 regression fix.
  * "git rev-list ... | git diff-tree -p --remerge-diff --stdin" should
    behave more or less like "git log -p --remerge-diff" but instead it
    crashed, forgetting to prepare a temporary object store needed.
  * The patch parser in "git patch-id" has been tightened to avoid
    getting confused by lines that look like a patch header in the log
    message.
  * "git bundle unbundle" outside a repository triggered a BUG()
    unnecessarily, which has been corrected.
  * The code forgot to discard unnecessary in-core commit buffer data
    for commits that "git log --skip=<number>" traversed but omitted
    from the output, which has been corrected.
  * "git verify-pack" and "git index-pack" started dying outside a
    repository, which has been corrected.
  * A corner case bug in "git stash" was fixed.

==== kernel-firmware-nvidia-gspx-G06-cuda ====

- Update to 550.120 (boo#1230779)

==== kernel-source ====
Version update (6.10.9 -> 6.10.11)

- Linux 6.10.11 (bsc#1012628).
- usb: typec: ucsi: Always set number of alternate modes
  (bsc#1012628).
- usb: typec: ucsi: Fix cable registration (bsc#1012628).
- drm/mediatek: Set sensible cursor width/height values to fix
  crash (bsc#1012628).
- ksmbd: override fsids for share path check (bsc#1012628).
- ksmbd: override fsids for smb2_query_info() (bsc#1012628).
- usbnet: ipheth: remove extraneous rx URB length check
  (bsc#1012628).
- usbnet: ipheth: drop RX URBs with no payload (bsc#1012628).
- usbnet: ipheth: do not stop RX on failing RX callback
  (bsc#1012628).
- usbnet: ipheth: fix carrier detection in modes 1 and 4
  (bsc#1012628).
- net: ethernet: use ip_hdrlen() instead of bit shift
  (bsc#1012628).
- drm: panel-orientation-quirks: Add quirk for Ayn Loki Zero
  (bsc#1012628).
- drm: panel-orientation-quirks: Add quirk for Ayn Loki Max
  (bsc#1012628).
- net: phy: vitesse: repair vsc73xx autonegotiation (bsc#1012628).
- powerpc/mm: Fix boot warning with hugepages and
  CONFIG_DEBUG_VIRTUAL (bsc#1012628).
- wifi: mt76: mt7921: fix NULL pointer access in
  mt7921_ipv6_addr_change (bsc#1012628).
- drm/amdgpu: Update kmd_fw_shared for VCN5 (bsc#1012628).
- net: hns3: use correct release function during uninitialization
  (bsc#1012628).
- btrfs: update target inode's ctime on unlink (bsc#1012628).
- Input: ads7846 - ratelimit the spi_sync error message
  (bsc#1012628).
- Input: synaptics - enable SMBus for HP Elitebook 840 G2
  (bsc#1012628).
- hid-asus: add ROG Ally X prod ID to quirk list (bsc#1012628).
- HID: multitouch: Add support for GT7868Q (bsc#1012628).
- Input: edt-ft5x06 - add support for FocalTech FT8201
  (bsc#1012628).
- cgroup/cpuset: Eliminate unncessary sched domains rebuilds in
  hotplug (bsc#1012628).
- scripts: kconfig: merge_config: config files: add a trailing
  newline (bsc#1012628).
- platform/x86: asus-wmi: Add quirk for ROG Ally X (bsc#1012628).
- platform/surface: aggregator_registry: Add Support for Surface
  Pro 10 (bsc#1012628).
- platform/surface: aggregator_registry: Add support for Surface
  Laptop Go 3 (bsc#1012628).
- platform/surface: aggregator_registry: Add support for Surface
  Laptop Studio 2 (bsc#1012628).
- platform/surface: aggregator_registry: Add fan and thermal
  sensor support for Surface Laptop 5 (bsc#1012628).
- platform/surface: aggregator_registry: Add support for Surface
  Laptop 6 (bsc#1012628).
- spi: zynqmp-gqspi: Scale timeout by data size (bsc#1012628).
- drm/msm/adreno: Fix error return if missing firmware-name
  (bsc#1012628).
- Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table
  (bsc#1012628).
- drm/xe/xe2lpm: Extend Wa_16021639441 (bsc#1012628).
- drm/xe: fix WA 14018094691 (bsc#1012628).
- drm/xe: use devm instead of drmm for managed bo (bsc#1012628).
- s390/mm: Pin identity mapping base to zero (bsc#1012628).
- smb/server: fix return value of smb2_open() (bsc#1012628).
- NFSv4: Fix clearing of layout segments in layoutreturn
  (bsc#1012628).
- NFS: Avoid unnecessary rescanning of the per-server delegation
  list (bsc#1012628).
- platform/x86: panasonic-laptop: Fix SINF array out of bounds
  accesses (bsc#1012628).
- platform/x86: panasonic-laptop: Allocate 1 entry extra in the
  sinf array (bsc#1012628).
- mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1012628).
- selftests: mptcp: join: restrict fullmesh endp on 1st sf
  (bsc#1012628).
- arm64: dts: rockchip: fix eMMC/SPI corruption when audio has
  been used on RK3399 Puma (bsc#1012628).
- arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO
  hog on RK3399 Puma (bsc#1012628).
- minmax: reduce min/max macro expansion in atomisp driver
  (bsc#1012628).
- net: tighten bad gso csum offset check in virtio_net_hdr
  (bsc#1012628).
- net: libwx: fix number of Rx and Tx descriptors (bsc#1012628).
- dm-integrity: fix a race condition when accessing recalc_sector
  (bsc#1012628).
- clocksource: hyper-v: Use lapic timer in a TDX VM without
  paravisor (bsc#1012628).
- x86/hyperv: fix kexec crash due to VP assist page corruption
  (bsc#1012628).
- mm: avoid leaving partial pfn mappings around in error case
  (bsc#1012628).
- bcachefs: Fix bch2_extents_match() false positive (bsc#1012628).
- bcachefs: Revert lockless buffered IO path (bsc#1012628).
- bcachefs: Don't delete open files in online fsck (bsc#1012628).
- arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for
  ROCK Pi E (bsc#1012628).
- firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()
  (bsc#1012628).
- riscv: dts: starfive: jh7110-common: Fix lower rate of CPUfreq
    ... changelog too long, skipping 766 lines ...
- commit e9c5fe9

==== libdovi ====
Version update (3.2.0 -> 3.3.1)

- Update to 3.3.1:
  * Changed AV1 function signatures to take slices as input and
    return a Vec.
  * Added write_av1_rpu_metadata_obu_t35_complete function to encode
    RPUs in complete metadata OBU payloads.
  * XML parser: support decimals when parsing Level6 MaxCLL/MaxFALL
    values.
  * Added DoviRpu::parse_itu_t35_dovi_metadata_obu and deprecated
    av1::parse_itu_t35_dovi_metadata_obu.
  * Fixed encoding AV1 payloads with trailing bytes. They are now
    discarded.
  * Added dovi_write_av1_rpu_metadata_obu_t35_{payload,complete}
    functions.
  * Added dovi_parse_itu_t35_dovi_metadata_obu function.
  * Added support for parsing ext_mapping_idc in RpuDataHeader.

==== libeconf ====
Version update (0.7.2 -> 0.7.3)

- Update to version 0.7.3:
  * Groups handled in an own list (#218)
  * Add econftool as dependency of its tests
  * Simplify snprintf call
  * Remove unused functions and reduce variable visibility (#213)
  * Fix typos (#212)

==== libsamplerate ====

- Use a constant profile dir for reproducible builds (boo#1062303)

==== mdadm ====

- Detail: remove duplicated code (bsc#1226413)
  0008-Detail-remove-duplicated-code.patch
- mdadm: Fix native --detail --export (bsc#1226413)
  0009-mdadm-Fix-native-detail-export.patch

==== nbdkit ====
Version update (1.40.2 -> 1.40.3)
Subpackages: nbdkit-basic-filters nbdkit-basic-plugins nbdkit-curl-plugin nbdkit-nbd-plugin nbdkit-python-plugin nbdkit-server nbdkit-ssh-plugin

- Update to version 1.40.3:
  * Version 1.40.3.
  * ip: Do late filtering in list_exports as well as open
  * docs/nbdkit_shutdown.pod: Minor copyediting
  * docs/nbdkit_error.pod: Typo 'thre' -> 'there'
  * podwrapper: Check cross-references to C API pages
  * docs: Fix cross-reference to nbdkit_stdio_safe(3)
  * ocaml: Use thread-local key to register & unregister the thread
  * ocaml: Reinitialize the OCaml runtime after fork
  * tests: Refactor ocaml errorcodes plugin used in testing
- Move nbdkit-null-plugin to the nbdkit-server package

==== nvidia-open-driver-G06-signed-cuda ====
Version update (555.42.06_k6.10.9_1 -> 555.42.06_k6.10.11_1)

- Update to 550.120 (boo#1230779)
  * Fixed a bug that could cause kernel crashes upon attempting
    KMS operations through DRM when nvidia_drm was loaded with
    modeset=0.
- aarch64-TW-buildfix.patch
  * fixes build on aarch64 with latest TW kernel

==== openSUSE-release ====
Version update (20240918 -> 20240923)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd

- automatically generated by openSUSE-release-tools/pkglistgen

==== osinfo-db ====

- Add support for SLE Micro 6.1 (jsc#PED-8910)
  add-slem6.1-support.patch
- Drop support for Leap 15.7. Next major version is Leap 16
  add-opensuse-leap-15.7-support.patch
- Adjust place holder release-date for sle15sp7
  add-sle15sp7-support.patch

==== patterns-media ====
Subpackages: patterns-media-rest_cd_core patterns-media-rest_dvd

- pam-extra needs to be present for upgraders, as pam_limits.so
  moved from pam to pam-extra. Ensure it's added to the DVD.

==== postgresql ====
Version update (16 -> 17)
Subpackages: postgresql-contrib postgresql-server

- Bump major and default to 17 for Factory and TW.

==== postgresql17 ====
Version update (16.3 -> 17~rc1)

- Upgrade to 17rc1
  https://www.postgresql.org/about/news/postgresql-17-rc1-released-2926/
- Upgrade to 17beta3 (bsc#1229013):
  * bsc#1229013, CVE-2024-7348 PostgreSQL relation replacement
    during pg_dump executes arbitrary SQL
  * https://www.postgresql.org/about/news/postgresql-164-158-1413-1316-1220-and-17-beta-3-released-2910/
- Upgrade to 17beta2.
- Upgrade to 17beta1.
- Allow LLVM <= 18

==== setools ====
Subpackages: python311-setools setools-console

- Add upstream tarball signature
- Add key 85649089C9F385B35F40568D21698FD29D4355A4 to setools.keyring

==== shim-leap ====

- RelEng emergency fix: fux source number to install shim-install.

==== swtpm ====
Subpackages: swtpm-selinux

- Fix swtpm custom module (bsc#1229131)
  - Add patch: 1229131-fix-swtpm-selinux-policy-mismatch.patch
  - this can be removed once swtpm upstream sorts out their custom selinux module.
    see: https://github.com/stefanberger/swtpm/issues/885
    there were a couple changes in the selinux-policy libvirt handling
    which causes the logfile in /var/log/swtpm/libvirt/qemu/*.log to be labeled
    virt_log_t instead of var_log_t. this patch allows swtpm_t to open the virt_log_t

==== usbutils ====

- enable usbreset

==== virt-manager ====
Subpackages: virt-install virt-manager-common

- Fix SUSE SL Micro detection
  virtinst-add-slem60-detection-support.patch
- Solve bsc#1228384 --dry-run creating pools in a different way
  virtinst-dont-create-storage-pool-for-dryrun.patch
- Upstream bug fixes (bsc#1027942) (jsc#PED-8910)
  094-uitests-handle-newer-libvirt-test-driver-UpdateDevice-support.patch
  095-uitests-force-internal-snapshots-in-test_snapshot.py.patch

==== virt-v2v ====
Version update (2.5.9 -> 2.5.10)
Subpackages: virt-v2v-bash-completion

- Update to virt-v2v 2.5.10 (jsc#PED-8910)
  * convert: Display osinfo in "Converting ..." message
  * Updated language translations
  * Fix the bugs in YAML generator
  * output: -o kubevirt: Fix firmware section to match specification

==== vte ====
Version update (0.76.3 -> 0.76.4)
Subpackages: libvte-2_91-0 typelib-1_0-Vte-2_91

- Update to version 0.76.4:
  * fonts: ensure ref of font from glyph item analysis
  * build: Post release version bump

==== wpa_supplicant ====

- Revert "Mark authorization completed on driver indication
  during 4-way HS offload" because of WPA2-PSK/WPA-SAE connection
  problems with brcmfmac wifi hardware. (bsc#1230797)
  [+ Revert-Mark-authorization-completed-on-driver-indica.patch]

==== xml-commons-apis ====

- Use SOURCE_DATE_EPOCH for reproducible builds

==== yast2-kdump ====
Version update (5.0.1 -> 5.0.2)

- Don't write empty  fadump=""  kernel parameter (bsc#1230359)
- 5.0.2

==== yast2-storage-ng ====
Version update (5.0.17 -> 5.0.18)

- Extend the API to resize partitions during a proposal (required
  by gh#openSUSE/agama#1599).
- 5.0.18