Packages changed:
  MicroOS-release (20240917 -> 20240918)
  ffmpeg-4
  gnome-online-accounts (3.50.4 -> 3.50.5)
  gnome-shell (46.4 -> 46.5)
  gnome-software (46.4 -> 46.5)
  gvfs (1.54.2 -> 1.54.3)
  kexec-tools
  kwallet
  libadwaita (1.5.3 -> 1.5.4)
  librsvg (2.58.3 -> 2.58.4)
  mutter (46.4 -> 46.5)
  pam
  pam-config (2.11+git.20240906 -> 2.11+git.20240911)
  poppler
  poppler-qt6
  python-cryptography
  python311 (3.11.9 -> 3.11.10)
  python311-core (3.11.9 -> 3.11.10)
  wayland (1.23.0 -> 1.23.1)

=== Details ===

==== MicroOS-release ====
Version update (20240917 -> 20240918)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd

- automatically generated by openSUSE-release-tools/pkglistgen

==== ffmpeg-4 ====
Subpackages: libavcodec58_134 libavformat58_76 libavutil56_70 libpostproc55_9 libswresample3_9 libswscale5_9

- Add ffmpeg-4-CVE-2024-7055.patch:
  Backporting 3faadbe2 from upstream, Use 64bit for input size check,
  Fixes: out of array read, Fixes: poc3.
  (CVE-2024-7055, bsc#1229026)

==== gnome-online-accounts ====
Version update (3.50.4 -> 3.50.5)
Subpackages: libgoa-1_0-0 libgoa-backend-1_0-2

- Update to version 3.50.5:
  + goaimapsmtpprovider: quick fix for yahoo auto-detect
  + Updated translations.

==== gnome-shell ====
Version update (46.4 -> 46.5)
Subpackages: gnome-shell-calendar

- Update to version 46.5:
  + Fix smartcard logins
  + Fix glitch when quick settings menu animation is interrupted
  + Fix new wifi connections for restricted users
  + Do not disable required animations
  + Fix showing pending PAM messages on login screen
  + Plugged leak
  + Misc. bug fixes and cleanups
  + Updated translations.
- Drop gnome-shell-private-connection.patch: Should not be needed
  anymore after changes upstream.

==== gnome-software ====
Version update (46.4 -> 46.5)

- Update to version 46.5:
  + Reduce power usage when the main window is closed.
  + Updated translations.

==== gvfs ====
Version update (1.54.2 -> 1.54.3)
Subpackages: gvfs-backend-afc gvfs-backend-goa gvfs-backend-samba gvfs-backends gvfs-fuse

- Update to version 1.54.3:
  + onedrive:
  - Set name of drive root
  - Handle multiple drives with same IDs
  - Guess mime type locally if not set by the server
  + Updated translations.

==== kexec-tools ====

- To create rckexec-reload, the service binary is required at
  build time. This binary is provided by aaa_base. Make sure this
  package is available during build.

==== kwallet ====

- Use the %lang_package macro for kwallet-tools-lang (boo#1230570)

==== libadwaita ====
Version update (1.5.3 -> 1.5.4)
Subpackages: libadwaita-1-0 typelib-1_0-Adw-1

- Update to version 1.5.4:
  + AdwAboutDialog/Window: Support non-deprecated GPL-2/3.0-only
    SPDX IDs
  + AdwHeaderBar: Fix back button menu picking up phantom pages in
    some situations
  + AdwTabBar/Overview: Fix 2 crashes with drag-n-drop
  + Stylesheet: Fix scroll undershoot in dropdowns and emoji picker
  + Updated translations.

==== librsvg ====
Version update (2.58.3 -> 2.58.4)
Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0

- Update to version 2.58.4:
  + Fix regression when using an SVG inside a feImage element.

==== mutter ====
Version update (46.4 -> 46.5)

- Update to version 45.5:
  + Fix drag and drop between X11 and wayland clients
  + Fix drag and drop from grabbing popups
  + Fix EGLDevice support
  + Fix frozen cursor on some hybrid machines
  + Fix touch window dragging with pointer lock enabled
  + Fix propagating tablet device removals to clients
  + Fix tablet input in maximized windows
  + Reduce damage on window movement
  + Fix frozen cursor after suspend
  + Fix using modifiers on multi-GPU setups
  + Fixed crashes
  + Misc. bug fixes and cleanups
  + Updated translations.

==== pam ====

- baselibs.conf: add pam-userdb
- pam_limits-systemd.patch: update to final PR
- Add systemd-logind support to pam_limits (pam_limits-systemd.patch)
- Remove /usr/etc/pam.d, everything should be migrated
- Remove pam_limits from default common-sessions* files. pam_limits
  is now part of pam-extra and not in our default generated config.
- pam_issue-systemd.patch: only count class user sessions

==== pam-config ====
Version update (2.11+git.20240906 -> 2.11+git.20240911)

- Add PreRequires for pam-extra, several other packages depend on
  that pam_limits is installed and enabled by default
- Update to version 2.11+git.20240911:
  * Only add pam_limits if available

==== poppler ====
Subpackages: libpoppler-cpp1 libpoppler-glib8 libpoppler139

- Poppler can load ghostscript fonts (n022003l.pfb and the like)
  so the package now recommends the ghostscript-fonts-std package
  (boo#1230636).

==== poppler-qt6 ====

- Poppler can load ghostscript fonts (n022003l.pfb and the like)
  so the package now recommends the ghostscript-fonts-std package
  (boo#1230636).

==== python-cryptography ====

- Fix building on SLE based distributions

==== python311 ====
Version update (3.11.9 -> 3.11.10)

- Update to 3.11.10:
  - Security
  - gh-123678: Upgrade libexpat to 2.6.3
  - gh-121957: Fixed missing audit events around interactive
    use of Python, now also properly firing for ``python -i``,
    as well as for ``python -m asyncio``. The event in question
    is ``cpython.run_stdin``.
  - gh-122133: Authenticate the socket connection for the
    ``socket.socketpair()`` fallback on platforms where
    ``AF_UNIX`` is not available like Windows. Patch by
    Gregory P. Smith <greg@krypto.org> and Seth Larson
    <seth@python.org>. Reported by Ellie <el@horse64.org>
  - gh-121285: Remove backtracking from tarfile header parsing
    for ``hdrcharset``, PAX, and GNU sparse headers
    (bsc#1230227, CVE-2024-6232).
  - gh-118486: :func:`os.mkdir` on Windows now accepts
  * mode* of ``0o700`` to restrict the new directory to
    the current user. This fixes CVE-2024-4030 affecting
    :func:`tempfile.mkdtemp` in scenarios where the base
    temporary directory is more permissive than the default.
  - gh-116741: Update bundled libexpat to 2.6.2
  - Library
  - gh-123270: Applied a more surgical fix for malformed
    payloads in :class:`zipfile.Path` causing infinite loops
    (gh-122905) without breaking contents using legitimate
    characters (bsc#1229704, CVE-2024-8088).
  - gh-123067: Fix quadratic complexity in parsing ``"``-quoted
    cookie values with backslashes by :mod:`http.cookies`
    (bsc#1229596, CVE-2024-7592).
  - gh-122905: :class:`zipfile.Path` objects now sanitize names
    from the zipfile.
  - gh-121650: :mod:`email` headers with embedded newlines are
    now quoted on output. The :mod:`~email.generator` will now
    refuse to serialize (write) headers that are unsafely folded
    or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`.
    (Contributed by Bas Bloemsaat and Petr Viktorin in
    :gh:`121650`; CVE-2024-6923, bsc#1228780).
  - gh-119506: Fix :meth:`!io.TextIOWrapper.write` method
    breaks internal buffer when the method is called again
    during flushing internal buffer.
  - gh-118643: Fix an AttributeError in the :mod:`email` module
    when re-fold a long address list. Also fix more cases of
    incorrect encoding of the address separator in the address
    list.
  - gh-113171: Fixed various false positives and false
    negatives in * :attr:`ipaddress.IPv4Address.is_private`
    (see these docs for details) *
    :attr:`ipaddress.IPv4Address.is_global` *
    :attr:`ipaddress.IPv6Address.is_private` *
    :attr:`ipaddress.IPv6Address.is_global` Also in the
    corresponding :class:`ipaddress.IPv4Network` and
    :class:`ipaddress.IPv6Network` attributes.
    Fixes bsc#1226448 (CVE-2024-4032).
  - gh-102988: :func:`email.utils.getaddresses` and
    :func:`email.utils.parseaddr` now return ``('', '')``
    2-tuples in more situations where invalid email addresses
    are encountered instead of potentially inaccurate
    values. Add optional *strict* parameter to these two
    functions: use ``strict=False`` to get the old behavior,
    accept malformed inputs. ``getattr(email.utils,
    'supports_strict_parsing', False)`` can be use to check if
    the *strict* paramater is available. Patch by Thomas Dwyer
    and Victor Stinner to improve the CVE-2023-27043 fix
    (bsc#1210638).
  - gh-67693: Fix :func:`urllib.parse.urlunparse` and
    :func:`urllib.parse.urlunsplit` for URIs with path starting
    with multiple slashes and no authority. Based on patch by
    Ashwin Ramaswami.
  - Core and Builtins
  - gh-112275: A deadlock involving ``pystate.c``'s
    ``HEAD_LOCK`` in ``posixmodule.c`` at fork is now
    fixed. Patch by ChuBoning based on previous Python 3.12 fix
    by Victor Stinner.
  - gh-109120: Added handle of incorrect star expressions, e.g
    ``f(3, *)``. Patch by Grigoryev Semyon
- Removed upstreamed patches:
  - CVE-2023-27043-email-parsing-errors.patch
  - CVE-2024-4032-private-IP-addrs.patch
  - CVE-2024-6923-email-hdr-inject.patch
  - CVE-2024-8088-inf-loop-zipfile_Path.patch
- Add gh120226-fix-sendfile-test-kernel-610.patch to avoid
  failing test_sendfile_close_peer_in_the_middle_of_receiving
  tests on Linux >= 6.10 (GH-120227).

==== python311-core ====
Version update (3.11.9 -> 3.11.10)
Subpackages: libpython3_11-1_0 python311-base

- Update to 3.11.10:
  - Security
  - gh-123678: Upgrade libexpat to 2.6.3
  - gh-121957: Fixed missing audit events around interactive
    use of Python, now also properly firing for ``python -i``,
    as well as for ``python -m asyncio``. The event in question
    is ``cpython.run_stdin``.
  - gh-122133: Authenticate the socket connection for the
    ``socket.socketpair()`` fallback on platforms where
    ``AF_UNIX`` is not available like Windows. Patch by
    Gregory P. Smith <greg@krypto.org> and Seth Larson
    <seth@python.org>. Reported by Ellie <el@horse64.org>
  - gh-121285: Remove backtracking from tarfile header parsing
    for ``hdrcharset``, PAX, and GNU sparse headers
    (bsc#1230227, CVE-2024-6232).
  - gh-118486: :func:`os.mkdir` on Windows now accepts
  * mode* of ``0o700`` to restrict the new directory to
    the current user. This fixes CVE-2024-4030 affecting
    :func:`tempfile.mkdtemp` in scenarios where the base
    temporary directory is more permissive than the default.
  - gh-116741: Update bundled libexpat to 2.6.2
  - Library
  - gh-123270: Applied a more surgical fix for malformed
    payloads in :class:`zipfile.Path` causing infinite loops
    (gh-122905) without breaking contents using legitimate
    characters (bsc#1229704, CVE-2024-8088).
  - gh-123067: Fix quadratic complexity in parsing ``"``-quoted
    cookie values with backslashes by :mod:`http.cookies`
    (bsc#1229596, CVE-2024-7592).
  - gh-122905: :class:`zipfile.Path` objects now sanitize names
    from the zipfile.
  - gh-121650: :mod:`email` headers with embedded newlines are
    now quoted on output. The :mod:`~email.generator` will now
    refuse to serialize (write) headers that are unsafely folded
    or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`.
    (Contributed by Bas Bloemsaat and Petr Viktorin in
    :gh:`121650`; CVE-2024-6923, bsc#1228780).
  - gh-119506: Fix :meth:`!io.TextIOWrapper.write` method
    breaks internal buffer when the method is called again
    during flushing internal buffer.
  - gh-118643: Fix an AttributeError in the :mod:`email` module
    when re-fold a long address list. Also fix more cases of
    incorrect encoding of the address separator in the address
    list.
  - gh-113171: Fixed various false positives and false
    negatives in * :attr:`ipaddress.IPv4Address.is_private`
    (see these docs for details) *
    :attr:`ipaddress.IPv4Address.is_global` *
    :attr:`ipaddress.IPv6Address.is_private` *
    :attr:`ipaddress.IPv6Address.is_global` Also in the
    corresponding :class:`ipaddress.IPv4Network` and
    :class:`ipaddress.IPv6Network` attributes.
    Fixes bsc#1226448 (CVE-2024-4032).
  - gh-102988: :func:`email.utils.getaddresses` and
    :func:`email.utils.parseaddr` now return ``('', '')``
    2-tuples in more situations where invalid email addresses
    are encountered instead of potentially inaccurate
    values. Add optional *strict* parameter to these two
    functions: use ``strict=False`` to get the old behavior,
    accept malformed inputs. ``getattr(email.utils,
    'supports_strict_parsing', False)`` can be use to check if
    the *strict* paramater is available. Patch by Thomas Dwyer
    and Victor Stinner to improve the CVE-2023-27043 fix
    (bsc#1210638).
  - gh-67693: Fix :func:`urllib.parse.urlunparse` and
    :func:`urllib.parse.urlunsplit` for URIs with path starting
    with multiple slashes and no authority. Based on patch by
    Ashwin Ramaswami.
  - Core and Builtins
  - gh-112275: A deadlock involving ``pystate.c``'s
    ``HEAD_LOCK`` in ``posixmodule.c`` at fork is now
    fixed. Patch by ChuBoning based on previous Python 3.12 fix
    by Victor Stinner.
  - gh-109120: Added handle of incorrect star expressions, e.g
    ``f(3, *)``. Patch by Grigoryev Semyon
- Removed upstreamed patches:
  - CVE-2023-27043-email-parsing-errors.patch
  - CVE-2024-4032-private-IP-addrs.patch
  - CVE-2024-6923-email-hdr-inject.patch
  - CVE-2024-8088-inf-loop-zipfile_Path.patch
- Add gh120226-fix-sendfile-test-kernel-610.patch to avoid
  failing test_sendfile_close_peer_in_the_middle_of_receiving
  tests on Linux >= 6.10 (GH-120227).

==== wayland ====
Version update (1.23.0 -> 1.23.1)
Subpackages: libwayland-client0 libwayland-cursor0 libwayland-egl1 libwayland-server0

- Update to release 1.23.1:
  * meson: Fix use of install_data() without specifying install_dir
  * Put WL_DEPRECATED in front of the function declarations
  * client: Handle proxies with no queue
  * scanner: extract validator function emission to helper function
  * scanner: fix validator for bitfields
  * tests: add enum bitfield test