Packages changed:
  libcap (2.70 -> 2.73)
  logrotate (3.21.0 -> 3.22.0)
  mozjs128 (128.4.0 -> 128.5.1)
  openSUSE-release (20241203 -> 20241204)
  polkit-default-privs (1550+20241111.762abac -> 1550+20241129.21d7d0b)
  python311
  python311-core
  selinux-policy (20241105 -> 20241118)
  systemd (256.7 -> 256.9)

=== Details ===

==== libcap ====
Version update (2.70 -> 2.73)
Subpackages: libcap2 libcap2-32bit

- update to 2.73:
  * https://sites.google.com/site/fullycapable/release-notes-for-libcap?authuser=0#h.7yd7ab9ppagk

==== logrotate ====
Version update (3.21.0 -> 3.22.0)

- Skip test-0110.sh which fails after update in the build chroot
  but not with identical settings on TW.
  * Add logrotate-3.22-skip-failing-test.patch
- update to 3.22.0:
  * fix calculations for time differences
  * fix extension for zip compression
  * fix omitted copy for logs with `mail` and `rotate 0`
  * fix wrongly skipping copy with `copytruncate` and `compress`
  * fix ambiguities between `mode`, `UID` and `GID` parsing when
    not specifying all options
  * fix hang when encountering a named pipe
  * on prerotate failure logs are preserved instead of rotated
  * in case a configuration file was skipped due to unsafe
    permissions the
  * exit status after rotattion will be `1`
  * the state is no longer written to non-regular files
  * the systemd timer now correctly utilizes load distribution
  * add dateformat specifier `%z` for timezone offsets
  * change default mode for created `olddir` directories to
    `0755`
  * support quoted user and group names in `su`, `create`, and
    `createolddir`
- update logroate.keyring: new maintainer

==== mozjs128 ====
Version update (128.4.0 -> 128.5.1)

- Update to version 128.5.1:
  + Fixed an issue that prevented some websites from loading when
    using SSL Inspection. (bmo#1933747)
- Changes from version 128.5.0:
  + Various security fixes and other quality improvements.
  + CVE-2024-11691: Out-of-bounds write in Apple GPU drivers via
    WebGL.
  + CVE-2024-11692: Select list elements could be shown over
    another site.
  + CVE-2024-11694: CSP Bypass and XSS Exposure via Web
    Compatibility Shims.
  + CVE-2024-11695: URL Bar Spoofing via Manipulated Punycode and
    Whitespace Characters.
  + CVE-2024-11696: Unhandled Exception in Add-on Signature
    Verification.
  + CVE-2024-11697: Improper Keypress Handling in Executable File
    Confirmation Dialog.

==== openSUSE-release ====
Version update (20241203 -> 20241204)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd

- automatically generated by openSUSE-release-tools/pkglistgen

==== polkit-default-privs ====
Version update (1550+20241111.762abac -> 1550+20241129.21d7d0b)

- Update to version 1550+20241129.21d7d0b:
  * profiles: adjust tuned settings to new upstream default (bsc#1232412)
  * profiles: add tuned methods for instance handling / PPD (bsc#1232412)
- Add format_spec_file service in manual mode
- Update to version 1550+20241127.a20426b:
  * profiles: whitelist systemd v257 actions (bsc#1233295)
- _service: switch from "disabled" mode to "manual" mode, which is a more
  fitting setting which is available now.

==== python311 ====
Subpackages: python311-curses python311-dbm python311-x86-64-v3

- Add add-loongarch64-support.patch to support loongarch64
- Fix changelog

==== python311-core ====
Subpackages: libpython3_11-1_0 libpython3_11-1_0-x86-64-v3 python311-base python311-base-x86-64-v3

- Add add-loongarch64-support.patch to support loongarch64
- Fix changelog

==== selinux-policy ====
Version update (20241105 -> 20241118)
Subpackages: selinux-policy-targeted

- Fix minimum policy by readding snapper module (bsc#1234037)
- Update to version 20241118:
  * Add workaround for /run/rpmdb lockfile (bsc#1231127)
  * Add dedicated health-checker module (bsc#1231127)
- Packaging rework: moving all config files to git repository
  https://gitlab.suse.de/selinux/selinux-policy
  - Moved booleans to dist/*/booleans.conf and dropped from package:
  * booleans-minimum.conf
  - user facing change: boolean settings are now the same as in upstream
  * booleans-mls.conf
  - user facing change: boolean settings are now the same as in upstream
  * booleans-targeted.conf
  - user facing change: kerberos_enabled boolean was not enabled due to a bug, now it is enabled
  - Moved booleans.subs_dist to dist/booleans.subs_dist and dropped from package
  - Moved customizable_types to dist/customizable_types and dropped from package
  - user facing change: using upstream version
  - Moved file_contexts.subs_dist to config/file_contexts.subs_dist and dropped from package
  - user facing change: changed systemd entries in file_contexts.subs_dist:
    /run/systemd/system -> dropped from file
    /run/systemd/generator.early /run/systemd/generator
    /run/systemd/generator.late /run/systemd/generator
  - Moved modules config to dist/<policytype>/modules.conf and dropped from package:
  - user facing change: minimum policy: modules base and contrib are merged into modules.lst
    and modules-enabled.lst was added which contains the enabled modules, replacing modules-minimum-disable.lst
  * modules-minimum-base.conf
  * modules-minimum-contrib.conf
  * modules-minimum-disable.lst
  * Added: modules-minimum.lst
  - user facing change: mls policy: modules base + contrib are merged into modules.lst
  * modules-mls-base.conf
  * modules-mls-contrib.conf
  - user facing change: targeted policy: modules base + contrib are merged into modules.lst:
  * modules-targeted-base.conf
  * modules-targeted-contrib.conf
  - Moved securetty config to config/appconfig-<policytype>/securetty_types and dropped from package
  - user facing change: using upstream version for all policy types
  * securetty_types-minimum
  * securetty_types-mls
  * securetty_types-targeted
  - Moved setrans config to dist/<policytype>/setrans.conf and dropped from package
  * setrans-minimum.conf
  * setrans-mls.conf
  * setrans-targeted.conf
  - Moved users config to dist/<policytype>/users and dropped from package
  * users-minimum
  - user facing change: added guest_u and xguest_u
  * users-mls
  * users-targeted
- Fix debug-build.sh to follow symlinks when creating
  the tarball
- Update embedded container-selinux version to commit:
  * 3f06c141bebc00a07eec4c0ded038aac4f2ae3f0
- Update to version 20241107:
  * Re-add kanidm module to dist/targeted/modules.conf
  * Add SUSE-specific file contexts to file_contexts.subs_dist
  * Disallow execstack in dist/minimum/booleans.conf
  * Add SUSE-specific booleans to dist/targeted/booleans.conf
  * Add SUSE specific modules to targeted modules.conf
  * Label /var/cache/systemd/home with systemd_homed_cache_t
  * Allow login_userdomain connect to systemd-homed over a unix socket
  * Allow boothd connect to systemd-homed over a unix socket
  * Allow systemd-homed get attributes of a tmpfs filesystem
  * Allow abrt-dump-journal-core connect to systemd-homed over a unix socket
  * Allow aide connect to systemd-homed over a unix socket
  * Label /dev/hfi1_[0-9]+ devices
  * Remove the openct module sources
  * Remove the timidity module sources
  * Enable the slrn module
  * Remove i18n_input module sources
  * Enable the distcc module
  * Remove the ddcprobe module sources
  * Remove the timedatex module sources
  * Remove the djbdns module sources
  * Confine iio-sensor-proxy
  * Allow staff user nlmsg_write
  * Update policy for xdm with confined users
  * Allow virtnodedev watch mdevctl config dirs
  * Allow ssh watch home config dirs
  * Allow ssh map home configs files
  * Allow ssh read network sysctls
  * Allow chronyc sendto to chronyd-restricted
  * Allow cups sys_ptrace capability in the user namespace
  * Add policy for systemd-homed
  * Remove fc entry for /usr/bin/pump
  * Label /usr/bin/noping and /usr/bin/oping with ping_exec_t
  * Allow accountsd read gnome-initial-setup tmp files
  * Allow xdm write to gnome-initial-setup fifo files
  * Allow rngd read and write generic usb devices
  * Allow qatlib search the content of the kernel debugging filesystem
  * Allow qatlib connect to systemd-machined over a unix socket
  * mls/modules.conf - fix typo
  * Use dist/targeted/modules.conf in build workflow
  * Fix default and dist config files
  * Allow unprivileged user watch /run/systemd
  * CI: update to actions/checkout@v4
  * Allow boothd connect to kernel over a unix socket
  * Clean up and sync securetty_types
  * Bring config files from dist-git into the source repo
  * Confine gnome-remote-desktop
  * Allow virtstoraged execute mount programs in the mount domain
  * Make mdevctl_conf_t member of the file_type attribute

==== systemd ====
Version update (256.7 -> 256.9)
Subpackages: libsystemd0 libsystemd0-32bit libudev1 systemd-32bit systemd-boot systemd-container systemd-experimental systemd-lang udev

- Add 5005-Revert-boot-Make-initrd_prepare-semantically-equival.patch
  Revert commit d64193a2a652b15db9cb9ed10c6b77a17ca46cd2 until the regression it
  caused, reported at https://github.com/systemd/systemd/issues/35439, is fixed
  (see also bsc#1233752 for its downstream counterpart).
- Disable EFI support on architectures that are not EFI-compliant
- Import commit 290170c8550bf2de4b5085ecdf7f056769944444 (merge of v256.9)
  This merge includes the following fix:
    cf7b3cc182 pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary, noone else (bsc#1232227)
  For a complete list of changes, visit:
  https://github.com/openSUSE/systemd/compare/c7671762b39ead7f8f9e70064256f5efaccedeca...290170c8550bf2de4b5085ecdf7f056769944444
- Import commit aee28e4c20a053ea27f8be69f2ea981e43bcb0b6
  aee28e4c20 udev-builtin-path_id: SAS wide ports must have num_phys > 1 (bsc#1231610)
  280989cfa4 core: when switching root remove /run/systemd before executing the binary specified by init= (bsc#1227580)
- Drop 5003-core-when-switching-root-remove-run-systemd-before-e.patch, this
  patch has been integrated in branch 'SUSE/v256', see above.