Packages changed:
  MicroOS-release (20240930 -> 20241001)
  coreutils
  coreutils-systemd
  cups (2.4.10 -> 2.4.11)
  gnutls
  libgtop (2.41.3 -> 2.41.3+4)
  libjpeg-turbo
  librsvg (2.58.4 -> 2.59.1)
  ncurses (6.5.20240922 -> 6.5.20240928)
  selinux-policy (20240925 -> 20240930)
  sof-firmware (2024.06 -> 2024.09)
  suse-module-tools (16.0.51 -> 16.0.52)
  xen (4.19.0_02 -> 4.19.0_04)

=== Details ===

==== MicroOS-release ====
Version update (20240930 -> 20241001)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd

- automatically generated by openSUSE-release-tools/pkglistgen

==== coreutils ====

- coreutils-i18n.patch: fold(1): fix fold -b with UTF8 locale.
  Sync fix in I18N patch from Fedora/Redhat and add a test. (RHEL-60295)
  Original report: https://access.redhat.com/solutions/3459791

==== coreutils-systemd ====

- coreutils-i18n.patch: fold(1): fix fold -b with UTF8 locale.
  Sync fix in I18N patch from Fedora/Redhat and add a test. (RHEL-60295)
  Original report: https://access.redhat.com/solutions/3459791

==== cups ====
Version update (2.4.10 -> 2.4.11)
Subpackages: cups-client cups-config libcups2 libcupsimage2

- Version upgrade to 2.4.11:
  See https://github.com/openprinting/cups/releases
  CUPS 2.4.11 brings several bug fixes regarding IPP response
  validation, processing PPD values, Web UI support
  (checkbox support, modifying printers) and others fixes.
  Detailed list (from CHANGES.md):
  * Updated the maximum file descriptor limit
    for `cupsd` to 64k-1 (Issue #989)
  * Fixed `lpoptions -d` with a discovered
    but not added printer (Issue #833)
  * Fixed incorrect error message for HTTP/IPP errors (Issue #893)
  * Fixed JobPrivateAccess and SubscriptionPrivateAccess support
    for "all" (Issue #990)
  * Fixed issues with cupsGetDestMediaByXxx (Issue #993)
  * Fixed adding and modifying of printers
    via the web interface (Issue #998)
  * Fixed HTTP PeerCred authentication
    for domain users (Issue #1001)
  * Fixed checkbox support (Issue #1008)
  * Fixed printer state notifications (Issue #1013)
  * Fixed IPP Everywhere printer setup (Issue #1033)
  Issues are those at https://github.com/OpenPrinting/cups/issues
  In particular CUPS 2.4.11 contains those commit regarding
  IPP response validation and processing PPD values:
  * "Quote PPD localized strings"
    https://github.com/OpenPrinting/cups/commit/1e6ca5913eceee906038bc04cc7ccfbe2923bdfd
    plus a cleanup to "Fix warnings for unused vars"
    https://github.com/OpenPrinting/cups/commit/2abe1ba8a66864aa82cd9836b37e57103b8e1a3b
- Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.11
- avoid_C99_mode_for_loop_initial_declarations.patch
  is no longer needed because the issue is fixed upstream.

==== gnutls ====

- Build with liboqs to support the X25519Kyber768 post-quantum key
  exchange algorithm.

==== libgtop ====
Version update (2.41.3 -> 2.41.3+4)

- Update to version 2.41.3+4:
  + Reproducible Builds: Do not embed build-server kernel version
    on Linux (boo#1230850).
  + Updated translations.

==== libjpeg-turbo ====

- update to 3.0.4:
  * Fixed an issue whereby the CPU usage of the default marker
    processor in the decompressor grew exponentially with the
    number of markers.  This caused an unreasonable slow-down in
    `jpeg_read_header()` if an application called `jpeg_save_markers()`
    to save markers of a particular type and then attempted to
    decompress a JPEG image containing an excessive number of markers
    of that type.
  * Hardened the default marker processor in the decompressor to guard
    against an issue (exposed by 3.0 beta2[6]) whereby attempting to
    decompress a specially-crafted malformed JPEG image (specifically
    an image with a complete 12-bit-per-sample Start Of Frame segment
    followed by an incomplete 8-bit-per-sample Start Of Frame segment)
    using buffered-image mode and input prefetching caused a segfault
    if the `fill_input_buffer()` method in the calling application's
    custom source manager incorrectly returned `FALSE` in response to a
    prematurely-terminated JPEG data stream.
  * Fixed an issue in cjpeg whereby, when generating a
    12-bit-per-sample or 16-bit-per-sample lossless JPEG image,
    specifying a point transform value greater than 7 resulted in an
    error ("Invalid progressive/lossless parameters") unless the
    `-precision` option was specified before the `-lossless` option.
  * Fixed a regression introduced by 3.0.3[3] that made it impossible
    for calling applications to generate 12-bit-per-sample
    arithmetic-coded lossy JPEG images using the TurboJPEG API.
  * Fixed an error ("Destination buffer is not large enough") that
    occurred when attempting to generate a full-color lossless JPEG
    image using the TurboJPEG Java API's `byte[]
    TJCompressor.compress()` method if the value of `TJ.PARAM_SUBSAMP`
    was not `TJ.SAMP_444`.
  * Fixed a segfault in djpeg that occurred if a negative width was
    specified with the `-crop` option.  Since the cropping region width
    was read into an unsigned 32-bit integer, a negative width was
    interpreted as a very large value.  With certain negative width and
    positive left boundary values, the bounds checks in djpeg and
    `jpeg_crop_scanline()` overflowed and did not detect the
    out-of-bounds width, which caused a buffer overrun in the
    upsampling or color conversion routine.  Both bounds checks now use
    64-bit integers to guard against overflow, and djpeg now checks for
    negative numbers when it parses the crop specification from the
    command line.
  * Fixed an issue whereby the TurboJPEG lossless transformation
    function and methods checked the specified cropping region against
    the source image dimensions and level of chrominance subsampling
    rather than the destination image dimensions and level of
    chrominance subsampling, which caused some cropping regions to be
    unduly rejected when performing 90-degree rotation, 270-degree
    rotation, transposition, transverse transposition, or grayscale
    conversion.
  * Fixed an issue whereby the TurboJPEG lossless transformation
    function and methods did not honor
    `TJXOPT_COPYNONE`/`TJTransform.OPT_COPYNONE` unless it was
    specified for all lossless transforms.

==== librsvg ====
Version update (2.58.4 -> 2.59.1)
Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0

- Update to version 2.59.1:
  + Two mitigations for crashes found throuh fuzz testing:
  - Cairo is easy to crash by giving it path coordinates that are
    outside of the range that it can represent internally with
    its fixed-point arithmetic. Fuzzers usually produce SVGs with
    very large numbers for coordinates, which overflow Cairo's
    arithmetic.
    This is just a *mitigation*, not a complete fix: librsvg will
    now check if path coordinates are outside of Cairo's
    supported range, and it will not render shapes with
    problematic coordinates. However, fuzzers may still produce
    coordinates that are in range but that still make Cairo
    crash. I am starting to learn Cairo's code to see if this can
    be fixed gradually.
- Update to version 2.59.0:
  + The biggest change in this release is that librsvg now uses the
    Meson build system instead of autotools.
  + With Meson, librsvg now builds a lot more reliably on Windows
    and MacOS.
  + Librsvg now uses Meson instead of Autotools
  + There is a -Davif meson option to include support for AVIF in
    the image-rs crate, which librsvg uses to load raster images.
  + Librsvg now explicitly builds only its supported raster formats
    for image-rs: JPEG, PNG, GIF, WEBP, and optional compile-time
    support for AVIF). Other raster image formats are not
    supported, to minimize the attack surface.
  + Librsvg now supports cancellable rendering; you can start
    rendering an RsvgHandle in one thread, and stop it from another
    thread with a GCancellable. In the C API, you can use the
    rsvg_handle_set_cancellable_for_rendering() function; in the
    Rust API, CairoRenderer now has a with_cancellable() method.
  + For Rust users, there is now a 'librsvg-rebind' crate that
    binds the C API for use from Rust. Internally this links to the
    system's librsvg shared library, in contrast with the 'librsvg'
    crate, which is statically linked and which has a native Rust
    API. The 'librsvg-rebind' crate is for cases where the
    additional code size from static linking is not desired. This
    librsvg-rebind crate is available from crates.io.
  + A bunch of fixes to bugs found through fuzz testing.
- Use ldconfig_scriptlets macro for some of the post(un) handling.
- Update to version 2.58.94:
  + The minimum supported Rust version (MSRV) is 1.77.2.
  + Fix assertion failures with large Hue value in hsl() or hwb()
    colors.
  + Limit the baseFrequency for feTurbulence to avoid integer
    overflow.
  + Only make exported symbols visible in the library's binary.
  + Fix the -Davif=enabled feature; it was not being handled
    correctly at compilation time.
  + Ensure compatibility with Binutils < 2.39.
  + Build fixes for Windows.
- Update to version 2.58.92:
  + Librsvg is now part of Google's oss-fuzz and is fuzz-tested
    automatically - see
    https://gnome.pages.gitlab.gnome.org/librsvg/devel-docs/oss_fuzz.html
    for details.
  + This release has two bug fixes from fuzz testing, and a new API
    call:
  - Don't leak XML entities when the XML document fails to parse.
  - Fix stack overflow in <use> reference cycle.
  - Librsvg now supports cancellable rendering; you can start
    rendering an RsvgHandle in one thread, and stop it from
    another thread with a GCancellable. In the C API, you can use
    the rsvg_handle_set_cancellable_for_rendering() function; in
    the Rust API, CairoRenderer now has a with_cancellable()
    method.
  + Many build fixes for Windows, MacOS, iOS, and cross-compilation
  + Continued refactoring for a render tree.
  + Many fixes to the documentation.
- Update to version 2.58.91:
  + Librsvg now requires cairo version 1.18.0 or later.
  + Librsvg now explicitly builds only its supported raster
    formats for image-rs: JPEG, PNG, GIF, WEBP, and optional
    compile-time support for AVIF. Other raster image formats are
    not supported, to minimize the attack surface.
  + Don't generate gdk-pixbuf loaders cache if DESTDIR is set.
  + Documentation updates for meson.
  + Document the fact that the default DPI in the C API for
    RsvgHandle is 90 DPI, unlike rsvg-convert and the Rust API,
    which use 96 DPI.
  + Document the security considerations for the image-rs crate
    and the raster image formats that librsvg supports.
  + Fix and fine-tune compilation on Windows (MSVC and msys2),
    MacOS, and Android.
  + Fix installation when only compiling the static library.
  + Update Pango for CI and fix a test file. The test suite now
    includes the DejaVu Sans font, which supports extra
    glyphs/languages for the test suite.
- Changesfrom version 2.58.90:
  + librsvg has been ported to the Meson build system.  Librsvg no
    longer uses autotools!
  + Changes in this release:
  - Librsvg now uses Meson instead of Autotools.
  - There is a -Davif meson option to include support for AVIF in
    the image-rs crate, which librsvg uses to load raster images.
  - Start revamping the fuzzing infrastructure.
- Add cargo-c and pkgconfig(dav1d) BuildRequires: new dependencies.

==== ncurses ====
Version update (6.5.20240922 -> 6.5.20240928)
Subpackages: libncurses6 ncurses-utils terminfo-base

- Add ncurses patch 20240928
  + improve error-message from infocmp when a terminal entry cannot be
    opened (patch by Branden Robinson).
  + improve filtering of -L options in misc/gen-pkgconfig.in and in
    misc/ncurses-config.in
  + add check in wresize() for out-of-range dimensions (report by Peter
    Bierma).

==== selinux-policy ====
Version update (20240925 -> 20240930)
Subpackages: selinux-policy-targeted

- Update to version 20240930:
  * Label yast binaries correctly

==== sof-firmware ====
Version update (2024.06 -> 2024.09)

- update to v2024.09:
  * Add sof-v2.11 binaries
  * v2.2.x: Update v2.2.11 topology files for Intel platforms
  * Add sof-v2.11.1 binaries for Intel TGL/ADL/RPL hardware

==== suse-module-tools ====
Version update (16.0.51 -> 16.0.52)
Subpackages: suse-module-tools-scriptlets

- Update to version 16.0.52:
  * rpm-script: create vmlinuz and initrd also in image build environments
    (bsc#1231040, bsc#1230858)
  * regenerate-initrd-posttrans: Fix SKIP_REGENERATE_INITRD_ALL
    (bsc#1228929)

==== xen ====
Version update (4.19.0_02 -> 4.19.0_04)

- bsc#1230366 - VUL-0: CVE-2024-45817: xen: x86: Deadlock in
  vlapic_error() (XSA-462)
  66f2af41-x86-vLAPIC-undue-recursion-of-vlapic_error.patch
  Drop xsa462.patch
- Upstream bug fixes (bsc#1027519)
  66cf737b-x86-Dom0-disable-SMAP-for-PV-only.patch
  66d6dca8-libxl-nul-termination-in-xen_console_read_line.patch
  66d8690f-SUPPORT-split-XSM-from-Flask.patch
  66e29480-x86-HVM-properly-reject-indirect-VRAM-writes.patch
  66e44ae2-x86-ucode-AMD-buffer-underrun.patch
  66f2fd92-x86-ucode-Intel-stricter-sanity-check.patch
- bsc#1230366 - VUL-0: CVE-2024-45817: xen: x86: Deadlock in
  vlapic_error() (XSA-462)
  xsa462.patch