Packages changed:
  accountsservice
  kernel-firmware
  kernel-source (6.4.8 -> 6.4.9)
  libreoffice-share-linker
  lsb-release
  pentaho-libxml (1.1.3 -> 1.1.6)
  procmail (3.22 -> 3.24)
  python-certifi (2023.5.7 -> 2023.7.22)
  qemu (8.0.3 -> 8.0.4)
  tracker-miners
  wtmpdb (0.7.1 -> 0.8.0)
  zxing-cpp

=== Details ===

==== accountsservice ====
Subpackages: accountsservice-lang libaccountsservice0 typelib-1_0-AccountsService-1_0

- Rebase as-fate318433-prevent-same-account-multi-logins.patch:
  (bsc#1213884).

==== kernel-firmware ====
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network

- Update AMD 19h ucode for "Inception" (bsc#1213287, CVE-2023-20569)
  amd-ucode-CVE-2023-20569.patch

==== kernel-source ====
Version update (6.4.8 -> 6.4.9)

- Linux 6.4.9 (bsc#1012628).
- Update config files.
  Set:
  * CONFIG_GDS_FORCE_MITIGATION=n
  * CONFIG_CPU_SRSO=y
  as per default.
- x86: fix backwards merge of GDS/SRSO bit (bsc#1012628).
- xen/netback: Fix buffer overrun triggered by unusual packet
  (bsc#1012628).
- x86/srso: Tie SBPB bit setting to microcode patch detection
  (bsc#1012628).
- x86/srso: Add a forgotten NOENDBR annotation (bsc#1012628).
- x86/srso: Fix return thunks in generated code (bsc#1012628).
- x86/srso: Add IBPB on VMEXIT (bsc#1012628).
- x86/srso: Add IBPB (bsc#1012628).
- x86/srso: Add SRSO_NO support (bsc#1012628).
- x86/srso: Add IBPB_BRTYPE support (bsc#1012628).
- x86/srso: Add a Speculative RAS Overflow mitigation (bsc#1012628
  bsc#1213287 CVE-2023-20569).
- x86/bugs: Increase the x86 bugs vector size to two u32s
  (bsc#1012628).
- Documentation/x86: Fix backwards on/off logic about YMM support
  (bsc#1012628).
- x86/xen: Fix secondary processors' FPU initialization
  (bsc#1012628).
- x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build
  (bsc#1012628).
- KVM: Add GDS_NO support to KVM (bsc#1012628).
- x86/speculation: Add Kconfig option for GDS (bsc#1012628).
- x86/speculation: Add force option to GDS mitigation
  (bsc#1012628).
- x86/speculation: Add Gather Data Sampling mitigation
  (bsc#1012628 bsc#1206418 CVE-2022-40982).
- x86/fpu: Move FPU initialization into arch_cpu_finalize_init()
  (bsc#1012628).
- x86/fpu: Mark init functions __init (bsc#1012628).
- x86/fpu: Remove cpuinfo argument from init functions
  (bsc#1012628).
- x86/init: Initialize signal frame size late (bsc#1012628).
- init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()
  (bsc#1012628).
- init: Invoke arch_cpu_finalize_init() earlier (bsc#1012628).
- init: Remove check_bugs() leftovers (bsc#1012628).
- um/cpu: Switch to arch_cpu_finalize_init() (bsc#1012628).
- sparc/cpu: Switch to arch_cpu_finalize_init() (bsc#1012628).
- sh/cpu: Switch to arch_cpu_finalize_init() (bsc#1012628).
- mips/cpu: Switch to arch_cpu_finalize_init() (bsc#1012628).
- m68k/cpu: Switch to arch_cpu_finalize_init() (bsc#1012628).
- loongarch/cpu: Switch to arch_cpu_finalize_init() (bsc#1012628).
- ia64/cpu: Switch to arch_cpu_finalize_init() (bsc#1012628).
- ARM: cpu: Switch to arch_cpu_finalize_init() (bsc#1012628).
- x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1012628).
- init: Provide arch_cpu_finalize_init() (bsc#1012628).
- commit 5b9ad20
- tpm/tpm_tis: Disable interrupts for Lenovo Thinkpad E14 Gen
  2 and 13s-IML (bsc#1213779).
- commit c4adffc
- drm/amd/display: Fix a regression on Polaris cards
  (bsc#1212874).
- commit 9764e05
- rpm/config.sh: remove IBS repos completely
  The commit 21cafd1f (rpm/config.sh: switch to openSUSE.org repos for
  IBS) duplicated the OBS repos in openSUSE.org: space. But this is done
  automatically in MyBS.pm. So drop all of them instead of duplicating.
- commit 294d541
- rpm/config.sh: switch to openSUSE.org repos for IBS
  SUSE:Factory:HEAD is currently (and often) broken. Switch to
  openSUSE.org: repositories. They are up-to-date and provide the same
  archs plus armv6.
- commit 21cafd1

==== libreoffice-share-linker ====

- Do not format using f-strings, since it is python 3.6+ feature
  and SLE12-SP5 has python 3.4

==== lsb-release ====

- add util-linux dependency for getopt to avoid:
  /usr/bin/lsb_release: line 123: getopt: command not found

==== pentaho-libxml ====
Version update (1.1.3 -> 1.1.6)

- Update to upstream version 1.1.6.
  * no structured changelog available starting from 2008
- Rebased and updated patches:
  * libxml-1.1.2-build.patch -> pentaho-libxml-1.1.6-build.patch
  * pentaho-libxml-1.1.3-sourcetarget.patch -> pentaho-libxml-1.1.6-sourcetarget.patch

==== procmail ====
Version update (3.22 -> 3.24)

- Update to procmail 3.24 (New Upstream)
  - Don't coredump in comsat code if interrupted early
  - Correctly handle COMSAT=on
  - Once used, the 'H' and 'r' flags would never be cleared
  - Fix possible buffer overflow in variable-capture actions
  - Fix up the parsing of variable-capture actions
  - LMTP code assumed sizeof(long)==sizeof(int)
  - SHELL is now always preset to /bin/sh.  USER_SHELL contains
    the shell from the user's passwd entry
  - When HOST is mismatched, reset it for the next rcfile
  - Always read in a new, global rcfile (/etc/procmail.conf)
    to allow runtime configuration of variables like DEFAULT.
    This rcfile cannot deliver or filter messages
  - Mismatched HOST in /etc/procmailrc didn't discard the message
  - backquote expansion in a condition disabled header
    concatenation for that condition
  - LMTP didn't correctly handle quoted localparts
  - Removed SIZE extension from LMTP (unsupportable semantics)
  - Don't coredump if unable to exec /bin/sh
  - Enable "+detail" processing in LMTP mode by passing the
    delimiter (e.g., "+") as an optional argument after -z
  - In LMTP mode, save the domain of the recipient in
    PROCMAIL_DOMAIN
  - Set PROCMAIL_MODE to one of "d", "m", "z", or "" to reflect
    the mode option it was invoked with, if any
  - Fixed all bugs collected by Debian and others
    during the past 21 years.  See the git commit history
    for detailed descriptions.
- Port patches
  * procmail-3.22-autoconf.dif
  * procmail-3.22-headerconcat.dif
  * procmail-3.22-ipv6.patch
  * procmail-3.22-mailstat.patch
  * procmail-3.22-owl-truncate.dif
  * procmail-3.22.dif
  * procmail-cflags.dif
- Remove former Debian and SUSE patches from procmail-3.22-patches.tar.bz2
  * 04
  * 06
  * 10
  * 11
  * 12
  * 13
  * 14
  * 15
  * 16
  * 17
  * 18
  * 19
  * 22
  * 23
  * 24
  * 25
  * 26
  * 27
  * 28
  * 29
  * 30
- Collect and port our patches from old procmail-3.22-patches.tar.bz2
  into new procmail-3.24-patches.tar.bz2
  * 01
  * 02
  * 03
  * 05
  * 07
  * 08
  * 09
  * 20
  * 21

==== python-certifi ====
Version update (2023.5.7 -> 2023.7.22)

- update to 2023.7.22:
  Added certs:
  [#] CN=Sectigo Public Server Authentication Root E46 O=Sectigo Limited
  [#] CN=Sectigo Public Server Authentication Root R46 O=Sectigo Limited
  [#] CN=SSL.com TLS RSA Root CA 2022 O=SSL Corporation
  [#] CN=SSL.com TLS ECC Root CA 2022 O=SSL Corporation
  [#] CN=Atos TrustedRoot Root CA ECC TLS 2021 O=Atos
  [#] CN=Atos TrustedRoot Root CA RSA TLS 2021 O=Atos
  Removed certs:
  [#] CN=Hongkong Post Root CA 1 O=Hongkong Post
  [#] CN=E-Tugra Certification Authority O=E-Tu\u011fra EBG Bili\u015fim
    Teknolojileri ve Hizmetleri A.\u015e. OU=E-Tugra Sertifikasyon Merkezi
  [#] CN=E-Tugra Global Root CA RSA v3 O=E-Tugra EBG A.S. OU=E-Tugra Trust Center
  [#] CN=E-Tugra Global Root CA ECC v3 O=E-Tugra EBG A.S. OU=E-Tugra Trust Center

==== qemu ====
Version update (8.0.3 -> 8.0.4)
Subpackages: qemu-accel-tcg-x86 qemu-audio-spice qemu-block-curl qemu-block-nfs qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-img qemu-ipxe qemu-ksm qemu-lang qemu-microvm qemu-pr-helper qemu-seabios qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios qemu-x86

- perl-Text-Markdown is not available in all distros and for all
  arch-es. Use discount instead
- Patches added:
  * [openSUSE][spec] Use discount instead of perl-Text-Markdown
- Update to version 8.0.4:
  * Official changelog not released on the mailing list yet
  * Security issues fixed:
  - bsc#1212850 (CVE-2023-3354)
  - bsc#1213001 (CVE-2023-3255)
  - bsc#1213925 (CVE-2023-3180)
  - bsc#1207205 (CVE-2023-0330)

==== tracker-miners ====
Subpackages: tracker-miner-files tracker-miners-lang

-Rebase patch: tracker-miners-drop-syscalls-in-seccomp.patch.

==== wtmpdb ====
Version update (0.7.1 -> 0.8.0)
Subpackages: libwtmpdb0

- Update to version 0.8.0
  - wtmpdb boottime: print boot time

==== zxing-cpp ====

- Restore support for building on SLE12
- Build with gcc7-c++ or gcc-c++ >= 7 because of C++17 requirements
- Added patch:
  * cmake.patch
    + allow building with cmake 3.5 on SLE12SP5