Packages changed:
  liborcus
  libsemanage
  nodejs20 (20.3.1 -> 20.5.1)
  openSUSE-repos-Tumbleweed (20230804.41e41a9 -> 20230810.a7534f6)
  python-semanage
  python311
  python311-core
  qtkeychain-qt5 (0.13.2 -> 0.14.1)
  re2c (3.0 -> 3.1)
  salt
  virtualbox
  virtualbox-kmp
  xen (4.17.1_06 -> 4.17.2_02)
  xz (5.4.3 -> 5.4.4)
  yast2-country (4.6.2 -> 4.6.3)

=== Details ===

==== liborcus ====

- Clean up the spec file and require gcc-c++ >= 7, since that is the
  first version that supports C++17
- Run tests on all distributions and architectures
  * Allow disabling them on command line by specifying
    "--without tests"
- Changed patch:
  * no-std-filesystem.patch -> liborcus-filesystem.patch
    + rework the patch to detect std::filesystem,
    std::experimental::filesystem and boost::filesystem (in that
    order, and use them if found)
- Added patch:
  * liborcus-tests.patch
    + fix tests on all platforms
    + do not use C++20 features with the
    boost::filesystem::directory_iterator
    + do not assume that pathlib integrates seamlessly with open
    and do not use f-string formating, both being python 3.6+
    features

==== libsemanage ====
Subpackages: libsemanage-conf libsemanage-migrate-store libsemanage2

- Add _multibuild to define additional spec files as additional
  flavors.
  Eliminates the need for source package links in OBS.
- Add -ffat-lto-objects to CFLAGS to prevent rpmlint errors because
  of LTO
- Enable LTO now (boo#1138812).

==== nodejs20 ====
Version update (20.3.1 -> 20.5.1)
Subpackages: npm20

- Update to version 20.5.1:
  * (CVE-2023-32002, bsc#1214150): Policies can be bypassed
    via Module._load (High)
  * (CVE-2023-32558, bsc#1214155): process.binding() can bypass
    the permission model through path traversal (High)
  * (CVE-2023-32004, bsc#1214152): Permission model can be bypassed
    by specifying a path traversal sequence in a Buffer (High)
  * (CVE-2023-32006, bsc#1214156): Policies can be bypassed
    by module.constructor.createRequire (Medium)
  * (CVE-2023-32559, bsc#1214154): Policies can be bypassed
    via process.binding (Medium)
  * (CVE-2023-32005, bsc#1214153): fs.statfs can bypass
    the permission model (Low)
  * (CVE-2023-32003, bsc#1214151): fs.mkdtemp() and fs.mkdtempSync()
    can bypass the permission model (Low)
- Changes in 20.5.0:
  * events: allow safely adding listener to abortSignal
  * fs: add a fast-path for readFileSync utf-8
  * test_runner: add shards support
- Changes in 20.4.0:
  * tls: add ALPNCallback server option for dynamic ALPN negotiation
  * adds support for ECMAScript Explicit Resource Management
  * adds Mock Timer support to test module
  For details see,
  https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.5.1
  versioned.patch: refreshed

==== openSUSE-repos-Tumbleweed ====
Version update (20230804.41e41a9 -> 20230810.a7534f6)

- Update to version 20230810.a7534f6:
  * Disable NVIDIA pkg building on LeapMicro. Fixes #34
    PM confirmed that NVIDIA related deployments are expected
    to have all drivers/tools inside of container.
  * Fix incorrect with_nvidia usage

==== python-semanage ====

- Add _multibuild to define additional spec files as additional
  flavors.
  Eliminates the need for source package links in OBS.
- Add -ffat-lto-objects to CFLAGS to prevent rpmlint errors because
  of LTO
- Enable LTO now (boo#1138812).

==== python311 ====
Subpackages: python311-curses python311-dbm

- restrict PEP668 to ALP/Tumbleweed
- add externally_managed.in to label this build as PEP-668 managed

==== python311-core ====
Subpackages: libpython3_11-1_0 python311-base

- restrict PEP668 to ALP/Tumbleweed
- add externally_managed.in to label this build as PEP-668 managed

==== qtkeychain-qt5 ====
Version update (0.13.2 -> 0.14.1)
Subpackages: libqt5keychain1 libqt5keychain1-lang

- Update to 0.14.1:
  * Many build system fixes and build fixes for recent Qt 6
    releases
  * Add QtQuick client example
  * Added Dutch translation
  * Add API to check whether a secure backend is available
    at all
  * Export QKeychain::isAvailable() to make it usable in a
    shared build
  * Protect against creating the QtKeychain::QtKeychain alias
    target twice
- Drop patch, merged upstream:
  * 0001-Define-a-poper-exported-CMake-target-instead-of-intr.patch
- Add missing dependency to the -devel packages

==== re2c ====
Version update (3.0 -> 3.1)

- Update to 3.1:
  * new options --leftmost-captures option and re2c:leftmost-captures on capturing groups
  * new syntax (! ...) for non-capturing groups
  * It is also possible to flip defaults with --invert-captures option or re2c:invert_captures configuration,
    so that (...) is a capturing group and (! ...) is a non-capturing one
  * TDFA paper and removal of experimental algorithms
  * internal codebase , build system and CI improvements
  see details at https://re2c.org/releases/release_notes.html#release-3-1

==== salt ====
Subpackages: python3-salt salt-master salt-minion salt-transactional-update

- Create minion_id with reproducible mtime
- Fix detection of Salt codename by "salt_version" execution module
- Fix regression: multiple values for keyword argument 'saltenv' (bsc#1212844)
- Fix the regression of user.present state when group is unset (bsc#1212855)
- Fix zypper repositories always being reconfigured
- Fix utf8 handling in 'pass' renderer and make it more robust
- Prevent _pygit2.GitError: error loading known_hosts when $HOME is not set (bsc#1210994)
- Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591)
- tornado: Fix an open redirect in StaticFileHandler (CVE-2023-28370, bsc#1211741)
- Make master_tops compatible with Salt 3000 and older minions (bsc#1212516) (bsc#1212517)
- Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754)
- Avoid conflicts with Salt dependencies versions (bsc#1211612)
- Added:
  * fix-utf8-handling-in-pass-renderer-and-make-it-more-.patch
  * fix-the-regression-of-user.present-state-when-group-.patch
  * make-master_tops-compatible-with-salt-3000-and-older.patch
  * avoid-conflicts-with-dependencies-versions-bsc-12116.patch
  * tornado-fix-an-open-redirect-in-staticfilehandler-cv.patch
  * fix-regression-multiple-values-for-keyword-argument-.patch
  * zypper-pkgrepo-alreadyconfigured-585.patch
  * mark-salt-3006-as-released-586.patch
  * fix-some-issues-detected-in-salt-support-cli-module-.patch
  * define-__virtualname__-for-transactional_update-modu.patch
  * 3006.0-prevent-_pygit2.giterror-error-loading-known_.patch

==== virtualbox ====

- Fix build for kernel 6.5
  Add file "fixes_for_6.5.patch"
  Reworked patches for various Leap versions:
    Added file "fixes_for_leap.patch"
    Deleted file "fixes_for_leap15.2.patch"
    Deleted file "fixes_for_leap15.3.patch"
    Deleted file "fixes_for_leap15.4.patch"
    Deleted file "fixes_for_leap15.5.patch"

==== virtualbox-kmp ====

- Fix build for kernel 6.5
  Add file "fixes_for_6.5.patch"
  Reworked patches for various Leap versions:
    Added file "fixes_for_leap.patch"
    Deleted file "fixes_for_leap15.2.patch"
    Deleted file "fixes_for_leap15.3.patch"
    Deleted file "fixes_for_leap15.4.patch"
    Deleted file "fixes_for_leap15.5.patch"

==== xen ====
Version update (4.17.1_06 -> 4.17.2_02)
Subpackages: xen-libs xen-tools xen-tools-domU

- bsc#1212684 - xentop fails with long interface name
  64d33a57-libxenstat-Linux-nul-terminate-string.patch
- Update to Xen 4.17.2 bug fix release (bsc#1027519)
  xen-4.17.2-testing-src.tar.bz2
  * No upstream changelog found in sources or webpage
- bsc#1214082 - VUL-0: CVE-2023-20569: xen: x86/AMD: Speculative
  Return Stack Overflow (XSA-434)
- bsc#1214083 - VUL-0: CVE-2022-40982: xen: x86/Intel: Gather Data
  Sampling (XSA-435)
- Dropped patches contained in new tarball
  64525c61-tools-libs-guest-assist-gcc13s-realloc-analyzer.patch
  645dec48-AMD-IOMMU-assert-boolean-enum.patch
  64639e84-amd-fix-legacy-setting-of-SSBD-on-AMD-Family-17h.patch
  646b782b-PCI-pci_get_pdev-respect-segment.patch
  647dfb0e-x86-missing-unlock-in-microcode_update_helper.patch
  648863fc-AMD-IOMMU-Invalidate-All-check.patch
  64bea1b2-x86-AMD-Zenbleed.patch
- Handle potential off-by-one errors in libxc-sr-xg_sr_bitmap.patch
  A bit is an index in bitmap, while bits is the allocated size
  of the bitmap.

==== xz ====
Version update (5.4.3 -> 5.4.4)
Subpackages: liblzma5 liblzma5-32bit xz-lang

- Update to version 5.4.4:
  * liblzma and xzdec can now build against WASI SDK when threading
    support is disabled. xz and tests don't build yet.
  * documentation update
  * translations update

==== yast2-country ====
Version update (4.6.2 -> 4.6.3)
Subpackages: yast2-country-data

- Allow changing date to a later year than 2032 (bsc#1214144)
- 4.6.3