Packages changed:
  apparmor
  autoyast2 (5.0.3 -> 5.0.4)
  bash-completion
  ffmpeg-4
  ffmpeg-7
  gnutls (3.8.8 -> 3.8.9)
  grub2
  kernel-firmware-realtek (20250206 -> 20250224)
  kmod (33 -> 34)
  libaccounts-glib (1.26 -> 1.27)
  libapparmor
  libvirt
  libwacom (2.12.2 -> 2.14.0)
  libx86emu (3.5 -> 3.7)
  libxmlb (0.3.19 -> 0.3.21)
  libzip (1.11.2 -> 1.11.3)
  openSUSE-release (20250224 -> 20250225)
  patterns-base
  patterns-desktop
  patterns-media
  patterns-server (20210330 -> 20250225)
  polkit-default-privs (1550+20250217.25d4aef -> 1550+20250225.49f846d)
  pulseaudio-qt6 (1.6.1 -> 1.7.0)
  qt6-tools
  salt
  sdbootutil (1+git20250221.19f7d1a -> 1+git20250225.b78f812)
  selinux-policy (20250221 -> 20250224)
  speech-dispatcher (0.12.0~rc4 -> 0.12.0)
  suitesparse
  tiff
  yast2-schema (5.0.1 -> 5.0.2)
  yast2-storage-ng (5.0.25 -> 5.0.27)
  yast2-trans (84.87.20250214.b4c23644e7 -> 84.87.20250221.72f607339a)

=== Details ===

==== apparmor ====
Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang python3-apparmor

- add py313-aa-notify.patch to adapt the last bits to python 3.13

==== autoyast2 ====
Version update (5.0.3 -> 5.0.4)
Subpackages: autoyast2-installation

- Update the partitioning schema to support the pervasive encryption
  apqns and key type elements (jsc#PED-10950).
- 5.0.4

==== bash-completion ====

- Drop completions for kmod; kmod>=34 provides its own now.

==== ffmpeg-4 ====
Subpackages: libavcodec58_134 libavformat58_76 libavutil56_70 libpostproc55_9 libswresample3_9 libswscale5_9

- Add ffmpeg-7-CVE-2025-22921.patch:
  Backporting 7f9c7f98 from upstream, clear array length when
  freeing it.
  (CVE-2025-22921, bsc#1237382)
- Add ffmpeg-7-CVE-2025-25473.patch:
  Backporting c08d3004 from upstream, clear FFFormatContext packet.
  When packet_buffer is used in mux.c, and if a muxing process fails
  at a point where packets remained in said queue.
  (CVE-2025-25473, bsc#1237351)
- Add ffmpeg-7-CVE-2025-0518.patch:
  Backporting b5b6391d from upstream, fixes memory data leak when
  use sscanf().
  (CVE-2025-0518, bsc#1236007)
- Add ffmpeg-7-CVE-2025-22919.patch:
  Backporting 1446e37d from upstream, check for valid sample rate
  As the sample rate <= 0 is invalid.
  (CVE-2025-22919, bsc#1237371)
- Add ffmpeg-4-CVE-2024-12361.patch:
  Backporting 4065ff69 from upstream, add check for av_packet_new_side_data()
  to avoid null pointer dereference if allocation fails.
  (CVE-2024-12361, bsc#1237358)

==== ffmpeg-7 ====
Subpackages: libavcodec61 libavfilter10 libavformat61 libavutil59 libpostproc58 libswresample5 libswscale8

- Add ffmpeg-7-CVE-2025-22921.patch:
  Backporting 7f9c7f98 from upstream, clear array length when
  freeing it.
  (CVE-2025-22921, bsc#1237382)
- Add ffmpeg-7-CVE-2025-25473.patch:
  Backporting c08d3004 from upstream, clear FFFormatContext packet.
  When packet_buffer is used in mux.c, and if a muxing process fails
  at a point where packets remained in said queue.
  (CVE-2025-25473, bsc#1237351)
- Add ffmpeg-7-CVE-2025-0518.patch:
  Backporting b5b6391d from upstream, fixes memory data leak when
  use sscanf().
  (CVE-2025-0518, bsc#1236007)
- Add ffmpeg-7-CVE-2025-22919.patch:
  Backporting 1446e37d from upstream, check for valid sample rate
  As the sample rate <= 0 is invalid.
  (CVE-2025-22919, bsc#1237371)

==== gnutls ====
Version update (3.8.8 -> 3.8.9)
Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-32bit

- Update to 3.8.9
  - libgnutls: leancrypto was added as an interim option for PQC
    The library can now be built with leancrypto instead of liboqs for
    post-quantum cryptography (PQC), when configured with
  - -with-leancrypto option instead of --with-liboqs.
  - libgnutls: Experimental support for ML-DSA signature algorithm
    The library and certtool now support ML-DSA signature algorithm as
    defined in FIPS 204 and based on
    draft-ietf-lamps-dilithium-certificates-04. This feature is
    currently marked as experimental and can only be enabled when
    compiled with --with-leancrypto or --with-liboqs.
    Contributed by David Dudas.
  - libgnutls: Support for ML-KEM-1024 key encapsulation mechanism
    The support for ML-KEM post-quantum key encapsulation mechanisms
    has been extended to cover ML-KEM-1024, in addition to ML-KEM-768.
    MLKEM1024 is only offered as SecP384r1MLKEM1024 hybrid as per
    draft-kwiatkowski-tls-ecdhe-mlkem-03.
  - libgnutls: Fix potential DoS in handling certificates with numerous name
    constraints, as a follow-up of CVE-2024-12133 in libtasn1. The
    bundled copy of libtasn1 has also been updated to the latest 4.20.0
    release to complete the fix.  Reported by Bing Shi (#1553).
    [GNUTLS-SA-2025-02-07, CVSS: medium] [bsc#1236974, CVE-2024-12243
  - Licensing information moved to REAMDE.md, COPYING, COPYING.LESSERv2
  * Rebased gnutls-FIPS-140-3-references.patch
  * Rebased gnutls-FIPS-TLS_KDF_selftest.patch
  * Rebased gnutls-FIPS-jitterentropy.patch
  * Rebased gnutls-disable-flaky-test-dtls-resume.patch
  * Rebased gnutls-srp-test-SIGPIPE.patch
  * Rebased gnutls-3.5.11-skip-trust-store-tests.patch
  * Add gnutls-set-cligen-python-interp.patch
  * Add gnutls-skip-pqx-test.patch

==== grub2 ====
Subpackages: grub2-common grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-efi-bls grub2-x86_64-xen

- Make SLFO/SLE-16 and openSUSE have identical package structures
- Provide grub2-<CPUARCH>-efi-bls for SLFO/SLE-16

==== kernel-firmware-realtek ====
Version update (20250206 -> 20250224)

- Update to version 20250224 (git commit 1a1470d90de2):
  * rtw89: 8852bt: update fw to v0.29.122.0 and BB parameter to 07

==== kmod ====
Version update (33 -> 34)
Subpackages: libkmod2

- Update to release 34
  * modinfo now dlopens compression libraries, and only if needed.
    (insmod/modprobe exercises the kernel's built-in decompression
    anyway, so is unaffected).
  * depmod: add -m option for overriding the module directory at
    runtime.
  * depmod: deleted deprecated options --unresolved-error, --quiet,
  - root and --map.
  * rmmod: deleted deprecated option -w.
  * insmod: deleted deprecated options -p, -s.
- Delete 0001-testsuite-fix-path-for-test-user.patch (obsolete)

==== libaccounts-glib ====
Version update (1.26 -> 1.27)

- Update to 1.27
  * Do not install python gobject introspection files by default.
    If they are needed, build with `-Dinstall-py-overrides=true`.
  * Lib: do not attempt to terminate the GTask twice
  * Fix memory leak on provider tags
  * Do not emit misleading enabled signals on account services
  * Fix incorrect cleanup in ag_account_finalize
- Drop patches, merged upstream:
  * 0001-ag-account-fix-incorrect-cleanup-in-ag_account_final.patch
  * 0002-Build-Don-t-install-Python-overrides-by-default.patch
  * 0003-Lib-do-not-attempt-to-terminate-the-GTask-twice.patch
  * 0004-ag-provider-fix-memory-leak-on-provider-tags.patch
  * 0006-ag-account-do-not-emit-misleading-enabled-signals-on.patch

==== libapparmor ====

- add py313-aa-notify.patch to adapt the last bits to python 3.13

==== libvirt ====
Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-libxl libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs

- Adjust downstream patch 'Add virt-create-rootfs utility' to only
  install virt-create-rootfs when building the LXC driver

==== libwacom ====
Version update (2.12.2 -> 2.14.0)
Subpackages: libwacom-data libwacom9

- update to 2.14.0
  * Extended Lenovo Yoga X1 Gen5 support, improved the Huion mini
    keydial (KD100)
  * Fixed missing Strip in the Huion Kamvas Pro 16
  * Corrected entry for Elan 5515
  * Fixed outdated properties for Lenovo Yoga 9 14IAP7
  * Add support for Dial status LEDs
  * .tablet files shadow any ones with the same name
  * New XP Pen devices supported: Artist 22R Pro, 24 Pro, Deco Fun
    L, ACK05 Remote, Pro Pen 3E
  * New Lenovo device ssupported: Yoga 9 14IAP7, Active Pen 3
    (2023), Digital Pen 2, X1 Fold 16 Gen1, Precision Pen 2 (2023)
    stylus
  * New ELAN devices supported: ELAN-2514 variant 04f3:2f9d, ELAN
    9008 and 9009 (Asus Zenbook Duo UX8406MA 1200p), ELAN 2F2A and
    41A1 (ZenBook Pro Duo UX8402VV)
  * New Wacom devices supported: HID 5214 (IdeaPad Flex 5 14ARE05
    rev.81X2), HID 52C6 Pen.
  * New HP devices supported: Spectre x360, Elite Chromebook C1030
  * Other devices supported: StarLite Mk V; HP Spectre x360
    13-aw0020ng; Huion RTP-700, Huion KeyDial K20
  * Database: support $XDG_CONFIG_HOME/libwacom as additional path
  * tools/clean_svg: allow passing in a .tablet file
  * tools/list-local-devices: print the vid/pid if available
  * tools/debug-device: print the device class too

==== libx86emu ====
Version update (3.5 -> 3.7)

- merge gh#wfeldt/libx86emu#47
- fix building on non-x86 architectures
- 3.7
- merge gh#wfeldt/libx86emu#46
- fix a buffer overflow in x86emu_log (bsc#1237557)
- 3.6
- merge gh#wfeldt/libx86emu#44
- prim_ops: fix some indentation
- merge gh#wfeldt/libx86emu#42
- Fix a bug in R/M 01 decoding
- merge gh#wfeldt/libx86emu#41
- fix NEG remark typos

==== libxmlb ====
Version update (0.3.19 -> 0.3.21)
Subpackages: libxmlb2 libxmlb2-x86-64-v3

- Update to 0.3.21
  * Check for corrupt XbSiloNode values in a smarter way
  Changes in 0.3.20:
  * Do not always strip literal text
  * Do not assume .txt files are application/xml
  * Fix a crash when loading a corrupt XMLb store

==== libzip ====
Version update (1.11.2 -> 1.11.3)

- update to 1.11.3:
  * Report read error for corrupted encrypted file data
  * Avoid unnecessary seeks when writing archive
  * Don't hardcode _Nullable support in zip.h to allow it to be
    used with different compilers

==== openSUSE-release ====
Version update (20250224 -> 20250225)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd

- automatically generated by openSUSE-release-tools/pkglistgen

==== patterns-base ====
Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-x11 patterns-base-x11_enhanced

- Only requires busybox on openSUSE MicroOS, not SL Micro.
- Don't build apparmor pattern for SLFO.
- Disable 32bit pattern on aarch64 and ppc64le.
- Build selinux pattern everywhere and requires targeted policy
  on SLE.

==== patterns-desktop ====
Subpackages: patterns-desktop-books patterns-desktop-imaging patterns-desktop-mobile patterns-desktop-multimedia

- Change pattern 'imaging' not forcibly to require X11: The world
  is moving on and wayland-only is a thing.
- drop crda, obsolete since kernel 4.15

==== patterns-media ====
Subpackages: patterns-media-rest_cd_core patterns-media-rest_dvd

- drop crda, obsolete since kernel 4.15

==== patterns-server ====
Version update (20210330 -> 20250225)
Subpackages: patterns-server-dhcp_dns_server patterns-server-directory_server patterns-server-file_server patterns-server-kvm_server patterns-server-kvm_tools patterns-server-lamp_server patterns-server-mail_server patterns-server-printing patterns-server-xen_server

- Do not require 389-ds on %ix86: it's not built for 32bit intel
  arch.
- Adapt patterns for SLES 16.0.

==== polkit-default-privs ====
Version update (1550+20250217.25d4aef -> 1550+20250225.49f846d)

- Update to version 1550+20250225.49f846d:
  * profiles: whitelist kio-admin (bsc#1229913)
- Update to version 1550+20250224.8d1bf49:
  * profiles: whitelist apparmor-utils (bsc#1237329)

==== pulseaudio-qt6 ====
Version update (1.6.1 -> 1.7.0)

- Update to 1.7.0
  * Remove Qt 5 support
  * bump compiler setting to 6.0
  * bump c++ to 20
  * change all dptrs to unique_ptr
  * debug: correctly mark updates
  * card: don't mutate the container we iterate on
  * context: add support for loading and unloading modules
  * server: consider pipewire/wireplumber the default
  * Add missing license text
- Drop the Qt 5 flavor (but keep the _multibuild setup)

==== qt6-tools ====
Subpackages: libQt6Designer6 libQt6Help6 libQt6UiTools6 qt6-tools-qdbus

- Use clang 19 on Leap 15.6.
  The 15.6 update repo got a new llvm version which causes issues
  if both llvm 17 and 19 are present

==== salt ====
Subpackages: python311-salt salt-master salt-minion

- Fix issue of using update-alternatives with alts
- Fix virt_query outputter and add support for block devices
- Make _auth calls visible with master stats
- Repair mount.fstab_present always returning pending changes
- Set virtual grain in Podman systemd container
- Fix crash due wrong client reference on `SaltMakoTemplateLookup`
- Enhace batch async and fix some detected issues
- Added:
  * repair-virt_query-outputter-655.patch
  * make-_auth-calls-visible-with-master-stats-696.patch
  * repair-fstab_present-test-mode-702.patch
  * set-virtual-grain-in-podman-systemd-container-703.patch
  * fixed-file-client-private-attribute-reference-on-sal.patch
  * backport-batch-async-fixes-and-improvements-701.patch
- Enhacement of Salt packaging
  * Use update-alternatives for all salt scripts
  * Use flexible dependencies for the subpackages
  * Make salt-minion to require flavored zypp-plugin
  * Make zyppnotify to use update-alternatives
  * Drop unused yumnotify plugin
  * Add dependency to python3-dnf-plugins-core for RHEL based
- Fix tests failures after "repo.saltproject.io" deprecation
- Added:
  * fix-tests-failures-after-repo.saltproject.io-depreca.patch

==== sdbootutil ====
Version update (1+git20250221.19f7d1a -> 1+git20250225.b78f812)
Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper

- Update to version 1+git20250225.b78f812:
  * Use also cryptenroll key to recover the volume key
- Update to version 1+git20250225.292283f:
  * Support UUID references in crypttab
- Update to version 1+git20250224.c9be3b6:
  * Do not use && when copying signature (bsc#1237505)

==== selinux-policy ====
Version update (20250221 -> 20250224)
Subpackages: selinux-policy-targeted

- Update to version 20250224:
  * Label /run/systemd/pcrlock.json systemd_pcrlock_var_lib_t
  * systemd_pcrlock_t needs to filetrans when recreating /var/lib/pcrlock.d
  * Allow snapper access to keys
  * Add rules for pcrlock (bsc#1233358)
  * allow snapper to call pcrlock and manage its files
  * allow unconfined_t to execute pcrlock
  * label rules for default systemd_pcrlock_var_lib_t locations
  * new interfaces: systemd_domtrans_pcrlock and systemd_pcrlock_exec
  * introduce systemd_pcrlock_var_lib_t and systemd_manage_pcrlock_files
  * Introduce interfaces snapper_manage_tmp_files and snapper_manage_tmp_dirs

==== speech-dispatcher ====
Version update (0.12.0~rc4 -> 0.12.0)
Subpackages: libspeechd2 libspeechd_module0 python311-speechd speech-dispatcher-module-espeak

- Update to version 0.12.0:
  * Add libspeechd-module library for making it simpler to create
    external spd modules.
  * Update CLDR to version 45, symbols from orca 45.2, and symbols
    from NVDA.
  * Also support loading symbols from home directory.

==== suitesparse ====
Subpackages: libamd3 libcamd3 libccolamd3 libcholmod5 libcolamd3 libsuitesparseconfig7 libumfpack6

- Modernize specfile

==== tiff ====

- Use python3-Sphinx instead of  %{primary_python}-Sphinx
  based on recommendation from python maintainers.
  * Fixes build issue of man flavor on 15.6

==== yast2-schema ====
Version update (5.0.1 -> 5.0.2)

- Allow to specify pervasive encryption's APQNs and key type
  (jsc#PED-10950).
- 5.0.2

==== yast2-storage-ng ====
Version update (5.0.25 -> 5.0.27)

- Discarded RAM disks as candidate for installation
  (gh#agama-project/agama#2042).
- 5.0.27
- Added AutoYaST support for selecting the APQNs and pervasive
  encryption key type (jsc#PED-10950).
- 5.0.26

==== yast2-trans ====
Version update (84.87.20250214.b4c23644e7 -> 84.87.20250221.72f607339a)
Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu

- Update to version 84.87.20250221.72f607339a:
  * New POT for text domain 'base'.
  * New POT for text domain 'samba-client'.