dracut
- Update to version 059+suse.543.g98d7f037:
  * fix(dm): remove 59-persistent-storage-dm.rules (bsc#1232063)
glib2
- Have the glib2-tools postun trigger exit normally if
  glib2-compile-schemas can't be run. Fixes error when uninstalling
  if libgio is uninstalled first (bsc#1231463).

- Add glib2-CVE-2024-52533.patch: fix a single byte buffer overflow
  (boo#1233282 CVE-2024-52533 glgo#GNOME/glib#3461).
glibc
- Remove nss-systemd from default nsswitch.conf (bsc#1233699)
hwdata
- update to 0.389:
  * Update pci and vendor ids

- update to 0.385:
  * Update pci and vendor ids

- update to 0.383:
  * Update pci and vendor ids

- update to 0.382:
  * Update pci, usb and vendor ids
avahi
- Add avahi-CVE-2024-52616.patch:
  Backporting 1dade81c from upstream: Properly randomize query id
  of DNS packets.
  (CVE-2024-52616, bsc#1233420)
curl
- Security fix: [bsc#1234068, CVE-2024-11053]
  * curl could leak the password used for the first host to the
    followed-to host under certain circumstances.
  * netrc: address several netrc parser flaws
  * Add curl-CVE-2024-11053.patch
ldb
- Update to 2.8.2
  * libldb: fix performance issue with indexes; (bso#15590).
nfs-utils
- nfsd: Revert "nfsd: Remove the ability to enable NFS v2."
  (bsc#1230914)
  - add 0005-Revert-nfsd-Remove-the-ability-to-enable-NFS-v2.patch
- mount.nfs: Revert "mount: Remove NFS v2 support from mount.nfs"
  (bsc#1230914)
  - add 0006-Revert-mount-Remove-NFS-v2-support-from-mount.nfs.patch
python3
- Remove -IVendor/ from python-config boo#1231795
- Fix CVE-2024-11168-validation-IPv6-addrs.patch
- PGO run of build freezes with parallel processing, switch to -j1

- Add CVE-2024-11168-validation-IPv6-addrs.patch
  fixing bsc#1233307 (CVE-2024-11168,
  gh#python/cpython#103848): Improper validation of IPv6 and
  IPvFuture addresses.
libsolv
- fix replaces_installed_package using the wrong solvable id
  when checking the noupdate map
- make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard
- add rpm_query_idarray query function
- support rpm's "orderwithrequires" dependency
- bump version to 0.7.31
libuv
- Fixed CVE-2024-24806: libuv: Improper Domain Lookup that potentially
  leads to SSRF attacks (bsc#1219724)
  Added:
  0001-fix-always-zero-terminate-idna-output.patch
  0002-fix-reject-zero-length-idna-inputs.patch
  0003-test-empty-strings-are-not-valid-IDNA.patch
libzypp
- The 20MB download limit must not apply to non-metadata files like
  package URLs provided via the CLI (bsc#1233393).
- version 17.35.14 (35)

- BuildCache: Don't try to retrieve missing raw metadata if no
  permission to write the cache (bsc#1225451)
- RepoManager: throw RepoNoPermissionException if the user has no
  permission to update(write) the caches (bsc#1225451)
- version 17.35.13 (35)
openssh
- Use %{with ...} instead of 0%{with ...}

- Add a patch to fix a regression introduced in 9.6 that makes X11
  forwarding very slow. Submitted to upstream in
  https://bugzilla.mindrot.org/show_bug.cgi?id=3655#c4 . Fixes
  bsc#1229449:
  * fix-x11-regression-bsc1229449.patch
- Add a openssl11 bcond to the spec file for the SLE12 case
  instead of checking suse_version in different parts.
- Move conditional patches to a number >= 1000.
- Several spec file fixes so the package builds and can be
  installed in SLE 15 SP5 and SLE 12 SP5
- Drop most of openssh-6.6p1-keycat.patch (actually, it was just
  commented out). The keycat binary isn't really installed nor
  supported, so we can drop it, except for the code that is used
  by other SELinux patches, which is what I kept from that patch
  (boo#1229072).
- Add patch submitted to upstream to fix RFC4256 implementation
  so that keyboard-interactive authentication method can send
  instructions and sshd shows them to users even before a prompt
  is requested. This fixes MFA push notifications (boo#1229010).
  * 0001-auth-pam-Immediately-report-instructions-to-clients-and-fix-handling-in-ssh-client.patch
- Fix a dbus connection leaked in the logind patch that was
  missing a sd_bus_unref call (found by Matthias Gerstner):
  * logind_set_tty.patch
- Add a patch that fixes a small memory leak when parsing the
  subsystem configuration option:
  * fix-memleak-in-process_server_config_line_depth.patch
samba
- Update to 4.19.9
  * libldb: performance issue with indexes (ldb 2.8.2 is already
    released); (bso#15590).
  * DH reconnect error handling can lead to stale sharemode
    entries; (bso#15624).
  * Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when
    truncated; (bso#15699).
  * irpc_destructor may crash during shutdown; (bso#15280).
  * Compound SMB2 requests don't return
    NT_STATUS_NETWORK_SESSION_EXPIRED for all requests, confuses
    MacOSX clients; (bso#15696).
  * Crash when readlinkat fails; (bso#15700).

-  Adjust spec to split out rpcd_* binaries into a separate
  sub package; (bsc#1231414).
shared-mime-info
- Uninstall silently if update-mime-database is not present
  (bsc#1231463).
socat
- Security fix for readline.sh: arbitrary file overwrite (bsc#1225462)
  - add CVE-2024-54661.patch
suseconnect-ng
- Update version to 1.13:
  - Integrating uptime-tracker
  - Honor auto-import-gpg-keys flag on migration (bsc#1231328)
  - Only send labels if targetting SCC
  - Skip the docker auth generation on RMT (bsc#1231185)
  - Add --set-labels to register command to set labels at registration time on SCC
  - Add a new function to display suse-uptime-tracker version
  - Integrate with uptime-tracker ( https://github.com/SUSE/uptime-tracker/ )
  - Add a command to show the info being gathered
wget
- Drop support for shorthand URLs
  * Breaking change to fix CVE-2024-10524.
  [+ drop-support-for-shorthand-URLs.patch, bsc#1233773]
xen
- bsc#1232622 - VUL-0: CVE-2024-45818: xen: Deadlock in x86 HVM
  standard VGA handling (XSA-463)
  xsa463-01.patch
  xsa463-02.patch
  xsa463-03.patch
  xsa463-04.patch
  xsa463-05.patch
  xsa463-06.patch
  xsa463-07.patch
  xsa463-08.patch
  xsa463-09.patch
- bsc#1232624 - VUL-0: CVE-2024-45819: xen: libxl leaks data to PVH
  guests via ACPI tables (XSA-464)
  xsa464.patch
- Drop stdvga-cache.patch

- bsc#1232542 - remove usage of net-tools-deprecated from supportconfig plugin

- bsc#1230366 - VUL-0: CVE-2024-45817: xen: x86: Deadlock in
  vlapic_error() (XSA-462)
  66f2af41-x86-vLAPIC-undue-recursion-of-vlapic_error.patch
  Drop xsa462.patch
- Upstream bug fixes (bsc#1027519)
  66cf737b-x86-Dom0-disable-SMAP-for-PV-only.patch
  66d6dca8-libxl-nul-termination-in-xen_console_read_line.patch
  66d8690f-SUPPORT-split-XSM-from-Flask.patch
  66e29480-x86-HVM-properly-reject-indirect-VRAM-writes.patch
  66e44ae2-x86-ucode-AMD-buffer-underrun.patch
  66f2fd92-x86-ucode-Intel-stricter-sanity-check.patch
zypper
- Don't try to download missing raw metadata if cache is not
  writable (bsc#1225451)
- man: Update 'search' command description.
  Hint to "se -v" showing the matches within the packages metadata.
  Explain that search strings starting with a "/" will implicitly
  look into the filelist as well. Otherfise an explicit "-f" is
  needed.
- version 1.14.78