Packages changed:
  c-ares (1.30.0 -> 1.34.4)
  desktop-file-utils
  geoclue2
  harfbuzz
  kexec-tools (2.0.29 -> 2.0.30)
  libostree (2024.9 -> 2024.10)
  libshout
  libwebp (1.4.0 -> 1.5.0)
  oniguruma (6.9.9 -> 6.9.10)
  pcsc-lite (2.3.0 -> 2.3.1)
  python-notify2
  samba (4.21.1+git.372.cb50f2d0a68 -> 4.21.2+git.382.df546a2d31b)
  shadow (4.17.0 -> 4.17.1)
  tbb (2021.12.0 -> 2022.0.0)
  xdg-desktop-portal

=== Details ===

==== c-ares ====
Version update (1.30.0 -> 1.34.4)

- c-ares 1.34.4
  This is a bugfix release.
  Changes:
    QNX Port: Port to QNX 8, add primary config reading support, add CI build. PR #934, PR #937, PR #938
  Bugfixes:
    Empty TXT records were not being preserved. PR #922
    docs: update deprecation notices for ares_create_query() and ares_mkquery(). PR #910
    license: some files weren't properly updated. PR #920
    Fix bind local device regression from 1.34.0. PR #929, PR #931, PR #935
    CMake: set policy version to prevent deprecation warnings. PR #932
    CMake: shared and static library names should be the same on unix platforms like autotools uses. PR #933
    Update to latest autoconf archive macros for enhanced system compatibility. PR #936
  In version 1.34.3
  This is a bugfix release.
  Changes:
    Build the release package in an automated way so we can provide provenance as per SLSA3. PR #906
  Bugfixes:
    Some upstream servers are non-compliant with EDNS options, resend queries without EDNS. Issue #911
    TSAN warns on missing lock, but lock isn't actually necessary. PR #915
    ares_getaddrinfo() for AF_UNSPEC should retry IPv4 if only IPv6 is received. 765d558
    ares_send() shouldn't return ARES_EBADRESP, its ARES_EBADQUERY. 91519e7
    Fix typos in man pages. PR #905
- skip-test.patch: fix failing tests
- c-ares 1.34.2
  Features:
  * adig: read arguments from adigrc. [PR #856]
  * Add new pending write callback optimization via `ares_set_pending_write_cb`. [PR #857]
  * New function `ares_process_fds()`. [PR #875]
  * Failed servers should be probed rather than redirecting queries which could
  cause unexpected latency. [PR #877]
  * adig: rework command line arguments to mimic dig from bind. [PR #890]
  * Add new method for overriding network functions
  `ares_set_socket_function_ex()` to properly support all new functionality.
  [PR #894]
  * Fix regression with custom socket callbacks due to DNS cookie support. [PR #895]
  * ares_socket: set IP_BIND_ADDRESS_NO_PORT on ares_set_local_ip* tcp sockets [PR #887]
  * URI parser/writer for ares_set_servers_csv()/ares_get_servers_csv(). [PR #882]
  Changes:
  * Connection handling modularization. [PR #857], [PR #876]
  * Expose library/utility functions to tools. [PR #860]
  * Remove `ares__` prefix, just use `ares_` for internal functions. [PR #872]
  Bugfixes:
  * fix: potential WIN32_LEAN_AND_MEAN redefinition.
  [PR #869]
  * Fix googletest v1.15 compatibility.
  [PR #874]
  * Fix pkgconfig thread dependencies.
  [PR #884]
  Features in 1.33.0:
  * Add DNS cookie support (RFC7873 + RFC9018) to help prevent off-path cache
  poisoning attacks. [PR #833]
  * Implement TCP FastOpen (TFO) RFC7413, which will make TCP reconnects 0-RTT
  on supported systems. [PR #840]
  Changes:
  * Reorganize source tree. [PR #822]
  * Refactoring of connection handling to prevent code duplication. [PR #839]
  * New dynamic array data structure to prevent simple logic flaws in array
  handling in various code paths. [PR #841]
  Bugfixes:
  * `ares_destroy()` race condition during shutdown due to missing lock. [PR #831]
  Features in 1.32:
  * Add support for DNS 0x20 to help prevent cache poisoning attacks, enabled
  by specifying `ARES_FLAG_DNS0x20`.  Disabled by default. [PR #800]
  * Rework query timeout logic to automatically adjust timeouts based on network
  conditions.  The timeout specified now is only used as a hint until there
  is enough history to calculate a more valid timeout. [PR #794]
  Changes:
  * DNS RR TXT strings should not be automatically concatenated as there are use
  cases outside of RFC 7208.  In order to maintain ABI compliance, the ability
  to retrieve TXT strings concatenated is retained as well as a new API to
  retrieve the individual strings.  This restores behavior from c-ares 1.20.0.
  [PR #801]
  * Clean up header inclusion logic to make hacking on code easier. [PR #797]
  * GCC/Clang: Enable even more strict warnings to catch more coding flaws. [253bdee]
  Bugfixes:
  * Tests: Fix thread race condition in test cases for EventThread. [PR #803]
  * Thread Saftey: `ares_timeout()` was missing lock. [74a64e4]
- c-ares 1.31.0
  Changes:
  * Enable Query Cache by default. [PR #786]
  Bugfixes:
  * Enhance Windows DNS configuration change detection to also
  detect manual DNS configuration changes. [PR #785]
  * Various legacy MacOS Build fixes. [Issue #782]
  * Ndots value of zero in resolv.conf was not being honored. [852a60a]
  * Watt-32 build support had been broken for some time. [PR #781]
  * Distribute `ares_dns_rec_type_tostr` manpage. [PR #778]

==== desktop-file-utils ====

- suse-update-mime-defaults:
  * support drop in files in $r/etc/<desktop>_defaults.conf.d which take
    priority over the distribution provided $r/etc/<desktop>_defaults.conf
  * extend syntax of <desktop>_defaults.conf, prefixing a directive with a "-"
    removes an otherwise identical earlier directive

==== geoclue2 ====
Subpackages: system-user-srvGeoClue typelib-1_0-Geoclue-2_0

- Use BeaconDB as a drop-in replacement for defunct MLS WiFi
  geolocation, and contribute to coverage
  (<https://codeberg.org/beacondb/beacondb/issues/5#issuecomment-2504311>)
- Add 0001-ichnaea-include-ssid.patch:
  * MLS/Ichnaea: Include SSID for geolocate and submission requests
- Add 0002-ichnaea-replace-user-agent.patch:
  * MLS/Ichnaea: Replace rather than append User-Agent
- Add 0003-user-agent-os-info.patch:
  * Set User-Agent on Soup Session Construction
  * Add OS Info to user-agent

==== harfbuzz ====
Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0

- Add harfbuzz-CVE-2024-56732.patch: guard
  hb_cairo_glyphs_from_buffer() against bad UTF-8 (CVE-2024-56732).

==== kexec-tools ====
Version update (2.0.29 -> 2.0.30)

- update to 2.0.30:
  * arm64: Support UKI image format
  * bug fixes

==== libostree ====
Version update (2024.9 -> 2024.10)
Subpackages: libostree-1-1

- Update to version 2024.10:
  + composefs: Ensure buffer is suitably aligned for struct
    fsverity_digest
  + core: Always sort incoming xattrs
  + sign-ed25519: Fix error message of validate_length
  + rofiles-fuse: when fuse execution fails, rofiles-fuse still
    returns exit code 0
  + libostree/deploy: enable composefs by default
  + documentation updates

==== libshout ====

- Build with openssl support enabled

==== libwebp ====
Version update (1.4.0 -> 1.5.0)
Subpackages: libsharpyuv0 libwebp7 libwebpdemux2 libwebpmux3

- Update to release 1.5.0
  * API changes: `cross_color_transform_bits` added to WebPAuxStats
  * Minor lossless encoder speed and compression improvements
  * Lossless encoding does not use floats anymore
  * Additional ARM optimizations for lossy & lossless + general
    code generation improvements
  * Tool updates:
  * gif2webp: added -sharp_yuv & -near_lossless
  * img2webp: added -exact & -noexact
  * Exit codes normalized; running an example program with no
    arguments will output its help and exit with an error.

==== oniguruma ====
Version update (6.9.9 -> 6.9.10)

- Update to 6.9.10
  - Update Unicode version 16.0
  - Add new operator (*SKIP)
  - Fixed: ONIG_SYN_CONTEXT_INDEP_REPEAT_OPS not working for ^*
    pattern (Issue #292)

==== pcsc-lite ====
Version update (2.3.0 -> 2.3.1)

- version 2.3.1
  * Install a default /etc/default/pcscd file
  * auth.c: implement polkit support for FreeBSD
  * meson:
    . also build static version of libpcsclite
    . add options to disable polkit and libsystemd
    . add "filter_names" in features when needed
  * Doxygen: document dwCurrentState use for "\\?PnP?\Notification"
  * Some other minor improvements

==== python-notify2 ====

- add sle15_python_module_pythons

==== samba ====
Version update (4.21.1+git.372.cb50f2d0a68 -> 4.21.2+git.382.df546a2d31b)
Subpackages: libldb2 samba-ad-dc-libs samba-client samba-client-libs samba-dcerpc samba-libs

- Update shipped /etc/samba/smb.conf to point to smb.conf
  man page;(bsc#1233880).
- Update to 4.21.2
  * smbd fails to correctly check sharemode against OVERWRITE
    dispositions; (bso#15732).
  * Panic in close_directory; (bso#15754).
  * winexe no longer works with samba 4.21; (bso#15752).
  * protocol error - Unclear debug message "pad length mismatch"
    for invalid bind packet; (bso#14356).
  * NetrGetLogonCapabilities QueryLevel 2 needs to be
    implemented; (bso#15425).
  * gss_accept_sec_context() from Heimdal does not imply
    GSS_C_MUTUAL_FLAG with GSS_C_DCE_STYLE; (bso#15740).
  * winbindd should call process_set_title() for locator child;
    (bso#15749).
  * Update CTDB to track all TCP connections to public IP
    addresses; (bso#15320).

==== shadow ====
Version update (4.17.0 -> 4.17.1)
Subpackages: libsubid5 login_defs

- Update to 4.17.1:
  * Fix `su -` regression #1163

==== tbb ====
Version update (2021.12.0 -> 2022.0.0)

- Remove use-FORTIFY_SOURCE-from-distribution.patch, as it is now
  upstreamed
- Use _service to download the source tarball
- Update to version 2022.0.0:
  * Extended the Flow Graph receiving nodes with a new
    try_put_and_wait API that submits a message to the graph and
    waits for its completion.
  * Fixed the missed signal for thread request for enqueue
    operation
  * Significantly improved scalability of task_group, flow_graph,
    and parallel_for_each
  * Removed usage of std::aligned_storage deprecated in C++23
  * Fixed the issue where oneapi::tbb::info interfaces might
    interfere with the process affinity mask on the Windows* OS
    systems with multiple processor groups.

==== xdg-desktop-portal ====

- Delete unreproducible Sphinx doctrees (boo#1234334)