Packages changed:
  bcm43xx-firmware
  container-selinux (2.171.0 -> 2.180.0)
  gnome-control-center
  gnome-software (41.4 -> 41.5)
  grub2
  libepoxy (1.5.9 -> 1.5.10)
  libgnome-games-support1_3
  libgnomesu (2.0.6 -> 2.0.7)
  libnvme (1.0~6 -> 1.0~7)
  libreoffice
  librsvg (2.52.7 -> 2.52.8)
  libsigc++2 (2.10.7 -> 2.10.8)
  libstorage-ng (4.4.93 -> 4.4.94)
  nvme-cli (2.0~6 -> 2.0~7)
  openSUSE-build-key
  python
  python-boto3 (1.21.0 -> 1.21.10)
  python-botocore (1.24.0 -> 1.24.10)
  python-kiwi (9.24.23 -> 9.24.29)
  whois (5.5.11 -> 5.5.12)
  xdg-desktop-portal (1.12.1 -> 1.14.0)
  yast2-installation (4.4.48 -> 4.4.49)

=== Details ===

==== bcm43xx-firmware ====

- Add required firmware file for Bluetooth module found on RPi Zero 2W (bsc#1197286)

==== container-selinux ====
Version update (2.171.0 -> 2.180.0)

- Update to version 2.180.0
  * Allow container domains to read/write kvm_device_t
  * Update kublet mappings to inlcude /usr/local/*
  * Allow container domains to use container runtime tcp and udp sockets
  * Alow containers to use unix_stream_sockets leaked from container runtimes
  * Allow userdomains to execute conmon_exec_t and use it as an entrypoint
  * Allow conmon_exec_t as an entrypoint
  * Add container_use_devices boolean to allow containers to use any device
  * Add explicit range transition for conmon
  * Add missing dbus class declaration into container_runtime_run()
  * Remove lockdown allow rules
  * Remove k3s fcontexts
  * Allow container domains to be used by user roles
- Changed source url to allow for download via source service

==== gnome-control-center ====
Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-lang gnome-control-center-user-faces

- Add gnome-control-center-reload-vpn-plugins.patch:
  network/connection-editor: always load all available VPN plugins
  (glgo#GNOME/gnome-control-center!1263).

==== gnome-software ====
Version update (41.4 -> 41.5)
Subpackages: gnome-software-lang

- Update to version 41.5:
  + Disable scroll-by-mouse-wheel on featured carousel.
  + Ensure details page shows app provided on command line.
  + Added several appstream-related fixes.
  + Updated translations.

==== grub2 ====
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen

- Fix duplicated insmod part_gpt lines in grub.cfg (bsc#1197186)
  * 0001-grub-probe-Deduplicate-probed-partmap-output.patch
- Fix GCC 12 build failure (bsc#1196546)
  * 0001-mkimage-Fix-dangling-pointer-may-be-used-error.patch
  * 0002-Fix-Werror-array-bounds-array-subscript-0-is-outside.patch
  * 0003-reed_solomon-Fix-array-subscript-0-is-outside-array-.patch
- Revised
  * grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
  * 0002-ieee1275-powerpc-enables-device-mapper-discovery.patch

==== libepoxy ====
Version update (1.5.9 -> 1.5.10)

- Update to version 1.5.10:
  + Fix for building with MSVC on non-English locale.
  + Fix build on Android.
  + Add the right include paths for EGL and X11 headers.
- Upstream tarball url changed, probably by mistake, so leave old
  url in place, but disabled.

==== libgnome-games-support1_3 ====

- Initial compat package libgnome-games-support1_3.

==== libgnomesu ====
Version update (2.0.6 -> 2.0.7)
Subpackages: libgnomesu-lang libgnomesu0

- Update to version 2.0.7:
  * Updated translations.
  * Better wording in the documentation.

==== libnvme ====
Version update (1.0~6 -> 1.0~7)

- Update to version 1.0-rc7:
  * linux: fixup log page offset in nvme_get_log_page()
  * tree: Add support for default trsvcid for all controllers (bsc#1195858)
  * tree: fixup coredump during nvme discover

==== libreoffice ====
Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit

- Update gpgme minimum version
- Only use curl tarball when needed
- Remove wrong comment

==== librsvg ====
Version update (2.52.7 -> 2.52.8)
Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0

- Update to version 2.52.8:
  + Catch circular references when rendering patterns
    (glgo#GNOME/librsvg#721).

==== libsigc++2 ====
Version update (2.10.7 -> 2.10.8)

- Update to version 2.10.8:
  + Build:
  - Meson build: Perl is not required by new versions of
    mm-common
  - NMake Makefiles: Support building with VS2022
  + Documentation: Upgrade the manual from DocBook 4.1 to DocBook
    5.0

==== libstorage-ng ====
Version update (4.4.93 -> 4.4.94)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1

- merge gh#openSUSE/libstorage-ng#863
- do not run blkdiscard on extended partitions (bsc#1197257)
- 4.4.94

==== nvme-cli ====
Version update (2.0~6 -> 2.0~7)
Subpackages: nvme-cli-bash-completion nvme-cli-zsh-completion

- Update to version 2.0-rc7:
  * netapp-nvme: fix smdevices segfault in json output (bsc#1195937)
  * fabrics: keep the backward compatibility
  * nvme: Do not slash escape strings in JSON output (bsc#1195937)
  * nvme: Print full device path
  * nvme-print: Make JSON keys consistent with nvme-cli 1.x
  * nvme-print: print generic device in list command
  * fabrics: check for discovery controller instead of subsystem NQN (bsc#1197061)
  * connect: Set errno to zero on nvmf_add_ctrl() success
  * documenation updates
- Set path to systemctl via newly introduced config option
- Update 0100-harden_nvmf-connect@.service.patch due to upstream file rename
- Moved bash completion script to /usr/share/bash-completion/completions/nvme

==== openSUSE-build-key ====

- gpg-pubkey-307e3d54-5aaa90a5.asc: remove the RSA 1024bit SLE11 key
  and try to remove it from installed systems via Obsoletes.

==== python ====

- python-2.7.9-sles-disable-verification-by-default.patch: remove
  as it by default now always does strict enforcement anyway and it
  is 2022.

==== python-boto3 ====
Version update (1.21.0 -> 1.21.10)

- Update to version 1.21.10
  * api-change:``mediapackage``: [``botocore``] This release adds Hybridcast as an available profile
    option for Dash Origin Endpoints.
  * api-change:``rds``: [``botocore``] Documentation updates for Multi-AZ DB clusters.
  * api-change:``mgn``: [``botocore``] Add support for GP3 and IO2 volume types. Add bootMode to
    LaunchConfiguration object (and as a parameter to UpdateLaunchConfigurationRequest).
  * api-change:``kafkaconnect``: [``botocore``] Adds operation for custom plugin deletion
    (DeleteCustomPlugin) and adds new StateDescription field to DescribeCustomPlugin and
    DescribeConnector responses to return errors from asynchronous resource creation.
- from version 1.21.9
  * api-change:``finspace-data``: [``botocore``] Add new APIs for managing Users and Permission
    Groups.
  * api-change:``amplify``: [``botocore``] Add repositoryCloneMethod field for hosting an Amplify
    app. This field shows what authorization method is used to clone the repo: SSH, TOKEN, or SIGV4.
  * api-change:``fsx``: [``botocore``] This release adds support for the following FSx for OpenZFS
    features: snapshot lifecycle transition messages, force flag for deleting file systems with child
    resources, LZ4 data compression, custom record sizes, and unsetting volume quotas and reservations.
  * api-change:``fis``: [``botocore``] This release adds logging support for AWS Fault Injection
    Simulator experiments. Experiment templates can now be configured to send experiment activity logs
    to Amazon CloudWatch Logs or to an S3 bucket.
  * api-change:``route53-recovery-cluster``: [``botocore``] This release adds a new API option to
    enable overriding safety rules to allow routing control state updates.
  * api-change:``amplifyuibuilder``: [``botocore``] We are adding the ability to configure workflows
    and actions for components.
  * api-change:``athena``: [``botocore``] This release adds support for updating an existing named
    query.
  * api-change:``ec2``: [``botocore``] This release adds support for new AMI property
    'lastLaunchedTime'
  * api-change:``servicecatalog-appregistry``: [``botocore``] AppRegistry is deprecating Application
    and Attribute-Group Name update feature. In this release, we are marking the name attributes for
    Update APIs as deprecated to give a heads up to our customers.
- from version 1.21.8
  * api-change:``elasticache``: [``botocore``] Doc only update for ElastiCache
  * api-change:``panorama``: [``botocore``] Added NTP server configuration parameter to
    ProvisionDevice operation. Added alternate software fields to DescribeDevice response
- from version 1.21.7
  * api-change:``route53``: [``botocore``] SDK doc update for Route 53 to update some parameters with
    new information.
  * api-change:``databrew``: [``botocore``] This AWS Glue Databrew release adds feature to merge job
    outputs into a max number of files for S3 File output type.
  * api-change:``transfer``: [``botocore``] Support automatic pagination when listing AWS Transfer
    Family resources.
  * api-change:``s3control``: [``botocore``] Amazon S3 Batch Operations adds support for new
    integrity checking capabilities in Amazon S3.
  * api-change:``s3``: [``botocore``] This release adds support for new integrity checking
    capabilities in Amazon S3. You can choose from four supported checksum algorithms for data
    integrity checking on your upload and download requests. In addition, AWS SDK can automatically
    calculate a checksum as it streams data into S3
  * api-change:``fms``: [``botocore``] AWS Firewall Manager now supports the configuration of AWS
    Network Firewall policies with either centralized or distributed deployment models. This release
    also adds support for custom endpoint configuration, where you can choose which Availability Zones
    to create firewall endpoints in.
  * api-change:``lightsail``: [``botocore``] This release adds support to delete and create Lightsail
    default key pairs that you can use with Lightsail instances.
  * api-change:``autoscaling``: [``botocore``] You can now hibernate instances in a warm pool to stop
    instances without deleting their RAM contents. You can now also return instances to the warm pool
    on scale in, instead of always terminating capacity that you will need later.
- from version 1.21.6
  * api-change:``transfer``: [``botocore``] The file input selection feature provides the ability to
    use either the originally uploaded file or the output file from the previous workflow step,
    enabling customers to make multiple copies of the original file while keeping the source file
    intact for file archival.
  * api-change:``lambda``: [``botocore``] Lambda releases .NET 6 managed runtime to be available in
    all commercial regions.
  * api-change:``textract``: [``botocore``] Added support for merged cells and column header for
    table response.
- from version 1.21.5
  * api-change:``translate``: [``botocore``] This release enables customers to use translation
    settings for formality customization in their synchronous translation output.
  * api-change:``wafv2``: [``botocore``] Updated descriptions for logging configuration.
  * api-change:``apprunner``: [``botocore``] AWS App Runner adds a Java platform (Corretto 8,
    Corretto 11 runtimes) and a Node.js 14 runtime.
- from version 1.21.4
  * api-change:``imagebuilder``: [``botocore``] This release adds support to enable faster launching
    for Windows AMIs created by EC2 Image Builder.
  * api-change:``customer-profiles``: [``botocore``] This release introduces apis
    CreateIntegrationWorkflow, DeleteWorkflow, ListWorkflows, GetWorkflow and GetWorkflowSteps. These
    apis are used to manage and view integration workflows.
  * api-change:``dynamodb``: [``botocore``] DynamoDB ExecuteStatement API now supports Limit as a
    request parameter to specify the maximum number of items to evaluate. If specified, the service
    will process up to the Limit and the results will include a LastEvaluatedKey value to continue the
    read in a subsequent operation.
- from version 1.21.3
  * api-change:``transfer``: [``botocore``] Properties for Transfer Family used with SFTP, FTP, and
    FTPS protocols. Display Banners are bodies of text that can be displayed before and/or after a user
    authenticates onto a server using one of the previously mentioned protocols.
  * api-change:``gamelift``: [``botocore``] Increase string list limit from 10 to 100.
  * api-change:``budgets``: [``botocore``] This change introduces
    DescribeBudgetNotificationsForAccount API which returns budget notifications for the specified
    account
- from version 1.21.2
  * api-change:``iam``: [``botocore``] Documentation updates for AWS Identity and Access Management
    (IAM).
  * api-change:``redshift``: [``botocore``] SDK release for Cross region datasharing and cost-control
    for cross region datasharing
  * api-change:``evidently``: [``botocore``] Add support for filtering list of experiments and
    launches by status
  * api-change:``backup``: [``botocore``] AWS Backup add new S3_BACKUP_OBJECT_FAILED and
    S3_RESTORE_OBJECT_FAILED event types in BackupVaultNotifications events list.
- from version 1.21.1
  * api-change:``ec2``: [``botocore``] Documentation updates for EC2.
  * api-change:``budgets``: [``botocore``] Adds support for auto-adjusting budgets, a new budget
    method alongside fixed and planned. Auto-adjusting budgets introduces new metadata to configure a
    budget limit baseline using a historical lookback average or current period forecast.
  * api-change:``ce``: [``botocore``] AWS Cost Anomaly Detection now supports SNS FIFO topic
    subscribers.
  * api-change:``glue``: [``botocore``] Support for optimistic locking in UpdateTable
  * api-change:``ssm``: [``botocore``] Assorted ticket fixes and updates for AWS Systems Manager.
- Update BuildRequires and Requires from setup.py
- actually does not require python-mock for build

==== python-botocore ====
Version update (1.24.0 -> 1.24.10)

- Version update to 1.24.10
  * api-change:``mediapackage``: This release adds Hybridcast as an available profile option for Dash
    Origin Endpoints.
  * api-change:``rds``: Documentation updates for Multi-AZ DB clusters.
  * api-change:``mgn``: Add support for GP3 and IO2 volume types. Add bootMode to LaunchConfiguration
    object (and as a parameter to UpdateLaunchConfigurationRequest).
  * api-change:``kafkaconnect``: Adds operation for custom plugin deletion (DeleteCustomPlugin) and
    adds new StateDescription field to DescribeCustomPlugin and DescribeConnector responses to return
    errors from asynchronous resource creation.
- from version 1.24.9
  * api-change:``finspace-data``: Add new APIs for managing Users and Permission Groups.
  * api-change:``amplify``: Add repositoryCloneMethod field for hosting an Amplify app. This field
    shows what authorization method is used to clone the repo: SSH, TOKEN, or SIGV4.
  * api-change:``fsx``: This release adds support for the following FSx for OpenZFS features:
    snapshot lifecycle transition messages, force flag for deleting file systems with child resources,
    LZ4 data compression, custom record sizes, and unsetting volume quotas and reservations.
  * api-change:``fis``: This release adds logging support for AWS Fault Injection Simulator
    experiments. Experiment templates can now be configured to send experiment activity logs to Amazon
    CloudWatch Logs or to an S3 bucket.
  * api-change:``route53-recovery-cluster``: This release adds a new API option to enable overriding
    safety rules to allow routing control state updates.
  * api-change:``amplifyuibuilder``: We are adding the ability to configure workflows and actions for
    components.
  * api-change:``athena``: This release adds support for updating an existing named query.
  * api-change:``ec2``: This release adds support for new AMI property 'lastLaunchedTime'
  * api-change:``servicecatalog-appregistry``: AppRegistry is deprecating Application and
    Attribute-Group Name update feature. In this release, we are marking the name attributes for Update
    APIs as deprecated to give a heads up to our customers.
- from version 1.24.8
  * api-change:``elasticache``: Doc only update for ElastiCache
  * api-change:``panorama``: Added NTP server configuration parameter to ProvisionDevice operation.
    Added alternate software fields to DescribeDevice response
- from version 1.24.7
  * api-change:``route53``: SDK doc update for Route 53 to update some parameters with new
    information.
  * api-change:``databrew``: This AWS Glue Databrew release adds feature to merge job outputs into a
    max number of files for S3 File output type.
  * api-change:``transfer``: Support automatic pagination when listing AWS Transfer Family resources.
  * api-change:``s3control``: Amazon S3 Batch Operations adds support for new integrity checking
    capabilities in Amazon S3.
  * api-change:``s3``: This release adds support for new integrity checking capabilities in Amazon
    S3. You can choose from four supported checksum algorithms for data integrity checking on your
    upload and download requests. In addition, AWS SDK can automatically calculate a checksum as it
    streams data into S3
  * api-change:``fms``: AWS Firewall Manager now supports the configuration of AWS Network Firewall
    policies with either centralized or distributed deployment models. This release also adds support
    for custom endpoint configuration, where you can choose which Availability Zones to create firewall
    endpoints in.
  * api-change:``lightsail``: This release adds support to delete and create Lightsail default key
    pairs that you can use with Lightsail instances.
  * api-change:``autoscaling``: You can now hibernate instances in a warm pool to stop instances
    without deleting their RAM contents. You can now also return instances to the warm pool on scale
    in, instead of always terminating capacity that you will need later.
- from version 1.24.6
  * api-change:``transfer``: The file input selection feature provides the ability to use either the
    originally uploaded file or the output file from the previous workflow step, enabling customers to
    make multiple copies of the original file while keeping the source file intact for file archival.
  * api-change:``lambda``: Lambda releases .NET 6 managed runtime to be available in all commercial
    regions.
  * api-change:``textract``: Added support for merged cells and column header for table response.
- from version 1.24.5
  * api-change:``translate``: This release enables customers to use translation settings for
    formality customization in their synchronous translation output.
  * api-change:``wafv2``: Updated descriptions for logging configuration.
  * api-change:``apprunner``: AWS App Runner adds a Java platform (Corretto 8, Corretto 11 runtimes)
    and a Node.js 14 runtime.
- from version 1.24.4
  * api-change:``imagebuilder``: This release adds support to enable faster launching for Windows
    AMIs created by EC2 Image Builder.
  * api-change:``customer-profiles``: This release introduces apis CreateIntegrationWorkflow,
    DeleteWorkflow, ListWorkflows, GetWorkflow and GetWorkflowSteps. These apis are used to manage and
    view integration workflows.
  * api-change:``dynamodb``: DynamoDB ExecuteStatement API now supports Limit as a request parameter
    to specify the maximum number of items to evaluate. If specified, the service will process up to
    the Limit and the results will include a LastEvaluatedKey value to continue the read in a
    subsequent operation.
- from version 1.24.3
  * api-change:``transfer``: Properties for Transfer Family used with SFTP, FTP, and FTPS protocols.
    Display Banners are bodies of text that can be displayed before and/or after a user authenticates
    onto a server using one of the previously mentioned protocols.
  * api-change:``gamelift``: Increase string list limit from 10 to 100.
  * api-change:``budgets``: This change introduces DescribeBudgetNotificationsForAccount API which
    returns budget notifications for the specified account
- from version 1.24.2
  * api-change:``iam``: Documentation updates for AWS Identity and Access Management (IAM).
  * api-change:``redshift``: SDK release for Cross region datasharing and cost-control for cross
    region datasharing
  * api-change:``evidently``: Add support for filtering list of experiments and launches by status
  * api-change:``backup``: AWS Backup add new S3_BACKUP_OBJECT_FAILED and S3_RESTORE_OBJECT_FAILED
    event types in BackupVaultNotifications events list.
- from version 1.24.1
  * api-change:``ec2``: Documentation updates for EC2.
  * api-change:``budgets``: Adds support for auto-adjusting budgets, a new budget method alongside
    fixed and planned. Auto-adjusting budgets introduces new metadata to configure a budget limit
    baseline using a historical lookback average or current period forecast.
  * api-change:``ce``: AWS Cost Anomaly Detection now supports SNS FIFO topic subscribers.
  * api-change:``glue``: Support for optimistic locking in UpdateTable
  * api-change:``ssm``: Assorted ticket fixes and updates for AWS Systems Manager.

==== python-kiwi ====
Version update (9.24.23 -> 9.24.29)

- Bump version: 9.24.28 ? 9.24.29
- Don't bind mount /run during build time
  In commit #9512318 a new bind mount of /run into the root tree
  during build time was introduced. The bind mount was done because
  in my tests running podman from config.sh it did not work without
  /run bind mounted. However, it turned out that I was wrong because
  along with the provided methods to prepare cgroups and a custom
  runtime configuration method; setupContainerRuntime() it is not
  needed to have /run bind mounted. Thus this commit deletes the
  bind mount of /run and therefore Fixes #2067
- Fix github action running obs service refresh
  The curl command to send the POST request for running the
  obs remote service uses the --fail-with-body option.
  Unfortunately the ubuntu-latest container used to run the
  action comes with a curl version that does not support the
  option. Thus this commit removes the use of the option
- Style changes in container docs
  Reformulate the container building guide a bit
- Update schema docs
  Signed-off-by: David Cassany <dcassany@suse.com>
- Provide schema version v7.5 in spec
- Update descriptions to schema v7.5
- Update cron for security scorecard
  Run weekly on Saturdays
- Add support for extended layout to msdos table
  This commit adds the following new type attribute
  <type ... dosparttable_extended_layout="true|false"/>
  If set it specifies to make use of logical partitions inside
  of an extended one. Effective only on type configurations which
  uses the msdos table type, it will cause the fourth partition
  to be an extended partition and all following partitions will be
  placed as logical partitions inside of that extended partition.
  This setting is useful if more than 4 partitions needs to be
  created in an msdos table.
  In addition to the support for extended/logical partitions the
  the attributes 'mountpoint' and 'filesystem' in the <partitions>
  section becomes optional. This also allows to place partitions
  as placeholders not mounted into the system
- Added type hints for partitioner interface
- Bump version: 9.24.27 ? 9.24.28
- Fixed unconditional grub2 package requirement
  The grub2 package does not exist on all distributions
  as a name provider independent of the architecture.
  On for example Debian and Ubuntu the packages are
  handled differently and grub2 is only provided on
  supported architectures. Thus the spec file should
  set the grub2 requirement only if the distribution
  provides it in any case
- Bump version: 9.24.26 ? 9.24.27
- Added overlayroot_verity_blocks attribute
  Setting this attribute to a number or 'all' in an overlayroot
  configuration will create a dm verity hash from the number of
  given blocks (or all) placed at the end of the squashfs compressed
  read-only root filesystem. For later verification of the device,
  and without further image description settings, the credentials
  information produced by veritysetup from the cryptsetup tools, is
  created as a file in /boot/overlayroot.verity and is stored as
  such into the image by default.
- Fixed disk.sh caller environment
  The documentation explains the disk.sh script to be called
  from inside of the image root as it exists on the block layer.
  The disk.sh script is therefore also called after the sync
  of the unpacked image root tree to the block layer. The
  implementation however, was only partially calling disk.sh
  from such an environment. In fact the environment was only
  the mountpoint of the root partition but this is not the
  complete system regarding layouts that uses extra partitions
  and/or volumes. This commit introduces the use of the new
  class ImageSystem and calls disk.sh in the way it was
  designed and documented.
- Added ImageSystem class
  The class responsibility is to provide access to the
  image root system from the block layer of the image
  scope
- Prevent superfluous filesystem creation
  In case of an overlayroot setup and the request for
  no extra write partition, it is not needed to create
  a filesystem for the write space which never gets
  synced to the image
- Bump version: 9.24.25 ? 9.24.26
- Fixed destructor test on oci_tools/buildah_test.py
  Calling del() from teardown breaks when the method is
  called through teardown_method
- Bump version: 9.24.24 ? 9.24.25
- Support nose and xunit style tests
  The modifications in this commit allows the unit tests
  to run on both, pytest 6.x (nose test layout) and the new
  pytest 7.x (xunit test layout). This Fixes #2072 in a
  much nicer way. Thanks much to @smarlowucf
- Update unit test to work in obs
  Some unit tests fails if they run in an obs environment.
  This is because the implementation checks the runtime
  envoironment and behaves differently if the system is
  an obs worker. The unit tests has to explicitly set this
  condition right for the test
- Revert "Unit test adaptions to pytest v7"
  This reverts commit 0dc2e803e0e8059c54a0ea23960245286675c86c.
  The pytest interface from version v6 to v7 has received
  changes which requires the tests to be adapted to work for
  either the old or the new interface. As there are still many
  distributions which uses v6 as the standard we decided to
  revert back the adaptions done to support v7 and create
  a version requirement to v6 in .virtualenv.dev-requirements.txt
  This Fixes #2072
- Added overlayroot_readonly_partsize attribute
  Specifies the size in MB of the partition which stores the
  squashfs compressed read-only root filesystem in an
  overlayroot setup. This Fixes #2068
- Update to scorecard CI 1.0.4
- Added debootstrap log info to exception message
  In case debootstrap fails there is more detailed information
  in a logfile written by debootstrap itself. This commit changes
  the exception information to contain this log information if
  present. Related to Issue #1800
- Bump version: 9.24.23 ? 9.24.24
- Added overlayroot_write_partition attribute
  For the oem type only, allows to specify if the extra read-write
  partition in an overlayroot setup should be created or not.
  By default the partition is created and the kiwi-overlay dracut
  module also expect it to be present. However, the overlayroot
  feature can also be used without an initrd and under certain
  circumstances it is handy to configure if the partition table
  should contain the read-write partition or not.
- Use DEB822-formatted .sources files instead .list files for APT
- Support additional names for docker containers
  Docker containers used to support the attribute `additionaltags` which
  was used to provide multiple tags for the same image. Since only tags
  were supported this commit renames the attribute to `additionalnames`
  and now supports tags and names witht he following syntax:
  * '<name>:<tag>' -> adds a full docker image reference including name
  and tag
  * ':<tag>'       -> adds an additional tag while reusing the former name
  * '<name>'       -> adds an additional name while reusing the former tag
  Fixes #2045
  Signed-off-by: David Cassany <dcassany@suse.com>
- Follow up fix on force deleting debs
  Also remove eventual post scripting prior force removal
  of deb packages. Similar inconsistencies as with the pre
  scripts can occur on force removal. We want the operation
  to be successful in force mode even if that means to
  leave a dirty state.
- Add support for pre_disk_sync.sh script
  The optional pre_disk_sync.sh script is executed for the
  disk image type oem only and runs right before the synchronisation
  of the root tree into the disk image loop file. The script hook
  can be used to change content of the root tree as a last action
  before the sync to the disk image is performed. This is useful
  for example to delete components from the system which were
  needed before or cannot be modified afterwards when syncing
  into a read-only filesystem.
- Create ci-scorecards-analysis.yml
  Create security health metrics score card
- Fixup inplace podman storage and container conf
  Newer versions of podman requires runroot and graphroot
  to be explicitly set in storage.conf.
  Newer versions of podman no longer reads the engine.cgroups
  setting on containers.conf and prints a 'Failed to decode the
  keys [\"engine.cgroups\"]' warning message
  This commit fixes storage.conf and containers.conf written
  by kiwi if the setupContainerRuntime method is used in
  scripts.
- Make use of container name in OCI images
  Fixes #2050
  Signed-off-by: David Cassany <dcassany@suse.com>

==== whois ====
Version update (5.5.11 -> 5.5.12)

- Update to 5.5.12:
  * Updated the .pro TLD server, which was totally broken.
  * Fixed the detection of Japanese locales using $LC_MESSAGES.
  * Implemented providing partial salt strings to mkpasswd.
  * Removed 2 new gTLDs which are no longer active.
  * Updated one or more translations.
  * Enabled full hardening in debian/rules.
- Cleanup build requirements for SLE-11

==== xdg-desktop-portal ====
Version update (1.12.1 -> 1.14.0)
Subpackages: xdg-desktop-portal-lang

- Update to version 1.14.0:
  + Add a new "dynamic launcher" portal, which can install .desktop
    files and accompanying icons after user confirmation.
  + Rework handling of empty app IDs: In case an empty string app
    ID is stored in the permission store, this permission is now
    shared only by apps whose app ID couldn't be determined, rather
    than all unsandboxed apps.
  + Use libsystemd (when available) to try to determine the app ID
    of unsandboxed processes. This is useful since some portals
    otherwise can't be used by host apps.
  + Make x-d-p start on session start, which is needed for the
    dynamic launcher portal to handle rewriting launchers for apps
    that have been renamed.
  + Bring back the copy of Flatpak's icon-validator, which was
    dropped many releases ago.
  + Icon validation is now required for the notification and
    dynamic launcher portals (previously it was only done if the
    "flatpak-validate-icon" binary could be found).
  + document-portal: Move to the libfuse3 API
  + document-portal: Use renameat2 sys call
  + document-portal: Use mutex to fix concurrency bug
  + realtime: Fix error code paths
  + realtime: Fix MakeThreadHighPriorityWithPID method
  + screencast: Fix an error when restoring streams
  + ci: Various improvements
  + Documentation improvements
  + Updated translations.
- Replace BuildRequires: pkgconfig(fuse) with pkgconfig(fuse3)
  since document-portal moved to use it.
- Add BuildRequires: pkgconfig(libsystemd) and
  pkgconfig(gdk-pixbuf-2.0) which are now used.

==== yast2-installation ====
Version update (4.4.48 -> 4.4.49)

- Run the YaST2-Second-Stage and YaST2-Firsboot services after
  purge-kernels to prevent a zypper lock error message
  (bsc#1196431).
- 4.4.49