Packages changed:
  MicroOS-release (20250218 -> 20250219)
  cockpit (322 -> 332)
  cockpit-podman (91 -> 100)
  grub2
  hwdata (0.391 -> 0.392)
  kernel-source (6.13.2 -> 6.13.3)
  orc (0.4.40 -> 0.4.41)
  polkit-default-privs (1550+20250212.5d3f04e -> 1550+20250217.25d4aef)
  sdbootutil (1+git20250210.45458c4 -> 1+git20250219.a796c24)
  selinux-policy (20250212 -> 20250218)
  thin-provisioning-tools
  xen
  xfsprogs (6.11.0 -> 6.13.0)

=== Details ===

==== MicroOS-release ====
Version update (20250218 -> 20250219)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd

- automatically generated by openSUSE-release-tools/pkglistgen

==== cockpit ====
Version update (322 -> 332)
Subpackages: cockpit-bridge cockpit-networkmanager cockpit-packagekit cockpit-system cockpit-ws

- Update to 332
  - Updated naming convention for motd to issue and relevant patches
- Added 0007-Remove-DynamicUser-setting-as-these-conflict-with-re.patch
  since dynamic users can't be resolved since systemd is missing in nsswitch
  bsc#1230638
- Remove 0005-cockpit-ws-user-remove-default-deps.patch
- Fix dynamic users for 330 since systemd isn't included in the
  nsswitch.conf
- Tidy up pam_oath removal for leap
  - Ship a new pam file since Leap15 doesn't have pam_oath
  - Don't change motd if we don't have pam_oath
- Properly fix pidfd_getpid
  - This can be dropped once we update again as it's been upstreamed
- Update to 330
  - Web server: Increased sandboxing, setuid removal, bootc support
  - Development: New install mode using systemd-sysext
- update to 329.1:
  - cockpit.js: Put back cockpit.{resolve,reject}() to fix subscription-manager-cockpit
- Past updates:
  * 329
  - Shell: Extra warnings when connecting to remote hosts
  * 328:
  - Bug fixes and performance improvements
  * 327:
  - Connect to similar servers without Cockpit installed
  * 326:
  - cockpit-pcp package is now obsolete
  - cockpit/ws container: Connect to servers without installed Cockpit
  - cockpit/ws container: Support host specific SSH keys
  - Storage: Support for Stratis filesystem sizes and limits
  * 325:
  - client: Properly handle unknown SSH host keys
  * 324:
  - Bug fixes and performance improvements
  * 323.1:
  - Translation updates
  * 323:
  - login: Prevent multiple logins in a single browser session
  - Update documentation links

==== cockpit-podman ====
Version update (91 -> 100)

- Update to version 100
  * dropped: correct-container-search.patch as this behaviour is
    fixed upstream
- New version 99, updates since 91:
  * Update to translations
  * Bug fixes
  * pull images from registries without search API
  * Render ports are ranges in container integration tab

==== grub2 ====
Subpackages: grub2-common grub2-i386-efi grub2-i386-efi-bls grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi grub2-x86_64-efi-bls

- Security fixes for 2024
  * 0001-misc-Implement-grub_strlcpy.patch
- Fix CVE-2024-45781 (bsc#1233617)
  * 0002-fs-ufs-Fix-a-heap-OOB-write.patch
- Fix CVE-2024-56737 (bsc#1234958)
- Fix CVE-2024-45782 (bsc#1233615)
  * 0003-fs-hfs-Fix-stack-OOB-write-with-grub_strcpy.patch
- Fix CVE-2024-45780 (bsc#1233614)
  * 0004-fs-tar-Integer-overflow-leads-to-heap-OOB-write.patch
- Fix CVE-2024-45783 (bsc#1233616)
  * 0005-fs-hfsplus-Set-a-grub_errno-if-mount-fails.patch
  * 0006-kern-file-Ensure-file-data-is-set.patch
  * 0007-kern-file-Implement-filesystem-reference-counting.patch
- Fix CVE-2025-0624 (bsc#1236316)
  * 0008-net-Fix-OOB-write-in-grub_net_search_config_file.patch
- Fix CVE-2024-45774 (bsc#1233609)
  * 0009-video-readers-jpeg-Do-not-permit-duplicate-SOF0-mark.patch
- Fix CVE-2024-45775 (bsc#1233610)
  * 0010-commands-extcmd-Missing-check-for-failed-allocation.patch
- Fix CVE-2025-0622 (bsc#1236317)
  * 0011-commands-pgp-Unregister-the-check_signatures-hooks-o.patch
- Fix CVE-2025-0622 (bsc#1236317)
  * 0012-normal-Remove-variables-hooks-on-module-unload.patch
- Fix CVE-2025-0622 (bsc#1236317)
  * 0013-gettext-Remove-variables-hooks-on-module-unload.patch
- Fix CVE-2024-45776 (bsc#1233612)
  * 0014-gettext-Integer-overflow-leads-to-heap-OOB-write-or-.patch
- Fix CVE-2024-45777 (bsc#1233613)
  * 0015-gettext-Integer-overflow-leads-to-heap-OOB-write.patch
- Fix CVE-2025-0690 (bsc#1237012)
  * 0016-commands-read-Fix-an-integer-overflow-when-supplying.patch
- Fix CVE-2025-1118 (bsc#1237013)
  * 0017-commands-minicmd-Block-the-dump-command-in-lockdown-.patch
- Fix CVE-2024-45778 (bsc#1233606)
- Fix CVE-2024-45779 (bsc#1233608)
  * 0018-fs-bfs-Disable-under-lockdown.patch
- Fix CVE-2025-0677 (bsc#1237002)
- Fix CVE-2025-0684 (bsc#1237008)
- Fix CVE-2025-0685 (bsc#1237009)
- Fix CVE-2025-0686 (bsc#1237010)
- Fix CVE-2025-0689 (bsc#1237011)
  * 0019-fs-Disable-many-filesystems-under-lockdown.patch
- Fix CVE-2025-1125 (bsc#1237014)
- Fix CVE-2025-0678 (bsc#1237006)
  * 0020-fs-Prevent-overflows-when-allocating-memory-for-arra.patch
- Updated to upstream version
  * 0002-Requiring-authentication-after-tpm-unlock-for-CLI-ac.patch
- Bump upstream SBAT generation to 5

==== hwdata ====
Version update (0.391 -> 0.392)

- Update to version 0.392:
  * Update pci and vendor ids

==== kernel-source ====
Version update (6.13.2 -> 6.13.3)

- Linux 6.13.3 (bsc#1012628).
- irqchip/lan966x-oic: Make CONFIG_LAN966X_OIC depend on
  CONFIG_MCHP_LAN966X_PCI (bsc#1012628).
- btrfs: fix lockdep splat while merging a relocation root
  (bsc#1012628).
- btrfs: fix assertion failure when splitting ordered extent
  after transaction abort (bsc#1012628).
- btrfs: do not output error message if a qgroup has been already
  cleaned up (bsc#1012628).
- btrfs: fix use-after-free when attempting to join an aborted
  transaction (bsc#1012628).
- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (bsc#1012628).
- exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH)
  case (bsc#1012628).
- s390/stackleak: Use exrl instead of ex in __stackleak_poison()
  (bsc#1012628).
- btrfs: fix data race when accessing the inode's disk_i_size
  at btrfs_drop_extents() (bsc#1012628).
- btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper
  error handling (bsc#1012628).
- btrfs: don't use btrfs_set_item_key_safe on RAID stripe-extents
  (bsc#1012628).
- sched: Don't try to catch up excess steal time (bsc#1012628).
- x86: Convert unreachable() to BUG() (bsc#1012628).
- locking/ww_mutex/test: Use swap() macro (bsc#1012628).
- lockdep: Fix upper limit for LOCKDEP_*_BITS configs
  (bsc#1012628).
- x86/amd_nb: Restrict init function to AMD-based systems
  (bsc#1012628).
- drm/virtio: New fence for every plane update (bsc#1012628).
- drm: Add panel backlight quirks (bsc#1012628).
- drm/amd/display: Add support for minimum backlight quirk
  (bsc#1012628).
- drm: panel-backlight-quirks: Add Framework 13 matte panel
  (bsc#1012628).
- drm: panel-backlight-quirks: Add Framework 13 glossy and 2.8k
  panels (bsc#1012628).
- nvkm/gsp: correctly advance the read pointer of GSP message
  queue (bsc#1012628).
- nvkm: correctly calculate the available space of the GSP cmdq
  buffer (bsc#1012628).
- drm/tests: hdmi: handle empty modes in find_preferred_mode()
  (bsc#1012628).
- drm/tests: hdmi: return meaningful value from
  set_connector_edid() (bsc#1012628).
- drm/amd/display: Populate chroma prefetch parameters, DET
  buffer fix (bsc#1012628).
- drm/amd/display: Overwriting dualDPP UBF values before usage
  (bsc#1012628).
- printk: Fix signed integer overflow when defining
  LOG_BUF_LEN_MAX (bsc#1012628).
- drm/msm/dpu: filter out too wide modes if no 3dmux is present
  (bsc#1012628).
- drm/connector: add mutex to protect ELD from concurrent access
  (bsc#1012628).
- drm/bridge: anx7625: use eld_mutex to protect access to
  connector->eld (bsc#1012628).
- drm/bridge: ite-it66121: use eld_mutex to protect access to
  connector->eld (bsc#1012628).
- drm/amd/display: use eld_mutex to protect access to
  connector->eld (bsc#1012628).
- drm/exynos: hdmi: use eld_mutex to protect access to
  connector->eld (bsc#1012628).
- drm/msm/dp: use eld_mutex to protect access to connector->eld
  (bsc#1012628).
- drm/radeon: use eld_mutex to protect access to connector->eld
  (bsc#1012628).
- drm/sti: hdmi: use eld_mutex to protect access to connector->eld
  (bsc#1012628).
- drm/vc4: hdmi: use eld_mutex to protect access to connector->eld
  (bsc#1012628).
- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1
  Monitor (bsc#1012628).
- drm/amdgpu: Don't enable sdma 4.4.5 CTXEMPTY interrupt
  (bsc#1012628).
- drm/amdkfd: Queue interrupt work to different CPU (bsc#1012628).
- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT
  (bsc#1012628).
- drm/bridge: it6505: fix HDCP Bstatus check (bsc#1012628).
- drm/bridge: it6505: fix HDCP encryption when R0 ready
  (bsc#1012628).
- drm/bridge: it6505: fix HDCP CTS compare V matching
  (bsc#1012628).
- drm/bridge: it6505: fix HDCP CTS KSV list wait timer
  (bsc#1012628).
- safesetid: check size of policy writes (bsc#1012628).
- drm/amd/display: Increase sanitizer frame larger than limit
  when compile testing with clang (bsc#1012628).
- drm/amd/display: Limit Scaling Ratio on DCN3.01 (bsc#1012628).
- ring-buffer: Make reading page consistent with the code logic
  (bsc#1012628).
- wifi: ath12k: Fix for out-of bound access error (bsc#1012628).
- wifi: ath12k: ath12k_mac_op_set_key(): fix uninitialized symbol
  'ret' (bsc#1012628).
- wifi: rtw89: add crystal_cap check to avoid setting as overflow
  value (bsc#1012628).
- tun: fix group permission check (bsc#1012628).
- mmc: core: Respect quirk_max_rate for non-UHS SDIO card
  (bsc#1012628).
    ... changelog too long, skipping 663 lines ...
- commit fda61c9

==== orc ====
Version update (0.4.40 -> 0.4.41)

- Update to version 0.4.41:
  + orccodemem: Don't modify the process umask, which caused race
    conditions with other threads
  + x86: various SSE and MMX fixes
  + avx: Fix sqrtps encoding causing an illegal instruction crash
  + Hide internal symbols from ABI and do not install internal
    headers
  + Rename backend to target, including `orc-backend` meson option
    and `ORC_BACKEND` environment variable
  + Testsuite, tools: Disambiguate OrcProgram naming conventions
  + Build: Fix `_clear_cache` call for Clang and error out on
    implicit function declarations
  + opcodes: Use MIN instead of CLAMP for known unsigned values to
    fix compiler warnings
  + Spelling fix in debug log message

==== polkit-default-privs ====
Version update (1550+20250212.5d3f04e -> 1550+20250217.25d4aef)

- Update to version 1550+20250217.25d4aef:
  * profiles: add systemd-sysupdated (bsc#1237106)

==== sdbootutil ====
Version update (1+git20250210.45458c4 -> 1+git20250219.a796c24)
Subpackages: sdbootutil-snapper sdbootutil-tukit

- Update to version 1+git20250219.a796c24:
  * generator: exit if /etc/crypttab is missing
  * Fix measure-pcr-validator StandardOutput
- Update to version 1+git20250217.f216443:
  * Remove .conf suffix from grubenv (bsc#1237198)
- Update to version 1+git20250214.ef3b642:
  * Add banner reporting PCR 15 mismatch
  * Generate PCR 15 predictions if crypttab changed
  * Create predictions for PCR 15
  * Add measure-pcr-validator service
  * Order devices when FIDO2 keys are used
  * Set BuildArch to noarch
  * Add dracut measure-pcr module with generator
  * Add tpm2-pcr-measure crypttab parameter
  * Fix help indentation

==== selinux-policy ====
Version update (20250212 -> 20250218)
Subpackages: selinux-policy-targeted

- Update to version 20250218:
  * Enable postfix_local_write_mail_spool boolean by default for targeted only
  * Revert "Enable postfix_local_write_mail_spool boolean by default"
  * Support openSUSE-specific krb5kdc paths (bsc#1237064)

==== thin-provisioning-tools ====

- Enable internal testsuite
- Refresh vendored dependencies

==== xen ====

- bsc#1233796 - [XEN][15-SP7-BEAT3] Xen call trace and APIC Error
  found after reboot operation on AMD machine.
  x86-shutdown-offline-APs-with-interrupts-disabled-on-all-CPUs.patch

==== xfsprogs ====
Version update (6.11.0 -> 6.13.0)

- mkfs: fix filesize function compilation error on 32-bit archs
  - add mkfs-fix-filesize-function-compilation-error-on-32-b.patch
- update to 6.13.0
  - xfs_protofile: fix device number encoding
  - xfs_protofile: fix mode formatting error
  - mkfs: fix file size setting when interpreting a protofile
  - xfs_repair: require zeroed quota/rt inodes in metadir superblocks
  - mkfs: use a default sector size that is also suitable for the rtdev
  - xfs_scrub_all.timer: don't run if /var/lib/xfsprogs is readonly
  - xfs_logprint: Fix super block buffer interpretation issue
  - mkfs: allow sizing realtime allocation groups for concurrency
  - build: initialize stack variables to zero by default
  - m4: fix statx override selection if /usr/include doesn't define it
  - mkfs: fix parsing of value-less -d/-l concurrency cli option
  - xfs_db: improve error message when unknown btree type given to btheight
  - xfs_repair: don't obliterate return codes
  - xfs_db: fix multiple dblock commands
  - xfs: don't return an error from xfs_update_last_rtgroup_size for !XFS_RT
  - xfs_io: add extsize command support
  - xfs_io: allow foreign FSes to show FS_IOC_FSGETXATTR details
  - mkfs: enable rt quota options
  - xfs_quota: report warning limits for realtime space quotas
  - mkfs: add quota flags when setting up filesystem
  - xfs_repair: try not to trash qflags on metadir filesystems
  - xfs_repair: support quota inodes in the metadata directory
  - xfs_db: support metadir quotas
  - libfrog: scrub quota file metapaths
  - mkfs: format realtime groups
  - mkfs: add headers to realtime bitmap blocks
  - xfs_scrub: use histograms to speed up phase 8 on the realtime volume
  - xfs_scrub: trim realtime volumes too
  - xfs_scrub: call GETFSMAP for each rt group in parallel
  - xfs_scrub: cleanup fsmap keys initialization
  - xfs_scrub: check rtgroup metadata directory connections
  - xfs_scrub: scrub realtime allocation group metadata
  - xfs_spaceman: report on realtime group health
  - xfs_mdrestore: restore rt group superblocks to realtime device
  - xfs_io: display rt group in verbose fsmap output
  - xfs_io: display rt group in verbose bmap output
  - xfs_io: add a command to display realtime group information
  - xfs_io: add a command to display allocation group information
  - xfs_io: support scrubbing rtgroup metadata paths
  - xfs_io: support scrubbing rtgroup metadata
  - xfs_db: report rt group and block number in the bmap command
  - xfs_db: dump rt summary blocks
  - xfs_db: dump rt bitmap blocks
  - xfs_db: metadump realtime devices
  - xfs_db: metadump metadir rt bitmap and summary files
  - xfs_db: enable conversion of rt space units
  - xfs_db: support changing the label and uuid of rt superblocks
  - xfs_db: support dumping realtime group data and superblocks
  - xfs_db: listify the definition of enum typnm
  - xfs_db: enable rtconvert to handle segmented rtblocks
  - xfs_db: enable the rtblock and rtextent commands for segmented rt block numbers
  - xfs_repair: repair rtbitmap and rtsummary block headers
  - xfs_repair: support realtime superblocks
  - xfs_repair: find and clobber rtgroup bitmap and summary files
  - xfs_repair: support realtime groups
  - xfs_repair: add a real per-AG bitmap abstraction
  - xfs_repair: simplify rt_lock handling
  - xfs_repair: improve rtbitmap discrepancy reporting
  - xfs_repair: refactor offsetof+sizeof to offsetofend
  - xfs_repair: refactor phase4
  - xfs_repair: adjust rtbitmap/rtsummary word updates to handle big endian values
  - xfs_logprint: report realtime EFIs
  - libfrog: add bitmap_clear
  - libfrog: report rt groups in output
  - libfrog: support scrubbing rtgroup metadata paths
  - man: document rgextents geom field
  - man: document the rt group geometry ioctl
  - mkfs: add a utility to generate protofiles
  - mkfs: support copying in xattrs
  - mkfs: support copying in large or sparse files
  - mkfs.xfs: enable metadata directories
  - xfs_repair: do not count metadata directory files when doing quotacheck
  - xfs_repair: truncate and unmark orphaned metadata inodes
  - xfs_repair: drop all the metadata directory files during pass 4
  - xfs_repair: metadata dirs are never plausible root dirs
  - xfs_repair: mark space used by metadata files
  - xfs_repair: update incore metadata state whenever we create new files
  - xfs_repair: don't let metadata and regular files mix
  - xfs_repair: rebuild the metadata directory
  - xfs_repair: check metadata inode flag
  - xfs_repair: dont check metadata directory dirent inumbers
  - xfs_repair: handle sb_metadirino correctly when zeroing supers
  - xfs_scrub: re-run metafile scrubbers during phase 5
  - xfs_scrub: scan metadata directories during phase 3
  - xfs_scrub: tread zero-length read verify as an IO error
  - xfs_spaceman: report health of metadir inodes too
  - xfs_io: support scrubbing metadata directory paths
  - xfs_io: support flag for limited bulkstat of the metadata directory
  - xfs_db: drop the metadata checking code from blockget
  - xfs_db: display di_metatype
  - xfs_db: show the metadata root directory when dumping superblocks
  - xfs_db: support metadata directories in the path command
  - xfs_db: don't obfuscate metadata directories and attributes
  - xfs_db: report metadir support for version command
  - xfs_db: disable xfs_check when metadir is enabled
  - xfs_io: support scrubbing metadata directory paths
    ... changelog too long, skipping 26 lines ...
  - ------------------------------------------------------------------