Packages changed:
  MozillaFirefox (134.0 -> 134.0.1)
  apache2-mod_php8 (8.3.15 -> 8.3.16)
  gnome-control-center
  libgee (0.20.6 -> 0.20.8)
  libsoup (3.6.3 -> 3.6.4)
  llvm19 (19.1.6 -> 19.1.7)
  meson
  openSUSE-release (20250117 -> 20250118)
  php8 (8.3.15 -> 8.3.16)
  python-httpx
  rsync (3.3.0 -> 3.4.1)
  suse-module-tools (16.0.55 -> 16.0.56)

=== Details ===

==== MozillaFirefox ====
Version update (134.0 -> 134.0.1)
Subpackages: MozillaFirefox-branding-upstream MozillaFirefox-translations-common

- Mozilla Firefox 134.0.1
  * Fixed UI hangs happening on YouTube and Google Docs in some situations
    (bmo#1939295)
  * Fixed a startup crash affecting some users upgrading from Firefox 133
    (bmo#1941134)
  * Fixed an issue where search engines selection menus and context
    menus could be broken if a user had previously reverted to an
    earlier version (bmo#1940533)
- raised required rust version to 1.81

==== apache2-mod_php8 ====
Version update (8.3.15 -> 8.3.16)

- version update to 8.3.16
    Core:
    Fixed bug GH-17106 (ZEND_MATCH_ERROR misoptimization).
    Fixed bug GH-17162 (zend_array_try_init() with dtor can cause engine UAF).
    Fixed bug GH-17101 (AST->string does not reproduce constructor property promotion correctly).
    Fixed bug GH-17211 (observer segfault on function loaded with dl()).
    Fixed bug GH-17216 (Trampoline crash on error).
    Date:
    Fixed bug GH-14709 DatePeriod::__construct() overflow on recurrences.
    DBA:
    Skip test if inifile is disabled.
    DOM:
    Fixed bug GH-17224 (UAF in importNode).
    Embed:
    Make build command for program using embed portable.
    FFI:
    Fixed bug #79075 (FFI header parser chokes on comments).
    Fix memory leak on ZEND_FFI_TYPE_CHAR conversion failure.
    Fixed bug GH-16013 and bug #80857 (Big endian issues).
    Filter:
    Fixed bug GH-16944 (Fix filtering special IPv4 and IPv6 ranges, by using information from RFC 6890).
    FPM:
    Fixed bug GH-13437 (FPM: ERROR: scoreboard: failed to lock (already locked)).
    Fixed bug GH-17112 (Macro redefinitions).
    Fixed bug GH-17208 (bug64539-status-json-encoding.phpt fail on 32-bits).
    GD:
    Fixed bug GH-16255 (Unexpected nan value in ext/gd/libgd/gd_filter.c).
    Ported fix for libgd bug 276 (Sometimes pixels are missing when storing images as BMPs).
    Gettext:
    Fixed bug GH-17202 (Segmentation fault ext/gettext/gettext.c bindtextdomain()).
    Iconv:
    Fixed bug GH-17047 (UAF on iconv filter failure).
    LDAP:
    Fixed bug GH-17280 (ldap_search() fails when $attributes array has holes).
    LibXML:
    Fixed bug GH-17223 (Memory leak in libxml encoding handling).
    MBString:
    Fixed bug GH-17112 (Macro redefinitions).
    Opcache:
    opcache_get_configuration() properly reports jit_prof_threshold.
    Fixed bug GH-17246 (GC during SCCP causes segfault).
    PCNTL:
    Fix memory leak in cleanup code of pcntl_exec() when a non stringable value is encountered past the first entry.
    PgSql:
    Fixed bug GH-17158 (pg_fetch_result Shows Incorrect ArgumentCountError Message when Called With 1 Argument).
    Fixed further ArgumentCountError for calls with flexible number of arguments.
    Phar:
    Fixed bug GH-17137 (Segmentation fault ext/phar/phar.c).
    SimpleXML:
    Fixed bug GH-17040 (SimpleXML's unset can break DOM objects).
    Fixed bug GH-17153 (SimpleXML crash when using autovivification on document).
    Sockets:
    Fixed bug GH-16276 (socket_strerror overflow handling with INT_MIN).
    Fixed overflow on SO_LINGER values setting, strengthening values check on SO_SNDTIMEO/SO_RCVTIMEO for socket_set_option().
    SPL:
    Fixed bug GH-17225 (NULL deref in spl_directory.c).
    Streams:
    Fixed bug GH-17037 (UAF in user filter when adding existing filter name due to incorrect error handling).
    Fixed bug GH-16810 (overflow on fopen HTTP wrapper timeout value).
    Fixed bug GH-17067 (glob:// wrapper doesn't cater to CWD for ZTS builds).
    Windows:
    Hardened proc_open() against cmd.exe hijacking.
    XML:
    Fixed bug GH-1718 (unreachable program point in zend_hash).
- modified patches
  % php-build-reproducible-phar.patch (refreshed)

==== gnome-control-center ====
Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-lang gnome-control-center-user-faces gnome-control-center-users

- Recommend ppd-server instead of power-profiles-daemon: there is
  also tuned-ppd, which provides the same dbus interface. If the
  user does not chose between the two, we suggest the original
  power-profiles-daemon.
- Fix escaping of commented out patch: with RPM 4.20, %patch
  becomes a standard, expandable macro, that can span more than one
  line. Commenting out with #%patch can thus lead to invalid
  results.

==== libgee ====
Version update (0.20.6 -> 0.20.8)

- Update to version 0.20.8:
  + Fixes for newer valac.
- Drop patches fixed upstream:
  + ce8461ff6ea8ed79ce06b4241cb4fbb6d3d314f1.patch
  + b33a6627f4fc96938b6015e05849867c472160a8.patch
  + 2f0bbe8987e5eb1390b23ac531c971b202c2ef77.patch
- Add check section and run make check during build.

==== libsoup ====
Version update (3.6.3 -> 3.6.4)
Subpackages: libsoup-3_0-0 libsoup-lang typelib-1_0-Soup-3_0

- Update to version 3.6.4:
  + http2: Fix regression on 32bit systems when reading response
    data.

==== llvm19 ====
Version update (19.1.6 -> 19.1.7)
Subpackages: clang-tools clang19 libLLVM19 libclang-cpp19 libclang13 libclang_rt19 llvm19-gold

- Update to version 19.1.7.
  * This release contains bug-fixes for the LLVM 19.1.0 release.
    This release is API and ABI compatible with 19.1.0.
- Rebase llvm-do-not-install-static-libraries.patch.

==== meson ====
Subpackages: meson-vim

- Drop the bcond on setuptools, its primary flavor will live in Ring 0.
- Drop patch meson-distutils.patch, not required.
- Instruct autosetup macro to apply all patches.

==== openSUSE-release ====
Version update (20250117 -> 20250118)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd

- automatically generated by openSUSE-release-tools/pkglistgen

==== php8 ====
Version update (8.3.15 -> 8.3.16)
Subpackages: php8-ctype php8-dom php8-iconv php8-openssl php8-pdo php8-sqlite php8-tokenizer php8-xmlreader php8-xmlwriter

- version update to 8.3.16
    Core:
    Fixed bug GH-17106 (ZEND_MATCH_ERROR misoptimization).
    Fixed bug GH-17162 (zend_array_try_init() with dtor can cause engine UAF).
    Fixed bug GH-17101 (AST->string does not reproduce constructor property promotion correctly).
    Fixed bug GH-17211 (observer segfault on function loaded with dl()).
    Fixed bug GH-17216 (Trampoline crash on error).
    Date:
    Fixed bug GH-14709 DatePeriod::__construct() overflow on recurrences.
    DBA:
    Skip test if inifile is disabled.
    DOM:
    Fixed bug GH-17224 (UAF in importNode).
    Embed:
    Make build command for program using embed portable.
    FFI:
    Fixed bug #79075 (FFI header parser chokes on comments).
    Fix memory leak on ZEND_FFI_TYPE_CHAR conversion failure.
    Fixed bug GH-16013 and bug #80857 (Big endian issues).
    Filter:
    Fixed bug GH-16944 (Fix filtering special IPv4 and IPv6 ranges, by using information from RFC 6890).
    FPM:
    Fixed bug GH-13437 (FPM: ERROR: scoreboard: failed to lock (already locked)).
    Fixed bug GH-17112 (Macro redefinitions).
    Fixed bug GH-17208 (bug64539-status-json-encoding.phpt fail on 32-bits).
    GD:
    Fixed bug GH-16255 (Unexpected nan value in ext/gd/libgd/gd_filter.c).
    Ported fix for libgd bug 276 (Sometimes pixels are missing when storing images as BMPs).
    Gettext:
    Fixed bug GH-17202 (Segmentation fault ext/gettext/gettext.c bindtextdomain()).
    Iconv:
    Fixed bug GH-17047 (UAF on iconv filter failure).
    LDAP:
    Fixed bug GH-17280 (ldap_search() fails when $attributes array has holes).
    LibXML:
    Fixed bug GH-17223 (Memory leak in libxml encoding handling).
    MBString:
    Fixed bug GH-17112 (Macro redefinitions).
    Opcache:
    opcache_get_configuration() properly reports jit_prof_threshold.
    Fixed bug GH-17246 (GC during SCCP causes segfault).
    PCNTL:
    Fix memory leak in cleanup code of pcntl_exec() when a non stringable value is encountered past the first entry.
    PgSql:
    Fixed bug GH-17158 (pg_fetch_result Shows Incorrect ArgumentCountError Message when Called With 1 Argument).
    Fixed further ArgumentCountError for calls with flexible number of arguments.
    Phar:
    Fixed bug GH-17137 (Segmentation fault ext/phar/phar.c).
    SimpleXML:
    Fixed bug GH-17040 (SimpleXML's unset can break DOM objects).
    Fixed bug GH-17153 (SimpleXML crash when using autovivification on document).
    Sockets:
    Fixed bug GH-16276 (socket_strerror overflow handling with INT_MIN).
    Fixed overflow on SO_LINGER values setting, strengthening values check on SO_SNDTIMEO/SO_RCVTIMEO for socket_set_option().
    SPL:
    Fixed bug GH-17225 (NULL deref in spl_directory.c).
    Streams:
    Fixed bug GH-17037 (UAF in user filter when adding existing filter name due to incorrect error handling).
    Fixed bug GH-16810 (overflow on fopen HTTP wrapper timeout value).
    Fixed bug GH-17067 (glob:// wrapper doesn't cater to CWD for ZTS builds).
    Windows:
    Hardened proc_open() against cmd.exe hijacking.
    XML:
    Fixed bug GH-1718 (unreachable program point in zend_hash).
- modified patches
  % php-build-reproducible-phar.patch (refreshed)

==== python-httpx ====

- Use libalternatives instead of update-alternatives, bsc#1235784
- don't run tests in strict async mode, upstream doesn't either
- disable flaky test

==== rsync ====
Version update (3.3.0 -> 3.4.1)

- Update to 3.4.1
  * BUG FIXES:
  - fixed handling of -⁠H flag with conflict in internal flag values
  - fixed a user after free in logging of failed rename
  - fixed build on systems without openat()
  - removed dependency on alloca() in bundled popt
  * DEVELOPER RELATED:
  - fix to permissions handling in the developer release script
- Drop 705.patch, because now in upstream.
- update to 3.4.1
  * fixed handling of -H flag with conflict in internal flag values
    (replaces 705.patch)
  * fixed a user after free in logging of failed rename
  * fixed build on systems without openat()
  * removed dependency on alloca() in bundled popt
- Backport patch from PR 705 to fix broken handling of hashes and
  hard links:
  * Add 705.patch
- Update to 3.4
  * Bump to protocol 32
  Drop CVE patches:
  * Drop rsync-gcc14.patch
  * Removed rsync-CVE-2024-12084-overflow-01.patch
  * Removed rsync-CVE-2024-12084-overflow-02.patch
  * Removed rsync-CVE-2024-12085.patch
  * Removed rsync-CVE-2024-12086_01.patch
  * Removed rsync-CVE-2024-12086_02.patch
  * Removed rsync-CVE-2024-12086_03.patch
  * Removed rsync-CVE-2024-12086_04.patch
  * Removed rsync-CVE-2024-12087_01.patch
  * Removed rsync-CVE-2024-12087_02.patch
  * Removed rsync-CVE-2024-12088.patch
  * Removed rsync-CVE-2024-12747.patch
- Security update,CVE-2024-12747, bsc#1235475 race condition in handling symbolic links
  * Added rsync-CVE-2024-12747.patch
- Security update, fix multiple vulnerabilities:
  * CVE-2024-12084, bsc#1234100 - Heap Buffer Overflow in Checksum Parsing
  * CVE-2024-12085, bsc#1234101 - Info Leak via uninitialized Stack contents defeats ASLR
  * CVE-2024-12086, bsc#1234102 - Server leaks arbitrary client files
  * CVE-2024-12087, bsc#1234103 - Server can make client write files outside of destination directory using symbolic links
  * CVE-2024-12088, bsc#1234104 - --safe-links Bypass
  * Added rsync-CVE-2024-12084-overflow-01.patch
  * Added rsync-CVE-2024-12084-overflow-02.patch
  * Added rsync-CVE-2024-12085.patch
  * Added rsync-CVE-2024-12086_01.patch
  * Added rsync-CVE-2024-12086_02.patch
  * Added rsync-CVE-2024-12086_03.patch
  * Added rsync-CVE-2024-12086_04.patch
  * Added rsync-CVE-2024-12087_01.patch
  * Added rsync-CVE-2024-12087_02.patch
  * Added rsync-CVE-2024-12088.patch

==== suse-module-tools ====
Version update (16.0.55 -> 16.0.56)
Subpackages: suse-module-tools-scriptlets

- Update to version 16.0.56:
  * rpm-script: create /boot/vmlinuz and /boot/initrd in kiwi environment
    (bsc#1234275, bsc#1234759)