Packages changed:
  grub2
  hostname
  libass (0.17.0 -> 0.17.1)
  lua54
  microos-tools (2.19 -> 2.20)
  mpg123 (1.31.2 -> 1.31.3)
  net-tools
  pam
  pam-config (1.9 -> 2.1)
  pam-full-src
  selinux-policy (20221019 -> 20230321)
  systemd
  tigervnc (1.13.0 -> 1.13.1)
  vlan
  xz (5.4.1 -> 5.4.2)
  yast2-trans (84.87.20230312.2a5006f40f -> 84.87.20230318.5548fe53da)

=== Details ===

==== grub2 ====
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi

- Restrict cryptsetup key file permission for better security (bsc#1207499)
  * 0001-loader-linux-Ensure-the-newc-pathname-is-NULL-termin.patch
  * 0002-Restrict-cryptsetup-key-file-permission-for-better-s.patch
- Meanwhile, memtest86+ gained EFI support, but using the grub
  command line to run it manually is quite tedious...
  Adapt 20_memtest86+ to provide a proper menu entry. Executing
  memtest requires to turn security off in BIOS: (Boot Mode: Other OS).

==== hostname ====

- Replace transitional %usrmerged macro with regular version check (boo#1206798)

==== libass ====
Version update (0.17.0 -> 0.17.1)

- update to 0.17.1:
  * Fix buffer overread if soft-wrapping occurred and
    ASS_FEATURE_WHOLE_TEXT_LAYOUT was enabled via API or due
    to Encoding -1
  * x86: detect GNU Hurd and configure NASM appropriately

==== lua54 ====

- Added more numbered patches from upstream:
  * luabugs10.patch

==== microos-tools ====
Version update (2.19 -> 2.20)

- Update to version 2.20:
  - 98selinux-microos: don't load the policy to label the system

==== mpg123 ====
Version update (1.31.2 -> 1.31.3)
Subpackages: libmpg123-0 mpg123-openal

- Update to version 1.31.3
  build:
  * Fix --disable-8bit.
  * Fix some pedantic compiler warnings, avoid breaking libtool
    wrappers.
  mpg123:
  * Fix verbose position printout for new resampling outside
    libmpg123 (where output rate differs from decoding rate).
  libsyn123:
  * Fix reconfiguration of resampler to avoid double free when
    reducing decimator stages to zero.

==== net-tools ====
Subpackages: net-tools-lang

- Replace transitional %usrmerged macro with regular version check (boo#1206798)

==== pam ====

- Add common-session-nonlogin and postlogin-* pam.d config files
  for https://github.com/SUSE/pam-config/pull/16, pam_lastlog2
  and upcoming pam_wtmpdb.

==== pam-config ====
Version update (1.9 -> 2.1)

- Update to version 2.1
  - Bug fix release
- Update to version 2.0
  - Add support for pam_fscrypt
  - Add support for pam.d/common-session-nonlogin
  - Add support for pam.d/postlogin-{account,auth,password,session}

==== pam-full-src ====

- Add common-session-nonlogin and postlogin-* pam.d config files
  for https://github.com/SUSE/pam-config/pull/16, pam_lastlog2
  and upcoming pam_wtmpdb.

==== selinux-policy ====
Version update (20221019 -> 20230321)
Subpackages: selinux-policy-targeted

- Update to version 20230321:
  * make kernel_t unconfined again
- Update to version 20230316:
  * prevent labeling of overlayfs filesystems based on the /var/lib/overlay
    path
  * allow kernel_t to relabel etc_t files
  * allow kernel_t to relabel sysnet config files
  * allow kernel_t to relabel systemd hwdb etc files
  * add systemd_hwdb_relabel_etc_files to allow labeling of hwdb files
  * change sysnet_relabelto_net_conf and sysnet_relabelfrom_net_conf to apply
    to files and lnk_files. lnk_files are commonly used in SUSE to allow easy
    management of config files
  * add files_relabel_etc_files_basic and files_relabel_etc_lnk_files_basic
    interfaces to allow labeling on etc_t, not on the broader configfiles
    attribute
  * Allow systemd-timesyncd to bind to generic UDP ports (bsc#1207962). The
    watch permissions reported are already fixed in a current policy.
- Reinstate update.sh and remove container-selinux from the service.
  Having both repos in there causes issues and update.sh makes the update
  process easier in general. Updated README.Update

==== systemd ====
Subpackages: libsystemd0 libudev1 systemd-coredump systemd-doc systemd-lang udev

- Drop 0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch
  These obsolete symlinks were kept because several years ago VLC was still
  relying on some of them. However it's been a long a time ago that it's been
  fixed and cdrom or similar devices are discovered in a better way.
- Enable that systemd can load the IMA policy from
  /etc/ima/ima-policy.  This is used to complement dracut-ima when
  using SELinux, as the SELinux policy should not be loaded in the
  initrd (https://github.com/openSUSE/microos-tools/pull/14)

==== tigervnc ====
Version update (1.13.0 -> 1.13.1)
Subpackages: libXvnc1 xorg-x11-Xvnc xorg-x11-Xvnc-module

- update to 1.13.1:
  * x0vncserver can either crash itself, or crash the X server
    it is connected to
  * The servers might crash if the clipboard is updated just as
    a client is connected
  * The vncserver service can fail to start on SELinux system
    if ~/.vnc doesn't exist

==== vlan ====

- Replace transitional %usrmerged macro with regular version check (boo#1206798)

==== xz ====
Version update (5.4.1 -> 5.4.2)
Subpackages: liblzma5 xz-lang

- Update to version 5.4.2:
  * All fixes from 5.2.11 that were not included in 5.4.1.
  * If xz is built with support for the Capsicum sandbox but running
    in an environment that doesn't support Capsicum, xz now runs
    normally without sandboxing instead of exiting with an error.
  * liblzma:
  - Documentation was updated to improve the style, consistency,
    and completeness of the liblzma API headers.
  - The Doxygen-generated HTML documentation for the liblzma API
    header files is now included in the source release and is
    installed as part of "make install". All JavaScript is
    removed to simplify license compliance and to reduce the
    install size.
  - Fixed a minor bug in lzma_str_from_filters() that produced
    too many filters in the output string instead of reporting
    an error if the input array had more than four filters. This
    bug did not affect xz.
  * Build systems:
  - autogen.sh now invokes the doxygen tool via the new wrapper
    script doxygen/update-doxygen, unless the command line option
  - -no-doxygen is used.
  - Added microlzma_encoder.c and microlzma_decoder.c to the
    VS project files for Windows and to the CMake build. These
    should have been included in 5.3.2alpha.
  * Tests:
  - Added a test to the CMake build that was forgotten in the
    previous release.
  - Added and refactored a few tests.
  * Translations:
  - Updated the Brazilian Portuguese translation.
  - Added Brazilian Portuguese man page translation.

==== yast2-trans ====
Version update (84.87.20230312.2a5006f40f -> 84.87.20230318.5548fe53da)
Subpackages: yast2-trans-cs yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-fr yast2-trans-hu yast2-trans-it yast2-trans-ja yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ru yast2-trans-zh_CN yast2-trans-zh_TW

- Update to version 84.87.20230318.5548fe53da:
  * Translated using Weblate (Galician)
  * Translated using Weblate (Galician)
  * Translated using Weblate (Galician)
  * Translated using Weblate (Galician)
  * Translated using Weblate (Galician)
  * New POT for text domain 'storage'.
  * New POT for text domain 'installation'.