Packages changed:
  7zip (22.01 -> 23.01)
  accountsservice (22.08.8 -> 23.13.9)
  apparmor (3.1.5 -> 3.1.6)
  bind (9.18.15 -> 9.18.16)
  cups
  health-checker (1.8 -> 1.9)
  installation-images-MicroOS (17.88 -> 17.89)
  kernel-firmware (20230531 -> 20230620)
  libapparmor (3.1.5 -> 3.1.6)
  libstorage-ng (4.5.120 -> 4.5.121)
  man-pages-ja (20230115 -> 20230615)
  mlterm (3.9.2 -> 3.9.3)
  systemd
  systemd-rpm-macros (23 -> 24)
  wtmpdb (0.6.0 -> 0.7.0)

=== Details ===

==== 7zip ====
Version update (22.01 -> 23.01)

- Update to version 23.01:
  * 7-Zip now can use new ARM64 filter for compression to 7z and xz archives.
    ARM64 filter can increase compression ratio for data containing executable files
    compiled for ARM64 (AArch64) architecture.
  * Default section size for BCJ2 filter was changed from 64 MiB to 240 MiB. It
    can increase compression ratio for executable files larger than 64 MiB.
  * UDF: support was improved.
  * cpio: support for hard links.
  * Some changes and optimizations in WIM creation code.
  * When new 7-Zip creates multivolume archive, 7-Zip keeps in open state only
    volumes that still can be changed. Previous versions kept all volumes in open
    state until the end of the archive creation.
  * 7-Zip now can reduce the number of simultaneously open files, when
    7-Zip opens, extracts or creates multivolume archive. It allows to avoid the
    failures for cases with big number of volumes, bacause there is a limitation for
    number of open files allowed for a single program in Linux.
  * The bugs were fixed:
  * ZIP archives: if multithreaded zip compression was performed with
    more than one file to stdout stream (-so switch), 7-zip didn't write "data
    descriptor" for some files.
  * ext4 archives: 7-Zip couldn't correctly extract symbolic link to directory from ext4 archives.
  * HFS and APFS archives: 7-Zip incorrectly decoded uncompressed blocks (64 KiB) in compressed forks.
  * Some another bugs were fixed.
- Refresh fix-compatib-with-p7zip.patch

==== accountsservice ====
Version update (22.08.8 -> 23.13.9)
Subpackages: accountsservice-lang libaccountsservice0 typelib-1_0-AccountsService-1_0

- Update to version 23.13.9:
  + daemon: Fix boot delay
  + user-manager:
  - Add cancellable to fetch user requests
  - Track non-existent users
- Changes from version 23.11.69:
  + Add lightdm autologin support
  + user:
  - Return an error when setting invalid language
  - Throw a warning for invalid locales
  - Support new LocalAccount property in cache file
  - Replace usermod -p with chpasswd -e
  + main:
  - Use new overridable USERDIR
  - Use new overridable ICONDIR
  - Use new overridable sysconfdir
  + daemon:
  - Add GetUsersLanguages() function
  - Don't crash if /etc/shadow doesn't exist
  + Updated translations.
- Rebase patches:
  + accountsservice-sysconfig.patch
  + accountsservice-filter-suse-accounts.patch

==== apparmor ====
Version update (3.1.5 -> 3.1.6)
Subpackages: apparmor-abstractions apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang python3-apparmor

- update to AppArmor 3.1.6
  - fix regression in mount rules (boo#1211989)
  - some additions to the base and authentification abstractions
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.6
    for the full upstream changelog

==== bind ====
Version update (9.18.15 -> 9.18.16)

- Update to release 9.18.16
  Security Fixes:
  * The overmem cleaning process has been improved, to prevent the
    cache from significantly exceeding the configured
    max-cache-size limit. (CVE-2023-2828)
  * A query that prioritizes stale data over lookup triggers a
    fetch to refresh the stale data in cache. If the fetch is
    aborted for exceeding the recursion quota, it was possible for
    named to enter an infinite callback loop and crash due to stack
    overflow. This has been fixed. (CVE-2023-2911)
  New Features:
  * The system test suite can now be executed with pytest (along
    with pytest-xdist for parallel execution).
  Removed Features:
  * TKEY mode 2 (Diffie-Hellman Exchanged Keying) is now
    deprecated, and will be removed in a future release. A warning
    will be logged when the tkey-dhkey option is used in
    named.conf.
  Bug Fixes:
  * BIND could get stuck on reconfiguration when a listen-on
    statement for HTTP is removed from the configuration. That has
    been fixed.
  * Previously, it was possible for a delegation from cache to be
    returned to the client after the stale-answer-client-timeout
    duration. This has been fixed.
  * BIND could allocate too big buffers when sending data via
    stream-based DNS transports, leading to increased memory usage.
    This has been fixed.
  * When the stale-answer-enable option was enabled and the
    stale-answer-client-timeout option was enabled and larger than
    0, named previously allocated two slots from the
    clients-per-query limit for each client and failed to gradually
    auto-tune its value, as configured. This has been fixed.

==== cups ====
Subpackages: cups-client cups-config libcups2 libcupsimage2

- cups-2.4.2-CVE-2023-34241.patch fixes CVE-2023-34241
  "use-after-free in cupsdAcceptClient()"
  https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25
  bsc#1212230

==== health-checker ====
Version update (1.8 -> 1.9)
Subpackages: health-checker-plugins-MicroOS

- Update to version 1.9
  * Fix failing subvolume mount checks with certain characters in
    mount point [gh#openSUSE/health-checker#14].

==== installation-images-MicroOS ====
Version update (17.88 -> 17.89)

- merge gh#openSUSE/installation-images#649
- add shim, mokutil, and grub2-i386-efi to rescue system (bsc#1209985)
- add shim and grub2-i386-efi to rescue system (bsc#1209985)
- 17.89

==== kernel-firmware ====
Version update (20230531 -> 20230620)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd

- Update to version 20230620 (git commit 045b2136a619):
  * amdgpu: update DMCUB to v0.0.172.0 for various AMDGPU ASICs
  * fix broken cirrus firmware symlinks
  * qcom: Update the microcode files for Adreno a630 GPUs.
  * qcom: sdm845: rename the modem firmware
  * qcom: sdm845: update remoteproc firmware
  * rtl_bt: Update RTL8852A BT USB firmware to 0xDAC7_480D
  * rtl_bt: Update RTL8852C BT USB firmware to 0x040D_7225
  * amdgpu: DMCUB updates for various AMDGPU asics
  * linux-firmware: update firmware for MT7922 WiFi device
  * linux-firmware: update firmware for MT7921 WiFi device
  * linux-firmware: update firmware for mediatek bluetooth chip (MT7922)
  * linux-firmware: update firmware for mediatek bluetooth chip (MT7921)
  * i915: Add HuC v8.5.0 for MTL
  * mediatek: Update mt8195 SCP firmware to support hevc
- Drop obsoleted patch for WHENCE:
  cirrus-WHENCE-link-fixes.patch
- Update aliases

==== libapparmor ====
Version update (3.1.5 -> 3.1.6)

- update to AppArmor 3.1.6
  - fix regression in mount rules (boo#1211989)
  - some additions to the base and authentification abstractions
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.6
    for the full upstream changelog

==== libstorage-ng ====
Version update (4.5.120 -> 4.5.121)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1

- merge gh#openSUSE/libstorage-ng#937
- query version of lsscsi (preparation for using json output)
- coding style
- extended documentation
- 4.5.121

==== man-pages-ja ====
Version update (20230115 -> 20230615)

- version update to 20230615
  * Improved and updated manual pages

==== mlterm ====
Version update (3.9.2 -> 3.9.3)
Subpackages: mlterm-common mlterm-fcitx mlterm-sdl2

- version update to 3.9.3
  * mlterm-wl supports xdg-decoration.
  * Add --disable-compact-truecolor option to ./configure script.
  * Add vte 0.68 API symbols to libvte compatible library.
  * Add libvterm 0.2 API symbols to libvterm compatible library.
  * Add --sdpr / simple_scrollbar_dpr option.
    (https://github.com/arakiken/mlterm/issues/64)
  * Set "COLORTERM=truecolor" environmental variable.
    (https://github.com/arakiken/mlterm/issues/36)
  * Update unicode property table (generated from UnicodeData.txt and
    EastAsianWidth.txt) to version 15.0.0.
  * Support mosh-1.4.0.
- deleted patches
  - CVE-2022-24130-c_sixel.c-Fix-segmentation-fault-when-the-repeat-cou.patch (upstreamed)
  - mlfc-Fix-crash-with-more-than-1024-font-faces-installed.patch (upstreamed)
  - mlterm-Fix-buffer-overflow-with-long-plugin-suffix.patch (upstreamed)
  - mlterm-SDL2-UI-also-needs-math-libs.patch (upstreamed)
  - mlterm-wayland-Detect-compiler-flags.patch (upstreamed)

==== systemd ====
Subpackages: libsystemd0 libudev1 systemd-coredump systemd-doc systemd-lang udev

- Make sure to pre-install the groups systemd and udev rely on. This is needed
  when the tmpfiles are run at package installation time. Theoretically with
  only "Requires(pre): group()", rpm is allowed to drop the group at the end of
  the package installations hence let's keep "Requires: group()" dep.
  Note: this is also needed when (post)file-triggers are enabled due to the
  current limitation of the default libzypp transaction backend.
- file-triggers: fix lua trigger priority for sysusers (bsc#1212376)
  A single digit in the priority used for sysusers got dropped somehow and
  upstream commit cd621954ed643c6ee0d869132293e26056a48826 forgot to restore it
  in the lua implementation.
- file-triggers: skip the call to systemd-tmpfiles in chroot too. That way we
  ensure that packages that really need the tmpfiles in advance use the right
  API which is %tmpfiles_create_package.
- file-triggers: to be consistent with what we already does with tmpfiles, we
  skip the call to systemd-sysusers and delay system user creations until the
  next reboot.
- Temporarily add
  5002-Revert-core-service-when-resetting-PID-also-reset-kn.patch until it's
  backported to the next stable release
  See https://github.com/systemd/systemd/pull/28000

==== systemd-rpm-macros ====
Version update (23 -> 24)

- Bump to version 24
- Drop %tmpfiles_create_package
  It can't work during transactional updates because the paths that
  systemd-tmpfiles usually operates on (such as /var) can't be changed. It
  appears that the only user of this macro doesn't really need this macro so
  let's drop it.
- Drop %sysusers_create_inline
  It's deprecated and the only user of this macro is being converted to
  %sysusers_create_package. So drop it now before the deprecated macro attracts
  more users.
- Unlike systemd-tmpfiles call in %tmpfiles_create_package(), systemd-sysusers
  must always be called by %sysusers_create_package() even on transactional
  systems since it's part of the macro contract. Writing to /etc is not
  recommended on such systems but it has to work anyways.

==== wtmpdb ====
Version update (0.6.0 -> 0.7.0)
Subpackages: libwtmpdb0

- Update to version 0.7.0
  - wtmpdb rotate: use sqlite3_bind_* internal
  - wtmpdb last: Implement -x, -d, -i and -w options