Packages changed:
  ImageMagick (7.1.1.20 -> 7.1.1.21)
  adobe-sourcehanserif-fonts (2.001 -> 2.002)
  dhcp
  installation-images-MicroOS (17.103 -> 17.104)
  kernel-source (6.6.1 -> 6.6.2)
  libX11
  libfido2 (1.13.0 -> 1.14.0)
  llvm17 (17.0.4 -> 17.0.5)
  mcelog (195 -> 196)
  mdadm
  openvpn (2.6.7 -> 2.6.8)
  xen
  yast2-trans (84.87.20231104.b73ad6fbc9 -> 84.87.20231117.f12231d4de)

=== Details ===

==== ImageMagick ====
Version update (7.1.1.20 -> 7.1.1.21)
Subpackages: ImageMagick-config-7-SUSE libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10

- version update to 7.1.1.21
  https://github.com/ImageMagick/Website/blob/main/ChangeLog.md
- modified patches
  [bsc#1217014][bsc#1216811]
  % ImageMagick-s390x-disable-tests.patch (refreshed)
- deleted patches
  - ImageMagick-correct-time-to-live.patch (upstreamed)
- added patches
  https://github.com/ImageMagick/ImageMagick/commit/8f3c56fabc619c1672865257e5aafe33cbfaaf3e
  https://github.com/ImageMagick/ImageMagick/commit/3a7b915d9a810ce742987b37c935f6ae8b36df10
  + ImageMagick-infinite-resource-time-limit.patch

==== adobe-sourcehanserif-fonts ====
Version update (2.001 -> 2.002)
Subpackages: adobe-sourcehanserif-cn-fonts adobe-sourcehanserif-tw-fonts

- Remove old specfile constructs, update descriptions
- Update to 2.002R
  * The copyright year was changed to “2017–2023.”
  * Addition of ㋿ Square Era Name Reiwa uni32FF-JP was omitted in
    previous release notes Issue #163.
  * The following glyphs were added to support GB 18030 2022
    Implementation Level 2: uni4DB6-CN, uni4DB7-CN, uni4DB8-CN,
    uni4DBA-CN, uni4DBB-CN, uni4DBC-CN, uni4DBD-CN, uni4DBE-CN,
    uni4DBF-CN, uni5CB8-JP, uni9FEB-CN, uni9FEB-TW, uni9FEC-CN,
    uni9FED-CN, uni9FEE-JP, uni9FEF-JP, uni9FF0-CN, uni9FF1-CN,
    uni9FF2-CN, uni9FF3-CN, uni9FF4-CN, uni9FF5-CN, uni9FF6-CN,
    uni9FF7-CN, uni9FF8-CN, uni9FF9-CN, uni9FFA-CN, uni9FFB-CN,
    uni9FFC-CN, uni9FFD-CN, uni9FFE-CN, and uni9FFF-CN.
  * Fixed aj16-kanji.txt per Issue #125.
  * Fixed position of uni309B-V and uni309C-V per Issue #157.
  * Fixed HK mapping for U+752D 甭 per Issue #159.
  * Fixed CN mapping for U+5141 允 and U+535A 博 per Issue #162.
  * Remapped TW glyph for U+7239 爹 per Issue #167.
  * Restored JP glyph for U+5CB8 岸 per Issue #169.
  * Fixed mapping for U+F9DC 隆 per Issue #165.
  * Fixed interpolation bug in uni2299 ⊙ per Issue #181.
  * Fixed interpolation bugs in uni4B4C-CN 䭌 and uni4B55-CN 䭕 per
    Issue #193.

==== dhcp ====
Subpackages: dhcp-client

- Remove dhclient-script (boo#1216822).

==== installation-images-MicroOS ====
Version update (17.103 -> 17.104)

- merge gh#openSUSE/installation-images#674
- ltrace now exists for riscv64
- Fix too broad glob in ruby template
- Updates for riscv64
- 17.104

==== kernel-source ====
Version update (6.6.1 -> 6.6.2)

- Linux 6.6.2 (bsc#1012628).
- hwmon: (nct6775) Fix incorrect variable reuse in fan_div
  calculation (bsc#1012628).
- numa: Generalize numa_map_to_online_node() (bsc#1012628).
- sched/topology: Fix sched_numa_find_nth_cpu() in CPU-less case
  (bsc#1012628).
- sched/topology: Fix sched_numa_find_nth_cpu() in non-NUMA case
  (bsc#1012628).
- sched/fair: Fix cfs_rq_is_decayed() on !SMP (bsc#1012628).
- iov_iter, x86: Be consistent about the __user tag on
  copy_mc_to_user() (bsc#1012628).
- sched/uclamp: Set max_spare_cap_cpu even if max_spare_cap is 0
  (bsc#1012628).
- sched/uclamp: Ignore (util == 0) optimization in feec() when
  p_util_max = 0 (bsc#1012628).
- objtool: Propagate early errors (bsc#1012628).
- sched: Fix stop_one_cpu_nowait() vs hotplug (bsc#1012628).
- nfsd: Handle EOPENSTALE correctly in the filecache
  (bsc#1012628).
- vfs: fix readahead(2) on block devices (bsc#1012628).
- writeback, cgroup: switch inodes with dirty timestamps to
  release dying cgwbs (bsc#1012628).
- x86/srso: Fix SBPB enablement for (possible) future fixed HW
  (bsc#1012628).
- x86/srso: Print mitigation for retbleed IBPB case (bsc#1012628).
- x86/srso: Fix vulnerability reporting for missing microcode
  (bsc#1012628).
- x86/srso: Fix unret validation dependencies (bsc#1012628).
- futex: Don't include process MM in futex key on no-MMU
  (bsc#1012628).
- x86/numa: Introduce numa_fill_memblks() (bsc#1012628).
- ACPI/NUMA: Apply SRAT proximity domain to entire CFMWS window
  (bsc#1012628).
- cgroup/cpuset: Fix load balance state in
  update_partition_sd_lb() (bsc#1012628).
- x86/sev-es: Allow copy_from_kernel_nofault() in earlier boot
  (bsc#1012628).
- x86/boot: Fix incorrect startup_gdt_descr.size (bsc#1012628).
- cpu/SMT: Make SMT control more robust against enumeration
  failures (bsc#1012628).
- x86/apic: Fake primary thread mask for XEN/PV (bsc#1012628).
- srcu: Fix callbacks acceleration mishandling (bsc#1012628).
- drivers/clocksource/timer-ti-dm: Don't call clk_get_rate()
  in stop function (bsc#1012628).
- x86/nmi: Fix out-of-order NMI nesting checks & false positive
  warning (bsc#1012628).
- pstore/platform: Add check for kstrdup (bsc#1012628).
- perf: Optimize perf_cgroup_switch() (bsc#1012628).
- selftests/x86/lam: Zero out buffer for readlink() (bsc#1012628).
- PCI/MSI: Provide stubs for IMS functions (bsc#1012628).
- string: Adjust strtomem() logic to allow for smaller sources
  (bsc#1012628).
- genirq/matrix: Exclude managed interrupts in
  irq_matrix_allocated() (bsc#1012628).
- irqchip/sifive-plic: Fix syscore registration for multi-socket
  systems (bsc#1012628).
- wifi: ath12k: fix undefined behavior with __fls in dp
  (bsc#1012628).
- wifi: cfg80211: add flush functions for wiphy work
  (bsc#1012628).
- wifi: mac80211: move radar detect work to wiphy work
  (bsc#1012628).
- wifi: mac80211: move scan work to wiphy work (bsc#1012628).
- wifi: mac80211: move offchannel works to wiphy work
  (bsc#1012628).
- wifi: mac80211: move sched-scan stop work to wiphy work
  (bsc#1012628).
- wifi: mac80211: fix RCU usage warning in mesh fast-xmit
  (bsc#1012628).
- wifi: cfg80211: fix off-by-one in element defrag (bsc#1012628).
- wifi: mac80211: fix # of MSDU in A-MSDU calculation
  (bsc#1012628).
- wifi: iwlwifi: honor the enable_ini value (bsc#1012628).
- wifi: iwlwifi: don't use an uninitialized variable
  (bsc#1012628).
- i40e: fix potential memory leaks in i40e_remove() (bsc#1012628).
- iavf: Fix promiscuous mode configuration flow messages
  (bsc#1012628).
- selftests/bpf: Correct map_fd to data_fd in tailcalls
  (bsc#1012628).
- bpf, x64: Fix tailcall infinite loop (bsc#1012628).
- wifi: cfg80211: fix kernel-doc for wiphy_delayed_work_flush()
  (bsc#1012628).
- udp: introduce udp->udp_flags (bsc#1012628).
- udp: move udp->no_check6_tx to udp->udp_flags (bsc#1012628).
- udp: move udp->no_check6_rx to udp->udp_flags (bsc#1012628).
- udp: move udp->gro_enabled to udp->udp_flags (bsc#1012628).
- udp: add missing WRITE_ONCE() around up->encap_rcv
  (bsc#1012628).
- udp: move udp->accept_udp_{l4|fraglist} to udp->udp_flags
  (bsc#1012628).
- udp: lockless UDP_ENCAP_L2TPINUDP / UDP_GRO (bsc#1012628).
- udp: annotate data-races around udp->encap_type (bsc#1012628).
- udplite: remove UDPLITE_BIT (bsc#1012628).
- udplite: fix various data-races (bsc#1012628).
- selftests/bpf: Skip module_fentry_shadow test when bpf_testmod
  is not available (bsc#1012628).
- tcp: call tcp_try_undo_recovery when an RTOd TFO SYNACK is ACKed
  (bsc#1012628).
    ... changelog too long, skipping 987 lines ...
- commit 9ecdaa5

==== libX11 ====
Subpackages: libX11-6 libX11-data libX11-xcb1

- this update is needed due to jsc#PED-7282; it includes the
  security fix for CVE-2022-3555 (bsc#1204425, bsc#1208881) and
  a fix for a race condition in libX11 that causes various
  applications to crash randomly (boo#1181963)

==== libfido2 ====
Version update (1.13.0 -> 1.14.0)

- update to 1.14.0:
  * fido2-cred -M, fido2-token -G: support raw client data
    via -w flag.
  * New API calls:
  * * fido_assert_authdata_raw_len;
  * * fido_assert_authdata_raw_ptr;
  * * fido_assert_set_winhello_appid.
- add keyring for gpg validation

==== llvm17 ====
Version update (17.0.4 -> 17.0.5)

- Update to version 17.0.5.
  * This release contains bug-fixes for the LLVM 17.0.0 release.
    This release is API and ABI compatible with 17.0.0.
- Rebase llvm-do-not-install-static-libraries.patch.
- Also test clang-tools-extra (at least most parts) and lld.
- Adapt test in lld-default-sha1.patch.
- Don't disable testing if qemu_user_space_build has been set to 0.

==== mcelog ====
Version update (195 -> 196)

- Update to version 196:
  * mcelog: Add second model number for Arrowlake

==== mdadm ====

- No longer recommend smtp-daemon: this was a remainder from the
  cron configuration, which was removed back in 2018.

==== openvpn ====
Version update (2.6.7 -> 2.6.8)
Subpackages: openvpn-auth-pam-plugin

- update to 2.6.8:
  * SIGSEGV crash: Do not check key_state buffers that are in S_UNDEF
    state - the new sanity check function introduced in 2.6.7 sometimes
    tried to use a NULL pointer after an unsuccessful TLS handshake
  * CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly
    use a send buffer after it has been free()d in some circumstances,
    causing some free()d memory to be sent to the peer. All configurations
    using TLS (e.g. not using --secret) are affected by this issue.
  * CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly
    restore --fragment configuration in some circumstances, leading to a
    division by zero when --fragment is used. On platforms where division
    by zero is fatal, this will cause an OpenVPN crash.
  * DCO: warn if DATA_V1 packets are sent by the other side - this a hard
    incompatibility between a 2.6.x client connecting to a 2.4.0-2.4.4
    server, and the only fix is to use --disable-dco.
  * Remove OpenSSL Engine method for loading a key. This had to be removed
    because the original author did not agree to relicensing the code with
    the new linking exception added. This was a somewhat obsolete feature
    anyway as it only worked with OpenSSL 1.x, which is end-of-support.
  * add warning if p2p NCP client connects to a p2mp server - this is a
    combination that used to work without cipher negotiation (pre 2.6 on
    both ends), but would fail in non-obvious ways with 2.6 to 2.6.
  * add warning to --show-groups that not all supported groups are listed
    (this is due the internal enumeration in OpenSSL being a bit weird,
    omitting X448 and X25519 curves).
  * --dns: remove support for exclude-domains argument (this was a new 2.6
    option, with no backend support implemented yet on any platform, and it
    turns out that no platform supported it at all - so remove option again)
  * warn user if INFO control message too long, do not forward to management
    client (safeguard against protocol-violating server implementations)
  * DCO-WIN: get and log driver version (for easier debugging).
  * print "peer temporary key details" in TLS handshake
  * log OpenSSL errors on failure to set certificate, for example if the
    algorithms used are in acceptable to OpenSSL (misleading message would be
    printed in cryptoapi / pkcs11 scenarios)
  * add CMake build system for MinGW and MSVC builds
  * remove old MSVC build system
  * improve cmocka unit test building for Windows

==== xen ====

- Pass XEN_BUILD_DATE + _TIME to override build date (boo#1047218)

==== yast2-trans ====
Version update (84.87.20231104.b73ad6fbc9 -> 84.87.20231117.f12231d4de)
Subpackages: yast2-trans-cs yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-fr yast2-trans-hu yast2-trans-it yast2-trans-ja yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ru yast2-trans-zh_CN yast2-trans-zh_TW

- Update to version 84.87.20231117.f12231d4de:
  * New POT for text domain 'cc'.