Packages changed:
  ImageMagick (7.1.0.57 -> 7.1.0.60)
  c-ares (1.18.1 -> 1.19.0)
  dLeyna
  libimagequant (2.17.0 -> 2.18.0)
  libnvme (1.2 -> 1.3)
  librdkafka (1.9.2 -> 2.0.2)
  libreoffice
  nvme-cli (2.2.1 -> 2.3)
  perl-Net-Patricia
  systemd (252.4 -> 252.5)
  systemd-presets-branding-MicroOS (20200323 -> 20230130)
  xterm (377 -> 378)
  yast2-samba-client (4.5.2 -> 4.5.3)
  zsh

=== Details ===

==== ImageMagick ====
Version update (7.1.0.57 -> 7.1.0.60)
Subpackages: ImageMagick-config-7-SUSE ImageMagick-extra libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10

- Update to 7.1.0.60
  * https://github.com/ImageMagick/Website/blob/main/ChangeLog.md#710-60

==== c-ares ====
Version update (1.18.1 -> 1.19.0)

- Update to version 1.19.0
  Security:
  * Low. Stack overflow in ares_set_sortlist() which is used
    during c-ares initialization and typically provided by an
    administrator and not an end user.
  Changes:
  * Add ARES_OPT_HOSTS_FILE similar to ARES_OPT_RESOLVCONF for
    specifying a custom hosts file location.
  Bug fixes:
  * Fix memory leak in reading /etc/hosts when using localhost
    fallback.
  * Fix chain building c-ares when libresolv is already included by
    another project.
  * File lookup should not immediately abort as there may be other
    tries due to search criteria.
  * Asterisks should be allowed in host validation as CNAMEs may
    reference wildcard domains.
  * AutoTools build system referenced bad STDC_HEADERS macro.
  * Even if one address class returns a failure for
    ares_getaddrinfo() we should still return the results we have.
  * Fix ares_getaddrinfo() numerical address resolution with
    AF_UNSPEC
  * Fix tools and help information.
  * Various documentation fixes and cleanups.
  * Add include guards to ares_data.h
  * c-ares could try to exceed maximum number of iovec entries
    supported by system.
  * The RFC6761 6.3 states localhost subdomains must be offline too

==== dLeyna ====

- Add dLeyna-no-python-shebang.patch: remove /usr/bin/python
  shebang from download_sync_controller.py. The file is installed
  into a python 3.10 site-directory and thus clearly does not need
  a python2 shebang.

==== libimagequant ====
Version update (2.17.0 -> 2.18.0)

- update to 2.18:
  - added more perceptually-weighed color selection
  - dropped problematic omp_set_nested()
  - fixed a rare memory leak

==== libnvme ====
Version update (1.2 -> 1.3)
Subpackages: libnvme-mi1 libnvme1

- Update to version 1.3:
  * Support added for Flexible Data Placement (TP4146)
  * Fabrics: added support for Persistent Discovery Controllers.
  * libnvme-mi added a quirk framework to workaround special behavior of
  certain devices
  * The python binding behaves more friendly in a threading environment
  by release the GIL on blocking calls.
  * Replaced  3the libsystemd dependency with libdbus
  * A lot of small fixes everywhere (leaks, wrong ordering of arguments, ...)
- Update spec file
  * Project depends on meson >= 0.50.0

==== librdkafka ====
Version update (1.9.2 -> 2.0.2)

- update to 2.0.2:
  * OffsetFetch Protocol Update (#3995).
  * Add Consumer Group operations to Admin API (started by @lesterfan, #3995).
  * Allow listing consumer groups per state (#3995).
  * Partially implemented: support for AlterConsumerGroupOffsets
  * OpenSSL 3.0.x support - the maximum bundled OpenSSL version is now 3.0.7 (previously 1.1.1q).
  * Fixes to the transactional and idempotent producer.
  * The introduction of OpenSSL 3.0.x in the self-contained librdkafka
    bundles changes the default set of available ciphers, in particular all obsolete
    or insecure ciphers and algorithms as listed in the OpenSSL legacy
    manual page are now disabled by default.
    Should you need to use any of these old ciphers you'll need to
    explicitly enable the `legacy` provider by configuring
    `ssl.providers=default,legacy` on the librdkafka client.
    OpenSSL 3.0.x deprecates the use of engines, which is being replaced by
    providers. As such librdkafka will emit a deprecation warning if
    `ssl.engine.location` is configured. OpenSSL providers may be
    configured with the new `ssl.providers` configuration property.
    The default value for `ssl.endpoint.identification.algorithm` has been
    changed from `none` (no hostname verification) to `https`, which enables
    broker hostname verification (to counter man-in-the-middle
    impersonation attacks) by default.  To restore the previous behaviour, set
    `ssl.endpoint.identification.algorithm` to `none`.
  * The Consumer Batch APIs `rd_kafka_consume_batch()` and
    `rd_kafka_consume_batch_queue()` are not thread safe if
    `rkmessages_size` is greater than 1 and any of the **seek**,
  * *pause**, **resume** or **rebalancing** operation is performed in
    parallel with any of the above APIs. Some of the messages might be
    lost, or erroneously returned to the application, in the above scenario.
  * It is strongly recommended to use the Consumer Batch APIs and the
    mentioned operations in sequential order in order to get consistent result.
  * For **rebalancing** operation to work in sequencial manner, please set
    `rebalance_cb` configuration property (refer
    [examples/rdkafka_complex_consumer_example.c]
  * (examples/rdkafka_complex_consumer_example.c) for the help with the
    usage) for the consumer.
  * Added `rd_kafka_sasl_set_credentials()` API to update SASL credentials.
  * Setting `allow.auto.create.topics` will no longer give a warning if used
    by a producer, since that is an expected use case.  Improvement in
    documentation for this property.
  * Added a `resolve_cb` configuration setting that permits using custom
    DNS resolution logic.
  * Added `rd_kafka_mock_broker_error_stack_cnt()`.
  * The librdkafka.redist NuGet package has been updated to have fewer external
    dependencies for its bundled librdkafka builds, as everything but cyrus-sasl
    is now built-in. There are bundled builds with and without linking to
    cyrus-sasl for maximum compatibility.
  * Admin API DescribeGroups() now provides the group instance id
    for static members KIP-345 (#3995).
  * Fixed memory leak when loading SSL certificates (@Mekk, #3930)
  * Load all CA certificates from `ssl.ca.pem`, not just the first one.
  * Each HTTP request made when using OAUTHBEARER OIDC would leak a small
    amount of memory.
  * When a PID epoch bump is requested and the producer is waiting
    to reconnect to the transaction coordinator, a failure in a find coordinator
    request could cause an assert to fail. This is fixed by retrying when the
    coordinator is known (#4020).
  * Transactional APIs (except `send_offsets_for_transaction()`) that
    timeout due to low timeout_ms may now be resumed by calling the same API
    again, as the operation continues in the background.
  * For fatal idempotent producer errors that may be recovered by bumping the
    epoch the current transaction must first be aborted prior to the epoch bump.
    This is now handled correctly, which fixes issues seen with fenced
    transactional producers on fatal idempotency errors.
  * Timeouts for EndTxn requests (transaction commits and aborts) are now
    automatically retried and the error raised to the application is also
    a retriable error.
  * TxnOffsetCommitRequests were retried immediately upon temporary errors in
    `send_offsets_to_transactions()`, causing excessive network requests.
    These retries are now delayed 500ms.
  * If `init_transactions()` is called with an infinite timeout (-1),
    the timeout will be limited to 2 * `transaction.timeout.ms`.
    The application may retry and resume the call if a retriable error is
    returned.
  * Back-off and retry JoinGroup request if coordinator load is in progress.
  * Fix `rd_kafka_consume_batch()` and `rd_kafka_consume_batch_queue()` skipping
    other partitions' offsets intermittently when **seek**, **pause**, **resume**
    or **rebalancing** is used for a partition.
  * Fix `rd_kafka_consume_batch()` and `rd_kafka_consume_batch_queue()`
    intermittently returing incorrect partitions' messages if **rebalancing**
  happens during these operations.

==== libreoffice ====
Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit

- add boost-181.patch to fix build with boost 1.81.x

==== nvme-cli ====
Version update (2.2.1 -> 2.3)
Subpackages: nvme-cli-bash-completion nvme-cli-zsh-completion

- Update to version 2.3:
  * Added support for Flexible Data Placement (TP4146)
  * Added Persistent Discovery Controller support (TP8013/TP8014)
  * nvme-mi: support for firmware downloads
  * nvme device-self-test learned the --wait command line argument
    which makes nvme-cli to wait (incl. progress bar) in foreground
    until the test has finished.
  * A lot of bug fixes all over the place
- Update spec file
  * Project depends on meson >= 0.50.0
  * make build dependency dropped

==== perl-Net-Patricia ====

- no-libnsl.diff: don't link against libnsl if we don't use it

==== systemd ====
Version update (252.4 -> 252.5)
Subpackages: libsystemd0 libsystemd0-32bit libudev1 libudev1-32bit systemd-32bit systemd-container systemd-devel systemd-lang udev

- Import commit d87834a33444b7163e741e1089e82b44af663808 (merge of v252.5)
  For a complete list of changes, visit:
  https://github.com/openSUSE/systemd/compare/5a506d73bde7ba9261985f8e9ce084044a519432...d87834a33444b7163e741e1089e82b44af663808
- Move the bash completion support for systemd-cryptenroll in udev.
- systemd-testsuite: move the integration tests in a dedicated sub directory.
- machines.target belongs to systemd-container, do its init/cleanup steps from
  the scriptlets of this sub-package.

==== systemd-presets-branding-MicroOS ====
Version update (20200323 -> 20230130)

- Introduce 50-default-MicroOS-user.preset to allow Systemd user
  units for MicroOS users
- Add transactional-update-notifier Systemd user unit to default
  user preset. This will allow MicroOS Desktop users to have
  Desktop notifications about transactional updates either
  succeeding or failing. The D-Bus service in use have been audited
  already (boo#1206163).
- 20230130

==== xterm ====
Version update (377 -> 378)
Subpackages: xterm-bin xterm-resize

- update to 378:
  * improve  descriptions  of  XTQMODKEYS  and  XTQALLOWED  features in
    ctlseqs.ms (reports by Bram Moolenaar, Thomas Wolff).
  * add bracketed+paste and report+version building blocks to terminfo,
    from ncurses 6.4
  * improve   check   for   unsupported  formatting  characters,  e.g.,
    zero-width space, to properly ignore them (report by Thomas Wolff).
  * improve/document  error-checking  for  some  of  the controls which
    return   responses:   DECRQSS,   XTGETXRES,   XTSETTCAP,  XTGETTCAP
    (prompted by discussion with David Leadbeater).
  * improve  limit-checks  for fallback font cache (report by Dimitrije
    Erdeljan).
  * improve check for too-wide glyph in fallback font by allowing xterm
    to  continue searching for a suitable font rather than just failing
    on  the first. Also add limitFontWidth to allow changing the amount
    by  which  a  glyph  must extend outside the font's bounding box to
    disallow it.

==== yast2-samba-client ====
Version update (4.5.2 -> 4.5.3)

- Add join option for enabling group policy; (bsc#1207604).
  - 4.5.3

==== zsh ====

- Replace transitional %usrmerged macro with regular version check (boo#1206798)