Packages changed:
  cheese
  ffmpeg-4
  libguestfs
  libstorage-ng (4.5.202 -> 4.5.203)
  llvm18 (18.1.4 -> 18.1.5)
  openSUSE-release (20240508 -> 20240509)
  openssl-3
  osinfo-db
  taglib
  transactional-update (4.6.6 -> 4.6.8)
  unbound (1.19.3 -> 1.20.0)
  virt-manager
  wicked (0.6.74 -> 0.6.75)
  wtmpdb (0.11.0 -> 0.12.0+git.20240508)
  yast2-installation (5.0.9 -> 5.0.10)
  yast2-storage-ng (5.0.13 -> 5.0.14)

=== Details ===

==== cheese ====
Subpackages: cheese-lang libcheese-common libcheese-gtk25 libcheese8 typelib-1_0-Cheese-3_0

- Add cheese-c99.patch: fix cast to invalid pointer type
  (glgo#GNOME/cheese!70).

==== ffmpeg-4 ====
Subpackages: libavcodec58_134 libavformat58_76 libavutil56_70 libpostproc55_9 libswresample3_9 libswscale5_9

- Add ffmpeg-CVE-2023-50010.patch:
  Backporting e4d2666b from upstream, fixes the out of array access.
  (CVE-2023-50010 bsc#1223256)

==== libguestfs ====
Subpackages: libguestfs-appliance libguestfs-winsupport libguestfs-xfs libguestfs0

- Set Recommends on zerofree and ntfsprogs for libguestfs-appliance

==== libstorage-ng ====
Version update (4.5.202 -> 4.5.203)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1

- merge gh#openSUSE/libstorage-ng#992
- fixed typos
- added .codespellrc
- 4.5.203

==== llvm18 ====
Version update (18.1.4 -> 18.1.5)
Subpackages: clang-tools clang18 libLLVM18 libclang-cpp18 libclang13 llvm18-gold

- Update to version 18.1.5.
  * This release contains bug-fixes for the LLVM 18.1.0 release.
    This release is API and ABI compatible with 18.1.0.
- Rebase llvm-do-not-install-static-libraries.patch.

==== openSUSE-release ====
Version update (20240508 -> 20240509)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd

- automatically generated by openSUSE-release-tools/pkglistgen

==== openssl-3 ====
Subpackages: libopenssl3 libopenssl3-32bit libopenssl3-x86-64-v3

- Add ktls capability [bsc#1216950]
  Already added in January, but not mentioned in this changelog.
- Security fix: [bsc#1222548, CVE-2024-2511]
  * Fix unconstrained session cache growth in TLSv1.3
  * Add openssl-CVE-2024-2511.patch

==== osinfo-db ====

- bsc#1222738 - virt-manager shows SLE Micro 6.0 in suggested OS
  version should be SL Micro 6.0
  add-slm6.0-support.patch
  Drop add-slem6.0-support.patch

==== taglib ====
Subpackages: libtag2 libtag_c2

- USe %autosetup macro: allows us to eliminate usage of
  deprecated %patchN syntax.

==== transactional-update ====
Version update (4.6.6 -> 4.6.8)
Subpackages: dracut-transactional-update libtukit4 transactional-update-zypp-config tukit

- Version 4.6.8
  - tukit: Properly handle overlay syncing failures: If the system
    would not be rebooted and several snapshots accumulated in the
    meantime, it was possible that the previous base snapshot -
    required for /etc syncing - was deleted already. In that case
    changes in /etc might have been reset.
    [gh#openSUSE/transactional-update#116]
    [gh#kube-hetzner/terraform-hcloud-kube-hetzner#1287]
  - soft-reboot: Log requested reboot type
  - soft-reboot: Don't force hard reboot on version change only
- Version 4.6.7
  - Add support for snapper 0.11.0; also significantly decreases
    cleanup time [boo#1223504]

==== unbound ====
Version update (1.19.3 -> 1.20.0)
Subpackages: libunbound8 unbound-anchor

- Update to 1.20.0:
  Features:
  * The config for discard-timeout, wait-limit, wait-limit-cookie,
    wait-limit-netblock and wait-limit-cookie-netblock was added,
    for the fix to the DNSBomb issue.
  * Merge GH#1027: Introduce 'cache-min-negative-ttl' option.
  * Merge GH#1043 from xiaoxiaoafeifei: Add loongarch support;
    updates config.guess(2024-01-01) and config.sub(2024-01-01),
    verified with upstream.
  * Implement cachedb-check-when-serve-expired: yes option, default
    is enabled. When serve expired is enabled with cachedb, it
    first checks cachedb before serving the expired response.
  * Fix GH#876: [FR] can unbound-checkconf be silenced when
    configuration is valid?
  Bug Fixes:
  * Fix for the DNSBomb vulnerability CVE-2024-33655. Thanks to
    Xiang Li from the Network and Information Security Lab of
    Tsinghua University for reporting it.
  * Update doc/unbound.doxygen with 'doxygen -u'. Fixes option
    deprecation warnings and updates with newer defaults.
  * Remove unused portion from iter_dname_ttl unit test.
  * Fix validator classification of qtype DNAME for positive and
    redirection answers, and fix validator signature routine for
    dealing with the synthesized CNAME for a DNAME without
    previously encountering it and also for when the qtype is
    DNAME.
  * Fix qname minimisation for reply with a DNAME for qtype CNAME
    that answers it.
  * Fix doc test so it ignores but outputs unsupported doxygen
    options.
  * Fix GH#1021 Inconsistent Behavior with Changing
    rpz-cname-override and doing a unbound-control reload.
  * Merge GH#1028: Clearer documentation for tcp-idle-timeout and
    edns-tcp-keepalive-timeout.
  * Fix GH#1029: rpz trigger clientip and action rpz-passthru not
    working as expected.
  * Fix rpz that the rpz override is taken in case of clientip
    triggers. Fix that the clientip passthru action is logged. Fix
    that the clientip localdata action is logged. Fix rpz override
    action cname for the clientip trigger.
  * Fix to unify codepath for local alias for rpz cname action
    override.
  * Fix rpz for cname override action after nsdname and nsip
    triggers.
  * Fix that addrinfo is not kept around but copied and freed, so
    that log-destaddr uses a copy of the information, much like NSD
    does.
  * Merge GH#1030: Persist the openssl and expat directories for
    repeated Windows builds.
  * Fix that rpz CNAME content is limited to the max number of
    cnames.
  * Fix rpz, it follows iterator CNAMEs for nsip and nsdname and
    sets the reply query_info values, that is better for debug
    logging.
  * Fix rpz that copies the cname override completely to the temp
    region, so there are no references to the rpz region.
  * Add rpz unit test for nsip action override.
  * Fix rpz for qtype CNAME after nameserver trigger.
  * Fix rpz so that rpz CNAME can apply after rpz CNAME. And fix
    that clientip and nsip can give a CNAME.
  * Fix localdata and rpz localdata to match CNAME only if no
    direct type match is available.
  * Merge GH#831 from Pierre4012: Improve Windows NSIS installer
    script (setup.nsi).
  * For GH#831: Format text, use exclamation icon and explicit label
    names.
  * Fix name of unit test for subnet cache response.
  * Fix GH#1032: The size of subnet_msg_cache calculation mistake
    cause memory usage increased beyond expectations.
  * Fix for GH#1032, add safeguard to make table space positive.
  * Fix comment in lruhash space function.
  * Fix to add unit test for lruhash space that exercises the
    routines.
  * Fix that when the server truncates the pidfile, it does not
    follow symbolic links.
  * Fix that the server does not chown the pidfile.
  * Fix GH#1034: DoT forward-zone via unbound-control.
  * Fix for crypto related failures to have a better error string.
  * Fix GH#1035: Potential Bug while parsing port from the
    "stub-host" string; also affected forward-zones and
    remote-control host directives.
  * Fix GH#369: dnstap showing extra responses; for client responses
    right from the cache when replying with expired data or
    prefetching.
  * Fix GH#1040: fix heap-buffer-overflow issue in function
    cfg_mark_ports of file util/config_file.c.
  * For GH#1040: adjust error text and disallow negative ports in
    other parts of cfg_mark_ports.
  * Fix comment syntax for view function views_find_view.
  * Fix GH#595: unbound-anchor cannot deal with full disk; it will
    now first write out to a temp file before replacing the
    original one, like Unbound already does for
    auto-trust-anchor-file.
  * Fixup compile without cachedb.
  * Add test for cachedb serve expired.
  * Extended test for cachedb serve expired.
  * Fix makefile dependencies for fake_event.c.
  * Fix cachedb for serve-expired with serve-expired-reply-ttl.
  * Fix to not reply serve expired unless enabled for cachedb.
    ... changelog too long, skipping 32 lines ...
  * Fix doxygen comment for errinf_to_str_bogus.

==== virt-manager ====
Subpackages: virt-install virt-manager-common

- bsc#1222738 - virt-manager shows SLE Micro 6.0 in suggested OS
  version should be SL Micro 6.0
  virtinst-add-slm-detection-support.patch

==== wicked ====
Version update (0.6.74 -> 0.6.75)
Subpackages: wicked-service

- Update to version 0.6.75:
  - cleanup: fix ni_fsm_state_t enum-int-mismatch warnings
  - cleanup: fix overflow warnings in a socket testcase on i586
  - ifcheck: report new and deleted configs as changed (bsc#1218926)
  - man: improve ARP configuration options in the wicked-config.5
  - bond: add ports when master is UP to avoid port MTU revert (bsc#1219108)
  - cleanup: fix interface dependencies and shutdown order (bsc#1205604)
  - Remove port arrays from bond,team,bridge,ovs-bridge (redundant)
    and consistently use config and state info attached to the port
    interface as in rtnetlink(7).
  - Cleanup ifcfg parsing, schema configuration and service properties
  - Migrate ports in xml config and policies already applied in nanny
  - Remove "missed config" generation from finite state machine, which
    is completed while parsing the config or while xml config migration.
  - Issue a warning when "lower" interface (e.g. eth0) config is missed
    while parsing config depending on it (e.g. eth0.42 vlan).
  - Resolve ovs master to the effective bridge in config and wickedd
  - Implement netif-check-state require checks using system relations
    from wickedd/kernel instead of config relations for ifdown and add
    linkDown and deleteDevice checks to all master and lower references.
  - Add a `wicked <ifup|ifdown|ifreload> --dry-run …` option to show the
    system/config interface hierarchies as notice with +/- marked
    interfaces to setup and/or shutdown.
- Removed patches included in the source archive:
  [- 0001-addrconf-fix-fallback-lease-drop-bsc-1220996.patch]
  [- 0002-extensions-nbft-replace-nvme-show-nbft-with-nvme-nbf.patch]
  [- 0003-move-all-attribute-definitions-to-compiler-h.patch]
  [- 0004-hide-secrets-in-debug-log-bsc-1221194.patch]
  [- 0005-client-do-to-not-convert-sec-to-msec-twice-bsc-1222105.patch]

==== wtmpdb ====
Version update (0.11.0 -> 0.12.0+git.20240508)
Subpackages: libwtmpdb0

- Update to version 0.12.0+git.20240508:
  - boot: Query systemd if soft-reboot was done

==== yast2-installation ====
Version update (5.0.9 -> 5.0.10)

- Added encryption_method and encryption_pbkdf in the product
  description file (section partitioning/proposal) in order to
  set the encryption method/pbkdf in the Guided Setup of
  partitioning (related to bsc#1185291).
- 5.0.10

==== yast2-storage-ng ====
Version update (5.0.13 -> 5.0.14)

- Proposal: Make the encryption method and the key derivation
  function configurable by product.
- Partitioner: LUKS2 is always available and used by default, with
  PBKDF2 as default derivation function (related to bsc#1185291).
- 5.0.14