Packages changed:
  autoyast2 (4.4.22 -> 4.4.23)
  ibmtss
  kdump
  libdrm (2.4.107 -> 2.4.109)
  libjpeg-turbo (2.1.1 -> 2.1.2)
  openvpn (2.5.3 -> 2.5.4)
  policycoreutils
  python-fastparquet (0.7.1 -> 0.7.2)
  python-packaging (21.2 -> 21.3)
  ruby2.7 (2.7.4 -> 2.7.5)
  ruby3.0 (3.0.2 -> 3.0.3)
  smartmontools
  wsdd (0.6.4 -> 0.7.0)
  yast2-bootloader (4.4.8 -> 4.4.9)
  yast2-installation (4.4.22 -> 4.4.23)

=== Details ===

==== autoyast2 ====
Version update (4.4.22 -> 4.4.23)
Subpackages: autoyast2-installation

- During autoupgrade merge the selected product workflow in order
  to execute 2nd stage modules (bsc#1192437)
- 4.4.23

==== ibmtss ====
Subpackages: ibmtss-base libibmtss1

- Fix certificate list, run all tests.

==== kdump ====

- kdump-Store-kdump-initrd-in-kernel-image-path.patch: Fix kdumprd
  location for usrmerge kernels (boo#1190920).

==== libdrm ====
Version update (2.4.107 -> 2.4.109)
Subpackages: libdrm-devel libdrm2 libdrm_amdgpu1 libdrm_intel1 libdrm_nouveau2 libdrm_radeon1

- update to 2.4.109:
  * amdgpu: add new function to get fd
  * radeon: remove duplicate struct declaration
  * xf86drm: fix compiler warnings
  * ci fixes
- update to 2.4.108:
  * amdgpu: add amdgpu_stress utility v2
  * amdgpu: add marketing names from 21.30
  * amdgpu: add new marketing name
  * amdgpu: Make marketing names consistent
  * amdgpu: use drmCloseBufferHandle
  * build: bump version to 2.4.108
  * drm_fourcc: sync drm_fourcc with latest drm-next kernel
  * etnaviv: use drmCloseBufferHandle
  * exynos: use drmCloseBufferHandle
  * Fix -Werror=format build errors on FreeBSD
  * freedreno: use drmCloseBufferHandle
  * headers: drm: Sync with drm-next
  * intel: Do not assert on unknown chips in drm_intel_decode_context_alloc
  * intel: Drop legacy execbuffer support
  * intel: sync ADL-S PCI IDs with kernel
  * intel: Sync pci ids
  * intel: use drmCloseBufferHandle
  * man: refer to drmCloseBufferHandle instead of DRM_IOCTL_GEM_CLOSE
  * meson: Build libdrm.so as an unversioned lib on Android.
  * meson: Don't build libkms for Android.
  * nouveau: print bo address in the GPU/CPU vm and its size
  * nouveau: use drmCloseBufferHandle
  * omap: use drmCloseBufferHandle
  * radeon: use drmCloseBufferHandle
  * tegra: use drmCloseBufferHandle
  * test/amdgpu: Bob to Alice copy should be TMZ in secure bounce test
  * tests/amdgpu: Fix TMZ secure bounce test
  * xf86drm: add GEM_CLOSE ioctl wrapper
  * xf86drm: add iterator API for DRM/KMS IN_FORMATS blobs
  * xf86drm: fix mem leak in drm_usb_dev_path()
  * xf86drmMode: make drm_property_type_is arg const
  * xf86drmMode: simplify drm_property_type_is
  * xf86drmMode: switch to standard inline qualifier
  * xf86drm: Update drmGetFormatModifierNameFromArm to handle AFRC

==== libjpeg-turbo ====
Version update (2.1.1 -> 2.1.2)
Subpackages: libjpeg8 libjpeg8-32bit libturbojpeg0

- update to 2.1.2:
  * Fixed a regression introduced by 2.1 beta1[13] that caused the remaining
    GAS implementations of AArch64 (Arm 64-bit) Neon SIMD functions (which are used
    by default with GCC for performance reasons) to be placed in the `.rodata`
    section rather than in the `.text` section.  This caused the GNU linker to
    automatically place the `.rodata` section in an executable segment, which
    prevented libjpeg-turbo from working properly with other linkers and also
    represented a potential security risk.
  * Fixed an issue whereby the `tjTransform()` function incorrectly computed the
    MCU block size for 4:4:4 JPEG images with non-unary sampling factors and thus
    unduly rejected some cropping regions, even though those regions aligned with
    8x8 MCU block boundaries.
  * Fixed a regression introduced by 2.1 beta1[13] that caused the build system
    to enable the Arm Neon SIMD extensions when targetting Armv6 and other legacy
    architectures that do not support Neon instructions.
  * libjpeg-turbo now performs run-time detection of AltiVec instructions on
    FreeBSD/PowerPC systems if AltiVec instructions are not enabled at compile
    time.  This allows both AltiVec-equipped and non-AltiVec-equipped CPUs to be
    supported using the same build of libjpeg-turbo.
  * cjpeg now accepts a `-strict` argument similar to that of djpeg and
    jpegtran, which causes the compressor to abort if an LZW-compressed GIF input
    image contains incomplete or corrupt image data.

==== openvpn ====
Version update (2.5.3 -> 2.5.4)

- update to 2.5.4:
  * fix prompting for password on windows console if stderr redirection
    is in use - this breaks 2.5.x on Win11/ARM, and might also break
    on Win11/adm64 when released.
  * fix setting MAC address on TAP adapters (--lladdr) to use sitnl
    (was overlooked, and still used "ifconfig" calls)
  * various improvements for man page building (rst2man/rst2html etc)
  * minor bugfix with IN6_IS_ADDR_UNSPECIFIED() use (breaks build on
    at least one platform strictly checking this)
  * fix minor memory leak under certain conditions in add_route() and
    add_route_ipv6()
  * documentation improvements
  * copyright updates where needed
  * better error reporting when win32 console access fails

==== policycoreutils ====
Subpackages: policycoreutils-lang policycoreutils-python-utils python3-policycoreutils

- finish UsrMerge (bsc#1191089)
- Add run_init.pamd.patch to adjust to SUSE pam setup. Removed
  run_init_use_pam_keyinit.patch and included it in the new patch
  (bsc#1190098)

==== python-fastparquet ====
Version update (0.7.1 -> 0.7.2)

- update to version 0.7.2:
  * Ability to remove row-groups in-place for multifile datasets
  * Accept pandas nullable Float type
  * allow empty strings and fix min/max when there is no data
  * make writing statistics optional
  * row selection in to_pandas()

==== python-packaging ====
Version update (21.2 -> 21.3)

- update to 21.3:
  * Add a pp3-none-any tag (gh#pypa/packaging#311)
  * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion
    (gh#pypa/packaging#481), (gh#pypa/packaging#486)
  * Fix a spelling mistake (gh#pypa/packaging#479)

==== ruby2.7 ====
Version update (2.7.4 -> 2.7.5)
Subpackages: libruby2_7-2_7

- update to 2.7.5 (boo#1193081 boo#1193080 boo#1193035)
  https://www.ruby-lang.org/en/news/2021/11/24/ruby-2-7-5-released/
  - CVE-2021-41817: Regular Expression Denial of Service
    Vulnerability of Date Parsing Methods
  - CVE-2021-41816: Buffer Overrun in CGI.escape_html
  - CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse

==== ruby3.0 ====
Version update (3.0.2 -> 3.0.3)
Subpackages: libruby3_0-3_0

- update to 3.0.3 (boo#1193081 boo#1193080 boo#1193035)
  https://www.ruby-lang.org/en/news/2021/11/24/ruby-3-0-3-released/
  - CVE-2021-41817: Regular Expression Denial of Service
    Vulnerability of Date Parsing Methods
  - CVE-2021-41816: Buffer Overrun in CGI.escape_html
  - CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse

==== smartmontools ====

- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
  * harden_smartd.service.patch
  Modified:
  * smartd_generate_opts.service

==== wsdd ====
Version update (0.6.4 -> 0.7.0)

- Update sources
- Version 0.7.0
  * Using the server interface it is now possible to start and stop the
    host functionality (discoverable device) without terminating and
    restarting the daemon.
  * Support multiple IP addresses in 'hello' messages from other hosts (#89)
  * Support interfaces with IPv6-only configuration (#94)
  * Re-enable 'probe' command of API (#116)
  * Removed code marked as deprecated starting with Python 3.10.
  * The example systemd unit file now uses DynamicUser instead of the unsafe
    nobody:nobody combination. It also employs the rundir as chroot directory.
  * Code changed to use asyncio instead of selector-based
  * The server interface does not close connections after each command anymore.
  * For the 'list' command of the server interface, the list of discovered
    devices is terminated with a line containing only a single dot ('.')
  * Log device discovery only once per address and interface
- Some systemd hardening

==== yast2-bootloader ====
Version update (4.4.8 -> 4.4.9)

- bnc#1193016
  - fixed crash due to missing require
- 4.4.9

==== yast2-installation ====
Version update (4.4.22 -> 4.4.23)

- Remove no longer used extra warning about destructive actions
  before starting the installation process (related to bsc#1057437).
- 4.4.23