Packages changed:
  Mesa (22.2.1 -> 22.2.2)
  Mesa-drivers (22.2.1 -> 22.2.2)
  MozillaFirefox (105.0.3 -> 106.0)
  SVT-AV1 (1.2.0 -> 1.3.0)
  cpupower (5.17.9 -> 6.0.2)
  evolution-data-server (3.46.0 -> 3.46.1)
  glib2-branding-openSUSE
  harfbuzz (5.3.0 -> 5.3.1)
  imlib2
  installation-images-MicroOS (17.63 -> 17.64)
  keylime
  libstorage-ng (4.5.46 -> 4.5.47)
  patterns-gnome
  patterns-microos
  rsync (3.2.6 -> 3.2.7)
  samba (4.17.0+git.257.5f0ed03584a -> 4.17.1+git.270.17afe7cb6b)
  selinux-policy (20220714 -> 20221019)
  systemd (251.5 -> 251.6)
  wicked (0.6.69 -> 0.6.70)
  xkeyboard-config (2.36 -> 2.37)
  yast2-country (4.5.1 -> 4.5.2)
  yast2-installation (4.5.7 -> 4.5.8)
  yast2-storage-ng (4.5.9 -> 4.5.10)

=== Details ===

==== Mesa ====
Version update (22.2.1 -> 22.2.2)
Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1

- Add patch to fix LLVM optimization to avoid failure on armv7
  (https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/19217,
  boo#1204267):
  * u_0001-gallivm-Fix-LLVM-optimization-with-the-new-pass-mana.patch
- update to 22.2.2
  * This is the second bug fix release, back on the regular
    schedule. There's a lot here: nir, panfrost, gallium video,
    freedreno, nouveau, turnip, r300, gallium core, r600, virgl,
    core vulkan, anv, clover, d3d12, utils, radv, and plenty of
    zink.

==== Mesa-drivers ====
Version update (22.2.1 -> 22.2.2)
Subpackages: Mesa-dri Mesa-gallium Mesa-libva

- Add patch to fix LLVM optimization to avoid failure on armv7
  (https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/19217,
  boo#1204267):
  * u_0001-gallivm-Fix-LLVM-optimization-with-the-new-pass-mana.patch
- update to 22.2.2
  * This is the second bug fix release, back on the regular
    schedule. There's a lot here: nir, panfrost, gallium video,
    freedreno, nouveau, turnip, r300, gallium core, r600, virgl,
    core vulkan, anv, clover, d3d12, utils, radv, and plenty of
    zink.

==== MozillaFirefox ====
Version update (105.0.3 -> 106.0)
Subpackages: MozillaFirefox-translations-common

- Mozilla Firefox 106.0
  * support editing of PDFs
  * introduced Firefox View
  * major WebRTC update
  - Better screen sharing for Windows and Linux Wayland users
  - RTP performance and reliability improvements
  - Richer statistics
  - Cross-browser and service compatibility improvements
  * detailed releasenotes
    https://www.mozilla.org/en-US/firefox/106.0/releasenotes
  MFSA 2022-44 (bsc#1204421)
  * CVE-2022-42927 (bmo#1789128)
    Same-origin policy violation could have leaked cross-origin URLs
  * CVE-2022-42928 (bmo#1791520)
    Memory Corruption in JS Engine
  * CVE-2022-42929 (bmo#1789439)
    Denial of Service via window.print
  * CVE-2022-42930 (bmo#1789503)
    Race condition in DOM Workers
  * CVE-2022-42931 (bmo#1780571)
    Username saved to a plaintext file on disk
  * CVE-2022-42932 (bmo#1789729, bmo#1791363, bmo#1792041)
    Memory safety bugs fixed in Firefox
- added -msse2 flag to fix i386 build and workaround bmo#1795993
- fixed used buildflags
- renamed mozilla-i686-build.patch to mozilla-buildfixes.patch
  as it was extended with changes for other archs

==== SVT-AV1 ====
Version update (1.2.0 -> 1.3.0)

- Update to release 1.3.0:
  * Encoder:
  - Port SIMD optimizations from libDav1D making the conformant
    path (Inv. Transform) faster
  - Enabling smaller mini-GOP size configurations and tuning it
    for the low delay mode
  - Tuning the low-latency mode in random access targeting
    latencies from 250ms to 1s
  - Adding GOP-constrained Rate Control targeting low-latency
    streaming applications
  - Optimize mode decision features levels for depth
    partitioning, RDOQ, MD stage0 pruning in-loop filtering
    temporal filtering and TPL adding more granularity and
    gaining further quality
  - Preset tuning M0-M13 to smooth the spacing and utilize the
    quality improvements towards better tradeoffs
  * Build, Cleanup and Documentation:
  - Update preset and API documentation
  - Various functional bug fixes
  - Remove the use of GLOB in cmake and use file names
- Changes from release 1.2.1:
  * Encoder: Fix a crash at the end of the encode that may occur
    when an invalid metadata packet is sent with the EOS packet
  * Build, Cleanup:
  - y4m header pasring code cleanup
  - API cleanup and enhancements adding string options for RC
    mode
  - Added option to build without app / dec / enc using the
    build.sh / build.bat scripts

==== cpupower ====
Version update (5.17.9 -> 6.0.2)
Subpackages: cpupower-lang libcpupower0

- clean up sources: drop rapl_monitor.patch and
  cpupower_rapl.patch.
- Move bash-completion to subpackage so it isn't installed when
  not needed
- Remove powercap capabilities to patch againt latest kernel sources
  - > still keep the patches, will be removed after trying to get this
    mainline
- Add netlink (libnl-devel) requires

==== evolution-data-server ====
Version update (3.46.0 -> 3.46.1)
Subpackages: evolution-data-server-lang libcamel-1_2-64 libebackend-1_2-11 libebook-1_2-21 libebook-contacts-1_2-4 libecal-2_0-2 libedata-book-1_2-27 libedata-cal-2_0-2 libedataserver-1_2-27 libedataserverui-1_2-4

- Update to version 3.46.1:
  + po: Merge .source files back to the POTFILES.in
  + IMAPX: Hide complete requests in debug logs for some sensitive
    commands
  + Handle negative value for GUri's port
  + CamelDB: Fix an uninitialized variable warning
  + Bugs Fixed:
  - LDAP:
    . Possible memory leak in build_mods_from_contacts()
    . Use valid values for error paths of contact create/remove
  - Serialize OAuth2 token refresh for an account
  - IMAP: Does not forget renamed folders on the server
  - Tautology in e_named_parameters_equal()
  - camel-db.c: Rearrange transaction handling
  + Updated translations.

==== glib2-branding-openSUSE ====

- Fix default openSUSE wallpaper is not present in dark mode (boo#1204138).

==== harfbuzz ====
Version update (5.3.0 -> 5.3.1)
Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0

- Update to version 5.3.1:
  + Subsetter repacker fixes
  + Adjust Grapheme clusters for Katakana voiced sound marks
  + New hb-subset option --preprocess-face
- Add harfbuzz-5.3.1-Fix_check-symbols_failure.patch: Fix failing
  tests.

==== imlib2 ====
Subpackages: imlib2-loaders libImlib2-1

- enable loaders for JPEG2000, HEIF, Postscript, SVG, JPEG-XL

==== installation-images-MicroOS ====
Version update (17.63 -> 17.64)

- merge gh#openSUSE/installation-images#613
- remove reiserfs support (bsc#1204551)
- 17.64

==== keylime ====
Subpackages: keylime-config keylime-firewalld keylime-logrotate keylime-registrar keylime-tenant keylime-tpm_cert_store keylime-verifier python310-keylime

- Update requirement name to python-lark

==== libstorage-ng ====
Version update (4.5.46 -> 4.5.47)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1

- merge gh#openSUSE/libstorage-ng#900
- make result of ParitionTable::is_partition_id_supported() depend
  on parted version
- 4.5.47

==== patterns-gnome ====
Subpackages: patterns-gnome-gnome_basic patterns-gnome-gnome_basis patterns-gnome-gnome_basis_opt patterns-gnome-sw_management_gnome

- Require at-spi2-core else risk major performance issues (boo#1204564)
- Delete some abandoned packages.
- Replace gnome-tweak-tool to gnome-tweaks.
- Add gnome-backgrounds Recommends to gnome-x11 pattern.

==== patterns-microos ====
Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap

- Require at-spi2-core else risk major performance issues (boo#1204564)
- Do not require kdump on 32-bit arm - boo#1203888
- Replace tftpboot-installation-openSUSE-MicroOS-%{_arch}
  with tftpboot-installation-openSUSE-MicroOS-%{_target_cpu}
  to match what installation-images:MicroOS produces

==== rsync ====
Version update (3.2.6 -> 3.2.7)

- New version fixes bug (boo#1203727): implicit containing directory
  sometimes rejected as unrequested
- update to 3.2.7
  * BUG FIXES:
  - Fixed the client-side validating of the remote sender's filtering behavior.
  - More fixes for the "unrequested file-list name" name, including a copy of
    "/" with `--relative` enabled and a copy with a lot of related paths with
    `--relative` enabled (often derived from a `--files-from` list).
  - When rsync gets an unpack error on an ACL, mention the filename.
  - Avoid over-setting sanitize_paths when a daemon is serving "/" (even if
    "use chroot" is false).
  * ENHANCEMENTS:
  - Added negotiated daemon-auth support that allows a stronger checksum digest
    to be used to validate a user's login to the daemon.  Added SHA512, SHA256,
    and SHA1 digests to MD5 & MD4.  These new digests are at the highest priority
    in the new daemon-auth negotiation list.
  - Added support for the SHA1 digest in file checksums.  While this tends to be
    overkill, it is available if someone really needs it.  This overly-long
    checksum is at the lowest priority in the normal checksum negotiation list.
    See [`--checksum-choice`](rsync.1#opt) (`--cc`) and the `RSYNC_CHECKSUM_LIST`
    environment var for how to customize this.
  - Improved the xattr hash table to use a 64-bit key without slowing down the
    key's computation.  This should make extra sure that a hash collision doesn't
    happen.
  - If the `--version` option is repeated (e.g. `-VV`) then the information is
    output in a (still readable) JSON format.  Client side only.
  - The script `support/json-rsync-version` is available to get the JSON style
    version output from any rsync.  The script accepts either text on stdin
  * *or** an arg that specifies an rsync executable to run with a doubled
    `--version` option.  If the text we get isn't already in JSON format, it is
    converted. Newer rsync versions will provide more complete json info than
    older rsync versions. Various tweaks are made to keep the flag names
    consistent across versions.
  - The [`use chroot`](rsyncd.conf.5#) daemon parameter now defaults to "unset"
    so that rsync can use chroot when it works and a sanitized copy when chroot
    is not supported (e.g., for a non-root daemon).  Explicitly setting the
    parameter to true or false (on or off) behaves the same way as before.
  - The `--fuzzy` option was optimized a bit to try to cut down on the amount of
    computations when considering a big pool of files. The simple heuristic from
    Kenneth Finnegan resuled in about a 2x speedup.
  - If rsync is forced to use protocol 29 or before (perhaps due to talking to an
    rsync before 3.0.0), the modify time of a file is limited to 4-bytes.  Rsync
    now interprets this value as an unsigned integer so that a current year past
    2038 can continue to be represented. This does mean that years prior to 1970
    cannot be represented in an older protocol, but this trade-off seems like the
    right choice given that (1) 2038 is very rapidly approaching, and (2) newer
    protocols support a much wider range of old and new dates.
  - The rsync client now treats an empty destination arg as an error, just like
    it does for an empty source arg. This doesn't affect a `host:` arg (which is
    treated the same as `host:.`) since the arg is not completely empty.  The use
    of [`--old-args`](rsync.1#opt) (including via `RSYNC_OLD_ARGS`) allows the
    prior behavior of treating an empty destination arg as a ".".
  * PACKAGING RELATED:
  - The checksum code now uses openssl's EVP methods, which gets rid of various
    deprecation warnings and makes it easy to support more digest methods.  On
    newer systems, the MD4 digest is marked as legacy in the openssl code, which
    makes openssl refuse to support it via EVP.  You can choose to ignore this
    and allow rsync's MD4 code to be used for older rsync connections (when
    talking to an rsync prior to 3.0.0) or you can choose to configure rsync to
    tell openssl to enable legacy algorithms (see below).
  - A simple openssl config file is supplied that can be installed for rsync to
    use.  If you install packaging/openssl-rsync.cnf to a public spot (such as
    `/etc/ssl/openssl-rsync.cnf`) and then run configure with the option
    `--with-openssl-conf=/path/name.cnf`, this will cause rsync to export the
    configured path in the OPENSSL_CONF environment variable (when the variable
    is not already set).  This will enable openssl's MD4 code for rsync to use.
  - The packager may wish to include an explicit "use chroot = true" in the top
    section of their supplied /etc/rsyncd.conf file if the daemon is being
    installed to run as the root user (though rsync should behave the same even
    with the value unset, a little extra paranoia doesn't hurt).
  - I've noticed that some packagers haven't installed support/nameconvert for
    users to use in their chrooted rsync configs.  Even if it is not installed
    as an executable script (to avoid a python3 dependency) it would be good to
    install it with the other rsync-related support scripts.
  - It would be good to add support/json-rsync-version to the list of installed
    support scripts.

==== samba ====
Version update (4.17.0+git.257.5f0ed03584a -> 4.17.1+git.270.17afe7cb6b)
Subpackages: libsamba-policy0-python3 samba-ad-dc-libs samba-client samba-client-libs samba-libs samba-libs-python3 samba-python3

- Update to 4.17.1
  * CVE-2021-20251 [SECURITY] Bad password count not incremented
    atomically; (bso#14611).
  * smbXsrv_connection_shutdown_send result leaked; (bso#15174).
  * Flush on a named stream never completes; (bso#15182).
  * Permission denied calling SMBC_getatr when file not exists;
    (bso#15195).
  * Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later
    over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC;
    (bso#15189).
  * pytest: add file removal helpers for TestCaseInTempDir;
    (bso#15191).
  * CVE-2021-20251 [SECURITY] Bad password count not incremented
    atomically; (bso#14611).
  * Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later
    over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC;
    (bso#15189).
  * Flush on a named stream never completes; (bso#15182).
  * vfs_gpfs silently garbles timestamps > year 2106;
    (bso#15151).
  * CVE-2021-20251 [SECURITY] Bad password count not incremented
    atomically; (bso#14611).
  * multi-channel socket passing may hit a race if one of the
    involved processes already existed; (bso#15200).
  * memory leak on temporary of struct imessaging_post_state and
    struct tevent_immediate on struct imessaging_context (in
    rpcd_spoolss and maybe others); (bso#15201).
  * Since popt1.19 various use after free errors using result of
    poptGetArg are now exposed; (bso#15205); (boo#1204279).
  * Remove special case for O_CREAT in SMB_VFS_OPENAT from
    vfs_glusterfs; (bso#15192).
  * GETPWSID in memory cache grows indefinetly with each NTLM
    auth; (bso#15169).
  * CVE-2021-20251 [SECURITY] Bad password count not incremented
    atomically; (bso#14611).
- Install a systemd drop-in file for named service to allow
  read/write access to the DLZ directory; (bsc#1201689);
- Fix use after free errors resulting from using return of
  poptGetArg exposed since popt-1.19; (boo#1204279); (bso#15205).

==== selinux-policy ====
Version update (20220714 -> 20221019)
Subpackages: selinux-policy-targeted

- Update to version 20221019. Refreshed:
  * distro_suse_to_distro_redhat.patch
  * fix_apache.patch
  * fix_chronyd.patch
  * fix_cron.patch
  * fix_init.patch
  * fix_kernel_sysctl.patch
  * fix_networkmanager.patch
  * fix_rpm.patch
  * fix_sysnetwork.patch
  * fix_systemd.patch
  * fix_systemd_watch.patch
  * fix_unconfined.patch
  * fix_unconfineduser.patch
  * fix_unprivuser.patch
  * fix_xserver.patch
- Dropped fix_cockpit.patch as this is now packaged with cockpit itself
- Remove the ipa module, freeip ships their own module
- Added fix_alsa.patch to allow reading of config files in home directories
- Extended fix_networkmanager.patch and fix_postfix.patch to account
  for SUSE systems
- Added dontaudit_interface_kmod_tmpfs.patch to prevent AVCs when startproc
  queries the running processes
- Updated fix_snapper.patch to allow snapper to talk to rpm via dbus

==== systemd ====
Version update (251.5 -> 251.6)
Subpackages: libsystemd0 libudev1 systemd-doc systemd-lang udev

- Import commit f78bba8d037cc26c09bbdd167625b2d7fe1f5a30 (merge of v251.6)
  Beside the merge of v251.6, it also includes the following backport:
  - 07aaa898bd pstore: do not try to load all known pstore modules
  For a complete list of changes, visit:
  https://github.com/openSUSE/systemd/compare/07aa29e3942fb46b0aed5405c88e8d3179ca958f...f78bba8d037cc26c09bbdd167625b2d7fe1f5a30
- Don't create /var/lib/systemd/random-seed in %post (bsc#1181458)
  To make sure that the same seed is not replicated when installing from a
  'golden' image.
  For regular installations the random seed file is initialized by the installer
  itself (bsc#1174964). Even if it didn't, the random seed file would be created
  on first boot anyway.
- Avoid expanding of macro in comment which leads to an error on installation
  (workaround for bsc#1203847)

==== wicked ====
Version update (0.6.69 -> 0.6.70)
Subpackages: wicked-service

- version 0.6.70
- build: Link as Position Independent Executable (bsc#1184124)
- dhcp4: Fix issues in reuse of last lease (bsc#1187655)
- dhcp6: Add option to refresh lease (jsc#SLE-9492,jsc#SLE-24307)
- dhcp6: Remove address before release (USGv6 DHCPv6_1_2_07b)
- dhcp6: Ignore lease release status (USGv6 DHCPv6_1_2_07e,1_3_03)
- dhcp6: Consider ppp interfaces supported (gh#openSUSE/wicked#924)
- team: Fix to configure port priority in teamd (bsc#1200505)
- firewall-ext: No config change on ifdown (bsc#1201053,bsc#118950)
- wireless: Fix SEGV on supplicant restart (gh#openSUSE/wicked#931)
- wireless: Add support for WPA3 and PMF (bsc#1198894)
- wireless: Remove libiw dependencies (gh#openSUSE/wicked#910)
- client: Fix SEGV on empty xpath results (gh#openSUSE/wicked#919)
- client: Add release options to ifdown/ifreload (jsc#SLE-10249)
- dbus: Clear string array before append (gh#openSUSE/wicked#913)
- socket: Fix SEGV on heavy socket restart errors (bsc#1192508)
- systemd: Remove systemd-udev-settle dependency (bsc#1186787)

==== xkeyboard-config ====
Version update (2.36 -> 2.37)
Subpackages: xkeyboard-config-lang

- Update to version 2.37
  * bugfixes
- supersedes U_Fixes-regression-from-c3c5d02-were-mistakenly-replac.patch
- Reduce python3 to python3-base

==== yast2-country ====
Version update (4.5.1 -> 4.5.2)
Subpackages: yast2-country-data

- Use Canadian (CSA) instead of Canadian (Multilingual) keyboard
  layout, adapting to xkeyboard-config-2.37 (bsc#1204573)
- 4.5.2

==== yast2-installation ====
Version update (4.5.7 -> 4.5.8)

- add 'repo', 'cd', 'dvd', 'hd', and 'label' schemes to
  Yast::Transfer::FileFromUrl (jsc#SLE-22578, jsc#SLE-24584)
- 4.5.8

==== yast2-storage-ng ====
Version update (4.5.9 -> 4.5.10)

- Unit tests adapted to a recent behavior change in libstorage-ng
  (gh#openSUSE/libstorage-ng#900).
- 4.5.10