Packages changed:
  ImageMagick (7.1.0.50 -> 7.1.0.51)
  alsa (1.2.7.2 -> 1.2.8)
  alsa-ucm-conf (1.2.7.2 -> 1.2.8)
  alsa-utils (1.2.7 -> 1.2.8)
  bluez
  curl (7.85.0 -> 7.86.0)
  dbus-1 (1.14.0 -> 1.14.4)
  dbus-1-x11 (1.14.0 -> 1.14.4)
  emacs
  expat (2.4.9 -> 2.5.0)
  gdb
  gettext-runtime (0.21 -> 0.21.1)
  gtk4 (4.8.1 -> 4.8.2)
  irqbalance
  kernel-firmware (20220930 -> 20221017)
  libgsasl
  libidn2 (2.3.3 -> 2.3.4)
  libreoffice (7.4.1.2 -> 7.4.2.3)
  libxshmfence (1.3 -> 1.3.1)
  mtools (4.0.41 -> 4.0.42)
  multipath-tools (0.9.2+57+suse.cf3c1e9 -> 0.9.2+59+suse.ac8942d)
  openSUSE-build-key
  pkcs11-helper (1.28.0 -> 1.29.0)
  python-kiwi (9.24.48 -> 9.24.49)
  python-typing_extensions (4.3.0 -> 4.4.0)
  samba (4.17.1+git.270.17afe7cb6b -> 4.17.2+git.273.a55a83528b9)
  sddm
  sendmail
  shaderc (2022.2 -> 2022.3)
  syslogd (1.4.1 -> 1.5.1)
  systemd (251.6 -> 251.7)
  transactional-update (4.0.1 -> 4.1.0)
  vulkan-loader (1.3.224.0 -> 1.3.231.0)
  vulkan-tools (1.3.224.0 -> 1.3.231)
  webkit2gtk3 (2.38.0 -> 2.38.1)
  webkit2gtk3-soup2 (2.38.0 -> 2.38.1)
  xcb-util-cursor (0.1.3 -> 0.1.4)
  xdg-user-dirs (0.17 -> 0.18)
  yast2 (4.5.17 -> 4.5.18)
  yast2-add-on (4.5.1 -> 4.5.2)
  yast2-ruby-bindings (4.5.3 -> 4.5.4)
  zsh

=== Details ===

==== ImageMagick ====
Version update (7.1.0.50 -> 7.1.0.51)
Subpackages: ImageMagick-config-7-SUSE ImageMagick-extra libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10

- update to 7.1.0.51:
  * obtain scene from image structure
  * prevent undefined shift
  * Added private api to go through a linked list without using semaphores.
  * Fixed build.
  * latest automake configuration
  * fix undefined-shift in ReadTGAImage @ https://oss-fuzz.com/testcase?key=5129864151957504
  * prevent divide by zero exception

==== alsa ====
Version update (1.2.7.2 -> 1.2.8)
Subpackages: libasound2 libasound2-32bit libatopology2

- Update to version 1.2.8:
  add FreeBSD/NetBD/OpenBSD build support, fixes in control namehint,
  various PCM plugins and UCM.  For details, see:
    https://www.alsa-project.org/wiki/Changes_v1.2.7.2_v1.2.8
- Add keyring

==== alsa-ucm-conf ====
Version update (1.2.7.2 -> 1.2.8)

- Update to version 1.2.8:
  lots of new profiles for USB-audio, SOF and others:
  https://www.alsa-project.org/wiki/Changes_v1.2.7.2_v1.2.8
- Add keyring

==== alsa-utils ====
Version update (1.2.7 -> 1.2.8)

- Update to alsa-utils 1.2.8:
  automake update, minor alsactl, amixer and aplay fixes.
  https://www.alsa-project.org/wiki/Changes_v1.2.7.2_v1.2.8
- Add keyring

==== bluez ====
Subpackages: bluez-auto-enable-devices bluez-cups bluez-zsh-completion libbluetooth3

- For pushing bluez 5.65 to 15-SP5 (bluez-5.62), sync more change log:
  (jsc#PED-1407)
  - The hcidump-Fix-set_ext_ctrl-global-buffer-overflow.patch
    be merged to bluez-5.51 in 2018. (bsc#1013732)(CVE-2016-9801)
  - The following btmon patches are merged to bluez-5.51 and later:
  0001-btmon-fix-segfault-caused-by-buffer-over-read.patch
  0002-btmon-fix-segfault-caused-by-buffer-over-read.patch
  0003-btmon-fix-segfault-caused-by-buffer-over-read.patch
  0004-btmon-Fix-crash-caused-by-integer-underflow.patch
  0005-btmon-fix-stack-buffer-overflow.patch
  0006-btmon-fix-multiple-segfaults.patch
  0007-btmon-fix-segfault-caused-by-integer-underflow.patch
  0008-btmon-fix-segfault-caused-by-integer-undeflow.patch
  0009-btmon-fix-segfault-caused-by-buffer-over-read.patch
  0010-btmon-fix-segfault-caused-by-buffer-overflow.patch
  0011-btmon-fix-segfault-caused-by-integer-underflow.patch
  0012-btmon-fix-segfault-caused-by-buffer-over-read.patch
    (bsc#1015173)(CVE-2016-9918)(bsc#1013893)(CVE-2016-9802)
  - The shared-gatt-server-Fix-not-properly-checking-for-sec.patch
    be merged to bluez-5.57 in 2021.
    (bsc#1186463 CVE-2021-0129 CVE-2020-26558)
  - The gatt-Fix-potential-buffer-out-of-bound.patch be merged to
    bluez-5.56 in 2021. (bsc#1187165 CVE-2021-3588)
  - The shared-gatt-db-Introduce-gatt_db_attribute_set_fixed.patch
    be merged to bluez-5.56 in 2021. (bsc#1187165 CVE-2021-3588)
  - The gatt-Make-use-of-gatt_db_attribute_set_fixed_length.patch
    be merged to bluez-5.56 in 2021. (bsc#1187165 CVE-2021-3588)
  - Add JIRA-SLE-18497 number to 5.60, 5.61 and 5.62 update log
    to sync with bluez.changes in SLE15-SP5.
  - Install modprobe.conf files to %_modprobedir
    This change already in bluez.sepc in openSUSE:Factory/bluez.
    Sync the change log here. (bsc#1196275, jsc#SLE-20639)

==== curl ====
Version update (7.85.0 -> 7.86.0)
Subpackages: libcurl4

- Update to 7.86.0:
  * Security fixes:
  - POST following PUT confusion [bsc#1204383, CVE-2022-32221]
  - .netrc parser out-of-bounds access [bsc#1204384, CVE-2022-35260]
  - HTTP proxy double-free [bsc#1204385, CVE-2022-42915]
  - HSTS bypass via IDN [bsc#1204386, CVE-2022-42916]
  * Changes:
  - NPN: remove support for and use of
  - Websockets: initial support
  * Bugfixes:
  - altsvc: reject bad port numbers
  - autotools: reduce brute-force when detecting recv/send arg list
  - aws_sigv4: fix header computation
  - cli tool: do not use disabled protocols
  - connect: change verbose IPv6 address:port to [address]:port
  - connect: fix builds without AF_INET6
  - connect: fix Curl_updateconninfo for TRNSPRT_UNIX
  - connect: fix the wrong error message on connect failures
  - content_encoding: use writer struct subclasses for different encodings
  - cookie: reject cookie names or content with TAB characters
  - curl/add_file_name_to_url: use the libcurl URL parser
  - curl/get_url_file_name: use libcurl URL parser
  - curl: warn for --ssl use, considered insecure
  - docs/libcurl/symbols-in-versions: add several missing symbols
  - ftp: ignore a 550 response to MDTM
  - functypes: provide the recv and send arg and return types
  - getparameter: return PARAM_MANUAL_REQUESTED for -M even when disabled
  - header: define public API functions as extern c
  - headers: reset the requests counter at transfer start
  - hostip: guard PF_INET6 use
  - hostip: lazily wait to figure out if IPv6 works until needed
  - http, vauth: always provide Curl_allow_auth_to_host() functionality
  - http2: make nghttp2 less picky about field whitespace
  - http: try parsing Retry-After: as a number first
  - http_proxy: restore the protocol pointer on error
  - lib: add missing limits.h includes
  - lib: prepare the incoming of additional protocols
  - lib: sanitize conditional exclusion around MIME
  - libssh: if sftp_init fails, don't get the sftp error code
  - mprintf: reject two kinds of precision for the same argument
  - mqtt: return error for too long topic
  - netrc: compare user name case sensitively
  - netrc: replace fgets with Curl_get_line
  - netrc: use the URL-decoded user
  - ngtcp2: fix build errors due to changes in ngtcp2 library
  - noproxy: support proxies specified using cidr notation
  - openssl: make certinfo available for QUIC
  - resolve: make forced IPv4 resolve only use A queries
  - schannel: ban server ALPN change during recv renegotiation
  - schannel: don't reset recv/send function pointers on renegotiation
  - schannel: when importing PFX, disable key persistence
  - setopt: use the handler table for protocol name to number conversions
  - setopt: when POST is set, reset the 'upload' field
  - single_transfer: use the libcurl URL parser when appending query parts
  - smb: replace CURL_WIN32 with WIN32
  - tool: avoid generating ambiguous escaped characters in --libcurl
  - tool_main: exit at once if out of file descriptors
  - tool_operate: more transfer cleanup after parallel transfer fail
  - tool_operate: prevent over-queuing in parallel mode
  - tool_paramhelp: asserts verify maximum sizes for string loading
  - tool_xattr: save the original URL, not the final redirected one
  - url: a zero-length userinfo part in the URL is still a (blank) user
  - url: allow non-HTTPS HSTS-matching for debug builds
  - url: rename function due to name-clash in Watt-32
  - url: use IDN decoded names for HSTS checks
  - urlapi: detect scheme better when not guessing
  - urlapi: fix parsing URL without slash with CURLU_URLENCODE
  - urlapi: reject more bad characters from the host name field
  * Remove patch upstream:
  - connect-fix-Curl_updateconninfo-for-TRNSPRT_UNIX.patch

==== dbus-1 ====
Version update (1.14.0 -> 1.14.4)
Subpackages: dbus-1-common dbus-1-daemon dbus-1-tools libdbus-1-3 libdbus-1-3-32bit

- update to 1.14.4 (bsc#1204111, CVE-2022-42010,
    bsc#1204112, CVE-2022-42011,
    bsc#1204113, CVE-2022-42012):
  This is a security update for the dbus 1.14.x stable branch, fixing
  denial-of-service issues (CVE-2022-42010, -42011, -42012) and applying
  security hardening (dbus#416).
  Behaviour changes:
  * On Linux, dbus-daemon and other uses of DBusServer now create a
    path-based Unix socket, unix:path=..., when asked to listen on a
    unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to
    unix:dir=... on all platforms.
    Previous versions would have created an abstract socket, unix:abstract=...,
    in this situation.
    This change primarily affects the well-known session bus when run via
    dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring
    dbus with --enable-user-session and running it on a systemd system,
    already used path-based Unix sockets and is unaffected by this change.
    This behaviour change prevents a sandbox escape via the session bus socket
    in sandboxing frameworks that can share the network namespace with the host
    system, such as Flatpak.
    This change might cause a regression in situations where the abstract socket
    is intentionally shared between the host system and a chroot or container,
    such as some use-cases of schroot(1). That regression can be resolved by
    using a bind-mount to share either the D-Bus socket, or the whole /tmp
    directory, with the chroot or container.
    (dbus#416, Simon McVittie)
  * Denial of service fixes:
  - Evgeny Vereshchagin discovered several ways in which an authenticated
    local attacker could cause a crash (denial of service) in
    dbus-daemon --system or a custom DBusServer. In uncommon configurations
    these could potentially be carried out by an authenticated remote attacker.
  - An invalid array of fixed-length elements where the length of the array
    is not a multiple of the length of the element would cause an assertion
    failure in debug builds or an out-of-bounds read in production builds.
    This was a regression in version 1.3.0.
    (dbus#413, CVE-2022-42011; Simon McVittie)
  - A syntactically invalid type signature with incorrectly nested parentheses
    and curly brackets would cause an assertion failure in debug builds.
    Similar messages could potentially result in a crash or incorrect message
    processing in a production build, although we are not aware of a practical
    example. (dbus#418, CVE-2022-42010; Simon McVittie)
  - A message in non-native endianness with out-of-band Unix file descriptors
    would cause a use-after-free and possible memory corruption in production
    builds, or an assertion failure in debug builds. This was a regression in
    version 1.3.0. (dbus#417, CVE-2022-42012; Simon McVittie)
  - Preserve errno on failure to open /proc/self/oom_score_adj
    (dbus!285, Gentoo#834725; Mike Gilbert)
  - On Linux, don't log warnings if oom_score_adj is read-only but does not
    need to be changed (dbus!291, Simon McVittie)
  - Slightly improve error-handling for inotify
    (dbus!235, Simon McVittie)
  - Don't crash if dbus-daemon is asked to watch more than 128 directories
    for changes (dbus!302, Jan Tojnar)

==== dbus-1-x11 ====
Version update (1.14.0 -> 1.14.4)

- update to 1.14.4 (bsc#1204111, CVE-2022-42010,
    bsc#1204112, CVE-2022-42011,
    bsc#1204113, CVE-2022-42012):
  This is a security update for the dbus 1.14.x stable branch, fixing
  denial-of-service issues (CVE-2022-42010, -42011, -42012) and applying
  security hardening (dbus#416).
  Behaviour changes:
  * On Linux, dbus-daemon and other uses of DBusServer now create a
    path-based Unix socket, unix:path=..., when asked to listen on a
    unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to
    unix:dir=... on all platforms.
    Previous versions would have created an abstract socket, unix:abstract=...,
    in this situation.
    This change primarily affects the well-known session bus when run via
    dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring
    dbus with --enable-user-session and running it on a systemd system,
    already used path-based Unix sockets and is unaffected by this change.
    This behaviour change prevents a sandbox escape via the session bus socket
    in sandboxing frameworks that can share the network namespace with the host
    system, such as Flatpak.
    This change might cause a regression in situations where the abstract socket
    is intentionally shared between the host system and a chroot or container,
    such as some use-cases of schroot(1). That regression can be resolved by
    using a bind-mount to share either the D-Bus socket, or the whole /tmp
    directory, with the chroot or container.
    (dbus#416, Simon McVittie)
  * Denial of service fixes:
  - Evgeny Vereshchagin discovered several ways in which an authenticated
    local attacker could cause a crash (denial of service) in
    dbus-daemon --system or a custom DBusServer. In uncommon configurations
    these could potentially be carried out by an authenticated remote attacker.
  - An invalid array of fixed-length elements where the length of the array
    is not a multiple of the length of the element would cause an assertion
    failure in debug builds or an out-of-bounds read in production builds.
    This was a regression in version 1.3.0.
    (dbus#413, CVE-2022-42011; Simon McVittie)
  - A syntactically invalid type signature with incorrectly nested parentheses
    and curly brackets would cause an assertion failure in debug builds.
    Similar messages could potentially result in a crash or incorrect message
    processing in a production build, although we are not aware of a practical
    example. (dbus#418, CVE-2022-42010; Simon McVittie)
  - A message in non-native endianness with out-of-band Unix file descriptors
    would cause a use-after-free and possible memory corruption in production
    builds, or an assertion failure in debug builds. This was a regression in
    version 1.3.0. (dbus#417, CVE-2022-42012; Simon McVittie)
  - Preserve errno on failure to open /proc/self/oom_score_adj
    (dbus!285, Gentoo#834725; Mike Gilbert)
  - On Linux, don't log warnings if oom_score_adj is read-only but does not
    need to be changed (dbus!291, Simon McVittie)
  - Slightly improve error-handling for inotify
    (dbus!235, Simon McVittie)
  - Don't crash if dbus-daemon is asked to watch more than 128 directories
    for changes (dbus!302, Jan Tojnar)

==== emacs ====
Subpackages: emacs-el emacs-eln emacs-info emacs-nox emacs-x11 etags

- Fix typos in etags manpage
- Don't disable PIE

==== expat ====
Version update (2.4.9 -> 2.5.0)
Subpackages: libexpat1 libexpat1-32bit

- Update to 2.5.0: (bsc#1204708)
  * Security fixes:
  - CVE-2022-43680 -- Fix heap use-after-free after overeager
    destruction of a shared DTD in function
    XML_ExternalEntityParserCreate in out-of-memory situations.
    Expected impact is denial of service or potentially arbitrary
    code execution.
  * Bug fixes:
  - Fix curruption from undefined entities
  - Fix case when parsing was suspended while processing nested
    entities
  - Stop leaking opening tag bindings after a closing tag mismatch
    error where a parser is reset through XML_ParserReset and then
    reused to parse
  - CMake: Fix generation of pkg-config file
  - MinGW|CMake: Fix static library name
  * Other changes:
  - Protect header expat_config.h from multiple inclusion
  - examples: Make use of XML_GetBuffer and be more consistent
    across examples
  - Address compiler warnings
  - Version info bumped from 9:9:8 to 9:10:8; see
    https://verbump.de/ for what these numbers do

==== gdb ====

- Patches added (swo#29277):
  * gdb-fix-assert-in-handle_jit_event.patch
- Maintenance script qa.sh:
  * Add PR29706 and PR28617 kfails.

==== gettext-runtime ====
Version update (0.21 -> 0.21.1)
Subpackages: libtextstyle0

- update keyring for the last version update
- Update to Version 0.21.1
  * Runtime behaviour:
  - On AIX, locale names with a script or with an uppercase language are now
    supported.
    For example, sr_Cyrl_RS.UTF-8 is treated like sr_RS.UTF-8@cyrillic, and
    EN_US.UTF-8 is treated like en_US.UTF-8.
  * The base Unicode standard is now updated to 14.0.0.
  * Portability:
  - Building on macOS 11/arm64 is now supported.
  - Building on Linux/powerpc64le with glibc ≥ 2.35 is now supported.

==== gtk4 ====
Version update (4.8.1 -> 4.8.2)
Subpackages: gtk4-lang gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0

- Update to version 4.8.2:
  + Input:
  - Give input methods more control over resets and allow them to
    preserve state.
  - Align interpretation of modifiers in key events in X11 and
    Wayland.
  + GtkColumnView: Fixes to focus handling.
  + GtkPopover:
  - Fix problems with focus when dismissing popovers.
  - Fix problems with focusing editable labels in popovers.
  + Build:
  - Fix build problems with resources and non-gnu linkers.
  - Fix gi-docgen detection in cross builds.
  - Require meson 0.60.
  + Debugging:
  - Make more debug options available in no-debug builds.
  - Improve consistency of debug logging.
  - Give names to all sources.
  + Accessibility: Introduce GtkAccessibleRange.
  + Wayland:
  - Make monitor bounds handling more robust.
  - Prevent shrinking clients due to wrong toplevel bounds.
  + Broadway: Return correct pointer coordinates from device
    queries.
  + Updated translations.

==== irqbalance ====
Subpackages: irqbalance-ui

- run tests
- add Avoid-double-free-on-deinit_thermal.patch (bsc#1204607)

==== kernel-firmware ====
Version update (20220930 -> 20221017)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network

- Update to version 20221017 (git commit 48407ffd7adb):
  * cnm: update chips&media wave521c firmware.
  * brcm: add symlink for Pi Zero 2 W NVRAM file
  * rtw89: 8852b: add initial fw v0.27.32.0
  * iwlwifi: add new FWs from core72-129 release
  * iwlwifi: update 9000-family firmwares to core72-129
  * rtl_bt: Update RTL8852C BT USB firmware to 0xD5B8_A40A
  * amdgpu: update GC 10.3.6 RLC firmware
  * amdgpu: update GC 10.3.7 RLC firmware
  * amdgpu: update Yellow Carp RLC firmware
  * amdgpu: update Beige Goby RLC firmware
  * amdgpu: update Dimgrey Cavefish RLC firmware
  * amdgpu: update Navy Flounder RLC firmware
  * amdgpu: update Sienna Cichlid RLC firmware
  * mediatek: Update mt8195 SOF firmware to v0.4.1
  * qcom: add squashed version of a530 zap shader
  * rtw89: 8852c: update fw to v0.27.56.1
  * rtw89: 8852c: update fw to v0.27.56.0
  * mediatek: Update mt8186 SCP firmware
- Update Cirrus CS35L41 firmware (bsc#1203699)
  cirrus-WHENCE-update.patch
- Update aliases from 6.1-rc1 kernel

==== libgsasl ====
Subpackages: libgsasl-lang libgsasl7

- refresh keyring

==== libidn2 ====
Version update (2.3.3 -> 2.3.4)
Subpackages: libidn2-0 libidn2-0-32bit libidn2-lang

- update to 2.3.4:
  * Support for Unicode 15.0.0
  * Uses IDNA2008 from tables from unicode.org rather than IANA
    for consistency with other implementation and support for
    Unicode versions 12 through 15. This breaks backwards-
    compatibility regarding U+19DA and recent releases

==== libreoffice ====
Version update (7.4.1.2 -> 7.4.2.3)
Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit

- Fix bsc#1201095 - LO-L3: Text box shows that does not show in PowerPoint
  * bsc1201095.patch
- Update to 7.4.2.3:
  https://wiki.documentfoundation.org/Releases/7.4.2/RC3
  https://wiki.documentfoundation.org/Releases/7.4.2/RC2
  https://wiki.documentfoundation.org/Releases/7.4.2/RC1
- Remove upstreamed patches:
  * poppler-22.09.0.patch
  * bsc1203502.patch

==== libxshmfence ====
Version update (1.3 -> 1.3.1)

- Update to version 1.3.1
  * Update README for gitlab migration
  * Update configure.ac bug URL for gitlab migration
  * Fix spelling/wording issues
  * gitlab CI: add a basic build test
  * alloc: prefer atomic close-on-exec without O_TMPFILE as well
  * alloc: prefer SHM_ANON on FreeBSD a la memfd_create

==== mtools ====
Version update (4.0.41 -> 4.0.42)

- update to 4.0.42:
  * Added postcmd attribute in drive description to allow to
    execute "device release" code automatically at end of
    command
  * Code cleanup, signedness cleanup about directory entries

==== multipath-tools ====
Version update (0.9.2+57+suse.cf3c1e9 -> 0.9.2+59+suse.ac8942d)
Subpackages: kpartx libmpath0

- Update to version 0.9.2+59+suse.ac8942d:
  * Fix segfault in "multipath -t" command (boo#1204731)

==== openSUSE-build-key ====

- add the SUSE Container key in PEM format too to new
  /usr/share/pki/containers/ directory. (bsc#1204706)

==== pkcs11-helper ====
Version update (1.28.0 -> 1.29.0)
Subpackages: libpkcs11-helper1

- Update to 1.29.0:
  * build: do not fail if slot evnets are disabled, thanks to Fabrice Fontaine.
  * core: do not assume standard objects supported by provider.
  * openssl: set back key into EVP for openssl-3 to work, thanks to apollo13.

==== python-kiwi ====
Version update (9.24.48 -> 9.24.49)

- Bump version: 9.24.48 → 9.24.49
- Fixed test-image-vagrant
  virtualbox-guest-tools obsoletes virtualbox-guest-x11
- ignore the type check on the Result class
  With an update of mypy the bound TypeVar is no longer allowed.
  In newer versions of python we could use the "Self" type or
  import annotations from the future module. Unfortunately in
  older python versions which we still support (3.6) there is
  no non intrusive change which allows us to handle that type
  annotation. Thus this commit ignores the return type spec
  for Result.load() for the moment.
- Stop copying /dev files statically into the OCI container
  In containers (nspawn) where part of the /dev filesystem is bind-mounted
  from outside system, kiwi fails to do the rsync (in creation of the
  nodes).
  There is no reason to actually copy whole tree inside so let's just
  not do it (as it does not seem to be needed at all).
- List riscv64 as a valid architecture in the schemas
  This is needed so that architecture filters on riscv64 specifics can
  be defined.
- Support DM integrity legacy options
  Add a new attribute integrity_legacy_hmac="true|false" which
  allows to use old flawed HMAC calculation (does not protect superblock).
  Add a new attribute integrity_legacy_padding="true|false" which
  allows to use inefficient legacy padding. Do not use these attributes
  until compatibility with a specific old kernel is required!
- ci(lint): Add Shell linter - Differential Shellcheck
- Limit repo alias names to be a safe POSIX name
  Characters like spaces or other symbols used in repo alias names
  can cause the package manager to fail setting up the repo. Thus
  this patch changes the schema to only allow for safe POSIX names
  matching: {pattern = "[a-zA-Z0-9_\-\.]+"}. This Fixes #2170
- Increase space for test-image-embedded test
  Add more space to test profile: SystemFeatures
- Increase efifatimage size for legacy build test

==== python-typing_extensions ====
Version update (4.3.0 -> 4.4.0)

- Clean specfile from old cruft.
- Requires Python 3.7+
- Fix testsuite: Must test as module; don't need multibuild.
- Update Summary and Description
- Update to version 4.4.0
  * Add `typing_extensions.Any` a backport of python 3.11's Any class which is
    subclassable at runtime. (backport from python/cpython#31841, by Shantanu
    and Jelle Zijlstra). Patch by James Hilton-Balfe (@Gobot1234).
  * Add initial support for TypeVarLike `default` parameter, PEP 696.
    Patch by Marc Mueller (@cdce8p).
  * Runtime support for PEP 698, adding `typing_extensions.override`. Patch by
    Jelle Zijlstra.
  * Add the `infer_variance` parameter to `TypeVar`, as specified in PEP 695.
    Patch by Jelle Zijlstra.

==== samba ====
Version update (4.17.1+git.270.17afe7cb6b -> 4.17.2+git.273.a55a83528b9)
Subpackages: libsamba-policy0-python3 samba-ad-dc-libs samba-ad-dc-libs-32bit samba-client samba-client-32bit samba-client-libs samba-client-libs-32bit samba-gpupdate samba-ldb-ldap samba-libs samba-libs-32bit samba-libs-python3 samba-python3 samba-winbind samba-winbind-libs samba-winbind-libs-32bit

- Update to 4.17.2
  * CVE-2022-3592 [SECURITY] samba: Wide links protection broken;
    (bso#15207); (bsc#1204499).
  * CVE-2022-3437 [SECURITY] samba: Buffer overflow in Heimdal
    unwrap_des3();(bso#15134); (bsc#1204254).

==== sddm ====
Subpackages: sddm-branding-openSUSE

- Add patch to avoid launching xdg-desktop-portal by accident:
  * 0001-disable-automatic-portal-launching.patch

==== sendmail ====
Subpackages: libmilter1_0

- Remove maybe perilous shell script code from sm-client.pre (boo#1202937)

==== shaderc ====
Version update (2022.2 -> 2022.3)

- Update to release 2022.3
  * Implement default builtin constants needed for GL_EXT_mesh_shader.

==== syslogd ====
Version update (1.4.1 -> 1.5.1)
Subpackages: klogd syslog-service

- Update ot version 1.5.1
  ChangeLog for version 1.5.1
    Many thanks to Rainer Gerhards, rsyslog project lead, for
    identifying a problem with how rsyslog's rsyslogd and sysklogd's
    syslogd check for invalid priority values (CVE-2014-3634).
  ChangeLog for version 1.5
  * Fix file descriptor leak in klogd
  * Improve argument list processing
  * Prevent potential buffer overflow in reading messages from the
    kernel log ringbuffer
  * Ensure that "len" is not placed in a register, and that the endtty()
    signal handler is not installed too early which could cause a
    segmentation fault or worse
  * klogd will reconnect to the logger (mostly syslogd) after it went
    away during operation
  * On heavily loaded system syslog will not spit out error messages
    anymore when recvfrom() results in EAGAIN
  * Makefile improvements
  * Local copy of module.h
  * Improved manpage
  * Always log with syslogd's timezone and locale
  * Remove trailing newline when forwarding messages
  * Continue working properly if /etc/service is missing and ignore
    network activity
  * Continue writing to log files as soon as space becomes available
    again after a filled up disk
  * Removed test to detect control characters> 0x20 as this prevented
    characters encoded in UTF-8 to be properly passed through
  * Only resolve the local domain when accepting messages from remote
  * Properly accompany the MARK message with the facility
  * Improved daemonise routine in klogd to stabilise startup
  * klogd will not change the console log level anymore unless -c is given
  * Added back /usr/src/linux/System.map as fall-back location
  * Rewrite the module symbol parser to read from /proc/kallsyms
  * Notify the waiting parent process if the client dies
  * Complete rewrite of the oops kernel module for Linux 2.6
  * Only read kernel symbols from /proc/kallsyms if no System.map
    has been read
  * Improved symbol lookup
  * Prevent named pipes from becoming the controlling tty
  * Fixing a race condition in syslogd discovered in UML
  * Improved README.linux
  * Added boundary checks in klogd
  * Don't block on the network socket in case of packet loss
  * Don't crash when filesize limit is reached (e.g. without LFS)
  * Fix spurious hanging syslogd in connection with futex and NPTL
    introduced in recent glibc versions and Linux 2.6 (details)
  * Improved syslog.conf(5) manpage
  * Use socklen_t where appropriate
  * Use newer query_module function rather than stepping through /dev/kmem.
  * Remove special treatment of the percent sign in klogd
- Remove patches now upstream solved
  * klogd-obsolete.patch
  * sysklogd-1.4.1-fileleak.patch
  * sysklogd-1.4.1-ksym.patch
  * sysklogd-1.4.1-no_SO_BSDCOMPAT.diff
  * sysklogd-1.4.1-owl-crunch_list.diff
  * sysklogd-1.4.1-preserve_percents.patch
  * sysklogd-1.4.1-utf8.patch
- Port patches
  * sysklogd-1.4.1-CVE-2014-3634.patch
  * sysklogd-1.4.1-clearing.patch
  * sysklogd-1.4.1-dgram.patch
  * sysklogd-1.4.1-dns.patch
  * sysklogd-1.4.1-dontsleep.patch
  * sysklogd-1.4.1-forw.patch
  * sysklogd-1.4.1-klogd24.dif
  * sysklogd-1.4.1-ksyslogsize.diff
  * sysklogd-1.4.1-large.patch
  * sysklogd-1.4.1-nofortify.patch
  * sysklogd-1.4.1-reload.dif
  * sysklogd-1.4.1-reopen.patch
  * sysklogd-1.4.1-showpri.patch
  * sysklogd-1.4.1-signal.dif
  * sysklogd-1.4.1-sparc.patch
  * sysklogd-1.4.1-sysmap-prior-to-2.5.patch
  * sysklogd-1.4.1-systemd-multi.dif
  * sysklogd-1.4.1-systemd-sock-name.patch
  * sysklogd-1.4.1-systemd.dif
  * sysklogd-1.4.1-unix_sockets.patch
  * sysklogd-1.4.1.dif
  * sysklogd-ipv6.diff

==== systemd ====
Version update (251.6 -> 251.7)
Subpackages: libsystemd0 libsystemd0-32bit libudev1 libudev1-32bit systemd-32bit systemd-container systemd-lang udev

- Import commit c212388f7de8d22a3f7c22b19553548ccc0cdd15 (merge of v251.7)
  For a complete list of changes, visit:
  https://github.com/openSUSE/systemd/compare/f78bba8d037cc26c09bbdd167625b2d7fe1f5a30...c212388f7de8d22a3f7c22b19553548ccc0cdd15
- specfile: reindent comments

==== transactional-update ====
Version update (4.0.1 -> 4.1.0)
Subpackages: dracut-transactional-update libtukit4 transactional-update-zypp-config tukit tukitd

- Version 4.1.0
  - t-u: Add a "setup-kdump" command; implements [jsc#PED-1441]
  - Export TRANSACTIONAL_UPDATE_ROOT (the path to the snapshot) in
    the update environment; implements [jsc#PED-1078]
  - Add support for "notify" reboot method for desktop use
    [gh#openSUSE/transactional-update#93]
  - Fix kdump initrd recreation detection; the check was performed in the
    active snapshot instead of the target snapshot
  - Document register command [bsc#1202900]
  - Avoid unnecessary snapshots for register command [bsc#1202901]
  - Various optimizations for register command
  - Remove bogus error message when triggering reboot
  - Rework /etc overlay documentation in "The Transactional Update Guide"
  - Fix incorrect manpage formatting
  - Remove leftover "salt" reboot method in configuration example file
  - Replace deprecated std::mem_fn with lambdas

==== vulkan-loader ====
Version update (1.3.224.0 -> 1.3.231.0)

- Update to release SDK-1.3.231.0
  * Don't pass portability bit to ICDs that dont expect it.
  * Allow implicit layers for all API versions.

==== vulkan-tools ====
Version update (1.3.224.0 -> 1.3.231)

- Update to release 1.3.231.0
  * Adapt to Vulkan 231 API, but otherwise no interesting changes
- Add 0001-cubepp-Fix-presentKHR-assert.patch

==== webkit2gtk3 ====
Version update (2.38.0 -> 2.38.1)
Subpackages: WebKit2GTK-4.1-lang libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles

- Update to version 2.38.1:
  + Make xdg-dbus-proxy work if host session bus address is an
    abstract socket.
  + Use a single xdg-dbus-proxy process when sandbox is enabled.
  + Fix high resolution video playback due to unimplemented
    changeType operation.
  + Ensure GSubprocess uses posix_spawn() again and inherit file
    descriptors.
  + Fix player stucking in buffering (paused) state for progressive
    streaming.
  + Do not try to preconnect on link click when link preconnect
    setting is disabled.
  + Fix close status code returned when the client closes a
    WebSocket in some cases.
  + Fix media player duration calculation.
  + Fix several crashes and rendering issues.

==== webkit2gtk3-soup2 ====
Version update (2.38.0 -> 2.38.1)
Subpackages: WebKit2GTK-4.0-lang libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles

- Update to version 2.38.1:
  + Make xdg-dbus-proxy work if host session bus address is an
    abstract socket.
  + Use a single xdg-dbus-proxy process when sandbox is enabled.
  + Fix high resolution video playback due to unimplemented
    changeType operation.
  + Ensure GSubprocess uses posix_spawn() again and inherit file
    descriptors.
  + Fix player stucking in buffering (paused) state for progressive
    streaming.
  + Do not try to preconnect on link click when link preconnect
    setting is disabled.
  + Fix close status code returned when the client closes a
    WebSocket in some cases.
  + Fix media player duration calculation.
  + Fix several crashes and rendering issues.

==== xcb-util-cursor ====
Version update (0.1.3 -> 0.1.4)

- Update to version 0.1.4
  * Update README for gitlab migration
  * Add README.md to EXTRA_DIST
  * Use AC_CONFIG_FILES to replace the deprecated AC_OUTPUT with parameters
  * Update m4 to xorg/util/xcb-util-m4@c617eee22ae5c285e79e81
  * gitlab CI: add a basic build test
  * configure: Drop AM_MAINTAINER_MODE
  * autogen.sh: Honor NOCONFIGURE=1
  * autogen.sh: use quoted string variables
  * autogen: add default patch prefix
  * autogen.sh: use exec instead of waiting for configure to finish
  * documentation: Call xcb_free_cursor() when done
  * Fix out-of-source builds

==== xdg-user-dirs ====
Version update (0.17 -> 0.18)
Subpackages: xdg-user-dirs-lang

- update to 0.18:
  + Fixed minor leak
  + Updated translations
  + Documentation fixes

==== yast2 ====
Version update (4.5.17 -> 4.5.18)
Subpackages: yast2-logs

- Improve logging in the ProductControl module, use the new
  "log.group" call to group logs for each workflow step
  (bsc#1204625)
- 4.5.18

==== yast2-add-on ====
Version update (4.5.1 -> 4.5.2)

- support 'repo' scheme for add-ons (jsc#SLE-22578, jsc#SLE-24584)
- 4.5.2

==== yast2-ruby-bindings ====
Version update (4.5.3 -> 4.5.4)

- Added "log.group" method for grouping the log messages
  (bsc#1204625)
- Update Rakefile to allow installing the Ruby files in inst-sys
  using the "yupdate" command
- 4.5.4

==== zsh ====

- Add zsh-sh subpackage to offer Zsh users a "native" way to handle
  /bin/sh scripts and use an SH shell with the capabilities of Zsh
  itself to emulate a Bourne shell. An 'sh' symlink pointing to the
  Zsh binary is all that is needed for it to emulate the Bourne
  shell, it is similar to the use of `emulate sh` Zsh's built-in
  command or the `zsh --emulate sh` shell command.
- Drop deprecated use of install_info(_delete) post(un) macros. RPM
  file triggers have replaced their functionality since 2019.