Packages changed:
  Mesa
  Mesa-drivers
  MozillaFirefox (106.0.5 -> 107.0)
  bluez (5.65 -> 5.66)
  curl
  distrobox
  ffmpeg-4
  installation-images-MicroOS (17.64 -> 17.65)
  lcms2
  libXft (2.3.6 -> 2.3.7)
  libalternatives
  open-iscsi
  python-jsonschema (4.16.0 -> 4.17.0)
  systemd (251.8 -> 252.1)
  webkit2gtk3
  webkit2gtk4
  xfsprogs (5.19.0 -> 6.0.0)

=== Details ===

==== Mesa ====
Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1

- try to fix build on ppc64le due to running OOM (boo#1205441)
  * let's request 20G of physical memory via _constraints file

==== Mesa-drivers ====
Subpackages: Mesa-dri Mesa-gallium Mesa-libva

- try to fix build on ppc64le due to running OOM (boo#1205441)
  * let's request 20G of physical memory via _constraints file

==== MozillaFirefox ====
Version update (106.0.5 -> 107.0)
Subpackages: MozillaFirefox-translations-common

- Mozilla Firefox 107.0
  MFSA 2022-47 (bsc#1205270)
  * CVE-2022-45403 (bmo#1762078)
    Service Workers might have learned size of cross-origin media files
  * CVE-2022-45404 (bmo#1790815)
    Fullscreen notification bypass
  * CVE-2022-45405 (bmo#1791314)
    Use-after-free in InputStream implementation
  * CVE-2022-45406 (bmo#1791975)
    Use-after-free of a JavaScript Realm
  * CVE-2022-45407 (bmo#1793314)
    Loading fonts on workers was not thread-safe
  * CVE-2022-45408 (bmo#1793829)
    Fullscreen notification bypass via windowName
  * CVE-2022-45409 (bmo#1796901)
    Use-after-free in Garbage Collection
  * CVE-2022-45410 (bmo#1658869)
    ServiceWorker-intercepted requests bypassed SameSite cookie policy
  * CVE-2022-45411 (bmo#1790311)
    Cross-Site Tracing was possible via non-standard override headers
  * CVE-2022-45412 (bmo#1791029)
    Symlinks may resolve to partially uninitialized buffers
  * CVE-2022-45413 (bmo#1791201)
    SameSite=Strict cookies could have been sent cross-site via
    intent URLs
  * CVE-2022-40674 (bmo#1791598)
    Use-after-free vulnerability in expat
  * CVE-2022-45415 (bmo#1793551)
    Downloaded file may have been saved with malicious extension
  * CVE-2022-45416 (bmo#1793676)
    Keystroke Side-Channel Leakage
  * CVE-2022-45417 (bmo#1794508)
    Service Workers in Private Browsing Mode may have been
    written to disk
  * CVE-2022-45418 (bmo#1795815)
    Custom mouse cursor could have been drawn over browser UI
  * CVE-2022-45419 (bmo#1716082)
    Deleting a security exception did not take effect immediately
  * CVE-2022-45420 (bmo#1792643)
    Iframe contents could be rendered outside the iframe
  * CVE-2022-45421 (bmo#1767920, bmo#1789808, bmo#1794061)
    Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5
- requires
  * NSS >= 3.84
  * rust = 1.64

==== bluez ====
Version update (5.65 -> 5.66)
Subpackages: bluez-auto-enable-devices bluez-cups libbluetooth3

- update to 5.66:
  * Fix issue with A2DP and transport connection collisions.
  * Fix issue with allowing application specific error codes.
  * Fix issue with not setting initiator flag correctly.
  * Fix issue with HoG Report MAP size handling.
  * Add initial support for Basic Audio Profile.
  * Add initial support for Volume Control Profile.
- remove RPi-Move-the-43xx-firmware-into-lib-firmware.patch (does
  not apply anymore), replace with CPPFLAGS define

==== curl ====
Subpackages: libcurl4

- Add 1.50.0 as the minimum libnghttp2 build requirement version as
  a bandaid. Curl's 7.86.0 release introduces the use of
  nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation,
  introduced by nghttp2 1.50.0 release, without introducing a check
  for the function/right version in their build scripts. This will
  make Zypper/cURL unusable in some corner cases where users
  installing something that requires libcurl4 before doing full
  system upgrade, thus updating the cURL stack, but not
  libnghttp2's. Background: boo#1204983, Factory mailing list
  threadd:
  "? broken dependency in curl and/or *zyp* ?", and forums thread:
  Curl-is-broken-after-an-update-which-subsequently-breaks-zypper.

==== distrobox ====
Subpackages: distrobox-bash-completion

- Do not recommend bash-completion subpackage: this triggers
  installation even if bash-completion is not there yet. All (well,
  most for now) packages are handled to install the completion IF
  bash-completion is present (which is the default on standard
  setups).

==== ffmpeg-4 ====
Subpackages: libavcodec58_134 libavfilter7_110 libavformat58_76 libavresample4_0 libavutil56_70 libpostproc55_9 libswresample3_9 libswscale5_9

- Add ffmpeg-CVE-2022-3964.patch: Backport from upstream to fix
  out of bounds read in update_block_in_prev_frame() (bsc#1205388).

==== installation-images-MicroOS ====
Version update (17.64 -> 17.65)

- merge gh#openSUSE/installation-images#615
- systemd lib moved to /usr/lib64
- 17.65

==== lcms2 ====

- Removed reverse-0001-fix-memory-leaks-on-testbed.patch and added
  0001-fix-memory-corruption-when-unregistering-plugins.patch as
  final fix for https://github.com/hughsie/colord/issues/145

==== libXft ====
Version update (2.3.6 -> 2.3.7)

- Update to version 2.3.7
  * libxft issue #15
    https://gitlab.freedesktop.org/xorg/lib/libxft/-/issues/15
    XftFontLoadGlyphs for mono font returns wrong info in extents from
    XftTextExtentsUtf8 for variable chars
    Patch by Scott Mcdermott, based on
    https://github.com/googlefonts/Inconsolata/issues/42
  * fix compiler warning
  * libxft issue #16
    https://gitlab.freedesktop.org/xorg/lib/libxft/-/issues/16
    Stack gets smashed in fonts with colors when calling XftGlyphRender
    BGRA changes made incorrect comparison for local vs allocated
    buffer in XftGlyphSpecRender
  * stdint.h header is needed for SIZE_MAX

==== libalternatives ====
Subpackages: alts libalternatives1

- switch to a manual service rather than a buildtime tar service
  which introduces a bootstrap cycle between python and tar_scm

==== open-iscsi ====
Subpackages: iscsiuio libopeniscsiusr0_2_0

- Updated to latest upstream. Changes:
  * scsid/iscsiuio: fix OOM adjustment (github issue #377)

==== python-jsonschema ====
Version update (4.16.0 -> 4.17.0)

- update to 4.17.0:
  * The check_schema method on jsonschema.protocols.Validator instances now enables format validation by default when run. This can catch some additional invalid schemas (e.g. containing invalid regular expressions) where the issue is indeed uncovered by validating against the metaschema with format validation enabled as an assertion.
  * The jsonschema CLI (along with jsonschema.cli the module) are now deprecated. Use check-jsonschema instead, which can be installed via pip install check-jsonschema and found here.
  * Make ErrorTree have a more grammatically correct repr.

==== systemd ====
Version update (251.8 -> 252.1)
Subpackages: libsystemd0 libudev1 systemd-doc systemd-lang udev

- Upgrade to v252.1 (commit 64dc546913525e33e734500055a62ed0e963c227)
  See https://github.com/openSUSE/systemd/blob/SUSE/v252/NEWS for details.
  * Rebased 0001-conf-parser-introduce-early-drop-ins.patch
    1000-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch
  * The new tools systemd-measure and systemd-pcrphase have been added to the
    experimental sub-package for now.
  * Add temporarly
    6000-meson-install-test-kernel-install-only-when-Dkernel-.patch until this
    patch is mainstreamed.

==== webkit2gtk3 ====
Subpackages: WebKit2GTK-4.1-lang libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles

- Update _constraints for webkit2gtk3:gtk3-soup2 on aarch64 to
  avoid slow workers and OOM

==== webkit2gtk4 ====
Subpackages: WebKit2GTK-5.0-lang libjavascriptcoregtk-5_0-0 libwebkit2gtk-5_0-0 webkit2gtk-5_0-injected-bundles

- Update _constraints for webkit2gtk3:gtk3-soup2 on aarch64 to
  avoid slow workers and OOM

==== xfsprogs ====
Version update (5.19.0 -> 6.0.0)

- update to 6.0.0:
  - libxfs: kernel sync
  - xfs_db: use preferable macro to seek offset for local dir3
  - xfs_quota: optimize -L/-U calls for dump/report