Packages changed:
  apache2 (2.4.54 -> 2.4.55)
  apache2-manual (2.4.54 -> 2.4.55)
  apache2-prefork (2.4.54 -> 2.4.55)
  apache2-utils (2.4.54 -> 2.4.55)
  dracut (057+suse.353.g6dab83eb -> 059+suse.358.g8ecd6e83)
  ffmpeg-4
  ffmpeg-5
  gdm
  gdm-branding-openSUSE
  gedit (44.1 -> 44.2)
  glib2 (2.74.4 -> 2.74.5)
  gnome-desktop (43 -> 43.1)
  gpgme
  gpgmeqt
  kpipewire
  libraw (0.21.0 -> 0.21.1)
  live555 (2022.12.01 -> 2023.01.19)
  microos-tools (2.17 -> 2.18)
  nautilus (43.1 -> 43.2)
  python-numpy
  soundtouch (2.3.1 -> 2.3.2)
  sudo (1.9.12p1 -> 1.9.12p2)
  transactional-update (4.1.0 -> 4.1.2)
  urlview
  vim (9.0.1188 -> 9.0.1234)
  vte
  yast2-network (4.5.12 -> 4.5.14)
  yast2-trans (84.87.20230116.80083546af -> 84.87.20230123.08c503a922)

=== Details ===

==== apache2 ====
Version update (2.4.54 -> 2.4.55)

- Update to 2.4.55:
  * ) SECURITY: CVE-2022-37436: Apache HTTP Server: mod_proxy prior to
    2.4.55 allows a backend to trigger HTTP response splitting
    (cve.mitre.org)
    Prior to Apache HTTP Server 2.4.55, a malicious backend can
    cause the response headers to be truncated early, resulting in
    some headers being incorporated into the response body. If the
    later headers have any security purpose, they will not be
    interpreted by the client.
    Credits: Dimas Fariski Setyawan Putra (@nyxsorcerer)
  * ) SECURITY: CVE-2022-36760: Apache HTTP Server: mod_proxy_ajp
    Possible request smuggling (cve.mitre.org)
    Inconsistent Interpretation of HTTP Requests ('HTTP Request
    Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server
    allows an attacker to smuggle requests to the AJP server it
    forwards requests to.  This issue affects Apache HTTP Server
    Apache HTTP Server 2.4 version 2.4.54 and prior versions.
    Credits: ZeddYu_Lu from Qi'anxin Research Institute of Legendsec
    at Qi'anxin Group
  * ) SECURITY: CVE-2006-20001: mod_dav out of  bounds read, or write
    of zero byte (cve.mitre.org)
    A carefully crafted If: request header can cause a memory read,
    or write of a single zero byte, in a pool (heap) memory location
    beyond the header value sent. This could cause the process to
    crash.
    This issue affects Apache HTTP Server 2.4.54 and earlier.
  * ) mod_dav: Open the lock database read-only when possible.
    PR 36636 [Wilson Felipe <wfelipe gmail.com>, manu]
  * ) mod_proxy_http2: apply the standard httpd content type handling
    to responses from the backend, as other proxy modules do. Fixes PR 66391.
    Thanks to J茅r么me Billiras for providing the patch.
    [Stefan Eissing]
  * ) mod_dav: mod_dav overrides dav_fs response on PUT failure. PR 35981
    [Basant Kumar Kukreja <basant.kukreja sun.com>, Alejandro Alvarez
    <alejandro.alvarez.ayllon cern.ch>]
  * ) mod_proxy_hcheck: Honor worker timeout settings.  [Yann Ylavic]
  * ) mod_http2: version 2.0.10 of the module, synchronizing changes
    with the gitgub version. This is a partial rewrite of how connections
    and streams are handled.
  - an APR pollset and pipes (where supported) are used to monitor
    the main connection and react to IO for request/response handling.
    This replaces the stuttered timed waits of earlier versions.
  - H2SerializeHeaders directive still exists, but has no longer an effect.
  - Clients that seemingly misbehave still get less resources allocated,
    but ongoing requests are no longer disrupted.
  - Fixed an issue since 1.15.24 that "Server" headers in proxied requests
    were overwritten instead of preserved. [PR by @daum3ns]
  - A regression in v1.15.24 was fixed that could lead to httpd child
    processes not being terminated on a graceful reload or when reaching
    MaxConnectionsPerChild. When unprocessed h2 requests were queued at
    the time, these could stall. See #212.
  - Improved information displayed in 'server-status' for H2 connections when
    Extended Status is enabled. Now one can see the last request that IO
    operations happened on and transferred IO stats are updated as well.
  - When reaching server limits, such as MaxRequestsPerChild, the HTTP/2 connection
    send a GOAWAY frame much too early on new connections, leading to invalid
    protocol state and a client failing the request. See PR65731 at
    <https://bz.apache.org/bugzilla/show_bug.cgi?id=65731>.
    The module now initializes the HTTP/2 protocol correctly and allows the
    client to submit one request before the shutdown via a GOAWAY frame
    is being announced.
  - :scheme pseudo-header values, not matching the
    connection scheme, are forwarded via absolute uris to the
    http protocol processing to preserve semantics of the request.
    Checks on combinations of pseudo-headers values/absence
    have been added as described in RFC 7540. Fixes #230.
  - A bug that prevented trailers (e.g. HEADER frame at the end) to be
    generated in certain cases was fixed. See #233 where it prevented
    gRPC responses to be properly generated.
  - Request and response header values are automatically stripped of leading
    and trialing space/tab characters. This is equivalent behaviour to what
    Apache httpd's http/1.1 parser does.
    The checks for this in nghttp2 v1.50.0+ are disabled.
  - Extensive testing in production done by Alessandro Bianchi (@alexskynet)
    on the v2.0.x versions for stability. Many thanks!
  * ) mod_proxy_http2: fixed #235 by no longer forwarding 'Host:' header when
    request ':authority' is known. Improved test case that did not catch that
    the previous 'fix' was incorrect.
  * ) mod_proxy_hcheck: hcmethod now allows for HTTP/1.1 requests
    using GET11, HEAD11 and/or OPTIONS11. [Jim Jagielski]
  * ) mod_proxy: The AH03408 warning for a forcibly closed backend
    connection is now logged at INFO level.  [Yann Ylavic]
  * ) mod_ssl: When dumping the configuration, the existence of
    certificate/key files is no longer tested.  [Joe Orton]
  * ) mod_authn_core: Add expression support to AuthName and AuthType.
    [Graham Leggett]
  * ) mod_ssl: when a proxy connection had handled a request using SSL, an
    error was logged when "SSLProxyEngine" was only configured in the
    location/proxy section and not the overall server. The connection
    continued to work, the error log was in error. Fixed PR66190.
    [Stefan Eissing]
  * ) mod_proxy_hcheck: Re-enable workers in standard ERROR state. PR 66302.
    [Alessandro Cavaliere <alessandro.cavalier7 unibo.it>]
  * ) mod_proxy_hcheck: Detect AJP/CPING support correctly. PR 66300.
    [Alessandro Cavaliere <alessandro.cavalier7 unibo.it>]
  * ) mod_http2: Export mod_http2.h as public header. [Stefan Eissing]
  * ) mod_md: a new directive `MDStoreLocks` can be used on cluster
    setups with a shared file system for `MDStoreDir` to order
    activation of renewed certificates when several cluster nodes are
    ... changelog too long, skipping 12 lines ...
    PR 66313. [Emmanuel Dreyfus]

==== apache2-manual ====
Version update (2.4.54 -> 2.4.55)

- Update to 2.4.55:
  * ) SECURITY: CVE-2022-37436: Apache HTTP Server: mod_proxy prior to
    2.4.55 allows a backend to trigger HTTP response splitting
    (cve.mitre.org)
    Prior to Apache HTTP Server 2.4.55, a malicious backend can
    cause the response headers to be truncated early, resulting in
    some headers being incorporated into the response body. If the
    later headers have any security purpose, they will not be
    interpreted by the client.
    Credits: Dimas Fariski Setyawan Putra (@nyxsorcerer)
  * ) SECURITY: CVE-2022-36760: Apache HTTP Server: mod_proxy_ajp
    Possible request smuggling (cve.mitre.org)
    Inconsistent Interpretation of HTTP Requests ('HTTP Request
    Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server
    allows an attacker to smuggle requests to the AJP server it
    forwards requests to.  This issue affects Apache HTTP Server
    Apache HTTP Server 2.4 version 2.4.54 and prior versions.
    Credits: ZeddYu_Lu from Qi'anxin Research Institute of Legendsec
    at Qi'anxin Group
  * ) SECURITY: CVE-2006-20001: mod_dav out of  bounds read, or write
    of zero byte (cve.mitre.org)
    A carefully crafted If: request header can cause a memory read,
    or write of a single zero byte, in a pool (heap) memory location
    beyond the header value sent. This could cause the process to
    crash.
    This issue affects Apache HTTP Server 2.4.54 and earlier.
  * ) mod_dav: Open the lock database read-only when possible.
    PR 36636 [Wilson Felipe <wfelipe gmail.com>, manu]
  * ) mod_proxy_http2: apply the standard httpd content type handling
    to responses from the backend, as other proxy modules do. Fixes PR 66391.
    Thanks to J茅r么me Billiras for providing the patch.
    [Stefan Eissing]
  * ) mod_dav: mod_dav overrides dav_fs response on PUT failure. PR 35981
    [Basant Kumar Kukreja <basant.kukreja sun.com>, Alejandro Alvarez
    <alejandro.alvarez.ayllon cern.ch>]
  * ) mod_proxy_hcheck: Honor worker timeout settings.  [Yann Ylavic]
  * ) mod_http2: version 2.0.10 of the module, synchronizing changes
    with the gitgub version. This is a partial rewrite of how connections
    and streams are handled.
  - an APR pollset and pipes (where supported) are used to monitor
    the main connection and react to IO for request/response handling.
    This replaces the stuttered timed waits of earlier versions.
  - H2SerializeHeaders directive still exists, but has no longer an effect.
  - Clients that seemingly misbehave still get less resources allocated,
    but ongoing requests are no longer disrupted.
  - Fixed an issue since 1.15.24 that "Server" headers in proxied requests
    were overwritten instead of preserved. [PR by @daum3ns]
  - A regression in v1.15.24 was fixed that could lead to httpd child
    processes not being terminated on a graceful reload or when reaching
    MaxConnectionsPerChild. When unprocessed h2 requests were queued at
    the time, these could stall. See #212.
  - Improved information displayed in 'server-status' for H2 connections when
    Extended Status is enabled. Now one can see the last request that IO
    operations happened on and transferred IO stats are updated as well.
  - When reaching server limits, such as MaxRequestsPerChild, the HTTP/2 connection
    send a GOAWAY frame much too early on new connections, leading to invalid
    protocol state and a client failing the request. See PR65731 at
    <https://bz.apache.org/bugzilla/show_bug.cgi?id=65731>.
    The module now initializes the HTTP/2 protocol correctly and allows the
    client to submit one request before the shutdown via a GOAWAY frame
    is being announced.
  - :scheme pseudo-header values, not matching the
    connection scheme, are forwarded via absolute uris to the
    http protocol processing to preserve semantics of the request.
    Checks on combinations of pseudo-headers values/absence
    have been added as described in RFC 7540. Fixes #230.
  - A bug that prevented trailers (e.g. HEADER frame at the end) to be
    generated in certain cases was fixed. See #233 where it prevented
    gRPC responses to be properly generated.
  - Request and response header values are automatically stripped of leading
    and trialing space/tab characters. This is equivalent behaviour to what
    Apache httpd's http/1.1 parser does.
    The checks for this in nghttp2 v1.50.0+ are disabled.
  - Extensive testing in production done by Alessandro Bianchi (@alexskynet)
    on the v2.0.x versions for stability. Many thanks!
  * ) mod_proxy_http2: fixed #235 by no longer forwarding 'Host:' header when
    request ':authority' is known. Improved test case that did not catch that
    the previous 'fix' was incorrect.
  * ) mod_proxy_hcheck: hcmethod now allows for HTTP/1.1 requests
    using GET11, HEAD11 and/or OPTIONS11. [Jim Jagielski]
  * ) mod_proxy: The AH03408 warning for a forcibly closed backend
    connection is now logged at INFO level.  [Yann Ylavic]
  * ) mod_ssl: When dumping the configuration, the existence of
    certificate/key files is no longer tested.  [Joe Orton]
  * ) mod_authn_core: Add expression support to AuthName and AuthType.
    [Graham Leggett]
  * ) mod_ssl: when a proxy connection had handled a request using SSL, an
    error was logged when "SSLProxyEngine" was only configured in the
    location/proxy section and not the overall server. The connection
    continued to work, the error log was in error. Fixed PR66190.
    [Stefan Eissing]
  * ) mod_proxy_hcheck: Re-enable workers in standard ERROR state. PR 66302.
    [Alessandro Cavaliere <alessandro.cavalier7 unibo.it>]
  * ) mod_proxy_hcheck: Detect AJP/CPING support correctly. PR 66300.
    [Alessandro Cavaliere <alessandro.cavalier7 unibo.it>]
  * ) mod_http2: Export mod_http2.h as public header. [Stefan Eissing]
  * ) mod_md: a new directive `MDStoreLocks` can be used on cluster
    setups with a shared file system for `MDStoreDir` to order
    activation of renewed certificates when several cluster nodes are
    ... changelog too long, skipping 12 lines ...
    PR 66313. [Emmanuel Dreyfus]

==== apache2-prefork ====
Version update (2.4.54 -> 2.4.55)

- Update to 2.4.55:
  * ) SECURITY: CVE-2022-37436: Apache HTTP Server: mod_proxy prior to
    2.4.55 allows a backend to trigger HTTP response splitting
    (cve.mitre.org)
    Prior to Apache HTTP Server 2.4.55, a malicious backend can
    cause the response headers to be truncated early, resulting in
    some headers being incorporated into the response body. If the
    later headers have any security purpose, they will not be
    interpreted by the client.
    Credits: Dimas Fariski Setyawan Putra (@nyxsorcerer)
  * ) SECURITY: CVE-2022-36760: Apache HTTP Server: mod_proxy_ajp
    Possible request smuggling (cve.mitre.org)
    Inconsistent Interpretation of HTTP Requests ('HTTP Request
    Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server
    allows an attacker to smuggle requests to the AJP server it
    forwards requests to.  This issue affects Apache HTTP Server
    Apache HTTP Server 2.4 version 2.4.54 and prior versions.
    Credits: ZeddYu_Lu from Qi'anxin Research Institute of Legendsec
    at Qi'anxin Group
  * ) SECURITY: CVE-2006-20001: mod_dav out of  bounds read, or write
    of zero byte (cve.mitre.org)
    A carefully crafted If: request header can cause a memory read,
    or write of a single zero byte, in a pool (heap) memory location
    beyond the header value sent. This could cause the process to
    crash.
    This issue affects Apache HTTP Server 2.4.54 and earlier.
  * ) mod_dav: Open the lock database read-only when possible.
    PR 36636 [Wilson Felipe <wfelipe gmail.com>, manu]
  * ) mod_proxy_http2: apply the standard httpd content type handling
    to responses from the backend, as other proxy modules do. Fixes PR 66391.
    Thanks to J茅r么me Billiras for providing the patch.
    [Stefan Eissing]
  * ) mod_dav: mod_dav overrides dav_fs response on PUT failure. PR 35981
    [Basant Kumar Kukreja <basant.kukreja sun.com>, Alejandro Alvarez
    <alejandro.alvarez.ayllon cern.ch>]
  * ) mod_proxy_hcheck: Honor worker timeout settings.  [Yann Ylavic]
  * ) mod_http2: version 2.0.10 of the module, synchronizing changes
    with the gitgub version. This is a partial rewrite of how connections
    and streams are handled.
  - an APR pollset and pipes (where supported) are used to monitor
    the main connection and react to IO for request/response handling.
    This replaces the stuttered timed waits of earlier versions.
  - H2SerializeHeaders directive still exists, but has no longer an effect.
  - Clients that seemingly misbehave still get less resources allocated,
    but ongoing requests are no longer disrupted.
  - Fixed an issue since 1.15.24 that "Server" headers in proxied requests
    were overwritten instead of preserved. [PR by @daum3ns]
  - A regression in v1.15.24 was fixed that could lead to httpd child
    processes not being terminated on a graceful reload or when reaching
    MaxConnectionsPerChild. When unprocessed h2 requests were queued at
    the time, these could stall. See #212.
  - Improved information displayed in 'server-status' for H2 connections when
    Extended Status is enabled. Now one can see the last request that IO
    operations happened on and transferred IO stats are updated as well.
  - When reaching server limits, such as MaxRequestsPerChild, the HTTP/2 connection
    send a GOAWAY frame much too early on new connections, leading to invalid
    protocol state and a client failing the request. See PR65731 at
    <https://bz.apache.org/bugzilla/show_bug.cgi?id=65731>.
    The module now initializes the HTTP/2 protocol correctly and allows the
    client to submit one request before the shutdown via a GOAWAY frame
    is being announced.
  - :scheme pseudo-header values, not matching the
    connection scheme, are forwarded via absolute uris to the
    http protocol processing to preserve semantics of the request.
    Checks on combinations of pseudo-headers values/absence
    have been added as described in RFC 7540. Fixes #230.
  - A bug that prevented trailers (e.g. HEADER frame at the end) to be
    generated in certain cases was fixed. See #233 where it prevented
    gRPC responses to be properly generated.
  - Request and response header values are automatically stripped of leading
    and trialing space/tab characters. This is equivalent behaviour to what
    Apache httpd's http/1.1 parser does.
    The checks for this in nghttp2 v1.50.0+ are disabled.
  - Extensive testing in production done by Alessandro Bianchi (@alexskynet)
    on the v2.0.x versions for stability. Many thanks!
  * ) mod_proxy_http2: fixed #235 by no longer forwarding 'Host:' header when
    request ':authority' is known. Improved test case that did not catch that
    the previous 'fix' was incorrect.
  * ) mod_proxy_hcheck: hcmethod now allows for HTTP/1.1 requests
    using GET11, HEAD11 and/or OPTIONS11. [Jim Jagielski]
  * ) mod_proxy: The AH03408 warning for a forcibly closed backend
    connection is now logged at INFO level.  [Yann Ylavic]
  * ) mod_ssl: When dumping the configuration, the existence of
    certificate/key files is no longer tested.  [Joe Orton]
  * ) mod_authn_core: Add expression support to AuthName and AuthType.
    [Graham Leggett]
  * ) mod_ssl: when a proxy connection had handled a request using SSL, an
    error was logged when "SSLProxyEngine" was only configured in the
    location/proxy section and not the overall server. The connection
    continued to work, the error log was in error. Fixed PR66190.
    [Stefan Eissing]
  * ) mod_proxy_hcheck: Re-enable workers in standard ERROR state. PR 66302.
    [Alessandro Cavaliere <alessandro.cavalier7 unibo.it>]
  * ) mod_proxy_hcheck: Detect AJP/CPING support correctly. PR 66300.
    [Alessandro Cavaliere <alessandro.cavalier7 unibo.it>]
  * ) mod_http2: Export mod_http2.h as public header. [Stefan Eissing]
  * ) mod_md: a new directive `MDStoreLocks` can be used on cluster
    setups with a shared file system for `MDStoreDir` to order
    activation of renewed certificates when several cluster nodes are
    ... changelog too long, skipping 12 lines ...
    PR 66313. [Emmanuel Dreyfus]

==== apache2-utils ====
Version update (2.4.54 -> 2.4.55)

- Update to 2.4.55:
  * ) SECURITY: CVE-2022-37436: Apache HTTP Server: mod_proxy prior to
    2.4.55 allows a backend to trigger HTTP response splitting
    (cve.mitre.org)
    Prior to Apache HTTP Server 2.4.55, a malicious backend can
    cause the response headers to be truncated early, resulting in
    some headers being incorporated into the response body. If the
    later headers have any security purpose, they will not be
    interpreted by the client.
    Credits: Dimas Fariski Setyawan Putra (@nyxsorcerer)
  * ) SECURITY: CVE-2022-36760: Apache HTTP Server: mod_proxy_ajp
    Possible request smuggling (cve.mitre.org)
    Inconsistent Interpretation of HTTP Requests ('HTTP Request
    Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server
    allows an attacker to smuggle requests to the AJP server it
    forwards requests to.  This issue affects Apache HTTP Server
    Apache HTTP Server 2.4 version 2.4.54 and prior versions.
    Credits: ZeddYu_Lu from Qi'anxin Research Institute of Legendsec
    at Qi'anxin Group
  * ) SECURITY: CVE-2006-20001: mod_dav out of  bounds read, or write
    of zero byte (cve.mitre.org)
    A carefully crafted If: request header can cause a memory read,
    or write of a single zero byte, in a pool (heap) memory location
    beyond the header value sent. This could cause the process to
    crash.
    This issue affects Apache HTTP Server 2.4.54 and earlier.
  * ) mod_dav: Open the lock database read-only when possible.
    PR 36636 [Wilson Felipe <wfelipe gmail.com>, manu]
  * ) mod_proxy_http2: apply the standard httpd content type handling
    to responses from the backend, as other proxy modules do. Fixes PR 66391.
    Thanks to J茅r么me Billiras for providing the patch.
    [Stefan Eissing]
  * ) mod_dav: mod_dav overrides dav_fs response on PUT failure. PR 35981
    [Basant Kumar Kukreja <basant.kukreja sun.com>, Alejandro Alvarez
    <alejandro.alvarez.ayllon cern.ch>]
  * ) mod_proxy_hcheck: Honor worker timeout settings.  [Yann Ylavic]
  * ) mod_http2: version 2.0.10 of the module, synchronizing changes
    with the gitgub version. This is a partial rewrite of how connections
    and streams are handled.
  - an APR pollset and pipes (where supported) are used to monitor
    the main connection and react to IO for request/response handling.
    This replaces the stuttered timed waits of earlier versions.
  - H2SerializeHeaders directive still exists, but has no longer an effect.
  - Clients that seemingly misbehave still get less resources allocated,
    but ongoing requests are no longer disrupted.
  - Fixed an issue since 1.15.24 that "Server" headers in proxied requests
    were overwritten instead of preserved. [PR by @daum3ns]
  - A regression in v1.15.24 was fixed that could lead to httpd child
    processes not being terminated on a graceful reload or when reaching
    MaxConnectionsPerChild. When unprocessed h2 requests were queued at
    the time, these could stall. See #212.
  - Improved information displayed in 'server-status' for H2 connections when
    Extended Status is enabled. Now one can see the last request that IO
    operations happened on and transferred IO stats are updated as well.
  - When reaching server limits, such as MaxRequestsPerChild, the HTTP/2 connection
    send a GOAWAY frame much too early on new connections, leading to invalid
    protocol state and a client failing the request. See PR65731 at
    <https://bz.apache.org/bugzilla/show_bug.cgi?id=65731>.
    The module now initializes the HTTP/2 protocol correctly and allows the
    client to submit one request before the shutdown via a GOAWAY frame
    is being announced.
  - :scheme pseudo-header values, not matching the
    connection scheme, are forwarded via absolute uris to the
    http protocol processing to preserve semantics of the request.
    Checks on combinations of pseudo-headers values/absence
    have been added as described in RFC 7540. Fixes #230.
  - A bug that prevented trailers (e.g. HEADER frame at the end) to be
    generated in certain cases was fixed. See #233 where it prevented
    gRPC responses to be properly generated.
  - Request and response header values are automatically stripped of leading
    and trialing space/tab characters. This is equivalent behaviour to what
    Apache httpd's http/1.1 parser does.
    The checks for this in nghttp2 v1.50.0+ are disabled.
  - Extensive testing in production done by Alessandro Bianchi (@alexskynet)
    on the v2.0.x versions for stability. Many thanks!
  * ) mod_proxy_http2: fixed #235 by no longer forwarding 'Host:' header when
    request ':authority' is known. Improved test case that did not catch that
    the previous 'fix' was incorrect.
  * ) mod_proxy_hcheck: hcmethod now allows for HTTP/1.1 requests
    using GET11, HEAD11 and/or OPTIONS11. [Jim Jagielski]
  * ) mod_proxy: The AH03408 warning for a forcibly closed backend
    connection is now logged at INFO level.  [Yann Ylavic]
  * ) mod_ssl: When dumping the configuration, the existence of
    certificate/key files is no longer tested.  [Joe Orton]
  * ) mod_authn_core: Add expression support to AuthName and AuthType.
    [Graham Leggett]
  * ) mod_ssl: when a proxy connection had handled a request using SSL, an
    error was logged when "SSLProxyEngine" was only configured in the
    location/proxy section and not the overall server. The connection
    continued to work, the error log was in error. Fixed PR66190.
    [Stefan Eissing]
  * ) mod_proxy_hcheck: Re-enable workers in standard ERROR state. PR 66302.
    [Alessandro Cavaliere <alessandro.cavalier7 unibo.it>]
  * ) mod_proxy_hcheck: Detect AJP/CPING support correctly. PR 66300.
    [Alessandro Cavaliere <alessandro.cavalier7 unibo.it>]
  * ) mod_http2: Export mod_http2.h as public header. [Stefan Eissing]
  * ) mod_md: a new directive `MDStoreLocks` can be used on cluster
    setups with a shared file system for `MDStoreDir` to order
    activation of renewed certificates when several cluster nodes are
    ... changelog too long, skipping 12 lines ...
    PR 66313. [Emmanuel Dreyfus]

==== dracut ====
Version update (057+suse.353.g6dab83eb -> 059+suse.358.g8ecd6e83)
Subpackages: dracut-mkinitrd-deprecated

- Update to version 059+suse.358.g8ecd6e83:
  See https://github.com/dracutdevs/dracut/releases/tag/058 for details (059
  just adds missing entries in NEWS.md).
  Additional changes:
  * chore(suse): add execute permission to all scripts
  * chore(suse): update spec
- Update to version 057+suse.355.g1b722fda:
  * fix(dracut.spec): require libopenssl1_1-hmac for dracut-fips (bsc#1206439)

==== ffmpeg-4 ====
Subpackages: libavcodec58_134 libavformat58_76 libavutil56_70 libpostproc55_9 libswresample3_9 libswscale5_9

- Add ffmpeg-CVE-2022-3341.patch: Backport from upstream to fix
  null pointer dereference in decode_main_header() in
  libavformat/nutdec.c (bsc#1206778).

==== ffmpeg-5 ====
Subpackages: libavcodec59 libavdevice59 libavfilter8 libavformat59 libavutil57 libpostproc56 libswresample4 libswscale6

- Provide a ffmpeg-5-mini-devel build recipe to help split
  anticipated build cycles.
- Reenable SDL2 for ffmpeg-5.spec. ffplay and -vf sdl should be
  back. [boo#1206505]

==== gdm ====
Subpackages: gdm-lang gdm-schema gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0

- Update gdm-disable-gnome-initial-setup.patch: Refactoring to
  disable it on SLE runtime, so with the same executable it is
  still possible to run on Leap (jsc#PED-1719).

==== gdm-branding-openSUSE ====

- Bring back gnome-initial-setup for Leap 15.5 while keep it
  disabled on SLE 15 SP5 (jsc#PED-1719).

==== gedit ====
Version update (44.1 -> 44.2)
Subpackages: gedit-lang python3-gedit

- Update to version 44.2:
  + File Browser plugin: bug fix.
  + Updated translations.

==== glib2 ====
Version update (2.74.4 -> 2.74.5)
Subpackages: glib2-lang glib2-tools libgio-2_0-0 libgio-2_0-0-32bit libglib-2_0-0 libglib-2_0-0-32bit libgmodule-2_0-0 libgmodule-2_0-0-32bit libgobject-2_0-0 libgobject-2_0-0-32bit libgthread-2_0-0 libgthread-2_0-0-32bit

- Update to version 2.74.5:
  + Bugs fixed: glgo#GNOME/GLib#2843, glgo#GNOME/GLib#2881,
    glgo#GNOME/GLib#2883, glgo#GNOME/GLib!3165,
    glgo#GNOME/GLib!3166, glgo#GNOME/GLib!3182,
    glgo#GNOME/GLib!3197, glgo#GNOME/GLib!3204,
    glgo#GNOME/GLib!3214.
  + Updated translations.
- Drop 1539540.patch: Fixed upstream.

==== gnome-desktop ====
Version update (43 -> 43.1)
Subpackages: gnome-desktop-lang libgnome-desktop-3-20 libgnome-desktop-3_0-common libgnome-desktop-4-2 typelib-1_0-GnomeDesktop-3_0 typelib-1_0-GnomeDesktop-4_0

- Update to version 43.1:
  + Fix gnome_parse_locale returning NULL for the C locale
  + Use more sensible default keyboard for es_US
  + Delete failed thumbnail if successfully savings thumbnail
  + Skip territory if no translation available
  + Updated translations.

==== gpgme ====
Subpackages: libgpgme11 libgpgmepp6

- Update upstream keyring: https://gnupg.org/signature_key.asc
- add python311.patch to build language bindings for python 3.11

==== gpgmeqt ====

- Update upstream keyring: https://gnupg.org/signature_key.asc
- add python311.patch to build language bindings for python 3.11

==== kpipewire ====
Subpackages: kpipewire-imports libKPipeWire5 libKPipeWire5-lang libKPipeWireRecord5

- Require pipewire-devel for the -devel package

==== libraw ====
Version update (0.21.0 -> 0.21.1)

- update to 0.21.1:
  * fixed typo in panasonic metadata parser
  * Multiple fixes inspired by oss-fuzz project
  * Phase One/Leaf IIQ-S v2 support
  * Canon CR3 filmrolls
  * Canon CRM (movie) files
  * Tiled bit-packed (and 16-bit unpacked) DNGs
  * (non-standard) Deflate-compressed integer DNG files are allowed
  * Canon EOS R3, R7 and R10
  * Fujifilm X-H2S, X-T30 II
  * OM System OM-1
  * Leica M11
  * Sony A7-IV (ILCE-7M4)
  * DJI Mavic 3
  * Nikon Z9: standard compression formats only

==== live555 ====
Version update (2022.12.01 -> 2023.01.19)
Subpackages: libUsageEnvironment3 libgroupsock30 libliveMedia107

- update to 2023.01.19:
  - By default, we no longer compile "groupsock/NetAddress.cpp" for Windows to use
    "gethostbyname()", because of a report that this breaks IPv6 name resolution.
- update to 2023.01.11:
  * Updated the "BasicTaskScheduler"/"DelayQueue" implementation to make the 'token counter'
    a field of the task scheduler object, rather than having it be a static variable.
    This avoids potential problems if an application uses more than one thread (with each thread
    having its own task scheduler).

==== microos-tools ====
Version update (2.17 -> 2.18)

- Update to version 2.18:
  - Add TMPDIR to tukit binddirs for Salt
  - 98selinux-microos: Add chroot as dependency
  - Fix spelling error in warning

==== nautilus ====
Version update (43.1 -> 43.2)
Subpackages: gnome-shell-search-provider-nautilus libnautilus-extension4 nautilus-lang

- Update to version 43.2:
  + Regressions addressed:
  - Launch search from shell correctly
  - Make nautilus-autorun-software work again
  - Restore 2-dimensional navigation from sushi
  - Resolve stuttering scrolling
  - Reintroduce 64px icon size for grid view
  - Show full filename again in grid, using tooltips
  + Other bugfixes:
  - Avoid a many crashes
  - Stop showing 锟� in the type on Properties
  - Show rename error dialogs again
  - Handle X11-only drag-and-drop quirks
  - Allow autorun.sh without executable bit
  - Improve selection-setting
  - Restrict DND actions over drag source
  - Focus replaces files
  - Improve keyboard focus navigation on the new views
  - Stop blocking on the tracker connection
  - Don't add missing emblems
  + Updated translations.

==== python-numpy ====

- Slightly reformat the specfile condition blocks: The
  %python_subpackages generator misses " %if" lines with a
  preceding whitespace. Relevant for d:l:p:backports not having
  libalternatives.

==== soundtouch ====
Version update (2.3.1 -> 2.3.2)

- update to 2.3.2:
  * autotools improvements

==== sudo ====
Version update (1.9.12p1 -> 1.9.12p2)
Subpackages: sudo-plugin-python

- Update to 1.9.12p2:
  * Fixes bsc#1207082
  * Changes in 1.9.12p2:
    Fixed a compilation error on Linux/aarch64. GitHub issue #197.
    Fixed a potential crash introduced in the fix GitHub issue #134.
    If a user鈥檚 sudoers entry did not have any RunAs user鈥檚 set,
    running sudo -U otheruser -l would dereference a NULL pointer.
    Fixed a bug introduced in sudo 1.9.12 that could prevent sudo
    from creating a I/O files when the iolog_file sudoers setting
    contains six or more Xs.
    Fixed a compilation issue on AIX with the native compiler.
    GitHub issue #231.
    Fixed CVE-2023-22809, a flaw in sudo鈥檚 -e option (aka sudoedit)
    that could allow a malicious user with sudoedit privileges to
    edit arbitrary files. For more information, see Sudoedit can
    edit arbitrary files.

==== transactional-update ====
Version update (4.1.0 -> 4.1.2)
Subpackages: dracut-transactional-update libtukit4 transactional-update-zypp-config tukit tukitd

- Version 4.1.2
  - Don't try to mount user mounts if they don't exist [boo#1207366]
- Version 4.1.1
  - Mount user specific binddirs last: Prevously the internal mounts would
    potentially overwrite user bind mounts [boo#1205011]
  - selinux: Relabel shadowed /var files during update to make sure they
    don't interfere with the update [boo#1205937]
  - Clean up /var/lib/overlay more aggressively [boo#1206947]
  - tukit: Merge /etc overlay into parent if --discard is used together
    with --continue - previously the files were incorrectly always merged
    with the currently running system
  - status: do not execute the status command if experimental
  - Don't delete created mount point dirs any more
  - Small code optimizations

==== urlview ====

- Update to latest URL

==== vim ====
Version update (9.0.1188 -> 9.0.1234)
Subpackages: gvim vim-data vim-data-common

- Updated to version 9.0.1234, fixes the following problems
  * Return value of type() for class and object unclear.
  * Invalid memory access with folding and using "L".
  * Some Bazel files are not recognized.
  * No error when class function argument shadows a member.
  * Cannot map <Esc> when using the Kitty key protocol.
  * Compiler warning for comparing pointer with int.
  * Restoring KeyTyped when building statusline not tested.
  * Code is indented more than necessary.
  * Dump file missing from patch.
  * Abstract class not supported yet.
  * Crash when using kitty and using a mapping with <Esc>.
  * AppVeyor builds with an old Python version.
  * Assignment with operator doesn't work in object method.
  * Crash when iterating over list of objects.
  * Return type of values() is always list<any>.
  * Expression compiled the wrong way after using an object.
  * Crash when handling class that extends another class with more than one
  object members.
  * Testing with Python on AppVeyor does not work properly.
  * Error when object type is expected but getting "any".
  * Code is indented more than necessary.
  * Getting interface member does not always work.
  * Compiler complains about declaration after label.
  * Storing value in interface member does not always work.
  * Cannot read back what setcellwidths() has done.
  * Adding a line below the last one does not expand fold.
  * File left behind after running tests.
  * Using isalpha() adds dependency on current locale.
  * Coverity warns for ignoring return value.
  * Using an object member in a closure doesn't work.
  * Completion includes functions that don't work.
  * Handling of FORTIFY_SOURCE flags doesn't match Fedora usage.
  * Termcap/terminfo entries do not indicate where modifiers might appear.
  * Code is indented more than necessary.
  * Cannot use setcellwidths() below 0x100.
  * Cannot call a :def function with a number for a float argument.
  * Reading past the end of a line when formatting text.

==== vte ====
Subpackages: libvte-2_91-0 typelib-1_0-Vte-2_91 vte-lang

- Add ddb2c8a.patch: widget: Use correct end row for getting the
  selected text. The range is end-exclusive, so use end_row()
  instead of last_row(). Fixes glgo#GNOME/vte#2584

==== yast2-network ====
Version update (4.5.12 -> 4.5.14)

- Fix the return of packages needed by the selected backend when
  running an autoinstallation (bsc#1207221)
- 4.5.14
- Fixed dirname evaluation when creating the directory for the
  configuration files to be copied to the target system
  (bsc#1206723, bsc#1207382)
- 4.5.13

==== yast2-trans ====
Version update (84.87.20230116.80083546af -> 84.87.20230123.08c503a922)
Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu

- Update to version 84.87.20230123.08c503a922:
  * Translated using Weblate (Macedonian)
  * Translated using Weblate (Macedonian)
  * Translated using Weblate (Portuguese)
  * Translated using Weblate (Portuguese)
  * Translated using Weblate (Portuguese)
  * Translated using Weblate (Portuguese)