Packages changed:
  MozillaFirefox (112.0.1 -> 112.0.2)
  git (2.40.0 -> 2.40.1)
  gtk3 (3.24.37 -> 3.24.37+68)
  java-11-openjdk (11.0.18.0 -> 11.0.19.0)
  libalternatives (1.2+3.b848aad -> 1.2+30.a5431e9)
  libsrtp2
  libyui (4.5.1 -> 4.5.2)
  libyui-ncurses (4.5.1 -> 4.5.2)
  libyui-ncurses-pkg (4.5.1 -> 4.5.2)
  libyui-qt (4.5.1 -> 4.5.2)
  libyui-qt-graph (4.5.1 -> 4.5.2)
  libyui-qt-pkg (4.5.1 -> 4.5.2)
  mozjs102
  openvpn (2.5.9 -> 2.6.3)
  setools (4.4.1 -> 4.4.2)
  suitesparse
  tracker (3.5.0 -> 3.5.1)
  tracker-miners (3.5.0 -> 3.5.1)
  vim (9.0.1443 -> 9.0.1488)
  virt-manager
  wxWidgets-3_2-nostl (3.2.1 -> 3.2.2.1)
  xf86-video-ati (19.1.0 -> 22.0.0)
  xset

=== Details ===

==== MozillaFirefox ====
Version update (112.0.1 -> 112.0.2)
Subpackages: MozillaFirefox-translations-common

- Mozilla Firefox 112.0.2
  * Fix a high memory usage issue with animated images in minimized
    (or completely covered) windows, especially when using animated
    themes (bmo#1828587)
  * Fix an issue where Linux users with bitmap fonts installed may
    have had entire sections of text invisible to them on some
    sites (bmo#1827950)
- Include Leap 15.5 in check for which python version is required.

==== git ====
Version update (2.40.0 -> 2.40.1)
Subpackages: git-core git-email git-gui git-svn git-web gitk perl-Git

- git 2.40.1:
  * CVE-2023-25652: By feeding specially crafted input to git apply
  - -reject, a path outside the working tree can be overwritten
    with partially controlled contents (corresponding to the
    rejected hunk(s) from the given patch).
  * CVE-2023-25815: When Git is compiled with runtime prefix
    support and runs without translated messages, it still used
    the gettext machinery to display messages, which subsequently
    potentially looked for translated messages in unexpected
    places. This allowed for malicious placement of crafted
    messages.
  * CVE-2023-29007: When renaming or deleting a section from a
    configuration file, certain malicious configuration values may
    be misinterpreted as the beginning of a new configuration
    section, leading to arbitrary configuration injection.

==== gtk3 ====
Version update (3.24.37 -> 3.24.37+68)
Subpackages: gtk3-data gtk3-immodule-amharic gtk3-immodule-inuktitut gtk3-immodule-thai gtk3-immodule-tigrigna gtk3-immodule-vietnamese gtk3-immodule-xim gtk3-lang gtk3-schema gtk3-tools libgtk-3-0 typelib-1_0-Gtk-3_0

- Update to version 3.24.37+68:
  + application: Clean up signal handlers
  + OLE2 DND: Check if move is supported
  + Address issue 5711 by checking that the context is not NULL
  + wayland:
  - Don't crash without xdg_activation_v1
  - Don't crash on cursor size 0
  + gdkscreen-wayland: Notify initial setting change from
    org.gtk.Settings
  + gdk: Swap Cairo calls when reading back from a GdkWindow
  + Updated translations.
- Deprecate %gtk_immodule_(requires|post|postun) macros defined in
  the macros.gtk3 file. Since we are using RPM file triggers to
  provide their functionality, without nullifying them the commands
  will run twice, once by the file triggers and another time by the
  macros.

==== java-11-openjdk ====
Version update (11.0.18.0 -> 11.0.19.0)
Subpackages: java-11-openjdk-headless

- Upgrade to upsteam tag jdk-11.0.19+7 (April 2023 CPU)
  * Security fixes:
    + JDK-8287404: Improve ping times
    + JDK-8288436: Improve Xalan supports
    + JDK-8294474, CVE-2023-21930, bsc#1210628: Better AES support
    + JDK-8295304, CVE-2023-21938, bsc#1210632: Runtime support
    improvements
    + JDK-8296676, CVE-2023-21937, bsc#1210631: Improve String
    platform support
    + JDK-8296684, CVE-2023-21937, bsc#1210631: Improve String
    platform support
    + JDK-8296692, CVE-2023-21937, bsc#1210631: Improve String
    platform support
    + JDK-8296832, CVE-2023-21939, bsc#1210634: Improve Swing
    platform support
    + JDK-8297371: Improve UTF8 representation redux
    + JDK-8298191, CVE-2023-21954, bsc#1210635: Enhance object
    reclamation process
    + JDK-8298310, CVE-2023-21967, bsc#1210636: Enhance TLS session
    negotiation
    + JDK-8298667, CVE-2023-21968, bsc#1210637: Improved path
    handling
    + JDK-8299129: Enhance NameService lookups
  * Fixes:
    + JDK-6528710: sRGB-ColorSpace to sRGB-ColorSpace Conversion
    + JDK-7188098: TEST_BUG: closed/javax/sound/midi/Synthesizer/
    /Receiver/bug6186488.java fails
    + JDK-8035787: SourcePositions are wrong for Strings
    concatenated with '+' operator
    + JDK-8065097: [macosx] javax/swing/Popup/
    /TaskbarPositionTest.java fails because Popup is one pixel off
    + JDK-8065422: Trailing dot in hostname causes TLS handshake to
    fail with SNI disabled
    + JDK-8129315: java/net/Socket/LingerTest.java and
    java/net/Socket/ShutdownBoth.java timeout intermittently
    + JDK-8144030: [macosx] test java/awt/Frame/
    /ShapeNotSetSometimes/ShapeNotSetSometimes.java fails (again)
    + JDK-8170705: sun/net/www/protocol/http/StackTraceTest.java
    fails intermittently with Invalid Http response
    + JDK-8171405: java/net/URLConnection/ResendPostBody.java
    failed with "Error while cleaning up threads after test"
    + JDK-8179317: [TESTBUG] rewrite runtime shell tests in java
    + JDK-8247741: Test  test/hotspot/jtreg/runtime/7162488/
    /TestUnrecognizedVmOption.java fails when
  - XX:+IgnoreUnrecognizedVMOptions is set
    + JDK-8190492: Remove SSLv2Hello and SSLv3 from default enabled
    TLS protocols
    + JDK-8192931: Regression test java/awt/font/TextLayout/
    /CombiningPerf.java fails
    + JDK-8195057: java/util/concurrent/CountDownLatch/Basic.java
    failed w/ Xcomp
    + JDK-8195716: BootstrapLoggerTest : Executor still alive
    + JDK-8202621: bad test with broken links needs to be updated
    + JDK-8207248: Reduce incidence of
    compiler.warn.source.no.bootclasspath in javac tests
    + JDK-8208077: File.listRoots performance degradation
    + JDK-8209023: fix 2 compiler tests to avoid JDK-8208690
    + JDK-8209115: adjust libsplashscreen linux ppc64le builds for
    easier libpng update
    + JDK-8209774: Refactor shell test
    javax/xml/jaxp/common/8035437/run.sh to java
    + JDK-8209935: Test to cover CodeSource.getCodeSigners()
    + JDK-8210373: Deadlock in libj2gss.so when loading "j2gss" and
    "net" libraries in parallel.
    + JDK-8212165: JGSS: Fix cut/paste error in NativeUtil.c
    + JDK-8212216: JGSS: Fix leak in exception cases in getJavaOID()
    + JDK-8213130: Update ProblemList after verification of jtreg
    tests in Win 7
    + JDK-8213265: fix missing newlines at end of files
    + JDK-8213932: [TESTBUG] assertEquals is invoked with the
    arguments in the wrong order
    + JDK-8214445: [test] java/net/URL/HandlerLoop has illegal
    reflective access
    + JDK-8215372: test/jdk/java/nio/file/DirectoryStream/Basic.java
    not correct when using a glob
    + JDK-8215759: [test] java/math/BigInteger/ModPow.java can
    throw an ArithmeticException
    + JDK-8217353: java/util/logging/LogManager/Configuration/
    /updateConfiguration/HandlersOnComplexResetUpdate.java fails
    with Unexpected reference: java.lang.ref.WeakReference
    + JDK-8217730: Split up MakeBase.gmk
    + JDK-8218133: sun/net/www/protocol/http/ProtocolRedirect.java
    failed with "java.net.ConnectException"
    + JDK-8218431: Improved platform checking in makefiles
    + JDK-8221098: Run java/net/URL/HandlerLoop.java in othervm mode
    + JDK-8221168: java/util/concurrent/CountDownLatch/Basic.java
    fails
    + JDK-8221351: Crash in
    KlassFactory::check_shared_class_file_load_hook
    + JDK-8221621: FindTests.gmk cannot handle "=" in TEST.groups
    comments
    + JDK-8222430: Add tests for ElementKind predicates
    + JDK-8223463: Replace wildcard address with loopback or local
    host in tests - part 2
    + JDK-8223716: sun/net/www/http/HttpClient/MultiThreadTest.java
    should be more resilient to unexpected traffic
    + JDK-8223736: jvmti/scenarios/contention/TC04/tc04t001/
    /TestDescription.java fails due to wrong number of
    MonitorContendedEntered events
    ... changelog too long, skipping 298 lines ...
    + adapt to changed context

==== libalternatives ====
Version update (1.2+3.b848aad -> 1.2+30.a5431e9)
Subpackages: alts libalternatives1

- Update to version v1.2+30.a5431e9: (bsc#1191692)
  * Change license to less restrictive Apache 2.0
  * doc: fixing a few typos
  * Adds option to display target executable only
  * Makefiles and cmake: rework for reproducible build
  * Improve Makefile
  * libalts_exec_default: fix memory leak on error condition
  * libalts_write_binary_configured_priority_to_file: fix memory leak
  * saveConfigData(): fix file descriptor leak in while loop error case
  * loadConfigData(): use goto exit label to prevent file descriptor leaks
  * libalts_load_available_binaries: use goto err: label to fix leaks
  * loadAlternativeForBinary: goto-assisted error handling to avoid leaks
  * checkGroupConsistencies(): explicitly ignore unused `flags`
  * lib: refactor error handling of findAltConfig()
  * utils: fix possible memory leaks on error conditions
  * docs: fix some typos and grammar
  * Update README.md
  * lib: generally open[at] with O_CLOEXEC
  * Fix logic in options parser
  * Add basic Makefile for buidling without cmake
  * Added description for options=KeepArgv0
  * cmake: Express the dependency on CUnit correctly for building tests
  * cmake: Build and install CMake and PkgConfig files
  * cmake: Fix setup of shared linker flags
  * config.h: Fix the version to match the current latest tag

==== libsrtp2 ====

- Enable running the regression tests:
  * Add libsrtp2-test-verbose.patch from the debian folks:
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460534

==== libyui ====
Version update (4.5.1 -> 4.5.2)

- Qt UI: Fixed regression for icon loading (bsc#1210712)
  https://github.com/libyui/libyui/pull/100
- 4.5.2

==== libyui-ncurses ====
Version update (4.5.1 -> 4.5.2)

- Qt UI: Fixed regression for icon loading (bsc#1210712)
  https://github.com/libyui/libyui/pull/100
- 4.5.2

==== libyui-ncurses-pkg ====
Version update (4.5.1 -> 4.5.2)

- Qt UI: Fixed regression for icon loading (bsc#1210712)
  https://github.com/libyui/libyui/pull/100
- 4.5.2

==== libyui-qt ====
Version update (4.5.1 -> 4.5.2)

- Qt UI: Fixed regression for icon loading (bsc#1210712)
  https://github.com/libyui/libyui/pull/100
- 4.5.2

==== libyui-qt-graph ====
Version update (4.5.1 -> 4.5.2)

- Qt UI: Fixed regression for icon loading (bsc#1210712)
  https://github.com/libyui/libyui/pull/100
- 4.5.2

==== libyui-qt-pkg ====
Version update (4.5.1 -> 4.5.2)

- Qt UI: Fixed regression for icon loading (bsc#1210712)
  https://github.com/libyui/libyui/pull/100
- 4.5.2

==== mozjs102 ====

- Add missing copyright in the spec to claim:
  + Frantisek Zatloukal's work from:
    https://src.fedoraproject.org/rpms/mozjs102/blob/rawhide/f/mozjs102.spec
  + Wolfgang Rosenauer's work from:
    https://build.opensuse.org/package/view_file/openSUSE:Leap:42.3/mozjs38/mozjs38.spec?expand=1

==== openvpn ====
Version update (2.5.9 -> 2.6.3)

- update to 2.6.3:
  * For full changelog please refer to:
    https://github.com/OpenVPN/openvpn/blob/v2.6.3/Changes.rst
  * implement byte counter statistics for DCO Linux (p2mp server
    and client)
  * implement byte counter statistics for DCO Windows (client only)
  * '--dns server <n> address ...' now permits up to 8 v4 or v6
    addresses
  * fix a few cases of possibly undefined behaviour detected by ASAN
  * add more unit tests for Windows cryptoapi interface
  * Dynamic TLS Crypt When both peers are OpenVPN 2.6.1+, OpenVPN
    will dynamically create a tls-crypt key that is used for
    renegotiation. This ensure that only the previously authenticated
    peer can do trigger renegotiation and complete renegotiations.
  * Keying Material Exporters (RFC 5705) based key generation
  * As part of the cipher negotiation OpenVPN will automatically prefer
    the RFC5705 based key material generation to the current custom
    OpenVPN PRF. This feature requires OpenSSL or mbed TLS 2.18+.
  * OpenVPN will now work with OpenSSL in FIPS mode. Note, no effort
    has been made to check or implement all the requirements/
    recommendation of FIPS 140-2. This just allows OpenVPN to be run on
    a system that be configured OpenSSL in FIPS mode.
  * mlock will now check if enough memlock-able memory has been reserved,
    and if less than 100MB RAM are available, use setrlimit() to upgrade
    the limit. See Trac #1390. Not available on OpenSolaris.
  * The --peer-fingerprint option has been introduced to give users an
    easy to use alternative to the tls-verify for matching the fingerprint
    of the peer. The option takes use a number of allowed SHA256
    certificate fingerprints.
  * When --peer-fingerprint is used, the --ca and --capath option become
    optional. This allows for small OpenVPN setups without setting up a
    PKI with Easy-RSA or similar software.
  * The --auth-user-pass-verify script supports now deferred authentication.
  * Both auth plugin and script can now signal pending authentication to
    the client when using deferred authentication. The new client-crresponse
    script option and OPENVPN_PLUGIN_CLIENT_CRRESPONSE plugin function can
    be used to parse a client response to a CR_TEXT two factor challenge.
  * The modernisation of defaults can impact the compatibility of OpenVPN
    2.6.0 with older peers. The options --compat-mode allows UIs to provide
    users with an easy way to still connect to older servers.
  * OpenSSL 3.0 has been added. Most of OpenSSL 3.0 changes are not user
    visible but improve general compatibility with OpenSSL 3.0.
  - -tls-cert-profile insecure has been added to allow selecting the lowest
    OpenSSL security level (not recommended, use only if you must). OpenSSL
    3.0 no longer supports the Blowfish (and other deprecated) algorithm by
    default and the new option --providers allows loading the legacy provider
    to renable these algorithms.
  * Ciphers in --data-ciphers can now be prefixed with a ? to mark those as
    optional and only use them if the SSL library supports them.
  * The --mssfix and --fragment options now allow an optional mtu parameter to
    specify that different overhead for IPv4/IPv6 should taken into account
    and the resulting size is specified as the total size of the VPN packets
    including IP and UDP headers.
  * Instead of allocating a connection for each client on the initial packet
    OpenVPN server will now use an HMAC based cookie as its session id. This way
    the server can verify it on completing the handshake without keeping state.
    This eliminates the amplification and resource exhaustion attacks.
    For tls-crypt-v2 clients, this requires OpenVPN 2.6 clients or later because
    the client needs to resend its client key on completing the hand shake.
    The tls-crypt-v2 option allows controlling if older clients are accepted.
- Removed openvpn-fips140-2.3.2.patch

==== setools ====
Version update (4.4.1 -> 4.4.2)

- Update to version 4.4.2:
  * Make NetworkX optional. sedta and seinfoflow tools, along with the
    equivalent analyses in apol require NetworkX.
  * Remove neverallow options in sesearch and apol. These are not usable
    since they are removed in the final binary policy.
- Drop make_networkx_optional.patch, now merged upstream

==== suitesparse ====
Subpackages: libamd2 libcamd2 libccolamd2 libcholmod3 libcolamd2 libsuitesparseconfig5 libumfpack5

- Adjust licenses in SPEC files (bsc#1210879)

==== tracker ====
Version update (3.5.0 -> 3.5.1)
Subpackages: libtracker-sparql-3_0-0 tracker-data-files tracker-lang typelib-1_0-Tracker-3_0

- Update to version 3.5.1:
  + Reintroduce order/distance independent handling of FTS terms.
  + Documentation improvements.
  + Do not prune too early content of failed batches for error
    processing purposes.

==== tracker-miners ====
Version update (3.5.0 -> 3.5.1)
Subpackages: tracker-miner-files tracker-miners-lang

- Update to version 3.5.1:
  + The tracker-extract-3 service moved all SPARQL queries and
    updates to a GResource. Consistently uses
    TrackerSparqlStatement/TrackerResource for updates.
  + Fixes in uniquely identifying files in BTRFS subvolumes.
  + Ensure deletion of files lingering in content graphs.
  + Ensure correct nie:dataSource after moving files between
    indexed folders.
  + Optimize mass removal of deleted files found during
    initialization.
  + Documentation improvements for the miner services.
  + Do not let systemd spuriously start the tracker-extract-3
    service.
  + Test suite fixes.

==== vim ====
Version update (9.0.1443 -> 9.0.1488)
Subpackages: vim-data vim-data-common xxd

- Updated to version 9.0.1488, fixes the following problems
  * Ending Insert mode when accessing a hidden prompt buffer.
  * Crash when passing NULL to setcmdline(). (Andreas Louv)
  * openSUSE: configure doesn't find the Motif library. (Tony Mechelynck)
  * Unnecessary checks for the "skip" flag when skipping.
  * Condition is always true.
  * Diff test fails on MacOS 13.
  * Test for prompt buffer is flaky.
  * Unnecessary redrawing when 'showcmdloc' is not "last".
  * Code using EVAL_CONSTANT is dead, it is never set.
  * Typos in source code and tests.
  * Code indenting is confused by macros.
  * C++ 20 modules are not recognized.
  * Shortmess test depends on order of test execution.
  * No regression test for what patch 9.0.1333 fixes.
  * Buffer overflow when expanding long file name.
  * Typo in name of type.
  * Insufficient testing for getcmdcompltype().
  * Ruler not drawn correctly when using 'rulerformat'.
  * Recursively calling :defer function if it does :qa.
  * Virtual text truncation only works with Unicode 'encoding'.
  * Strace filetype detection is expensive.
  * Haiku build fails.
  * Cannot use an object member name as a method argument.
  * Jenkinsfiles are not recognized as groovy.
  * Recursively calling :defer function if it does :qa in a compiled function.
  * Deferred functions not called from autocommands.
  * Deferred functions invoked in unexpected order when using :qa and
  autocommands.
  * Warnings for function declarations.
  * ":drop fname" may change the last used tab page.
  * Busted configuration files are not recognized.
  * Lines put in non-current window are not displayed. (Marius Gedminas)
  * Crash when recovering from corrupted swap file.
  * Filetypes for *.v files not detected properly.
  * Small source file problems; outdated list of distributed files.
  * Using popup menu may leave text in the command line.
  * Decrypting with libsodium may fail if the library changes.
  * Crash when textprop has a very large "padding" value. (Yegappan Lakshmanan)
  * += operator does not work on class member.
  * Coverity warns for using invalid array index.
  * no functions for converting from/to UTF-16 index.
  * Parallel make might not work.
  * Content-type header for LSP channel not according to spec.
  * xchacha20v2 crypt header is platform dependent.

==== virt-manager ====
Subpackages: virt-install virt-manager-common

- bsc#1201748 - virt-install --graphics vnc fails with not support
  for video model 'virtio'
  virtinst-enable-video-virtio-for-arm.patch
- Drop virtman-check-for-valid-display.patch. This patch is no
  longer required.

==== wxWidgets-3_2-nostl ====
Version update (3.2.1 -> 3.2.2.1)
Subpackages: libwx_baseu-suse-nostl8_0_0 libwx_baseu_net-suse-nostl8_0_0 libwx_baseu_xml-suse-nostl8_0_0 libwx_gtk3u_core-suse-nostl8_0_0 libwx_gtk3u_html-suse-nostl8_0_0 libwx_gtk3u_qa-suse-nostl8_0_0

- Update to version 3.2.2.1:
  * Corrects a regression in 3.2.2 which resulted in not drawing any
    icons for the non-root item of wxGenericTreeCtrl in this release
    (gh#wxWidgets/wxWidgets#23255).
- Changes of version 3.2.2:
  * Fix regression in saving TIFF images that could end up truncated
  * Fix long standing bug in parsing wxHTTP responses.
  * Fix memory leak when destroying wxThread
  * Allow 'T' separator in wxDateTime::ParseDateTime()
  * Add Serbian translations.
  * Fix MT-safety problem in wxZipInputStream
  * Add wxUILocale::GetSystemLocaleId() replacing GetSystemLocale()
  * Fail when setting unsupported "mixed" locale under Unix
  * Improve wxWebView::RunScriptAsync() performance
  * Fix data race when processing events generated in a worker thread.
  * Fix wxGeneric{List,Tree}Ctrl high DPI icons
  * Add macros for event tables for missing wxWebView events
  * Improve month selection in wxGenericCalendarCtrl
  * Fix maximum length of wxPropertyGrid editors
  * Add support for Caps/Num/Scroll Lock to wxGetKeyState()
  * Fix wxToolBar::GetToolBitmapSize() in high DPI under non-MSW
  * Fix resizing wxGLCanvas with EGL and Wayland
  * Fix display artefacts when using AUI without compositor under X11
  * Allow selecting and copying text in wxMessageDialog
  * Fix initial size of top-level window on Wayland
  * Improve size and behaviour of in-place editor in wxTreeCtrl
  * wxQt: Fix creating wxFont using fractional point size

==== xf86-video-ati ====
Version update (19.1.0 -> 22.0.0)

- Update to release 22.0.0
  * Fix link failure with gcc 10
  * Fix spelling/wording issues
  * gitlab CI: enable commit & merge request checks
  * gitlab CI: enable gitlab's builtin static analysis
  * radeon_glamor_wrappers.c: Convert from ISO-8859-1 to UTF-8
  * Don't crash X server if GPU acceleration is not available
  * ati: cleanup terminology to use primary/secondary
  * Don't set SourceValidate pointer to NULL
  * Handle NULL fb_ptr in pixmap_get_fb
  * Guard local variable priv only used with glamor
  * Guard local variable info only used with glamor
  * Add GitLab CI pipeline
  * Only include dri.h with older versions of xserver
  * Fix return value check of drmIoctl()
- supersedes the following patches
  * U_ati-cleanup-terminology-to-use-primary-secondary.patch
  * u_fno-common.patch
  * u_kscreen-rotation-fix.patch

==== xset ====

- Disable building with libXfontcache. xorg-server 1.6 removed the
  corresponding feature, and it seems unlikely and unusual for
  anyone to e.g. ssh from an old Xorg system to a contemporary
  SUSE to attempt to run the (undocumented) `xset fc` command.