Packages changed:
  Mesa
  Mesa-drivers
  MozillaFirefox (108.0.2 -> 109.0)
  container-selinux (2.188.0 -> 2.198.0)
  ctags
  fwupd
  git (2.39.0 -> 2.39.1)
  gnome-software
  highway (1.0.2 -> 1.0.3)
  icewm (3.2.2 -> 3.3.0)
  iptables (1.8.8 -> 1.8.9)
  kernel-firmware
  libeconf (0.5.0 -> 0.5.1)
  libinput (1.22.0 -> 1.22.1)
  libreoffice (7.4.3.2 -> 7.4.4.2)
  libxmlb
  libzypp-plugin-appdata (1.0.1+git.20220816 -> 1.0.1+git.20230117)
  llvm15 (15.0.6 -> 15.0.7)
  mozilla-nss (3.85 -> 3.86)
  mozjs102 (102.6.0 -> 102.7.0)
  multipath-tools
  netpbm
  rubygem-ruby-dbus (0.18.1 -> 0.19.0)
  tpm2-0-tss
  translation-update
  xfsprogs (6.1.0 -> 6.1.1)
  yast2 (4.5.21 -> 4.5.22)
  yast2-network (4.5.11 -> 4.5.12)
  zlib (1.2.12 -> 1.2.13)

=== Details ===

==== Mesa ====
Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1

- Add support for Rusticl - Mesa's new OpenCL implementation.
  * See https://docs.mesa3d.org/rusticl
  You will need to set your environment to use it
  * See https://docs.mesa3d.org/envvars#rusticl-environment-variables
- Compile with gcc12 on Leaps: building drivers fails with:
  /usr/include/dxguids/dxguids.h:70:1: internal compiler error:
  in cxx_eval_bit_field_ref, at cp/constexpr.c:2578
- Fix some deprecation warnings
  * WARNING: option "false" deprecated, please use "disabled" instead.
  * WARNING: option "true" deprecated, please use "enabled" instead.

==== Mesa-drivers ====
Subpackages: Mesa-dri Mesa-gallium Mesa-libva

- Add support for Rusticl - Mesa's new OpenCL implementation.
  * See https://docs.mesa3d.org/rusticl
  You will need to set your environment to use it
  * See https://docs.mesa3d.org/envvars#rusticl-environment-variables
- Compile with gcc12 on Leaps: building drivers fails with:
  /usr/include/dxguids/dxguids.h:70:1: internal compiler error:
  in cxx_eval_bit_field_ref, at cp/constexpr.c:2578
- Fix some deprecation warnings
  * WARNING: option "false" deprecated, please use "disabled" instead.
  * WARNING: option "true" deprecated, please use "enabled" instead.

==== MozillaFirefox ====
Version update (108.0.2 -> 109.0)
Subpackages: MozillaFirefox-translations-common

- Mozilla Firefox 109.0
  MFSA 2023-01 (bsc#1207119)
  * CVE-2023-23597 (bmo#1538028)
    Logic bug in process allocation allowed to read arbitrary
    files
  * CVE-2023-23598 (bmo#1800425)
    Arbitrary file read from GTK drag and drop on Linux
  * CVE-2023-23599 (bmo#1777800)
    Malicious command could be hidden in devtools output on
    Windows
  * CVE-2023-23600 (bmo#1787034)
    Notification permissions persisted between Normal and Private
    Browsing on Android
  * CVE-2023-23601 (bmo#1794268)
    URL being dragged from cross-origin iframe into same tab
    triggers navigation
  * CVE-2023-23602 (bmo#1800890)
    Content Security Policy wasn't being correctly applied to
    WebSockets in WebWorkers
  * CVE-2023-23603 (bmo#1800832)
    Calls to <code>console.log</code> allowed bypasing Content
    Security Policy via format directive
  * CVE-2023-23604 (bmo#1802346)
    Creation of duplicate <code>SystemPrincipal</code> from less
    secure contexts
  * CVE-2023-23605 (bmo#1764921, bmo#1802690, bmo#1806974)
    Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
  * CVE-2023-23606 (bmo#1764974, bmo#1798591, bmo#1799201,
    bmo#1800446, bmo#1801248, bmo#1802100, bmo#1803393,
    bmo#1804626, bmo#1804971, bmo#1807004)
    Memory safety bugs fixed in Firefox 109
- requires NSS 3.86
- rebased patches

==== container-selinux ====
Version update (2.188.0 -> 2.198.0)

- Update to version 2.198.0:
  * Fix spc_t transition rules on tmpfs_t
- Changes from 2.197.0:
  * Add boolean containers_use_ecryptfs policy
- Changes from 2.195.1:
  * Readd missing allow rules for container_t
- Changes from 2.194.0:
  * Allow syslogd_t to use tmpfs files created by container runtime
- Changes from 2.193.0:
  * Allow containers to mount tmpfs_t file systems
  * Label spc_t as a init initrc daemon
  * Allow userdomains to run containers
- Changes from 2.191.0:
  * Create container_logwriter_t type
- Changes from 2.190.1:
  * Support BuildKit
  * container.fc: Set label for kata-agent
  * support nerdctl
- Changes from 2.190.0:
  * Packit: initial enablement
  * Allow iptables to list directories labeled as container_file_t
- Changes from 2.189.0:
  * Dont audit searching other processes in /proc.

==== ctags ====

- CVE-2022-4515.patch: fixes arbitrary command execution via
  a tag file with a crafted filename (bsc#1206543, CVE-2022-4515)
- Stop resetting ctags update-alternative priority back to auto.
  These are admin settings.
- Remove u-a links in the correct scriptlet

==== fwupd ====
Subpackages: fwupd-bash-completion fwupd-lang libfwupd2 typelib-1_0-Fwupd-2_0

- Fix error generating grub.cfg when an update is available.
  + uefi-capsule-Do-not-call-grub2-probe-without-argumen.patch

==== git ====
Version update (2.39.0 -> 2.39.1)

- git 2.39.1, fixing two security issues that could allow remote
  code execution when accessing specially crafted repositories:
  * CVE-2022-41903: log format integer overflow boo#1207033
  * CVE-2022-23521: gitattributed parsing integer overflow
    boo#1207032

==== gnome-software ====
Subpackages: gnome-software-lang gnome-software-plugin-packagekit

- Also add download.opensuse.org-non-oss (NON-OSS repo)
  download.opensuse.org-oss (OSS repo), and
  download.opensuse.org-tumbleweed (Update repo) to
  software-opensuse.gschema.override, declaring them also
  official repositories (the names match the ones picked by the NET
  installer).

==== highway ====
Version update (1.0.2 -> 1.0.3)

- Update to release 1.0.3
  * Add RearrangeToOddPlusEven, Xor3, 8-bit CompressStore,
    HWY_ASSUME
  * Add contrib/bit_pack for 8/16-bit lanes
  * Update for new RVV intrinsics; faster WASM min/max and
    extmul/q15mul

==== icewm ====
Version update (3.2.2 -> 3.3.0)
Subpackages: icewm-config-upstream icewm-default icewm-lang

- Update to 3.3.0:
  * Prevent a derefence of a null-Pixel in xftColor.
  * Add "getClass" and "setClass" commands to icesh.
  * Support tabs in task grouping.
  * Use spaces instead of dots when printing WM_COMMAND.
  * When a focused window hides or rolls up, focus some other window.
  * When looking for a focusable window, avoid rolled up windows.
  * Fix for setting focus on passive motif dialogs
  * Fallback to rolled up windows in the second pass of getLastFocus.
  * Use CurrentTime when setting focus to a passive client in the timeout.
  * On icon not found, report dimensions.
  * Don't refocus a focused window in focusLastWindow.
  * Don't activate an active window when receiving an activation message.
  * Ignore duplicate map requests.
  * Let icesh implicitly select windows at most once.
  * Add support for nanosvg for issue #695.
  * Add preference ToolTipIcon=1 for issue #637.
  * Add nanosvg to .gitignore.
  * Remove unneeded logevent from icesh.
- Remove unknown options from configure
- Rebase icewm-preferences.patch
- update to 3.2.3:
  * Only freeze the task pane layout when a button was removed,
  * which fixes the KeySysWorkspaceNext+Prev+Last bug.
  * Ensure that a task button is updated once it is mapped,
  * which prevents stale task button titles.
  * Show a big icon in the tooltip of a toolbar button and the tray.
  * All of the winoptions are now fully tab-aware.
  * More documentation about tabbing in the icewm manpage.
  * Document the "workspace" directory for icons on workspace buttons.
  * Add "loadicon" and "saveicon" commands to icesh.
  * Updated translations: Catalan, Dutch, Slovak, Japanese,
  * Portuguese + Brazil, Macedonian.

==== iptables ====
Version update (1.8.8 -> 1.8.9)
Subpackages: libip4tc2 libip6tc2 libxtables12 xtables-plugins

- Update to release 1.8.9
  * arptables-nft: Support --exact flag
  * Support more chunk types in the "sctp" extension
  * Print `--` in ip6tables' "opt" column for consistency with
    iptables
  * More verbose error messages if iptables-nft-restore fails
  * Support `-p Length` with ebtables-nft,
    needed for 802_3 extension.

==== kernel-firmware ====
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd

- Correct alias list for ACPI entries (bsc#1207211)

==== libeconf ====
Version update (0.5.0 -> 0.5.1)

- Update to version 0.5.1:
  * Reading files in /usr/_vendor_/_example_._suffix_.d/* regardless
    there is a /etc/_example_._suffix_ file. (#175)

==== libinput ====
Version update (1.22.0 -> 1.22.1)
Subpackages: libinput-udev libinput10

- Update to release 1.22.1:
  * This version includes quirks for laptops from Apple and Dell,
    as well as for the Glorious Model 0 mouse. It also backports a
    meson fix for use of libinput as subproject and a fix for
    libinput debug-events not flushing the output, resulting in
    truncated information.
  * Finally, the tablet touch arbitration rectangle was increased
    by 50mm in both directions to reduce the number of misdetected
    touches.
- Use ldconfig_scriptlets macro for post(un) handling.

==== libreoffice ====
Version update (7.4.3.2 -> 7.4.4.2)
Subpackages: libreoffice-base libreoffice-branding-upstream libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit

- Update to 7.4.4.2:
  https://wiki.documentfoundation.org/Releases/7.4.4/RC2
  https://wiki.documentfoundation.org/Releases/7.4.4/RC1
- Updated bundled dependencies:
  * poppler-22.09.0.tar.xz -> poppler-22.12.0.tar.xz

==== libxmlb ====

- build hwcaps optimized libraries

==== libzypp-plugin-appdata ====
Version update (1.0.1+git.20220816 -> 1.0.1+git.20230117)

- Update to version 1.0.1+git.20230117:
  * InstallAppdata: use subprocess.run instead of os.system (CVE-2023-22643)
- Update to version 1.0.1+git.20220909:
  * Add dist directory, for openSUSE packaging

==== llvm15 ====
Version update (15.0.6 -> 15.0.7)

- Update to version 15.0.7.
  * This release contains bug-fixes for the LLVM 15.0.0 release.
    This release is API and ABI compatible with 15.0.0.
- Rebase llvm-do-not-install-static-libraries.patch.
- Build stage 2 with -fno-plt on x86_64: since building with
  - Wl,-z,now the PLT stubs are basically dead code, so eliminating
  the indirection reduces the number of branches and improves code
  locality for the quite frequent cross-DSO calls.
- Add llvm-workaround-superfluous-branches.patch: hints LLVM to
  eliminate branches until gh#llvm/llvm-project#28804 is solved.

==== mozilla-nss ====
Version update (3.85 -> 3.86)
Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs

- update to NSS 3.86
  * bmo#1803190 - conscious language removal in NSS
  * bmo#1794506 - Set nssckbi version number to 2.60
  * bmo#1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and
    CKA_NSS_EMAIL_DISTRUST_AFTER for 3
    TrustCor Root Certificates
  * bmo#1799038 - Remove Staat der Nederlanden EV Root CA from NSS
  * bmo#1797559 - Remove EC-ACC root cert from NSS
  * bmo#1794507 - Remove SwissSign Platinum CA - G2 from NSS
  * bmo#1794495 - Remove Network Solutions Certificate Authority
  * bmo#1802331 - compress docker image artifact with zstd
  * bmo#1799315 - Migrate nss from AWS to GCP
  * bmo#1800989 - Enable static builds in the CI
  * bmo#1765759 - Removing SAW docker from the NSS build system
  * bmo#1783231 - Initialising variables in the rsa blinding code
  * bmo#320582 - Implementation of the double-signing of the message
    for ECDSA
  * bmo#1783231 - Adding exponent blinding for RSA.

==== mozjs102 ====
Version update (102.6.0 -> 102.7.0)

- Update to version 102.7.0:
  + Various stability, functionality, and security fixes.
  + CVE-2022-46871: libusrsctp library out of date.
  + CVE-2023-23598: Arbitrary file read from GTK drag and drop on
    Linux.
  + CVE-2023-23599: Malicious command could be hidden in devtools
    output on Windows.
  + CVE-2023-23601: URL being dragged from cross-origin iframe into
    same tab triggers navigation.
  + CVE-2023-23602: Content Security Policy wasn't being correctly
    applied to WebSockets in WebWorkers.
  + CVE-2022-46877: Fullscreen notification bypass.
  + CVE-2023-23603: Calls to <code>console.log</code> allowed
    bypasing Content Security Policy via format directive.
  + CVE-2023-23605: Memory safety bugs fixed in Firefox 109 and
    Firefox ESR 102.7.

==== multipath-tools ====
Subpackages: kpartx libmpath0

- Fix "rpm --verify" (bsc#1207232)

==== netpbm ====
Subpackages: libnetpbm11

- Drop patch big-endian.patch, already in upstream since 10.87.00

==== rubygem-ruby-dbus ====
Version update (0.18.1 -> 0.19.0)

- 0.19.0
  API:
  * Added a ObjectManager mix-in to implement the service-side
  ObjectManager interface.
  Bug fixes:
  * dbus_attr_accessor and friends validate the signature
  * (gh#mvidner/ruby-dbus#120).
  * Declare the Introspectable interface in exported
  * objects (gh#mvidner/ruby-dbus#99).
  * Do reply with an error when calling a nonexisting object
  with an existing path prefix (gh#mvidner/ruby-dbus#121).

==== tpm2-0-tss ====
Subpackages: libtss2-esys0 libtss2-fapi1 libtss2-mu0 libtss2-rc0 libtss2-sys1 libtss2-tcti-device0 libtss2-tctildr0

- add 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch: fixes
  CVE-2023-22745 (bsc#1207325): Buffer Overlow in TSS2_RC_Decode. Overly large
  RC values passed to the TSS2 function could lead to memory overread or
  memory overread.
  This patch is not yet part of any upstream git tag.

==== translation-update ====
Subpackages: translation-update-cs translation-update-da translation-update-de translation-update-el translation-update-en_GB translation-update-es translation-update-fr translation-update-hu translation-update-it translation-update-ja translation-update-pl translation-update-pt translation-update-pt_BR translation-update-ru translation-update-zh_CN translation-update-zh_TW

- Update translation list (add az, ms and oc).

==== xfsprogs ====
Version update (6.1.0 -> 6.1.1)

- update to 6.1.1:
  - scrub: fix warnings/errors due to missing include
  - debian: Add missing pkg version to the changelog

==== yast2 ====
Version update (4.5.21 -> 4.5.22)
Subpackages: yast2-logs

- Replace transitional %usrmerged macro with regular version check (boo#1206798)
- 4.5.22

==== yast2-network ====
Version update (4.5.11 -> 4.5.12)

- Copy only the specific backend configuration to the target system
  having a clean installation (bsc#1206723)
- 4.5.12

==== zlib ====
Version update (1.2.12 -> 1.2.13)
Subpackages: libminizip1 libz1

- Update to 1.13:
  * Fix configure issue that discarded provided CC definition
  * Correct incorrect inputs provided to the CRC functions
  * Repair prototypes and exporting of new CRC functions
  * Fix inflateBack to detect invalid input with distances too far
  * Have infback() deliver all of the available output up to any error
  * Fix a bug when getting a gzip header extra field with inflate()
  * Fix bug in block type selection when Z_FIXED used
  * Tighten deflateBound bounds
  * Remove deleted assembler code references
  * Various portability and appearance improvements
- Added patches:
  * zlib-1.2.13-IBM-Z-hw-accelerated-deflate-s390x.patch
  * zlib-1.2.13-fix-bug-deflateBound.patch
  * zlib-1.2.13-optimized-s390.patch
- Refreshed patches:
  * zlib-1.2.12-add-optimized-slide_hash-for-power.patch
  * zlib-1.2.12-add-vectorized-longest_match-for-power.patch
  * zlib-1.2.12-s390-vectorize-crc32.patch
- Removed patches:
  * zlib-1.2.12-fix-configure.patch
  * zlib-1.2.12-IBM-Z-hw-accelerated-deflate-s390x.patch
  * zlib-1.2.12-optimized-crc32-power8.patch
  * zlib-1.2.12-correct-inputs-provided-to-crc-func.patch
  * zlib-1.2.12-fix-CVE-2022-37434.patch
  * zlib-1.2.11-optimized-s390.patch