Packages changed:
  MozillaFirefox (95.0.2 -> 96.0)
  fetchmail
  gnome-desktop (41.2 -> 41.3)
  gnome-shell (41.2 -> 41.3)
  hdparm (9.62 -> 9.63)
  libpipeline (1.5.3 -> 1.5.5)
  mtr (0.94 -> 0.95)
  mutter (41.2 -> 41.3)
  qpdf
  rdma-core (38.0 -> 38.1)
  sssd
  tcsh (6.23.00 -> 6.23.02)
  vim (8.2.3995 -> 8.2.4063)
  wayland (1.19.0 -> 1.20.0)
  xen

=== Details ===

==== MozillaFirefox ====
Version update (95.0.2 -> 96.0)
Subpackages: MozillaFirefox-translations-common

- Mozilla Firefox 96.0
  * https://www.mozilla.org/en-US/firefox/96.0/releasenotes
  MFSA 2022-01 (bsc#1194547)
  * CVE-2022-22746 (bmo#1735071)
    Calling into reportValidity could have lead to fullscreen
    window spoof
  * CVE-2022-22743 (bmo#1739220)
    Browser window spoof using fullscreen mode
  * CVE-2022-22742 (bmo#1739923)
    Out-of-bounds memory access when inserting text in edit mode
  * CVE-2022-22741 (bmo#1740389)
    Browser window spoof using fullscreen mode
  * CVE-2022-22740 (bmo#1742334)
    Use-after-free of ChannelEventQueue::mOwner
  * CVE-2022-22738 (bmo#1742382)
    Heap-buffer-overflow in blendGaussianBlur
  * CVE-2022-22737 (bmo#1745874)
    Race condition when playing audio files
  * CVE-2021-4140 (bmo#1746720)
    Iframe sandbox bypass with XSLT
  * CVE-2022-22750 (bmo#1566608)
    IPC passing of resource handles could have lead to sandbox
    bypass
  * CVE-2022-22749 (bmo#1705094)
    Lack of URL restrictions when scanning QR codes
  * CVE-2022-22748 (bmo#1705211)
    Spoofed origin on external protocol launch dialog
  * CVE-2022-22745 (bmo#1735856)
    Leaking cross-origin URLs through securitypolicyviolation
    event
  * CVE-2022-22744 (bmo#1737252)
    The 'Copy as curl' feature in DevTools did not fully escape
    website-controlled data, potentially leading to command
    injection
  * CVE-2022-22747 (bmo#1735028)
    Crash when handling empty pkcs7 sequence
  * CVE-2022-22736 (bmo#1742692)
    Potential local privilege escalation when loading modules
    from the install directory.
  * CVE-2022-22739 (bmo#1744158)
    Missing throttling on external protocol launch dialog
  * CVE-2022-22751 (bmo#1664149, bmo#1737816, bmo#1739366,
    bmo#1740274, bmo#1740797, bmo#1741201, bmo#1741869,
    bmo#1743221, bmo#1743515, bmo#1745373, bmo#1746011)
    Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5
  * CVE-2022-22752 (bmo#1740534, bmo#1741210, bmo#1742770)
    Memory safety bugs fixed in Firefox 96
- removed obsolete patches
  * mozilla-bmo1745560.patch
  * mozilla-bmo1744896.patch
  * mozilla-sandbox-fips.patch
- requires
  NSPR >= 4.33
  NSS  >= 3.73.1

==== fetchmail ====
Subpackages: fetchmailconf

- fix [bsc#1194203]:
  * Always create fetchmail group, even if the user is already
  present, as a leftover from Leap 15.2 upgrade. This may happen
  also if user is messing with groups/users directly or upgrading
  from even an older fetchmail versions.

==== gnome-desktop ====
Version update (41.2 -> 41.3)
Subpackages: gnome-desktop-lang gnome-version libgnome-desktop-3-19 libgnome-desktop-3_0-common typelib-1_0-GnomeDesktop-3_0

- Update to version 41.3:
  + No changes, version bump only.

==== gnome-shell ====
Version update (41.2 -> 41.3)
Subpackages: gnome-extensions gnome-shell-calendar gnome-shell-lang

- Update to version 41.3:
  + Improve window tracking
  + Simplify scroll fade shader to work with old hardware
  + Tweak (un)minimize animations
  + Don't wake up screen in DND mode
  + Fix immediately withdrawn notifications getting stuck
  + Honor XDG SingleMainWindow key in .desktop files
  + Fixed crashes
  + Misc. bug fixes and cleanups
  + Updated translations.
- Modernize our Supplements in gnome-shell-calendar sub-package.

==== hdparm ====
Version update (9.62 -> 9.63)

- Update to 9.63:
  * new --sanitize-overwrite-passes flag, courtesy Michal Grzedzicki.
  * "Plurals patch" from Martin Guy.

==== libpipeline ====
Version update (1.5.3 -> 1.5.5)

- Update to 1.5.5:
  * Move release process to GitLab CI.
- Back to download from savannah.nongnu.org for a fully bootstrapped
  tar ball without the need of autoconfig and gl
  Compare https://gitlab.com/cjwatson/libpipeline/-/releases
  and     https://gitlab.com/cjwatson/libpipeline/-/packages/4425007
- Use autoconf
- update to 1.5.4:
  * Building libpipeline now requires Autoconf >= 2.64.
  * Developmed moved to Gitlab

==== mtr ====
Version update (0.94 -> 0.95)

- update to 0.95:
  * loads of fixes,
  see https://raw.githubusercontent.com/traviscross/mtr/v0.95/NEWS
- mtr-0.75-manmtr.patch, mtr-0.87-manxmtr.patch: refreshed to apply
  again

==== mutter ====
Version update (41.2 -> 41.3)
Subpackages: mutter-lang

- Update to version 41.3:
  + Check keyboard serials for activation
  + Fix mixed up refresh rates in multi-monitor setups
  + Allow disabling HW cursors
  + Improve damage handling
  + Consider xrandr flags for advertised modes
  + Ensure constraints after client resize
  + window-group: Disable culling when rendinging clone to
    offscreen buffer
  + Fix workspace switch animation in default plugin
  + Fix unfullscreening of window that were mapped fullscreen
  + Fix DMA-BUF screencasts with unredirected fullscreen windows
  + Fix orientation changes on devices with 90°
  + Fixed crashes
  + Plugged leaks
  + Misc. bug fixes and cleanups.
- Drop patches fixed upstream:
  + mutter-allow-disable-hardware-cursors.patch
  + mutter-initialize-saved_rect_fullscreen.patch
- Renumber patches yet again.

==== qpdf ====

- add fix-signedness-warning.patch (build for aarch64)

==== rdma-core ====
Version update (38.0 -> 38.1)
Subpackages: libefa1 libibverbs libibverbs1 libmlx4-1 libmlx5-1 librdmacm1 rdma-ndd

- Update to v38.1
  - Major fixes for hns provider

==== sssd ====
Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-32bit sssd-krb5-common sssd-ldap

- Remove libsmbclient-devel BuildRequires in favor of
  pkgconfig(smbclient)

==== tcsh ====
Version update (6.23.00 -> 6.23.02)
Subpackages: tcsh-lang

- Update to tcsh 6.23.02
  9. Make the \U escape up to 8 hex digits.
  8. V6.23.01 - 20211209
  7. add \cc and \Uhhh, and document escape sequences
  6. add $'string with escapes' ("dollar-single-quotes") (Kimmo Suominen)
  5. don't glob the filetest builtin arguments twice
  4. remove the duplicate echo escape parsing code and use parseescape
  3. add \x{hh} \xhh \uhhh (H.Merijn Brand)
  2. fix and document ln=target
  1. Merge in patches from pkgsrc:
  - Modernize the installation targets so that they use INSTALL_DATA,
    INSTALL_PROGRAM, and MKDIR_P.
  - Enable SYSMALLOC and SHORT_STRINGS on NetBSD.
  - Enable NO_FIX_MALLOC and SHORT_STRINGS on OpenBSD.
- Port patches
  * tcsh-6.17.06-dspmbyte.dif
  * tcsh-6.18.03-catalogs.dif
  * tcsh-6.21.00.dif

==== vim ====
Version update (8.2.3995 -> 8.2.4063)
Subpackages: gvim vim-data vim-data-common

- Updated to version 8.2.4063, fixes the following problems
- fixes boo#1194559 CVE-2022-0156
  * Not all sshconfig files are detected as such.
  * Vim9: type checking for list and dict lacks information about declared
  type.
  * Vim9: not enough testing for extend() and map().
  * Asan error for adding zero to NULL.
  * Redundant check for NUL byte.
  * Coverity warns for checking for NULL pointer after using it.
  * Insert complete code uses global variables.
  * First char typed in Select mode can be wrong.
  * Error messages are spread out.
  * Old compiler complains about struct init with variable.
  * Error messages are spread out.
  * Vim9: crash when declaring variable on the command line.
  * Session does not restore help buffer properly when "options' is missing
  from 'sessionoptions'.
  * Error messages are spread out.
  * Reading one byte beyond the end of the line.
  * Error messages are spread out.
  * Test fails because of changed error number.
  * Error messages are spread out.
  * Build failure without the spell feature.
  * Git and gitcommit file types not properly recognized.
  * Build failure with tiny features. (Tony Mechelynck)
  * Vim9: incorrect error for argument that is shadowing var.
  * Gcc warns for misleading indent in Athena menu code.
  * ml_get error when win_execute redraws with Visual selection.
  * Vim9: import mechanism is too complicated.
  * Debugger test fails.
  * Missing part of the :import changes.
  * Two error messages in the wrong file.
  * Using uninitialized variable.
  * Confusing error message if imported name is used directly.
  * Error for import not ending in .vim does not work for .vimrc.
  * ml_get error with specific win_execute() command. (Sean Dewar)
  * ml_get error with :doautoall and Visual area. (Sean Dewar)
  * Debugging NFA regexp my crash, cached indent may be wrong.
  * A script local funcref is not found from a mapping.
  * Crash in xterm with only two lines. (Dominique Pellé)
  * ATTRIBUTE_NORETURN is not needed.
  * Running filetype tests leaves directory behind.
  * Coverity warns for possibly using a NULL pointer.
  * Timer triggered at the debug prompt may cause trouble.
  * Vim9: script test file is getting too long.
  * Insert mode completion is insufficiently tested.
  * Various code not used when features are disabled.
  * The xdiff library is linked in even when not used.
  * Keeping track of allocated lines in user functions is too complicated.
  * Using unitialized pointer.
  * Vim9: build error.
  * Using int for second argument of ga_init2().
  * Vim9: no error when importing the same script twice.
  * Some global functions are only used in one file.
  * Some error messages not in the right place.
  * Depending on the build features error messages are unused.
  * gcc complains about use of "%p" in printf.
  * Vim9: reading before the start of the line with "$" by itself.
  * Vim9: need to prefix every item in an autoload script.
  * Compiler complains about possibly uninitialized variable.
  * Not easy to resize a window from a plugin.
  * Vim9: autoload mechanism doesn't fully work yet.
  * Vim9 script test fails.
  * Vim9: line break in expression causes v:errmsg to be filled. (Yegappan
  Lakshmanan)
  * Vim9: memory leak when exporting function in autoload script.
  * Vim9: not fully implementing the autoload mechanism.
  * Vim9: import test failure in wrong line.
  * Vim9: an expression of a map cannot access script-local items. (Maxim Kim)
  * win_execute() is slow on systems where getcwd() or chdir() is slow. (Rick
  Howe)
  * Codecov bash script is deprecated.
  * Match highlighting of tab too short.
  * Vim9: exported function in autoload script not found. (Yegappan Lakshmanan)

==== wayland ====
Version update (1.19.0 -> 1.20.0)
Subpackages: libwayland-client0 libwayland-cursor0 libwayland-egl1 libwayland-server0

- Add wayland-shm-Close-file-descriptors-not-needed.patch: For
  platforms that support mremap(), we don't need to hold file
  descriptors all the time, because programs like Xwayland will
  hold a lot of file descriptors and may crash, this patch close
  file descriptors earlier for those platforms (bsc#1194190).
- obsolete/provide libwayland-egl-devel 18.0.2 also on sle15-sp4
- Update to release 1.20
  * A few protocol additions: wl_surface.offset allows clients to
    update a surface's buffer offset independently from the
    buffer, wl_output.name and description allow clients to
    identify outputs without depending on xdg-output-unstable-v1.
  * In protocol definitions, events have a new "type" attribute
    and can now be marked as destructors.
  * A number of bug fixes, including a race condition when
    destroying proxies in multi-threaded clients.

==== xen ====
Subpackages: xen-libs xen-tools xen-tools-domU

- bsc#1193307 - pci backend does not exist when attach a vf to a pv
  guest
  libxl-Fix-PV-hotplug-and-stubdom-coldplug.patch
  Drop libxl-PCI-defer-backend-wait.patch