Packages changed:
  libqt5-qtwebengine (5.15.9 -> 5.15.10)
  openvpn (2.5.6 -> 2.5.7)
  python-gobject
  python-importlib-metadata (4.11.3 -> 4.11.4)
  python-jsonpointer (2.2 -> 2.3)
  runc (1.1.2 -> 1.1.3)
  udisks2

=== Details ===

==== libqt5-qtwebengine ====
Version update (5.15.9 -> 5.15.10)

- Update to version 5.15.10:
  * Fix top level build with no widget
  * Fix read-after-free on EGL extensions
  * Update Chromium
  * Add workaround for unstable gn on macOS in ci
  * Pass archiver to gn build
  * Fix navigation to non-local URLs
  * Add support for universal builds for qtwebengine and qtpdf
  * Enable Apple Silicon support
  * Fix cross compilation x86_64->arm64 on mac
  * Bump version to 5.15.10
  * CustomDialogs: Make custom input fields readable in dark mode
  * CookieBrowser: Make alternating rows readable in dark mode
  * Update Chromium:
  * Bump V8_PATCH_LEVEL
  * Fix clang set-but-unused-variable warning
  * Fix mac toolchain python linker script call
  * Fix missing dependency for gpu sources
  * Fix python calls
  * Fix undefined symbol for universal link
  * Quick fix for regression in service workers by reverting
    backports
  * [Backport] CVE-2022-0797: Out of bounds memory access
    in Mojo
  * [Backport] CVE-2022-1125
  * [Backport] CVE-2022-1138: Inappropriate implementation
    in Web Cursor.
  * [Backport] CVE-2022-1305: Use after free in storage
  * [Backport] CVE-2022-1310: Use after free in regular
    expressions
  * [Backport] CVE-2022-1314: Type Confusion in V8
  * [Backport] CVE-2022-1493: Use after free in Dev Tools
  * [Backport] On arm64 hosts, set host_cpu to 'arm64', not 'arm'
  * [Backport] Security Bug 1296876
  * [Backport] Security bug 1269999
  * [Backport] Security bug 1280852
  * [Backport] Security bug 1292905
  * [Backport] Security bug 1304659
  * [Backport] Security bug 1306507

==== openvpn ====
Version update (2.5.6 -> 2.5.7)

- update to 2.5.7:
  * Limited OpenSSL 3.0 support
  * print OpenSSL error stack if decoding PKCS12 file fails
  * fix omission of cipher-negotiation.rst in tarballs
  * fix errno handling on Windows (Windows has different classes of
    error codes, GetLastError() and C runtime errno, these should now
    be handled correctly)
  * fix PATH_MAX build failure in auth-pam.c
  * fix t_net.sh self-test leaving around stale "ovpn-dummy0" interface
  * fix overlong path names, leading to missing pkcs11-helper patch
    in tarball

==== python-gobject ====
Subpackages: python38-gobject python38-gobject-Gdk python38-gobject-cairo

- Add dependency on python-cairo to python-gobject-cairo: The
  introspection wrapper needs the actual pycairo underneath
  (boo#1179584).

==== python-importlib-metadata ====
Version update (4.11.3 -> 4.11.4)

- update to 4.11.4:
  * #379: In ``PathDistribution._name_from_stem``, avoid including
  parts of the extension in the result.
  * #381: In ``PathDistribution._normalized_name``, ensure names
  loaded from the stem of the filename are also normalized, ensuring
  duplicate entry points by packages varying only by non-normalized
  name are hidden.

==== python-jsonpointer ====
Version update (2.2 -> 2.3)

- update to 2.3:
  * Support setting - for arrays
  * Add join and / operator
  * Fix invalid escape sequences

==== runc ====
Version update (1.1.2 -> 1.1.3)

- Update to runc v1.1.3. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.1.3.
  (Includes a fix for bsc#1200088.)
  * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on
    s390 and s390x. This solves the issue where syscalls the host kernel did not
    support would return `-EPERM` despite the existence of the `-ENOSYS` stub
    code (this was due to how s390x does syscall multiplexing).
  * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as
    intended; this fix does not affect runc binary itself but is important for
    libcontainer users such as Kubernetes.
  * Inability to compile with recent clang due to an issue with duplicate
    constants in libseccomp-golang.
  * When using systemd cgroup driver, skip adding device paths that don't exist,
    to stop systemd from emitting warnings about those paths.
  * Socket activation was failing when more than 3 sockets were used.
  * Various CI fixes.
  * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container.
  * runc static binaries are now linked against libseccomp v2.5.4.
- Remove upstreamed patches:
  - bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch

==== udisks2 ====
Subpackages: libudisks2-0

- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
  * harden_udisks2-zram-setup@.service.patch
  * harden_udisks2.service.patch