Packages changed:
  MozillaFirefox (149.0 -> 149.0.2)
  openSUSE-release (20260408 -> 20260409)
  protobuf-c
  python-pygit2 (1.19.1 -> 1.19.2)
  sdbootutil (1+git20260407.f1134c1 -> 1+git20260408.db91528)
  virtualbox
  virtualbox-kmp

=== Details ===

==== MozillaFirefox ====
Version update (149.0 -> 149.0.2)
Subpackages: MozillaFirefox-branding-upstream MozillaFirefox-translations-common

- Mozilla Firefox 149.0.2
  MFSA 2026-25
  * CVE-2026-5732 (bmo#2017867)
    Incorrect boundary conditions, integer overflow in the
    Graphics: Text component
  * CVE-2026-5733 (bmo#2022554)
    Incorrect boundary conditions in the Graphics: WebGPU component
  * CVE-2026-5731 (bmo#2021894, bmo#2022225, bmo#2022252, bmo#2022294,
    bmo#2023007, bmo#2023130, bmo#2023191, bmo#2023364, bmo#2023829,
    bmo#2024074, bmo#2024417, bmo#2024433, bmo#2024436, bmo#2024437,
    bmo#2024453, bmo#2024461, bmo#2024462, bmo#2024472, bmo#2024474,
    bmo#2024477, bmo#2025364, bmo#2025401, bmo#2025402, bmo#2025472,
    bmo#2026287, bmo#2026299, bmo#2026305, bmo#2026426)
    Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR
    140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and
    Thunderbird 149.0.2
  * CVE-2026-5734 (bmo#2022369, bmo#2023026, bmo#2023545, bmo#2023555,
    bmo#2023958, bmo#2025422, bmo#2025468, bmo#2025492, bmo#2025505)
    Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird
    ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2
  * CVE-2026-5735 (bmo#2025475, bmo#2025477)
    Memory safety bugs fixed in Firefox 149.0.2 and Thunderbird
    149.0.2
  * Enterprise: Introduced a new enterprise policy that allows
    administrators to directly manage and control AI-related
    features within Firefox. (bmo#2019983)
  * Enterprise: Fixed an issue where enterprise policies for the
    browser homepage and start page were not being applied
    correctly. (bmo#2027888)
  * Enterprise: Introduced a new enterprise policy that allows
    administrators to prevent the built-in VPN and IP protection
    features from being available to users. (bmo#2022365)
  * Fixed: Fixed an issue where certain parts of web pages, such
    as drop-down menus and specific styles, did not appear
    correctly when printing. (bmo#2026109)
  * Fixed: Fixed an issue where some website error pages
    displayed generic connection messages instead of the specific
    error code and description provided by the server. (bmo#2023800)
  * Fixed: Fixed a crash that occurred when using certain
    security keys or WebAuthn features for two-factor
    authentication. (bmo#2026688)
  * Fixed: Fixed an issue on Linux where the browser toolbar
    could become unresponsive to mouse clicks after dragging a
    tab when using Wayland. (bmo#2022238)
  * Fixed: Fixed a layout issue where text inside certain
    graphics (SVG) appeared shifted or misaligned from its
    intended position. (bmo#2024647)
  * Fixed: Fixed an issue where the "Send to device" option
    failed to work when used from the Open Tabs section in
    Firefox View. (bmo#2023201)
- Building on Leap definitely needs to be clang based; define
  clang_build appropriately. To make clang find a suitable STL
  library, explicitly BuildRequire libstdc++6-devel-gcc?? which
  corresponds to the version of which gcc would be used.

==== openSUSE-release ====
Version update (20260408 -> 20260409)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd

- automatically generated by openSUSE-release-tools/pkglistgen

==== protobuf-c ====

- Add 0001-Fix-compilation-against-protobuf-v34.patch

==== python-pygit2 ====
Version update (1.19.1 -> 1.19.2)

- update to 1.19.2:
  * Fix refcount and error handling issues in
    `filter_register(...)`
  * Fix config with valueless keys
  * New `Repository.load_filter_list(...)` and `FilterList`
  * New `Odb.read_header(...)` and now `Odb.read(...)` returns
    `enums.ObjectType` instead of int

==== sdbootutil ====
Version update (1+git20260407.f1134c1 -> 1+git20260408.db91528)
Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper

- Update to version 1+git20260408.db91528:
  * Find /etc/os-release and machine-id in mkosi
  * Drop reference to systemd-experimental
  * Fix set-default-snapshot when snapshots are not present

==== virtualbox ====

- Fixes for KMP build on openSUSE Leap 16.1 (bsc#1242207)
  leap16.1-kmp-fixes.patch

==== virtualbox-kmp ====

- Fixes for KMP build on openSUSE Leap 16.1 (bsc#1242207)
  leap16.1-kmp-fixes.patch