Packages changed:
  AppStream (0.9.5 -> 0.9.6)
  MozillaFirefox (46.0.1 -> 47.0)
  alsa
  branding-openSUSE
  curl
  kaccounts-integration
  kde-branding-openSUSE
  kernel-firmware (20160516 -> 20160609)
  kernel-source (4.6.1 -> 4.6.2)
  lcms2
  libinput (1.3.0 -> 1.3.1)
  libpst
  librsvg (2.40.15 -> 2.40.16)
  libusb-1_0
  libxml2 (2.9.3 -> 2.9.4)
  metamail
  mozilla-nss (3.22.3 -> 3.23)
  polkit
  python-M2Crypto (0.22.5 -> 0.24.0)
  python-cryptography (1.3.1 -> 1.3.4)
  python-keyring
  python-libxml2 (2.9.3 -> 2.9.4)
  sddm
  signon-plugin-oauth2
  suse-module-tools
  swig (3.0.8 -> 3.0.9)
  systemd-presets-branding-openSUSE
  systemd-rpm-macros
  tidy (5.1.9 -> 5.2.0)
  util-linux
  util-linux-systemd
  xkeyboard-config (2.17 -> 2.18)
  yast2 (3.1.191 -> 3.1.193)

=== Details ===

==== AppStream ====
Version update (0.9.5 -> 0.9.6)
Subpackages: libappstream3

- Update to version 0.9.6
  Features:
  * Improve metadata file decompression code (Matthias Klumpp)
  * validator: Simplify loading of data too (Matthias Klumpp)
  * Make it easy to compile with Address Sanitizer enabled (Matthias Klumpp)
  * Allow compiling with UBSan as well (Matthias Klumpp)
  * Add back support for Travis CI (Matthias Klumpp)
  * yaml: Write Releases field (Matthias Klumpp)
  Bugfixes:
  * qt: Properly check for component validity (Matthias Klumpp)
  * Ensure decompressed metadata is null-terminated (Neil Mayhew)
  * validator: Long descriptions are not needed for generic components
  (Matthias Klumpp)
  * Make VAPI generation depend on GIR typelibs explicitly (Matthias Klumpp)
  * Be more verbose when failing to move the cache directory (Matthias Klumpp)
  * Handle format errors when parsing YAML metadata (Neil Mayhew)

==== MozillaFirefox ====
Version update (46.0.1 -> 47.0)
Subpackages: MozillaFirefox-translations-common

- update to Firefox 47.0 (boo#983549)
  * Enable VP9 video codec for users with fast machines
  * Embedded YouTube videos now play with HTML5 video if Flash is
    not installed
  * View and search open tabs from your smartphone or another
    computer in a sidebar
  * Allow no-cache on back/forward navigations for https resources
  security fixes:
  * MFSA 2016-49/CVE-2016-2815/CVE-2016-2818
    (boo#983638)
    (bmo#1241896, bmo#1242798, bmo#1243466, bmo#1245743,
    bmo#1264300, bmo#1271037, bmo#1234147, bmo#1256493,
    bmo#1256739, bmo#1256968, bmo#1261230, bmo#1261752,
    bmo#1263384, bmo#1264575, bmo#1265577, bmo#1267130,
    bmo#1269729, bmo#1273202, bmo#1273701)
    Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
  * MFSA 2016-50/CVE-2016-2819 (boo#983655) (bmo#1270381)
    Buffer overflow parsing HTML5 fragments
  * MFSA 2016-51/CVE-2016-2821 (bsc#983653) (bmo#1271460)
    Use-after-free deleting tables from a contenteditable document
  * MFSA 2016-52/CVE-2016-2822 (boo#983652) (bmo#1273129)
    Addressbar spoofing though the SELECT element
  * MFSA 2016-53/CVE-2016-2824 (boo#983651) (bmo#1248580)
    Out-of-bounds write with WebGL shader
  * MFSA 2016-54/CVE-2016-2825 (boo#983649) (bmo#1193093)
    Partial same-origin-policy through setting location.host
    through data URI
  * MFSA 2016-56/CVE-2016-2828 (boo#983646) (bmo#1223810)
    Use-after-free when textures are used in WebGL operations
    after recycle pool destruction
  * MFSA 2016-57/CVE-2016-2829 (boo#983644) (bmo#1248329)
    Incorrect icon displayed on permissions notifications
  * MFSA 2016-58/CVE-2016-2831 (boo#983643) (bmo#1261933)
    Entering fullscreen and persistent pointerlock without user
    permission
  * MFSA 2016-59/CVE-2016-2832 (boo#983632) (bmo#1025267)
    Information disclosure of disabled plugins through CSS
    pseudo-classes
  * MFSA 2016-60/CVE-2016-2833 (boo#983640) (bmo#908933)
    Java applets bypass CSP protections
  * MFSA 2016-62/CVE-2016-2834 (boo#983639) (bmo#1206283,
    bmo#1221620, bmo#1241034, bmo#1241037)
    Network Security Services (NSS) vulnerabilities
    fixed by requiring NSS 3.23
  packaging changes:
  * cleanup configure options (boo#981695):
  - notably remove GStreamer support which is gone from FF
  * remove obsolete patches
  - mozilla-libproxy.patch
  - mozilla-repo.patch

==== alsa ====
Subpackages: alsa-devel libasound2 libasound2-32bit

- Backport upstream fixes: fixing PCM dmix & co suspend/resume,
  namehint parser fixes, stackable async handler:
  0007-namehint-Don-t-enumerate-as-duplex-if-only-a-single-.patch
  0008-pcm-Define-namehint-for-single-directional-PCM-types.patch
  0009-conf-Add-thread-safe-global-tree-reference.patch
  0010-pcm-Remove-resume-support-from-dmix-co.patch
  0011-pcm-Fix-secondary-retry-in-dsnoop-and-dshare.patch
  0012-pcm-dmix-resume-workaround-for-buggy-driver.patch
  0013-pcm-dmix-Prepare-slave-when-it-s-in-SETUP-too.patch
  0014-pcm-dmix-Return-error-when-slave-is-in-OPEN-or-DISCO.patch
  0015-async-Handle-previously-installed-signal-handler.patch

==== branding-openSUSE ====
Subpackages: gfxboot-branding-openSUSE grub2-branding-openSUSE plymouth-branding-openSUSE wallpaper-branding-openSUSE xfce4-splash-branding-openSUSE

- Add yast2-qt-branding-openSUSE back and remove Supplements
  - Much less breakage
- Drop yast2-qt-branding-openSUSE (boo#955381)
- Fix xfce4-splash-branding-openSUSE conflicts

==== curl ====
Subpackages: libcurl-devel libcurl4

- Depend on libssh2 >= 1.6.0 since curl depends on the
  libssh2_scp_recv2 symbol now. Fixes boo#983170

==== kaccounts-integration ====

- Require ktp-accounts-kcm, kcm_kaccounts is not useful at all
  without it (boo#983036)
- Recommend kaccounts-providers for additional providers (Google)

==== kde-branding-openSUSE ====
Subpackages: kdelibs4-branding-openSUSE ksplash-qml-branding-openSUSE ksplashx-branding-openSUSE

- Add yast2-qt-branding-openSUSE back and remove Supplements
  - Much less breakage
- Drop yast2-qt-branding-openSUSE (boo#955381)
- Fix xfce4-splash-branding-openSUSE conflicts
- grub2 theme: use blueish color for timeout bar.

==== kernel-firmware ====
Version update (20160516 -> 20160609)
Subpackages: ucode-amd

- Update to version 20160609:
  * linux-firmware: update audio firmware for Braswell platform
  * radeon: add new CI smc firmware
  * radeon: add new SI smc firmware
  * linux-firmware: Update firmware patch for Intel Bluetooth 7265 (D1)
  * linux-firmware: Update firmware patch for Intel Bluetooth 7265 (C0/D0)
  * linux-firmware: Update firmware file for Intel Bluetooth 8260
- Update to version 20160602:
  * qed: Add FW 8.10.5.0
  * linux-firmware: intel: Add Broxton audio firmware
  * linux-firmware: Update firmware patch for Intel Bluetooth 7260 (B3/B4)
  * linux-firmware: Update firmware patch for Intel Bluetooth 7260 (B5/B6)

==== kernel-source ====
Version update (4.6.1 -> 4.6.2)
Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms

- ecryptfs: don't allow mmap when the lower file system doesn't
  allow it (bsc#983143 CVE-2016-1583).
- commit 8777776
- arm64: mm: always take dirty state from new pte in
  ptep_set_access_flags (bsc#983458).
- Update config files.
- commit d662464
- Linux 4.6.2.
- commit b664f9a
- x86/pat: Document the PAT initialization sequence (bnc#982991,
  bnc#974257, bnc#982991).
- x86/xen, pat: Remove PAT table init code from Xen (bnc#982991,
  bnc#974257, bnc#982991).
- x86/mtrr: Fix PAT init handling when MTRR is disabled
  (bnc#982991, bnc#974257, bnc#982991).
- x86/mtrr: Fix Xorg crashes in Qemu sessions (bnc#982991,
  bnc#974257, bnc#982991).
- x86/mm/pat: Replace cpu_has_pat with boot_cpu_has() (bnc#982991,
  bnc#974257, bnc#982991).
- x86/mm/pat: Add pat_disable() interface (bnc#982991, bnc#974257,
  bnc#982991).
- x86/mm/pat: Add support of non-default PAT MSR setting
  (bnc#982991, bnc#974257, bnc#982991).
- commit 3988263
- Delete patches.suse/xen-pv-devmem_is_allowed.patch (bnc#982991)
- commit 23cb422
- Refresh
  patches.drivers/0001-Subject-PATCH-USB-xhci-Add-broken-streams-quirk-for-.patch.
  Upstream status.
- commit 2720edf
- rtlwifi: Fix scheduling while atomic error from commit
  49f86ec21c01 (boo#983036).
- commit 5a9c4b2

==== lcms2 ====
Subpackages: liblcms2-2 liblcms2-2-32bit liblcms2-devel

- Update to GNOME 3.20  Fate#318572

==== libinput ====
Version update (1.3.0 -> 1.3.1)
Subpackages: libinput-devel libinput-udev libinput10

- Update to new upstream release 1.3.1
  * The pressure change check we used to detect finger releases has
  been adjusted to just apply to the Lenovo *50 and *60 series,
  it didn't work too well on other touchpads and resulted in
  jerky motion.
  * An error message was generated for 3-finger swipes on some touchads that had
  gestures disabled, this is fixed now.

==== libpst ====

- Update to GNOME 3.20  Fate#318572

==== librsvg ====
Version update (2.40.15 -> 2.40.16)
Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 librsvg-devel typelib-1_0-Rsvg-2_0

- Update to version 2.40.16:
  + Support for building the introspection files under MSVC.
  + Make the zooming options in rsvg-convert(1) work again for
    scaling the resulting image (bgo#760262).
  + Wikipedia generates equations as SVGs and renders them, but
    uses fill="currentColor". Since we don't let caller specify a
    starting state for CSS, we need to start with opaque black as
    the default current color (bgo#764808).
  + Added documentation for how to replace the deprecated
    rsvg_handle_set_size_callback().
- Drop librsvg-Fix-rsvg-convert.patch: Fixed upstream.

==== libusb-1_0 ====
Subpackages: libusb-1_0-0 libusb-1_0-0-32bit libusb-1_0-devel

- Update to GNOME 3.20.2 FATE#318572

==== libxml2 ====
Version update (2.9.3 -> 2.9.4)
Subpackages: libxml2-2 libxml2-2-32bit libxml2-devel libxml2-tools

- add libxml2-2.9.4-fix_attribute_decoding.patch to fix attribute
  decoding during XML schema validation [bnc#983288]
- Update libxml2 to version libxml2-2.9.4. The new version is
  resistant against CVE-2016-3627, CVE-2016-1833, CVE-2016-1835,
  CVE-2016-1837, CVE-2016-1836, CVE-2016-1839, CVE-2016-1838,
  CVE-2016-1840, CVE-2016-4483, CVE-2016-1834, CVE-2016-3705, and
  CVE-2016-1762.
- Remove obsolete patches libxml2-2.9.1-CVE-2016-3627.patch,
  0001-Add-missing-increments-of-recursion-depth-counter-to.patch,
  and libxml2-2.9.3-bogus_UTF-8_encoding_error.patch.

==== metamail ====

- add patches:
  * metamail-2.7-19-provide-filenames-for-attachments.patch
    rebased from Immanuel Halupczok original debian patch:
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321968

==== mozilla-nss ====
Version update (3.22.3 -> 3.23)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-devel mozilla-nss-tools

- update to NSS 3.23
  New functionality:
  * ChaCha20/Poly1305 cipher and TLS cipher suites now supported
  * Experimental-only support TLS 1.3 1-RTT mode (draft-11).
    This code is not ready for production use.
  New functions:
  * SSL_SetDowngradeCheckVersion - Set maximum version for new
    ServerRandom anti-downgrade mechanism. Clients that perform a
    version downgrade (which is generally a very bad idea) call this
    with the highest version number that they possibly support.
    This gives them access to the version downgrade protection from
    TLS 1.3.
  Notable changes:
  * The copy of SQLite shipped with NSS has been updated to version
    3.10.2
  * The list of TLS extensions sent in the TLS handshake has been
    reordered to increase compatibility of the Extended Master Secret
    with with servers
  * The build time environment variable NSS_ENABLE_ZLIB has been
    renamed to NSS_SSL_ENABLE_ZLIB
  * The build time environment variable NSS_DISABLE_CHACHAPOLY was
    added, which can be used to prevent compilation of the
    ChaCha20/Poly1305 code.
  * The following CA certificates were Removed
  - Staat der Nederlanden Root CA
  - NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado
  - NetLock Kozjegyzoi (Class A) Tanusitvanykiado
  - NetLock Uzleti (Class B) Tanusitvanykiado
  - NetLock Expressz (Class C) Tanusitvanykiado
  - VeriSign Class 1 Public PCA ? G2
  - VeriSign Class 3 Public PCA
  - VeriSign Class 3 Public PCA ? G2
  - CA Disig
  * The following CA certificates were Added
    + SZAFIR ROOT CA2
    + Certum Trusted Network CA 2
  * The following CA certificate had the Email trust bit turned on
    + Actalis Authentication Root CA
  Security fixes:
  * CVE-2016-2834: Memory safety bugs (boo#983639)
    MFSA-2016-61 bmo#1206283 bmo#1221620 bmo#1241034 bmo#1241037
- removed obsolete nss_gcc6_change.patch

==== polkit ====
Subpackages: libpolkit0 polkit-devel typelib-1_0-Polkit-1_0

- Use pkgconfig() instead of requiring systemd package names directly.
- systemd.pc is shipped by systemd main package (bsc#983167)
  Strangely polkit wants systemd.pc to detect that the target system
  is running systemd even if its configured to build systemd support...

==== python-M2Crypto ====
Version update (0.22.5 -> 0.24.0)

- update to 0.24.0
  * No changelog provided
- README is no longer included
- Removed obsolete python-M2Crypto-SWIG-3.0.5.patch

==== python-cryptography ====
Version update (1.3.1 -> 1.3.4)

- fix download urls
- update to upstream release 1.3.4
  * Added new OpenSSL functions to the bindings to support an upcoming
    ``pyOpenSSL`` release.
- correct source urls
- update to upstream release 1.3.2
  * Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2h.
  * Fixed an issue preventing ``cryptography`` from compiling against
    LibreSSL 2.3.x.

==== python-keyring ====

- require python-setuptools (see bsc#983147)

==== python-libxml2 ====
Version update (2.9.3 -> 2.9.4)

- Update python-libxml2 to version libxml2-2.9.4. The new version
  is resistant against CVE-2016-3627, CVE-2016-1833, CVE-2016-1835,
  CVE-2016-1837, CVE-2016-1836, CVE-2016-1839, CVE-2016-1838,
  CVE-2016-1840, CVE-2016-4483, CVE-2016-1834, CVE-2016-3705, and
  CVE-2016-1762.

==== sddm ====
Subpackages: sddm-branding-openSUSE

- Fix build requirements on systemd (bsc#983167)
  Use pkgconfig() so we don't need to rely on package names. For the
  record, systemd.pc is now part of systemd main package.

==== signon-plugin-oauth2 ====

- Conflict with libproxy1-config-kde4, that's the actual name of
  the package, and having it installed makes the plugin crash
  (boo#953175)

==== suse-module-tools ====

- Run dos2unix on the modhash script.
- Add modhash tool to calculate hash of signed module.
  It strips X.509 or PKCS#7 signature before hash kernel module.
  (fate#319460)
- Remove -x bit from 50-kernel-uname_r.conf (bsc#981291).

==== swig ====
Version update (3.0.8 -> 3.0.9)

- Update to 3.0.9
  - Add support for Python's implicit namespace packages.
  - Fixes to support Go 1.6.
  - C++11 std::array support added for Java.
  - Improved C++ multiple inheritance support for Java/C# wrappers.
  - Various other minor fixes and improvements for C#, D, Go, Java,
    Javascript, Lua, Python, R, Ruby, Scilab.
- drop swig308-Fix-li_boost_array-test.patch, upstream

==== systemd-presets-branding-openSUSE ====

- don't require systemd to avoid dependency loop (boo#983986)
- added a prereq for coreutils to make sure the macro in %pre
  works when using touch and mkdir. (bsc#982337)

==== systemd-rpm-macros ====

- %service_add_post() suppress daemon-reload when in installation
  system (bsc#982343)

==== tidy ====
Version update (5.1.9 -> 5.2.0)
Subpackages: libtidy5

- new upstream version 5.2.0
  + added support for HTML5
- new upstream authors at https://github.com/htacg/tidy-html5
- remove tidy_generate_tarball.sh
  + not needed
- remove tidy-fix-buffer-overflow.patch
  + upstreamed
- add fix_doxygen_paths.diff
  + patch Doxygen config file to build documentation from buld
    directory
- add test_fixes.diff
  + fix build paths
  + remove pauses via `read` bash builtin
  + don't hide logging in log files
- add dynamic_library_build.diff
  + use standard cmake BUILD_SHARED_LIBS instead of BUILD_SHARED_LIB
  + build both static and dynamic libraries by default, instead
    of just static
  + link vs. dynamic by default
- add tidy_fetch_docs.sh
  + used to fetch latest documentation configuration sources
- add compat_headers.diff
  + upstream changed some header names, so provide compatible header
    wrappers with a compile time warning
- change library subpackage according to new soname
- build libtidy-devel instead of having soname in devel package name
- add CVE to previous changelog entry
- add tidy-fix-buffer-overflow.patch in order to fix a heap-based
  buffer overflow in tidy/libtidy (gh#htacg/tidy-html5#217
  boo#933588) CVE-2015-5522 CVE-2015-5523
- license update: W3C
  SPDX format (the license corresponds to the W3C Software License)
- fix libtidy-0_99-0-devel not providing/obsoleting libtidy-devel
- updated to CVS snapshot 20100202
- cleaned up
  * included script to generate a tarball from CVS
  * consistent usage of license tag
  * removed erroneously packaged files
  * more concise description conforming to packaging policy
  * lint clean
  * renamed libtidy(-devel) to libtidy-0_99-0(-devel)
  * removed trailing period from libtidy-dev summary
  * split documentation into tidy-doc subpackage
- remove static libraries
- fix changelog entry order
- added directory to filelist
- copying package from buildservice package to autobuild
  (adding .changes file)

==== util-linux ====
Subpackages: libblkid-devel libblkid1 libblkid1-32bit libfdisk1 libmount1 libmount1-32bit libsmartcols1 libuuid-devel libuuid1 libuuid1-32bit

- blkid: Wipe corect area for probes with offset (bsc#976141,
  util-linux-libblkid-wipe-offset.patch).
- Remove incorrect --with-bashcompletiondir that breaks
  bash-completion, use path in bash-completion.pc instead
  (boo#977259).
- Add librtas-devel to BuildRequires on Power platforms. Needed for
  proper function of lscpu (bsc#975082).

==== util-linux-systemd ====

- blkid: Wipe corect area for probes with offset (bsc#976141,
  util-linux-libblkid-wipe-offset.patch).
- Remove incorrect --with-bashcompletiondir that breaks
  bash-completion, use path in bash-completion.pc instead
  (boo#977259).
- Add librtas-devel to BuildRequires on Power platforms. Needed for
  proper function of lscpu (bsc#975082).

==== xkeyboard-config ====
Version update (2.17 -> 2.18)

- Run over with spec-cleaner - pkgconfig/perl deps conversion
- Use post dependency on coreutils instead of prereq
- Disable silent rules to see whats happening
- Tweak configure options to match what configure.ac contains and what
  is needed
- Remove path provides on the old /etc location, should not be needed
  after all those years
- Update to version 2.18
  * Add Ctrl+Win keyboard layout switch.
  * rules: Giving the caps:ctrl_modifier option a distinctive description.
  * Sorting the Caps Lock options in a consistent manner.
  * symbols: add explicit definition for Group2 to win_space_toggle
  * Added Bone layout (including the q/eszett variant) and Neo qwertz/qwerty
  * Added the Ruble signe
  * Added us(carpalx)
  * Add Algerian layout with variants
  * Added some Asian layouts
  * Added US layout for IBM Arabic 238L
  * Synced descriptions
  * Added Armenian dram sign to Armenian phonetic
  * Fixed ISO codes for Jawi

==== yast2 ====
Version update (3.1.191 -> 3.1.193)

- Fixed displaying the file conflicts callbacks when the Progress
  dialog is not displayed (bsc#983464)
- 3.1.193
- Drop yast2-devel-doc package (fate#320356)
- 3.1.192