Packages changed:
  apache2-mod_php7 (7.4.16 -> 7.4.18)
  autofs (5.1.6 -> 5.1.7)
  bind
  coreutils
  graphviz
  graphviz-addons
  iproute2 (5.11 -> 5.12)
  kernel-source
  libical (3.0.9 -> 3.0.10)
  libical-glib (3.0.9 -> 3.0.10)
  libinput (1.17.1 -> 1.17.2)
  libzypp (17.25.9 -> 17.25.10)
  nano (5.6.1 -> 5.7)
  open-iscsi
  php7 (7.4.16 -> 7.4.18)
  python38 (3.8.8 -> 3.8.9)
  python38-core (3.8.8 -> 3.8.9)
  python38-documentation (3.8.8 -> 3.8.9)
  samba (4.14.2+git.159.2a8872214bf -> 4.14.4+git.162.18fd73a39a0)
  snapper
  virt-bootstrap
  xorgproto (2021.3 -> 2021.4)
  yast2-add-on (4.3.8 -> 4.4.0)
  yast2-apparmor (4.3.1 -> 4.4.0)
  yast2-auth-client (4.3.2 -> 4.4.0)
  yast2-auth-server (4.2.5 -> 4.4.0)
  yast2-configuration-management (4.3.5 -> 4.4.0)
  yast2-control-center (4.3.0 -> 4.4.0)
  yast2-core (4.3.3 -> 4.4.0)
  yast2-dns-server (4.3.3 -> 4.4.0)
  yast2-firewall (4.3.11 -> 4.4.0)
  yast2-firstboot (4.3.11 -> 4.4.0)
  yast2-ftp-server (4.3.2 -> 4.4.0)
  yast2-hardware-detection (4.1.2 -> 4.4.0)
  yast2-journal (4.3.0 -> 4.4.0)
  yast2-kdump (4.3.4 -> 4.4.0)
  yast2-mail (4.3.3 -> 4.4.0)
  yast2-nfs-client (4.3.3 -> 4.4.0)
  yast2-nfs-server (4.3.2 -> 4.4.0)
  yast2-nis-server (4.3.1 -> 4.4.0)
  yast2-ntp-client (4.3.2 -> 4.4.0)
  yast2-online-update (4.2.2 -> 4.4.0)
  yast2-pam (4.3.4 -> 4.4.0)
  yast2-perl-bindings (4.3.0 -> 4.4.0)
  yast2-proxy (4.3.2 -> 4.4.0)
  yast2-python-bindings (4.1.4 -> 4.4.0)
  yast2-samba-server (4.3.4 -> 4.4.0)
  yast2-security (4.3.16 -> 4.4.0)
  yast2-services-manager (4.3.6 -> 4.4.0)
  yast2-slp (4.1.1 -> 4.4.0)
  yast2-sound (4.3.3 -> 4.4.0)
  yast2-storage-ng (4.3.50 -> 4.4.0)
  yast2-sysconfig (4.3.3 -> 4.4.0)
  yast2-tftp-server (4.3.1 -> 4.4.0)
  yast2-theme (4.3.8 -> 4.4.0)
  yast2-update (4.3.2 -> 4.4.0)
  yast2-xml (4.1.1 -> 4.4.0)
  yast2-ycp-ui-bindings (4.3.9 -> 4.4.0)
  zypper (1.14.43 -> 1.14.44)

=== Details ===

==== apache2-mod_php7 ====
Version update (7.4.16 -> 7.4.18)

- updated to 7.4.18: This is a security bug fix release. See
  https://www.php.net/ChangeLog-7.php#7.4.18

==== autofs ====
Version update (5.1.6 -> 5.1.7)

- Upgrade to 5.1.7
  - make bind mounts propagation slave by default.
  - update ldap READMEs and schema definitions.
  - fix program map multi-mount lookup after mount fail.
  - fix browse dir not re-created on symlink expire.
  - fix a regression with map instance lookup.
  - correct fsf address.
  - samples: fix Makefile targets' directory dependencies
  - remove intr hosts map mount option.
  - fix trailing dollar sun entry expansion.
  - initialize struct addrinfo for getaddrinfo() calls.
  - fix quoted string length calc in expandsunent().
  - fix autofs mount options construction.
  - mount_nfs.c fix local rdma share not mounting.
  - configure.in: Remove unneeded second call to PKG_PROG_PKG_CONFIG.
  - configure.in: Do not append parentheses to PKG_PROG_PKG_CONFIG.
  - Use PKG_CHECK_MODULES to detect the libxml2 library.
  - fix ldap sasl reconnect problem.
  - samples/ldap.schema fix.
  - fix configure force shutdown check.
  - fix crash in sun_mount().
  - fix lookup_nss_read_master() nsswicth check return.
  - fix typo in open_sss_lib().
  - fix sss_master_map_wait timing.
  - add sss ECONREFUSED return handling.
  - use mapname in sss context for setautomntent().
  - add support for new sss autofs proto version call.
  - fix retries check in setautomntent_wait().
  - refactor sss setautomntent().
  - improve sss setautomntent() error handling.
  - refactor sss getautomntent().
  - improve sss getautomntent() error handling.
  - sss introduce calculate_retry_count() function.
  - move readall into struct master.
  - sss introduce a flag to indicate map being read.
  - update sss timeout documentation.
  - refactor sss getautomntbyname().
  - improve sss getautomntbyname() error handling.
  - use a valid timeout in lookup_prune_one_cache().
  - dont prune offset map entries.
  - simplify sss source stale check.
  - include linux/nfs.h directly in rpc_subs.h.
  - fix typo in daemon/automount.c.
  - fix direct mount unlink_mount_tree() path.
  - fix unlink mounts umount order.
  - fix incorrect logical compare in unlink_mount_tree().
  - use bit flag for force unlink mounts.
  - improve force unlink option description.
  - remove command fifo on autofs mount fail.
  - add force unlink mounts and exit option.
  - cleanup stale logpri fifo pipes on unlink and exit.
  - fix incorrect systemctl command syntax in autofs(8).
  - update list.h.
  - add hashtable implementation.
  - change mountpoint to mp in struct ext_mount.
  - make external mounts independent of amd_entry.
  - make external mounts use simpler hashtable.
  - add a hash index to mnt_list.
  - use mnt_list for submounts.
  - use mnt_list for amdmounts.
  - make umount_autofs() static.
  - remove force parameter from umount_all().
  - fix remount expire.
  - fix stale offset directories disable mount.
  - use struct mnt_list to track mounted mounts.
  - use struct mnt_list mounted list for expire.
  - remove unused function tree_get_mnt_list().
  - only add expre alarm for active mounts.
  - move submount check into conditional_alarm_add().
  - move lib/master.c to daemon/master.c.
  - use master_list_empty() for list empty check.
  - add helper to construct mount point path.
  - check defaults_read_config() return.
  - move AUTOFS_LIB to end of build rule lines.
  - make autofs.a a shared library.
  - make lookup_file.c nss map read status return handling consistent.
  - fix empty mounts list return from unlink_mount_tree().
- Refreshed autofs-5.1.1-dbus-udisks-monitor.patch
- Replaced automount-fix-master-wait.patch with upstream patch
  autofs-5.1.7-Fix-option-for-master_read_wait.patch

==== bind ====
Subpackages: bind-doc bind-utils python3-bind

- Rewrite of named service handling to better cope with systemd
  protection (see change from Thu Jan 21) by introducing a
  separate script "named.prep" which runs without restrictions
  prior to starting named.
  Removed all references to "lwresd" as "The lightweight resolver
  daemon and library (lwresd and liblwres) have been removed."
  (See CHANGES, item 4707)
  [bind.spec, vendor-files.tar.bz2]

==== coreutils ====
Subpackages: coreutils-doc coreutils-lang

- Use new packageand format
- coreutils-tests-fix-FP-in-ls-stat-free-color.patch: Add upstream patch
  to avoid FP in testsuite.
- coreutils.spec:
  - Reference the above patch.
  - Change keyring URL to new GNU coreutils Group Release Keyring.
- coreutils.keyring: Update with the Group Release Keyring.

==== graphviz ====
Subpackages: graphviz-plugins-core libgraphviz6

- Remove obsolete pre_checkin.sh

==== graphviz-addons ====
Subpackages: graphviz-gd graphviz-gnome

- Remove obsolete pre_checkin.sh

==== iproute2 ====
Version update (5.11 -> 5.12)

- Update to release 5.12
  * devlink: Use library provided string processing APIs
  * utils: Introduce helper routines for generic socket recv
  * q_cake: Fix incorrect printing of signed values in class statistics
  * json_print: Add print_tv()
  * nexthop: Add support for nexthop buckets
  * nexthop: Add support for resilient nexthop groups
  * ip: xfrm: add support for tfcpad
  * tc: e_bpf: fix memory leak in parse_bpf()
  * lib: bpf_legacy: treat 0 as a valid file descriptor
  * ip: drop 2-char command assumption
  * bridge: vlan: dump port only if there are any vlans

==== kernel-source ====
Subpackages: kernel-default kernel-docs

- rpm/constraints.in: remove aarch64 disk size exception
  obs://Kernel:stable/kernel-default/ARM/aarch64 currrently fails:
  installing package kernel-default-livepatch-devel-5.12.0-3.1.g6208a83.aarch64 needs 3MB more space on the / filesystem
  The stats say:
  Maximal used disk space: 31799 Mbyte
  By default, we require 35G. For aarch64 we had an exception to lower
  this limit to 30G there. Drop this exception as it is obviously no
  longer valid.
- commit ee00b50
- series.conf: cleanup
- fix Patch-mainline tag and move to "almost mainline" section:
  patches.suse/crypto-ccp-Annotate-SEV-Firmware-file-names.patch
- commit 3a48ed8
- crypto: ccp: Annotate SEV Firmware file names (bsc#1185282).
- commit 66154b6

==== libical ====
Version update (3.0.9 -> 3.0.10)

- update to 3.0.10:
  * Fix generating wrong recurrence rules
  * Fix a bug computing transitions in tzfiles
  * Fix reading TZif files to use TZ string in the footer as the last
    (non-terminating) transitions
  * Fix reading TZif files to use more RRULEs and/or RDATEs whevever possible
  * Built-in timezones updated to tzdata2021a

==== libical-glib ====
Version update (3.0.9 -> 3.0.10)

- update to 3.0.10:
  * Fix generating wrong recurrence rules
  * Fix a bug computing transitions in tzfiles
  * Fix reading TZif files to use TZ string in the footer as the last
    (non-terminating) transitions
  * Fix reading TZif files to use more RRULEs and/or RDATEs whevever possible
  * Built-in timezones updated to tzdata2021a

==== libinput ====
Version update (1.17.1 -> 1.17.2)
Subpackages: libinput-udev libinput10

- Update to release 1.17.2
  * Fix sensitivity for Dell Latitude 7490 pointing-stick
  * Add palm size quirk for the Gigabyte Aero 15

==== libzypp ====
Version update (17.25.9 -> 17.25.10)

- Properly handle permission denied when providing optional files
  (bsc#1185239)
- Fix sevice detection with cgroupv2 (bsc#1184997)
- version 17.25.10 (22)

==== nano ====
Version update (5.6.1 -> 5.7)
Subpackages: nano-lang

- GNU nano 5.7:
  * The output of --constantshow (without --minibar) is more stable
  * When opening multiple buffers and there is an error message,
    this message is shown again upon first switch to the relevant
    buffer
  * The position and size of the indicator now follow actual
    lines, instead of visual lines when in softwrap mode, meaning
    that the size of the indicator can change when scrolling in
    softwrap mode

==== open-iscsi ====
Subpackages: iscsiuio libopeniscsiusr0_2_0

- Local (SUSE) change: update iscsi.service so that it tries to
  logon to any "onboot" and firmware targets, in case a target
  was offline when booted but back up when the service is started.
  (bsc#1153806)
- Merged with latest from upstream, which contains these fixes:
  * Add "no wait" option to iscsiadm firmware login
  * Check for ISCSI_ERR_ISCSID_NOTCONN in iscsistart
  * Log proper error message when AUTH failure occurs

==== php7 ====
Version update (7.4.16 -> 7.4.18)
Subpackages: php7-cli php7-ctype php7-dom php7-gd php7-gettext php7-iconv php7-json php7-mbstring php7-mysql php7-openssl php7-pdo php7-sqlite php7-tokenizer php7-xmlreader php7-xmlwriter

- updated to 7.4.18: This is a security bug fix release. See
  https://www.php.net/ChangeLog-7.php#7.4.18

==== python38 ====
Version update (3.8.8 -> 3.8.9)
Subpackages: python38-curses python38-dbm python38-tk

- Update to 3.8.9:
  - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile
    feature of the pydoc module which could be abused to read
    arbitrary files on the disk (directory traversal
    vulnerability). Moreover, even source code of Python modules
    can contain sensitive data like passwords. Vulnerability
    reported by David Schwörer.
  - bpo-43285: ftplib no longer trusts the IP address value
    returned from the server in response to the PASV command by
    default. This prevents a malicious FTP server from using the
    response to probe IPv4 address and port combinations on the
    client network.
  - Code that requires the former vulnerable behavior may set
    a trust_server_pasv_ipv4_address attribute on their
    ftplib.FTP instances to True to re-enable it.
  - bpo-43439: Add audit hooks for gc.get_objects(),
    gc.get_referrers() and gc.get_referents(). Patch by Pablo
    Galindo.
  - bpo-43660: Fix crash that happens when replacing sys.stderr
    with a callable that can remove the object while an exception
    is being printed. Patch by Pablo Galindo.
  - bpo-35883: Python no longer fails at startup with a fatal
    error if a command line argument contains an invalid Unicode
    character. The Py_DecodeLocale() function now escapes byte
    sequences which would be decoded as Unicode characters
    outside the [U+0000; U+10ffff] range.
  - bpo-43406: Fix a possible race condition where
    PyErr_CheckSignals tries to execute a non-Python signal
    handler.
  - bpo-35930: Raising an exception raised in a ?future? instance
    will create reference cycles.
  - bpo-43577: Fix deadlock when using ssl.SSLContext debug
    callback with ssl.SSLContext.sni_callback().
  - bpo-43423: subprocess.communicate() no longer raises an
    IndexError when there is an empty stdout or stderr IO buffer
    during a timeout on Windows.
  - bpo-27820: Fixed long-standing bug of smtplib.SMTP where
    doing AUTH LOGIN with initial_response_ok=False will fail.
    The cause is that SMTP.auth_login _always_ returns a password
    if provided with a challenge string, thus non-compliant with
    the standard for AUTH LOGIN. Also fixes bug with the test for
    smtpd.
  - bpo-43399: Fix ElementTree.extend not working on iterators
    when using the Python implementation
  - bpo-43316: The python -m gzip command line application now
    properly fails when detecting an unsupported extension. It
    exits with a non-zero exit code and prints an error message
    to stderr.
  - bpo-43260: Fix TextIOWrapper can not flush internal buffer
    forever after very large text is written.
  - bpo-42782: Fail fast in shutil.move() to avoid creating
    destination directories on failure.
  - bpo-37193: Fixed memory leak in socketserver.ThreadingMixIn
    introduced in Python 3.7.
  - bpo-43199: Answer ?Why is there no goto?? in the Design and
    History FAQ.
  - bpo-43407: Clarified that a result from time.monotonic(),
    time.perf_counter(), time.process_time(), or
    time.thread_time() can be compared with the result from any
    following call to the same function - not just the next
    immediate call.
  - bpo-27646: Clarify that ?yield from <expr>? works with any
    iterable, not just iterators.
  - bpo-36346: Update some deprecated unicode APIs which are
    documented as ?will be removed in 4.0? to ?3.12?. See PEP 623
    for detail.
  - bpo-37945: Fix test_getsetlocale_issue1813() of test_locale:
    skip the test if setlocale() fails. Patch by Victor Stinner.
  - bpo-41561: Add workaround for Ubuntu?s custom OpenSSL
    security level policy.
  - bpo-43631: Update macOS, Windows, and CI to OpenSSL 1.1.1k.
  - bpo-43617: Improve configure.ac: Check for presence of
    autoconf-archive package and remove our copies of M4 macros.
  - bpo-41837: Update macOS installer build to use OpenSSL
    1.1.1j.
  - bpo-42225: Document that IDLE can fail on Unix either from
    misconfigured IP masquerage rules or failure displaying
    complex colored (non-ascii) characters.
  - bpo-43283: Document why printing to IDLE?s Shell is often
    slower than printing to a system terminal and that it can be
    made faster by pre-formatting a single string before
    printing.

==== python38-core ====
Version update (3.8.8 -> 3.8.9)
Subpackages: libpython3_8-1_0 python38-base

- Update to 3.8.9:
  - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile
    feature of the pydoc module which could be abused to read
    arbitrary files on the disk (directory traversal
    vulnerability). Moreover, even source code of Python modules
    can contain sensitive data like passwords. Vulnerability
    reported by David Schwörer.
  - bpo-43285: ftplib no longer trusts the IP address value
    returned from the server in response to the PASV command by
    default. This prevents a malicious FTP server from using the
    response to probe IPv4 address and port combinations on the
    client network.
  - Code that requires the former vulnerable behavior may set
    a trust_server_pasv_ipv4_address attribute on their
    ftplib.FTP instances to True to re-enable it.
  - bpo-43439: Add audit hooks for gc.get_objects(),
    gc.get_referrers() and gc.get_referents(). Patch by Pablo
    Galindo.
  - bpo-43660: Fix crash that happens when replacing sys.stderr
    with a callable that can remove the object while an exception
    is being printed. Patch by Pablo Galindo.
  - bpo-35883: Python no longer fails at startup with a fatal
    error if a command line argument contains an invalid Unicode
    character. The Py_DecodeLocale() function now escapes byte
    sequences which would be decoded as Unicode characters
    outside the [U+0000; U+10ffff] range.
  - bpo-43406: Fix a possible race condition where
    PyErr_CheckSignals tries to execute a non-Python signal
    handler.
  - bpo-35930: Raising an exception raised in a ?future? instance
    will create reference cycles.
  - bpo-43577: Fix deadlock when using ssl.SSLContext debug
    callback with ssl.SSLContext.sni_callback().
  - bpo-43423: subprocess.communicate() no longer raises an
    IndexError when there is an empty stdout or stderr IO buffer
    during a timeout on Windows.
  - bpo-27820: Fixed long-standing bug of smtplib.SMTP where
    doing AUTH LOGIN with initial_response_ok=False will fail.
    The cause is that SMTP.auth_login _always_ returns a password
    if provided with a challenge string, thus non-compliant with
    the standard for AUTH LOGIN. Also fixes bug with the test for
    smtpd.
  - bpo-43399: Fix ElementTree.extend not working on iterators
    when using the Python implementation
  - bpo-43316: The python -m gzip command line application now
    properly fails when detecting an unsupported extension. It
    exits with a non-zero exit code and prints an error message
    to stderr.
  - bpo-43260: Fix TextIOWrapper can not flush internal buffer
    forever after very large text is written.
  - bpo-42782: Fail fast in shutil.move() to avoid creating
    destination directories on failure.
  - bpo-37193: Fixed memory leak in socketserver.ThreadingMixIn
    introduced in Python 3.7.
  - bpo-43199: Answer ?Why is there no goto?? in the Design and
    History FAQ.
  - bpo-43407: Clarified that a result from time.monotonic(),
    time.perf_counter(), time.process_time(), or
    time.thread_time() can be compared with the result from any
    following call to the same function - not just the next
    immediate call.
  - bpo-27646: Clarify that ?yield from <expr>? works with any
    iterable, not just iterators.
  - bpo-36346: Update some deprecated unicode APIs which are
    documented as ?will be removed in 4.0? to ?3.12?. See PEP 623
    for detail.
  - bpo-37945: Fix test_getsetlocale_issue1813() of test_locale:
    skip the test if setlocale() fails. Patch by Victor Stinner.
  - bpo-41561: Add workaround for Ubuntu?s custom OpenSSL
    security level policy.
  - bpo-43631: Update macOS, Windows, and CI to OpenSSL 1.1.1k.
  - bpo-43617: Improve configure.ac: Check for presence of
    autoconf-archive package and remove our copies of M4 macros.
  - bpo-41837: Update macOS installer build to use OpenSSL
    1.1.1j.
  - bpo-42225: Document that IDLE can fail on Unix either from
    misconfigured IP masquerage rules or failure displaying
    complex colored (non-ascii) characters.
  - bpo-43283: Document why printing to IDLE?s Shell is often
    slower than printing to a system terminal and that it can be
    made faster by pre-formatting a single string before
    printing.

==== python38-documentation ====
Version update (3.8.8 -> 3.8.9)

- Update to 3.8.9:
  - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile
    feature of the pydoc module which could be abused to read
    arbitrary files on the disk (directory traversal
    vulnerability). Moreover, even source code of Python modules
    can contain sensitive data like passwords. Vulnerability
    reported by David Schwörer.
  - bpo-43285: ftplib no longer trusts the IP address value
    returned from the server in response to the PASV command by
    default. This prevents a malicious FTP server from using the
    response to probe IPv4 address and port combinations on the
    client network.
  - Code that requires the former vulnerable behavior may set
    a trust_server_pasv_ipv4_address attribute on their
    ftplib.FTP instances to True to re-enable it.
  - bpo-43439: Add audit hooks for gc.get_objects(),
    gc.get_referrers() and gc.get_referents(). Patch by Pablo
    Galindo.
  - bpo-43660: Fix crash that happens when replacing sys.stderr
    with a callable that can remove the object while an exception
    is being printed. Patch by Pablo Galindo.
  - bpo-35883: Python no longer fails at startup with a fatal
    error if a command line argument contains an invalid Unicode
    character. The Py_DecodeLocale() function now escapes byte
    sequences which would be decoded as Unicode characters
    outside the [U+0000; U+10ffff] range.
  - bpo-43406: Fix a possible race condition where
    PyErr_CheckSignals tries to execute a non-Python signal
    handler.
  - bpo-35930: Raising an exception raised in a ?future? instance
    will create reference cycles.
  - bpo-43577: Fix deadlock when using ssl.SSLContext debug
    callback with ssl.SSLContext.sni_callback().
  - bpo-43423: subprocess.communicate() no longer raises an
    IndexError when there is an empty stdout or stderr IO buffer
    during a timeout on Windows.
  - bpo-27820: Fixed long-standing bug of smtplib.SMTP where
    doing AUTH LOGIN with initial_response_ok=False will fail.
    The cause is that SMTP.auth_login _always_ returns a password
    if provided with a challenge string, thus non-compliant with
    the standard for AUTH LOGIN. Also fixes bug with the test for
    smtpd.
  - bpo-43399: Fix ElementTree.extend not working on iterators
    when using the Python implementation
  - bpo-43316: The python -m gzip command line application now
    properly fails when detecting an unsupported extension. It
    exits with a non-zero exit code and prints an error message
    to stderr.
  - bpo-43260: Fix TextIOWrapper can not flush internal buffer
    forever after very large text is written.
  - bpo-42782: Fail fast in shutil.move() to avoid creating
    destination directories on failure.
  - bpo-37193: Fixed memory leak in socketserver.ThreadingMixIn
    introduced in Python 3.7.
  - bpo-43199: Answer ?Why is there no goto?? in the Design and
    History FAQ.
  - bpo-43407: Clarified that a result from time.monotonic(),
    time.perf_counter(), time.process_time(), or
    time.thread_time() can be compared with the result from any
    following call to the same function - not just the next
    immediate call.
  - bpo-27646: Clarify that ?yield from <expr>? works with any
    iterable, not just iterators.
  - bpo-36346: Update some deprecated unicode APIs which are
    documented as ?will be removed in 4.0? to ?3.12?. See PEP 623
    for detail.
  - bpo-37945: Fix test_getsetlocale_issue1813() of test_locale:
    skip the test if setlocale() fails. Patch by Victor Stinner.
  - bpo-41561: Add workaround for Ubuntu?s custom OpenSSL
    security level policy.
  - bpo-43631: Update macOS, Windows, and CI to OpenSSL 1.1.1k.
  - bpo-43617: Improve configure.ac: Check for presence of
    autoconf-archive package and remove our copies of M4 macros.
  - bpo-41837: Update macOS installer build to use OpenSSL
    1.1.1j.
  - bpo-42225: Document that IDLE can fail on Unix either from
    misconfigured IP masquerage rules or failure displaying
    complex colored (non-ascii) characters.
  - bpo-43283: Document why printing to IDLE?s Shell is often
    slower than printing to a system terminal and that it can be
    made faster by pre-formatting a single string before
    printing.

==== samba ====
Version update (4.14.2+git.159.2a8872214bf -> 4.14.4+git.162.18fd73a39a0)
Subpackages: libdcerpc-binding0 libdcerpc-binding0-32bit libdcerpc0 libdcerpc0-32bit libndr-krb5pac0 libndr-krb5pac0-32bit libndr-nbt0 libndr-nbt0-32bit libndr-standard0 libndr-standard0-32bit libndr1 libndr1-32bit libnetapi0 libnetapi0-32bit libsamba-credentials1 libsamba-credentials1-32bit libsamba-errors0 libsamba-errors0-32bit libsamba-hostconfig0 libsamba-hostconfig0-32bit libsamba-passdb0 libsamba-passdb0-32bit libsamba-policy0-python3 libsamba-util0 libsamba-util0-32bit libsamdb0 libsamdb0-32bit libsmbclient0 libsmbconf0 libsmbconf0-32bit libsmbldap2 libsmbldap2-32bit libtevent-util0 libtevent-util0-32bit libwbclient0 libwbclient0-32bit samba-client samba-client-32bit samba-doc samba-libs samba-libs-32bit samba-libs-python3 samba-python3 samba-winbind samba-winbind-32bit

- Update to 4.14.4
  * CVE-2021-20254: Fix buffer overrun in sids_to_unixids();
    (bso#14571); (bsc#1184677).
- Update to 4.14.3
  * s3:modules:vfs_virusfilter: Recent New_VFS changes break
    vfs_virusfilter_openat; (bso#14671).
  * build: Notice if flex is missing at configure time; (bso#14586).
  * Fix smbd panic when two clients open same file; (bso#14672).
  * Fix memory leak in the RPC server; (bso#14675).
  * s3: smbd: fix deferred renames; (bso#14679).
  * s3-iremotewinspool: Set the per-request memory context;
    (bso#14675)
  * Fix memory leak in the RPC server; (bso#14675).
  * third_party: Update socket_wrapper to version 1.3.2;
    (bso#11899).
  * third_party: Update socket_wrapper to version 1.3.3;
    (bso#14640).
  * samba-gpupdate: Test that sysvol paths download in
    case-insensitive way; (bso#14665).
  * smbd: Ensure errno is preserved across fsp destructor;
    (bso#14662).
  * idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid
    conflict; (bso#14663).
  * build: Only add -Wl,--as-needed when supported; (bso#14288).

==== snapper ====
Subpackages: libsnapper5 snapper-zypp-plugin

- added systemd sandboxing for services

==== virt-bootstrap ====

- Only build python3 on Tumbleweed: python3-libguestfs is only
  python3 flavor, too.
- Enable unit tests

==== xorgproto ====
Version update (2021.3 -> 2021.4)

- xorgproto 2021.4
  The big new feature in this release is Olivier's addition that makes up
  XFixes 6: the new ClientDisconnectMode. An X server that is started on
  demand (Xwayland) should ideally also terminate when the last client
  disconnects. However, some X11 clients that provide system services will
  linger around forever, preventing that shutdown.
  With the new XFixes request, a client can designate itself as
  to-be-terminated and the X server can ignore those clients when counting the
  number of remaining clients. If no other clients are left, the server can
  shut down.
  Note that this requires changes to the X server and each client to work.

==== yast2-add-on ====
Version update (4.3.8 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-apparmor ====
Version update (4.3.1 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-auth-client ====
Version update (4.3.2 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-auth-server ====
Version update (4.2.5 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-configuration-management ====
Version update (4.3.5 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-control-center ====
Version update (4.3.0 -> 4.4.0)
Subpackages: yast2-control-center-qt

- 4.4.0 (bsc#1185510)

==== yast2-core ====
Version update (4.3.3 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-dns-server ====
Version update (4.3.3 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-firewall ====
Version update (4.3.11 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-firstboot ====
Version update (4.3.11 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-ftp-server ====
Version update (4.3.2 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-hardware-detection ====
Version update (4.1.2 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-journal ====
Version update (4.3.0 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-kdump ====
Version update (4.3.4 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-mail ====
Version update (4.3.3 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-nfs-client ====
Version update (4.3.3 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-nfs-server ====
Version update (4.3.2 -> 4.4.0)
Subpackages: yast2-nfs-common

- 4.4.0 (bsc#1185510)

==== yast2-nis-server ====
Version update (4.3.1 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-ntp-client ====
Version update (4.3.2 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-online-update ====
Version update (4.2.2 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-pam ====
Version update (4.3.4 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-perl-bindings ====
Version update (4.3.0 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-proxy ====
Version update (4.3.2 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-python-bindings ====
Version update (4.1.4 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-samba-server ====
Version update (4.3.4 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-security ====
Version update (4.3.16 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-services-manager ====
Version update (4.3.6 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-slp ====
Version update (4.1.1 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-sound ====
Version update (4.3.3 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-storage-ng ====
Version update (4.3.50 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-sysconfig ====
Version update (4.3.3 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-tftp-server ====
Version update (4.3.1 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-theme ====
Version update (4.3.8 -> 4.4.0)
Subpackages: yast2-theme-breeze

- 4.4.0 (bsc#1185510)

==== yast2-update ====
Version update (4.3.2 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-xml ====
Version update (4.1.1 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== yast2-ycp-ui-bindings ====
Version update (4.3.9 -> 4.4.0)

- 4.4.0 (bsc#1185510)

==== zypper ====
Version update (1.14.43 -> 1.14.44)
Subpackages: zypper-log zypper-needs-restarting

- Rephrase needs-rebooting help and messages.
  Try to point out that the need to reboot was not necessarily
  triggered by the current transaction.
- man page: Recommend the needs-rebooting command to test whether
  a system reboot is suggested.
- patch: Let a patch's reboot-needed flag overrule included packages
  (bsc#1183268)
- Quickfix setting "openSUSE_Tumbleweed" as default platform for
  "MicroOS" (bsc#1153687)
  This fixes the guessed platform for "obs://<project>/" URLs.
- Protect against strict/relaxed user umask via sudo (bsc#1183589)
- zypper-log: protect against thread name indicators in a log.
- xml summary: add solvables repository alias (bsc#1182372)
- version 1.14.44