Packages changed:
  Mesa
  Mesa-drivers
  MozillaFirefox
  bind
  btrfsprogs (5.11 -> 5.12.1)
  djvulibre
  elfutils (0.183 -> 0.184)
  elfutils-debuginfod (0.183 -> 0.184)
  ell (0.39 -> 0.40)
  gdb
  grub2
  hdparm (9.61 -> 9.62)
  highlight (4.0 -> 4.1)
  icu
  lapack
  libXfixes (5.0.3 -> 6.0.0)
  libstorage-ng (4.4.5 -> 4.4.6)
  libupnp (1.14.6 -> 1.14.7)
  mjpegtools (2.0.0 -> 2.2.0~beta)
  mousepad
  open-iscsi
  patterns-base
  perl-HTTP-Message (6.29 -> 6.31)
  plasma5-workspace
  python-Babel (2.9.0 -> 2.9.1)
  python-kiwi (9.23.25 -> 9.23.28)
  python-psutil
  sudo (1.9.6p1 -> 1.9.7)
  virtualbox
  virtualbox-kmp
  yast2-network (4.4.9 -> 4.4.10)

=== Details ===

==== Mesa ====
Subpackages: Mesa-dri-devel Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1

- reenabled build of device-select and overlay vulkan layers

==== Mesa-drivers ====
Subpackages: Mesa-dri Mesa-dri-nouveau Mesa-gallium Mesa-libva libvdpau_nouveau libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libvulkan_intel libvulkan_radeon libxatracker2

- reenabled build of device-select and overlay vulkan layers

==== MozillaFirefox ====
Subpackages: MozillaFirefox-translations-common

- Relax RAM and disk constraints for aarch64

==== bind ====
Subpackages: bind-doc bind-utils python3-bind

- SPEC file: Fixed outdated URL and use secured SourceURLs

==== btrfsprogs ====
Version update (5.11 -> 5.12.1)
Subpackages: btrfsprogs-udev-rules libbtrfs0

- Update to 5.12.1
  * build: fix missing symbols in libbtrfs
  * mkfs: check for minimal number of zones
  * check: fix warning about cache generation when free space tree is enabled
  * fix superblock write in zoned mode on 16K pages
- Update to 5.12
  * libbtrfsutil: relicensed to LGPL v2.1+
  * mkfs: zoned mode support (kernel 5.12+)
  * fi df: show zone_unusable per profile type in zoned mode
  * fi usage: show total amount of zone_unusable
  * fi resize: fix message for exact size
  * image: fix warning and enlarge output file if necessary
  * core
  * refactor chunk allocator for more modes
  * implement zoned mode support: allocation and writes, sb log
  * crypto/hash refactoring and cleanups
  * refactoring and cleanups
  * other
  * test updates
  * CI updates
  * travis-ci integration disabled
  * docker images updated, more coverage
  * incomplete build support for Android removed
  * doc updates
  * chattr mode m for 'NOCOMPRESS"
  * swapfile used from fstab
  * how to add a new export to libbtrfsutil
  * update status of mount options since 5.9
- Update to 5.11.1
  * properly format checksums when a mismatch is reported
  * check: fix false alert on tree block crossing 64K page boundary
  * convert:
  * refuse to convert filesystem with 'needs_recovery'
  * update documentation to require fsck before conversion
  * balance convert: fix raid56 warning when converting other profiles
  * fi resize: improved summary
  * other
  * build: fix checks and autoconf defines
  * fix symlink paths for CI support scripts
  * updated tests

==== djvulibre ====

- security update
- added patches
  fix CVE-2021-32490 [bsc#1185895], Out of bounds write in function DJVU:filter_bv() via crafted djvu file
  + djvulibre-CVE-2021-32490.patch
  fix CVE-2021-32491 [bsc#1185900], Integer overflow in function render() in tools/ddjvu via crafted djvu file
  + djvulibre-CVE-2021-32491.patch
  fix CVE-2021-32492 [bsc#1185904], Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file
  + djvulibre-CVE-2021-32492.patch
  fix CVE-2021-32493 [bsc#1185905], Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file
  + djvulibre-CVE-2021-32493.patch

==== elfutils ====
Version update (0.183 -> 0.184)
Subpackages: elfutils-lang libasm1 libdw1 libelf1

- Update to version 0.184:
  debuginfod: Use libarchive's bsdtar as the .deb-family file unpacker.
  debuginfod-client: Client caches negative results. If a query for a
    file failed with 404, an empty 000 permission
    file is created in the cache. This will prevent
    requesting the same file for the next 10 minutes.
    Client objects now carry long-lived curl handles
    for outgoing connections.  This makes it more
    efficient for multiple sequential queries, because
    the TCP connections and/or TLS state info are kept
    around awhile, avoiding O(100ms) setup latencies.
  libdw: handle DW_FORM_indirect when reading attributes
  translations: Update Polish translation.

==== elfutils-debuginfod ====
Version update (0.183 -> 0.184)

- Update to version 0.184:
  debuginfod: Use libarchive's bsdtar as the .deb-family file unpacker.
  debuginfod-client: Client caches negative results. If a query for a
    file failed with 404, an empty 000 permission
    file is created in the cache. This will prevent
    requesting the same file for the next 10 minutes.
    Client objects now carry long-lived curl handles
    for outgoing connections.  This makes it more
    efficient for multiple sequential queries, because
    the TCP connections and/or TLS state info are kept
    around awhile, avoiding O(100ms) setup latencies.
  libdw: handle DW_FORM_indirect when reading attributes
  translations: Update Polish translation.
- Add 2 build dependences for tests.

==== ell ====
Version update (0.39 -> 0.40)

- update to 0.40:
  * Fix issue with handling failure from missing CA certificates.
  * Fix issue with handling DBus.Introspectable queries.

==== gdb ====

- Remove fix due to regressions [bsc#1185638, swo#26327]:
  * gdb-symtab-fix-infinite-recursion-in-dwarf2_cu-get_builder.patch

==== grub2 ====
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen

- Fix plaintext password in grub config didn't work to unlock menu entry if
  enabling secure boot in UEFI (bsc#1181892)

==== hdparm ====
Version update (9.61 -> 9.62)

- update to 9.62:
  * work around unexpected sign-extending of left-shifted unsigned
    values by gcc

==== highlight ====
Version update (4.0 -> 4.1)

- Update to version 4.1:
  * Improved handling of Custom theme attributes
    (gl#saalen/highlight#182).
  * Fixed wrong color code in edit-kwrite.theme.
  * Added rng file mapping.
  * Improved Lisp highlighting.
  * GUI: Fixed highlighting options tab title.

==== icu ====
Subpackages: libicu69 libicu69-ledata

- nan-undefined-conversion.patch: ICU-21613 Fix undefined behaviour in
  ComplexUnitsConverter::applyRounder

==== lapack ====
Subpackages: libblas3 libcblas3 liblapack3

- stop owning directories provided by filesystem (bsc#1184786)

==== libXfixes ====
Version update (5.0.3 -> 6.0.0)
Subpackages: libXfixes-devel libXfixes3 libXfixes3-32bit

- Update to version 6.0.0
  * The big new feature here is support for the new
    ClientDisconnectMode. From the corresponding
    xorgproto announcement:
    An X server that is started on demand (Xwayland) should ideally
    also terminate when the last client disconnects. However, some
    X11 clients that provide system services will linger around
    forever, preventing that shutdown.
  * With the new XFixes request, a client can designate itself as
    to-be-terminated and the X server can ignore those clients when
    counting the number of remaining clients. If no other clients
    are left, the server can shut down.
  * Note that this requires changes to the X server and each
    client to work.

==== libstorage-ng ====
Version update (4.4.5 -> 4.4.6)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1

- Translated using Weblate (Russian) (bsc#1149754)
- 4.4.6

==== libupnp ====
Version update (1.14.6 -> 1.14.7)
Subpackages: libixml11 libupnp17

- Update to release 1.14.7
  * Build fixes for Windows

==== mjpegtools ====
Version update (2.0.0 -> 2.2.0~beta)

- version update to 2.2.0~beta
- modified patches
  % mjpegtools-2.0.0-fix-bashisms.patch (refreshed)
  % mjpegtools-v4l-2.6.38.patch (refreshed)
  % mjpegtools-vector_alignment.patch (refreshed)
- modified sources
  % baselibs.conf
- deleted patches
  - mjpegtools-config_h.patch (upstreamed)
  - mjpegtools-cpuinfo.patch (not needed)
  - mjpegtools-gcc47.patch (upstreamed)
  - mjpegtools-more-pie.patch (upstreamed)
  - mjpegtools-no_arch_tuning.patch

==== mousepad ====
Subpackages: mousepad-lang

- Split new libraries into subpackages
- Make sure plugins support is enabled
- Switch to GtkSourceView 4
- Added ldconfig scriplets for the new shared libraries

==== open-iscsi ====
Subpackages: iscsiuio libopeniscsiusr0_2_0

- Merge latest upstream, which added fix (bsc#1185930):
  * Set default 'startup' to 'onboot' for FW nodes

==== patterns-base ====
Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-documentation patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-transactional_base patterns-base-x11 patterns-base-x11_enhanced

- Don't recommend syslinux and binutils in enhanced_base

==== perl-HTTP-Message ====
Version update (6.29 -> 6.31)

- updated to 6.31
  see /usr/share/doc/packages/perl-HTTP-Message/Changes
  6.31      2021-05-11 18:07:37Z
  - Fix test writing to files (GH#156) (Michal Josef ?pa?ek)
  6.30      2021-05-10 14:55:55Z
  - Don't inherit from Exporter anymore (GH#155) (Max Maischein)
  - Remove superfluous Perl version requirement. This module requires Perl
    5.6 or newer. (GH#155) (Max Maischein)

==== plasma5-workspace ====
Subpackages: gmenudbusmenuproxy plasma5-session plasma5-session-wayland plasma5-workspace-lang plasma5-workspace-libs xembedsniproxy

- Add patch to unbreak some services after login (kde#429415):
  * 0001-startkde-Reset-systemd-failed-units-on-login.patch

==== python-Babel ====
Version update (2.9.0 -> 2.9.1)

- update to 2.9.1:
  * The internal locale-data loading functions now validate the name of the
    locale file to be loaded and only allow files within Babel's data directory.

==== python-kiwi ====
Version update (9.23.25 -> 9.23.28)

- Bump version: 9.23.27 ? 9.23.28
- Upgrade tests accoring to #1805
  This commit is a follow up of #1805 which missed to update the related
  unit test.
- Make installation media unattended
  This commit configures install media of several tests to run unattended
  installation. This is done to facilitate the logic of functional tests.
- Fixed unit tests for parallel invocation
  With the change to allow the platform architecture to be
  set application global, the unit tests might fail if tests
  run in parallel and using different mock architectures
  for the test. Thus test that runs depending on a platform
  name needs to set the name in the test
- Update Debian integration test for UEFI testing
  Updated the Virtual disk profile to make use of the EFI
  secure boot feature.
- Fix WSL appx filemap relative paths not preserved
  During WSL appx image type creation step the file hierarchy under metadata_path
  is written to a temporary file for eventual use as argument to utility appx.
  The file hierarchy information is dropped resulting in all filemap entries
  appearing to be at the metadata_path root. The resulting image will side load
  and run but without icon and other resources. Stricter checks at Windows Store
  submission will fail due to mismatch between image manifest and contents.
  Fix by preserving relative path of filemap entries relative to metadata_path.
  Add log output showing both input absolute path and output relative path.
- Update Ubuntu integration test for UEFI testing
  Updated the Virtual disk profile to make use of the EFI
  secure boot feature.
- Added support for UEFI on Debian based distros
  The Debian/Ubuntu folks have a different system to support
  EFI secure boot. In order to make use of it kiwi needs some
  adaptions done in this pull request. This Fixes #1743
- Bump version: 9.23.26 ? 9.23.27
- Fixed spec file on Debian tool settings
  debootstrap should always come with dpkg because we don't
  want to handle the architecture names used on Debian when
  dpkg knows them better than we do. since debootstrap itself
  considers the possibility of being called without dpkg on
  the system we generate the dependency by a spec change
  here. This Fixes #1778
- Change zypper download mode to in-advance
  In relation to upcoming zypper changes e.g to make use of librpm on
  single transaction operations there is the possibility that file
  triggers start being used. To ensure zypper behaves consistently
  DownloadInAdvance mode should be used, this way the transaction
  happens as a whole and with the upcoming zypper changes zypper
  will still be capable to handle the file triggers.
  This Fixes #1789
- Added shadow package to pxe integration test
  Tools like usermod were moved from coreutils to shadow
- Added shadow package to integration test
  Tools like usermod were moved from coreutils to shadow
- Fix appx manifest for WSL containers
  This commit prevents KIWI from setting Identity Name attribute and
  DisplayName and PublisherDisplayName elements.
  Fixes #1780
- Do not apply default subcommand for derivate containers
  This commit does not apply the default subcommand for derivate
  containers.
  Fixes bsc#1184823
- Fixed integration tests requesting grub
  For some reason two integration tests requests the "grub" and
  the "grub2" package. On TW there is now no longer a provider of
  grub and thus the image build became unresolvable. There is
  only grub2 for quite some time, so I deleted this package
  setting from the tests in question
- Bump version: 9.23.25 ? 9.23.26
- Fixed platform setup for vagrant unit tests
- Add support for a custom exclude file
  The new optional metadata file image/exclude_files.yaml can
  be placed inside of the local image root tree. At creation time of
  the image binary the file contents are used to extend the default
  exclude list with additional information. The structure of the
  file must be as follows:
  ```yaml
  exclude:
  - exclude-name-used-in-rsync
  ```

==== python-psutil ====

- remove the dependency on net-tools, since it conflicts with
  busybox-hostnmame which is default on MicroOS. boo#1184753

==== sudo ====
Version update (1.9.6p1 -> 1.9.7)
Subpackages: sudo-plugin-python

- update to 1.9.7
  * The "fuzz" Makefile target now runs all the fuzzers for 8192
    passes (can be overridden via the FUZZ_RUNS variable).  This makes
    it easier to run the fuzzers in-tree.  To run a fuzzer indefinitely,
    set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 fuzz".
  * Fixed fuzzing on FreeBSD where the ld.lld linker returns an
    error by default when a symbol is multiply-defined.
  * Added support for determining local IPv6 addresses on systems
    that lack the getifaddrs() function.  This now works on AIX,
    HP-UX and Solaris (at least).  Bug #969.
  * Fixed a bug introduced in sudo 1.9.6 that caused "sudo -V" to
    report a usage error.  Also, when invoked as sudoedit, sudo now
    allows a more restricted set of options that matches the usage
    statement and documentation.  GitHub issue #95.
  * Fixed a crash in sudo_sendlog when the specified certificate
    or key does not exist or is invalid.  Bug #970
  * Fixed a compilation error when sudo is configured with the
  - -disable-log-client option.
  * Sudo's limited support for SUCCESS=return entries in nsswitch.conf
    is now documented.  Bug #971.
  * Sudo now requires autoconf 2.70 or higher to regenerate the
    configure script.  Bug #972.
  * sudo_logsrvd now has a relay mode which can be used to create
    a hierarchy of log servers.  By default, when a relay server is
    defined, messages from the client are forwarded immediately to
    the relay.  However, if the "store_first" setting is enabled,
    the log will be stored locally until the command completes and
    then relayed.  Bug #965.
  * Sudo now links with OpenSSL by default if it is available unless
    the --disable-openssl configure option is used or both the
  - -disable-log-client and --disable-log-server configure options
    are specified.
  * Fixed configure's Python version detection when the version minor
    number is more than a single digit, for example Python 3.10.
  * The sudo Python module tests now pass for Python 3.10.
  * Sudo will now avoid changing the datasize resource limit
    as long as the existing value is at least 1GB.  This works around
    a problem on 64-bit HP-UX where it is not possible to exactly
    restore the original datasize limit.  Bug #973.
  * Fixed a race condition that could result in a hang when sudo is
    executed by a process where the SIGCHLD handler is set to SIG_IGN.
    This fixes the bug described by GitHub PR #98.
  * Fixed an out-of-bounds read in sudoedit and visudo when the
    EDITOR, VISUAL or SUDO_EDITOR environment variables end in an
    unescaped backslash.  Also fixed the handling of quote characters
    that are escaped by a backslash.  GitHub issue #99.
  * Fixed a bug that prevented the "log_server_verify" sudoers option
    from taking effect.
  * The sudo_sendlog utility has a new -s option to cause it to stop
    sending I/O records after a user-specified elapsed time.  This
    can be used to test the I/O log restart functionality of sudo_logsrvd.
  * Fixed a crash introduced in sudo 1.9.4 in sudo_logsrvd when
    attempting to restart an interrupted I/O log transfer.
  * The TLS connection timeout in the sudoers log client was previously
    hard-coded to 10 seconds.  It now uses the value of log_server_timeout.
  * The configure script now outputs a summary of the user-configurable
    options at the end, separate from output of configure script tests.
    Bug #820.
  * Corrected the description of which groups may be specified via the
  - g option in the Runas_Spec section.  Bug #975.

==== virtualbox ====
Subpackages: virtualbox-guest-tools virtualbox-guest-x11

- Correct WantedBy entry in vboxadd-service
- Require which for /usr/lib/virtualbox/vboxadd-service
- fix license packaging, small cruft cleanup (avoid owning directories provided by filesystem rpm)

==== virtualbox-kmp ====

- Correct WantedBy entry in vboxadd-service
- Require which for /usr/lib/virtualbox/vboxadd-service
- fix license packaging, small cruft cleanup (avoid owning directories provided by filesystem rpm)

==== yast2-network ====
Version update (4.4.9 -> 4.4.10)

- Write IP addresses in order preventing an alias to set the
  primary IP address (bsc#1185967)
- 4.4.10