Packages changed:
  MozillaFirefox (88.0.1 -> 89.0)
  apparmor
  at-spi2-core (2.40.1 -> 2.40.2)
  cups
  distribution-logos-openSUSE
  eog (40.1 -> 40.2)
  gobject-introspection
  gupnp (1.2.6 -> 1.2.7)
  libX11 (1.7.1 -> 1.7.2)
  libapparmor
  librsvg (2.50.6 -> 2.50.7)
  mpg123 (1.27.2 -> 1.28.0)
  openSUSE-build-key
  openvpn (2.4.10 -> 2.4.11)
  python-attrs (20.3.0 -> 21.2.0)
  python-greenlet (1.0.0 -> 1.1.0)
  python-idna (3.1 -> 3.2)
  python-more-itertools (8.7.0 -> 8.8.0)
  python-sortedcontainers (2.3.0 -> 2.4.0)
  python38
  python38-core
  python38-documentation
  setools
  texlive
  z3 (4.8.10 -> 4.8.11)

=== Details ===

==== MozillaFirefox ====
Version update (88.0.1 -> 89.0)
Subpackages: MozillaFirefox-translations-common

- Mozilla Firefox 89.0
  * UI redesign
  * The Event Timing API is now supported
  * The CSS forced-colors media query is now supported
  MFSA 2021-23 (bsc#1186696)
  * CVE-2021-29965 (bmo#1709257)
    Password Manager on Firefox for Android susceptible to domain
    spoofing
  * CVE-2021-29960 (bmo#1675965)
    Filenames printed from private browsing mode incorrectly
    retained in preferences
  * CVE-2021-29961 (bmo#1700235)
    Firefox UI spoof using `<select>` elements and CSS scaling
  * CVE-2021-29963 (bmo#1705068)
    Shared cookies for search suggestions in private browsing mode
  * CVE-2021-29964 (bmo#1706501)
    Out of bounds-read when parsing a `WM_COPYDATA` message
  * CVE-2021-29959 (bmo#1395819)
    Devices could be re-enabled without additional permission prompt
  * CVE-2021-29962 (bmo#1701673)
    No rate-limiting for popups on Firefox for Android
  * CVE-2021-29967 (bmo#1602862, bmo#1703191, bmo#1703760,
    bmo#1704722, bmo#1706041)
    Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11
  * CVE-2021-29966 (bmo#1660307, bmo#1686154, bmo#1702948, bmo#1708124)
    Memory safety bugs fixed in Firefox 89
- require
  NSS >= 3.64
  rust-cbindgen >= 0.19.0
- do not rely on nodejs10 packagename anymore
- updated mozilla.keyring
- switched TW/x86_64 to clang as the last platform due to
  https://bugs.gentoo.org/792705
- but LTO with clang is broken in TW so disable LTO for it
  https://bugs.llvm.org/show_bug.cgi?id=47872

==== apparmor ====
Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang pam_apparmor pam_apparmor-32bit python3-apparmor

- move Requires: python3 back to the python3-apparmor subpackage -
  readline usage is in the python modules, not in apparmor-utils
- Remove python symbols (python means currently python2), work
  only with python3 ones (fallout from bsc#1185588).

==== at-spi2-core ====
Version update (2.40.1 -> 2.40.2)
Subpackages: at-spi2-core-lang libatspi0 typelib-1_0-Atspi-2_0

- Update to version 2.40.2:
  + README: Remove outdated links.
  + Key grab fixes for the new API.
  + registryd: Add a missing call to va_end.

==== cups ====
Subpackages: cups-client cups-config libcups2 libcups2-32bit libcupsimage2

- Provide /usr/share/cups/ppdc/ in the "cups" main package
  to avoid that "lpinfo -m" results in /var/log/cups/error_log
  things like "ppdc: Unable to find include file font.defs"
  or "ppdc: Unable to find include file hp.h" and then
  "Bad driver information file /usr/share/cups/drv/sample.drv"
  (bsc#1186843)

==== distribution-logos-openSUSE ====

- Add icons package to handle systemd branding better

==== eog ====
Version update (40.1 -> 40.2)
Subpackages: eog-lang

- Update to version 40.2:
  + reload: Remove unused GtkActionGroup member
  + Critical warning after closing EOG (invalid unclassed pointer;
    assertion 'EOG_IS_IMAGE (img)' failed)
  + Updated translations.

==== gobject-introspection ====
Subpackages: girepository-1_0 libgirepository-1_0-1

- gi-find-deps.sh: on Tumbleweed, HOSTTYPE on ppc64/ppc64le reports
  powerpc64 and powerpc64le: accept those strings as 64bit archs.

==== gupnp ====
Version update (1.2.6 -> 1.2.7)

- Update to version 1.2.7:
  + Fix build with -Wformat-security=error
  + Bump required GLib version to 2.66
  + Fix some introspection annotations
  + Add missing varargs functions to vapi
  + Revert fix from 1.2.5 which causes managed control points to
    live too long

==== libX11 ====
Version update (1.7.1 -> 1.7.2)
Subpackages: libX11-6 libX11-6-32bit libX11-data libX11-devel libX11-xcb1

- Update to version 1.7.2
  * bug fix release, correcting a regression introduced by and
    improving the checks from the fix for CVE-2021-31535.
- supersedes U_Check-for-NULL-strings-before-getting-their-lengths.patch

==== libapparmor ====
Subpackages: libapparmor1 libapparmor1-32bit

- move Requires: python3 back to the python3-apparmor subpackage -
  readline usage is in the python modules, not in apparmor-utils
- Remove python symbols (python means currently python2), work
  only with python3 ones (fallout from bsc#1185588).

==== librsvg ====
Version update (2.50.6 -> 2.50.7)
Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 librsvg-lang rsvg-thumbnailer typelib-1_0-Rsvg-2_0

- Update to version 2.50.7:
  + Two cairo-related bug fixes:
  - glgo#GNOME/librsvg#745: Fix mismatched cairo_save/restore
    when running in inside the Cairo test suite.
  - glgo#GNOME/librsvg#746: Possible cairo_save() without
    cairo_restore() in render_layer().

==== mpg123 ====
Version update (1.27.2 -> 1.28.0)
Subpackages: libmpg123-0 mpg123-openal

- Update to version 1.28.0
  build:
  * Fix up the build to actually build all library objects with
    libtool consistently, also ensuring no pointless static
    archives for output modules.
  * Adapted things to autoconf 2.71, requiring 2.69 now
  * Improved configure to be more useful --with-default-audio to
    define the search order, fix static build for --with-audio
    being a list (just choosing the first one).
  * Ensure consistent use of LINK_MPG123_DLL in headers.
  build (ports/cmake):
  * Hardcode ports/cmake CPU detection for x64 and ARM as
    CMAKE_SYSTEM_PROCESSOR is useless crap (bug 298 for real).
  * Added JACK output, fixed handling of compat_str there
  libsyn123:
  * Fix syn123_mix() to actually do intermediate conversion when
    input and output encoding are the same but non-float. This
    makes out123 --mix work with s16 input and output, which is
    not that special!
  libmpg123:
  * Fix misguided handling of part2_3_length checks in
    III_get_scale_factors_1() and III_get_scale_factors_2()
    which invalidated decoding of a mono source encoded as
    ms+i-stereo (bug 312). This was a regression introduced
    with version 1.25.7.
  libout123:
  * Print basic module loading errors only for last one in list.
    This enables use of an output module search list that
    anticipates module files not installed with the main package.

==== openSUSE-build-key ====

- remove dumpsigs, unused since SLE12+ (rpm 4.x) (bsc#1186827)
- add URL
- spec-cleaner run
- Merge changes from openSUSE Leap 15.3 for rpm-repos-openSUSE (boo#1186593)
- Refresh the SLE15 build@suse.de key
  * Updated gpg-pubkey-39db7c82-5847eb1f.asc

==== openvpn ====
Version update (2.4.10 -> 2.4.11)

- update to 2.4.11 (bsc#1185279):
  * CVE-2020-15078 see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
  * This bug allows - under very specific circumstances - to trick a server using
    delayed authentication (plugin or management) into returning a PUSH_REPLY
    before the AUTH_FAILED message, which can possibly be used to gather
    information about a VPN setup.
  * In combination with "--auth-gen-token" or an user-specific token auth
    solution it can be possible to get access to a VPN with an
    otherwise-invalid account.
  * Fix potential NULL ptr crash if compiled with DMALLOC
- drop sysv5 init support, it hasn't build successfully in ages
  and is build-disabled in devel project

==== python-attrs ====
Version update (20.3.0 -> 21.2.0)

- update to 21.2.0:
  * We had to revert the recursive feature for ``attr.evolve()`` because it
    broke some use-cases -- sorry!
  * Python 3.4 is now blocked using packaging metadata because ``attrs`` can't
    be imported on it anymore.
  * The long-awaited, much-talked-about, little-delivered ``import attrs`` is
    finally upon us!
  * The *cmp* argument to ``attr.s()`` and `attr.ib()` has been **undeprecated**
    It will continue to be supported as syntactic sugar to set *eq* and *order* in one go.
  * Further smaller changes, see included Changelog.md

==== python-greenlet ====
Version update (1.0.0 -> 1.1.0)

- update to 1.1.0:
  * Add support for Python 3.10. Pre-built binary wheels for 3.10 are
    not currently available for all platforms. The greenlet ABI is
    different on Python 3.10 from all previous versions, but as 3.10 was
    never supported before, and the ABI has not changed on other Python
    versions, this is not considered a reason to change greenlet's major
    version.

==== python-idna ====
Version update (3.1 -> 3.2)

- update to 3.2:
  * Add type hints (Thanks, Seth Michael Larson!)
  * Remove support for Python 3.4

==== python-more-itertools ====
Version update (8.7.0 -> 8.8.0)

- update to 8.8.0:
  * :func:`countable` (thanks to krzysieq)
  * :func:`split_before` was updated to handle empy collections (thanks to TiunovNN)
  * :func:`unique_everseen` got a performance boost (thanks to Numerlor)
  * The type hint for :func:`value_chain` was corrected (thanks to vr2262)
- %check: use %pyunittest rpm macro

==== python-sortedcontainers ====
Version update (2.3.0 -> 2.4.0)

- update to 2.4.0:
  * Implement SortedDict methods: __or__, __ror__, and __ior__ per PEP 584.

==== python38 ====
Subpackages: python38-curses python38-dbm python38-tk

- allow building against sphinx 3.x+
- Stop providing "python" symbol (bsc#1185588), which means
  python2 currently.

==== python38-core ====
Subpackages: libpython3_8-1_0 python38-base

- allow building against sphinx 3.x+
- Stop providing "python" symbol (bsc#1185588), which means
  python2 currently.

==== python38-documentation ====

- allow building against sphinx 3.x+
- Stop providing "python" symbol (bsc#1185588), which means
  python2 currently.

==== setools ====

- Fix dependency of python3-setools: require python3, not python
  (which is python2).

==== texlive ====
Subpackages: libkpathsea6 libsynctex2

- Change to using systemd-sysusers

==== z3 ====
Version update (4.8.10 -> 4.8.11)

- update to 4.8.11:
  * fix soundness issues, invalid models, and crashes for options
  "tactic.default_tactic=smt sat.euf=true"
  * centos -> glibc
  * updated ref to esrp
  * undo cxx hoist
  * hoist c++ flags