Packages changed:
  MozillaThunderbird (91.0.3 -> 91.1.0)
  compat-usrmerge
  gcc
  glib2
  krb5
  libseccomp (2.5.1 -> 2.5.2)
  open-iscsi
  openexr
  patterns-server
  pipewire (0.3.34 -> 0.3.35)
  publicsuffix (20210823 -> 20210908)
  python-Jinja2
  python-aiohttp
  python38 (3.8.11 -> 3.8.12)
  python38-core (3.8.11 -> 3.8.12)
  python38-documentation (3.8.11 -> 3.8.12)
  qemu
  spamassassin
  systemd
  yast2-country (4.4.5 -> 4.4.6)
  yast2-installation (4.4.17 -> 4.4.18)
  yast2-network (4.4.22 -> 4.4.23)

=== Details ===

==== MozillaThunderbird ====
Version update (91.0.3 -> 91.1.0)
Subpackages: MozillaThunderbird-translations-common

- Mozilla Thunderbird 91.1.0
  * Thunderbird registered Accessibility Handlers using same GUIDs
    as Firefox, causing performance issues for NVDA users
  * Focus lost when reordering accounts by keyboard in the Account Manager
  * Account setup did not use provider display name for setting up
    calendars
  * Various theme and UX fixes
  MFSA 2021-41 (bsc#1190269)
  * CVE-2021-38492 (bmo#1721107)
    Navigating to `mk:` URL scheme could load Internet Explorer
  * CVE-2021-38495 (bmo#1723391, bmo#1723920, bmo#1724101,
    bmo#1724107)
    Memory safety bugs fixed in Thunderbird 91.1
- (re-)added mozilla-silence-no-return-type.patch
- add mozilla-bmo531915.patch to fix build for i586

==== compat-usrmerge ====

- statically link xmv to avoid glibc 2.34 dependency
  (__libc_start_main@GLIBC_2.34)
- turn on filetriggers in main package. Needed for single transaction upgrades
  (boo#1189788)

==== gcc ====
Subpackages: cpp gcc-info libstdc++-devel

- Add libgccjit%{libgccjit_sover}-devel package

==== glib2 ====
Subpackages: glib2-lang glib2-tools libgio-2_0-0 libgio-2_0-0-32bit libglib-2_0-0 libglib-2_0-0-32bit libgmodule-2_0-0 libgmodule-2_0-0-32bit libgobject-2_0-0 libgobject-2_0-0-32bit libgthread-2_0-0 libgthread-2_0-0-32bit

- desktop-file-utils: add Pantheon desktop environment

==== krb5 ====
Subpackages: krb5-32bit krb5-client

- Fix KDC null pointer dereference via a FAST inner body that
  lacks a server field; (CVE-2021-37750); (bsc#1189929);
- Added patches:
  * 0009-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch

==== libseccomp ====
Version update (2.5.1 -> 2.5.2)

- Update to release 2.5.2
  * Update the syscall table for Linux v5.14-rc7
  * Add a function, get_notify_fd(), to the Python bindings to
    get the nofication file descriptor.
  * Consolidate multiplexed syscall handling for all
    architectures into one location.
  * Add multiplexed syscall support to PPC and MIPS
  * The meaning of SECCOMP_IOCTL_NOTIF_ID_VALID changed within
    the kernel. libseccomp's fd notification logic was modified
    to support the kernel's previous and new usage of
    SECCOMP_IOCTL_NOTIF_ID_VALID.

==== open-iscsi ====
Subpackages: iscsiuio libopeniscsiusr0_2_0

- Updated to latest upstream 2.1.5 as 2.1.5-suse, which contains
  these changes not already present:
  * Handle IPv6 interfaces correctly. (bsc#1187958)
  * Handle qedi correctly in NPAR mode (bsc#1187958)
  * Update iscsiadm man page (bsc#1187958)
  * Update iface.example for ipv6
  * Change iscsi IP type from defines to enum.
  * Handle recv() returning 0 in iscsid_response()

==== openexr ====
Subpackages: libIex-3_1-30 libIlmThread-3_1-30 libOpenEXR-3_1-30

- Add patch to fix OpenEXRCore.testHUF on armv7:
  * openexr-fix-armv7.patch
  * openexr-fix-armv7-2.patch

==== patterns-server ====
Subpackages: patterns-server-dhcp_dns_server patterns-server-directory_server patterns-server-file_server patterns-server-gateway_server patterns-server-kvm_server patterns-server-lamp_server patterns-server-mail_server patterns-server-printing patterns-server-xen_server

- Make wireshark recommended, not required.

==== pipewire ====
Version update (0.3.34 -> 0.3.35)
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-lang pipewire-media-session pipewire-modules pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools

- Update to version 0.3.35:
  * Highlights:
  - S/PDIF passthrough over optical or HDMI is now implemented.
  - Some critical fixes to MIDI, draining of streams and various
    modules.
  - skypeforlinux should work better now after adding it to the
    quirks database.
  - Bluetooth codecs are now in separate plugins to make it
    easier to ship them.
  * PipeWire:
  - Drain was fixed in pw-stream. In some cases it would not
    clear the drain state correctly. Fixes the issue where
    speaker-test would only play one channel.
  - Loopback connections to a driver will now activate the
    driver. This fixes an issue where MIDI connections between
    devices or some applications (puredata) would not get any
    MIDI messages. (#1559)x.
  - The audiomixer can now mix more formats. Together with the
    passthrough improvements this can be used to avoid
    conversions to/from the DSP format in some cases.
  - Make sure we idle drivers when removing a node from it in all
    cases. JACK clients could keep a driver node busy.
  - Add new methods to accumulate object info. The old one was
    difficult to use when applications need to accumulate
    multiple changes.
  - A new interface to load modules has been added. Plugins can
    use this to ask the host (PipeWire) to load spa plugins.
  - Increase param buffer size to handle larger params. Nodes
    with a large number of channels would sometimes not have
    properties. (#1574)
  - Concurrent link negotiation that caused some links to not
    work, is now avoided. This fixes monitor ports in Ardour6.
  - Small tweaks to how the quantum and rate are handled when
    nodes move between drivers. Make node.lock-quantum work with
    node.latency
  * PipeWire modules:
  - The convolver plugin in filter-chain has been optimized some
    more.
  - The echo-cancel stream properties were improved so that it
    actually can remember the streams it links to. (#1557)
  - module-pulse-tunnel had the buffer attributes wrong and would
    cause high latency with older pulseaudio servers. (#1434)
  - module-roc had the properties configured wrongly, which would
    cause it to not work at all in most cases. (#1538)
  - There is now an example of a 7.1 virtual surround sink using
    the hesuvi impulse responses.
  - The convolver now supports dirac pulses as the IR.
  * ALSA:
  - UCM config is now cached per device, using up less memory. It
    also temporarily works around a problem in alsa-lib that is
    now being patched and rolled out. Should stop devices from
    disappearing when logging out and back in. (#1553)
  - Fix the MIDI clock rate matching. It was too sensitive to
    small changes and would spiral out of control and break MIDI
    rather quickly.
  * pipewire-media-session:
  - The media session can now save and restore IEC958 (S/PDIF)
    codecs for the sinks.
  - Passthrough of IEC958 (S/PDIF) content is now possible. If
    the client and the sink contain a compatible set of codecs,
    an exclusive connection can be made between client and sink to pass
    the encoded S/PDIF content directly to the device.
  - Use new introspection info update methods to suspend nodes in
    all cases. Sometimes, nodes would fail to suspend because the
    state info was not evaluated.
  - The media session can now work in non-DSP mode, which will
    try to avoid any audio conversions between client and device
    when possible. But, this will also disable compatibility with
    JACK applications.
  * Bluetooth
  - Bluetooth codecs are now compiled into separate plugins which
    are dynamically loaded. This makes it possible to change the
    plugin implementation or ship plugins separately without
    having to recompile the bluetooth module.
  * PulseAudio server
  - Delay stream create reply until the stream is linked to a
    sink/source.
  - The device-restore extension is now implemented. This makes
    it possible to configure the IEC958 (S/PDIF) codecs supported
    by the sink with pavucontrol.
  - skypeforlinux now uses the same quirks as teams to make the
    sinks show up in all cases. This fixes the issue of not being
    able to hear the remote end in skypeforlinux.
  * JACK
  - Improve catia and carla compatibility by caching objects a
    little longer after being removed. (#1531)
  - JACK ports now notify the negotiated format correctly.
  - A potential deadlock was fixed when multiple threads would
    perform a call that would require a roundtrip.
  - Improve bufsize callback, it should not be called right after
    doing activate() but only when the buffersize changes later.
  - Add tweak to disable the process lock. Some older apps might
    not expect it. (#1576)
  * Docs
  - man pages are now generated with rst2man.
  - DMA-BUF docs were updated.
  - Documentation updates.
- Replace BuildRequires xmltoman with docutils (rst2man)
- Update libcamera Buildrequires.

==== publicsuffix ====
Version update (20210823 -> 20210908)

- Update to version 20210908:
  * Add instances.spawn.cc (#1411)
  * Remove: nctu.me (#1407)
  * Roll back diher.solutions PR #1393 (#1406)
  * Update public_suffix_list.dat (#1390)
  * Add barsy.ro to Lukanet Ltd private domains (#1402)
  * Add affinitylottery.org.uk raffleentry.org.uk and weeklylottery.org.uk to public suffix list (#1398)
  * Tabitorder.co.il (#1385)
  * add diher.solutions and rss.my.id to the list (#1393)
  * Include *.cloudera.site to the PSL (#1400)
  * Adds pages.it.hs-heilbronn.de (#1388)
  * these domains are being deprecated, we wish to clean up after ourselves (#1399)

==== python-Jinja2 ====

- Add no-warnings-as-errors.patch:
  * Do not treat warnings as errors until upstream fix using async loops.

==== python-aiohttp ====

- Restore python39-failures.patch, which is actually still needed.
- Remove python39-failures.patch and replace it with actual fix
  of the issue in remove_deprecated_loop_argument.patch.
- Add backport_fix_for_setting_cookies.patch for backport of
  fixes from 3.8 branch.
- Add python39-failures.patch to fix test problems with Python 3.9.7+
  (gh#aio-libs/aiohttp#5991).

==== python38 ====
Version update (3.8.11 -> 3.8.12)
Subpackages: python38-curses python38-dbm python38-tk

- Update to 3.8.12
  * Complete list of changes is available at
    https://docs.python.org/release/3.8.12/whatsnew/changelog.html
  * Security
  - bpo-42278: Replaced usage of tempfile.mktemp() with
    TemporaryDirectory to avoid a potential race condition.
  - bpo-44394: Update the vendored copy of libexpat to 2.4.1
    (from 2.2.8) to get the fix for the CVE-2013-0340 ?Billion
    Laughs? vulnerability. This copy is most used on Windows and
    macOS.
  - bpo-43124: Made the internal putcmd function in smtplib
    sanitize input for presence of \r and \n characters to avoid
    (unlikely) command injection.
  - bpo-36384: ipaddress module no longer accepts any leading
    zeros in IPv4 address strings. Leading zeros are ambiguous
    and interpreted as octal notation by some libraries. For
    example the legacy function socket.inet_aton() treats leading
    zeros as octal notation. glibc implementation of modern
    inet_pton() does not accept any leading zeros. For a while
    the ipaddress module used to accept ambiguous leading zeros.
- Refreshed patch:
  * decimal-3.8.patch
- Add decimal-3.8.patch to add building with --with-system-libmpdec
  option (bsc#1189356).
- test_faulthandler is still problematic under qemu linux-user emulation,
  disable it there
- Reenable profileopt with qemu emulation, test_faulthandler is no longer
  run during profiling

==== python38-core ====
Version update (3.8.11 -> 3.8.12)
Subpackages: libpython3_8-1_0 python38-base

- Update to 3.8.12
  * Complete list of changes is available at
    https://docs.python.org/release/3.8.12/whatsnew/changelog.html
  * Security
  - bpo-42278: Replaced usage of tempfile.mktemp() with
    TemporaryDirectory to avoid a potential race condition.
  - bpo-44394: Update the vendored copy of libexpat to 2.4.1
    (from 2.2.8) to get the fix for the CVE-2013-0340 ?Billion
    Laughs? vulnerability. This copy is most used on Windows and
    macOS.
  - bpo-43124: Made the internal putcmd function in smtplib
    sanitize input for presence of \r and \n characters to avoid
    (unlikely) command injection.
  - bpo-36384: ipaddress module no longer accepts any leading
    zeros in IPv4 address strings. Leading zeros are ambiguous
    and interpreted as octal notation by some libraries. For
    example the legacy function socket.inet_aton() treats leading
    zeros as octal notation. glibc implementation of modern
    inet_pton() does not accept any leading zeros. For a while
    the ipaddress module used to accept ambiguous leading zeros.
- Refreshed patch:
  * decimal-3.8.patch
- Add decimal-3.8.patch to add building with --with-system-libmpdec
  option (bsc#1189356).
- test_faulthandler is still problematic under qemu linux-user emulation,
  disable it there
- Reenable profileopt with qemu emulation, test_faulthandler is no longer
  run during profiling

==== python38-documentation ====
Version update (3.8.11 -> 3.8.12)

- Update to 3.8.12
  * Complete list of changes is available at
    https://docs.python.org/release/3.8.12/whatsnew/changelog.html
  * Security
  - bpo-42278: Replaced usage of tempfile.mktemp() with
    TemporaryDirectory to avoid a potential race condition.
  - bpo-44394: Update the vendored copy of libexpat to 2.4.1
    (from 2.2.8) to get the fix for the CVE-2013-0340 ?Billion
    Laughs? vulnerability. This copy is most used on Windows and
    macOS.
  - bpo-43124: Made the internal putcmd function in smtplib
    sanitize input for presence of \r and \n characters to avoid
    (unlikely) command injection.
  - bpo-36384: ipaddress module no longer accepts any leading
    zeros in IPv4 address strings. Leading zeros are ambiguous
    and interpreted as octal notation by some libraries. For
    example the legacy function socket.inet_aton() treats leading
    zeros as octal notation. glibc implementation of modern
    inet_pton() does not accept any leading zeros. For a while
    the ipaddress module used to accept ambiguous leading zeros.
- Refreshed patch:
  * decimal-3.8.patch
- Add decimal-3.8.patch to add building with --with-system-libmpdec
  option (bsc#1189356).
- test_faulthandler is still problematic under qemu linux-user emulation,
  disable it there
- Reenable profileopt with qemu emulation, test_faulthandler is no longer
  run during profiling

==== qemu ====
Subpackages: qemu-accel-qtest qemu-accel-tcg-x86 qemu-arm qemu-audio-spice qemu-block-curl qemu-block-dmg qemu-block-gluster qemu-block-iscsi qemu-block-nfs qemu-block-rbd qemu-block-ssh qemu-chardev-baum qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-microvm qemu-ppc qemu-s390x qemu-seabios qemu-sgabios qemu-skiboot qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios qemu-vhost-user-gpu qemu-x86

- Fix qemu build on ARMv7 (bsc#1190211)
  * Patches added:
  tcg-arm-Fix-tcg_out_vec_op-function-sign.patch
- Update supported file for ARM machines.
- Keep qemu-img without backing format still deprecated
  (bsc#1190135)
  * Patches added:
  Revert-qemu-img-Improve-error-for-rebase.patch
  Revert-qemu-img-Require-F-with-b-backing.patch
- Update the support files to reflect the deprecation.
- Update build dependencies versions: libgcrypt >= 1.8.0,
  gnutls >= 3.5.18, glib >= 2.56, libssh >= 0.8.7
- Fix hardcoded binfmt handler doesn't play well with containers
  (bsc#1186256)
  * Patches added:
  qemu-binfmt-conf.sh-allow-overriding-SUS.patch

==== spamassassin ====
Subpackages: perl-Mail-SpamAssassin spamassassin-spamc

- spamassassin: sa-update.timer does not work
  (bsc#1175375)
  Remove sence less SPAM_SA_UPDATE
  Document how to use sa-update.service

==== systemd ====
Subpackages: libsystemd0 libsystemd0-32bit libudev-devel libudev1 libudev1-32bit systemd-32bit systemd-container systemd-doc systemd-lang systemd-logger systemd-sysvinit udev

- Don't reexecute user manager instances on package update yet
  This can't be done until users have their user instance updated to
  the new version that supports reexecuting with SIGRTMIN+25 because
  this signal terminates the user managers for the previous versions.
- Import commit ec72db9ee0f8ce061f83624d7148ff38a5993b11
  3b1aa2f79f manager: reexecute on SIGRTMIN+25, user instances only
  fd46c81922 test: make sure to include all haveged unit files
- systemd.spec: reexec user manager instances on package updates
- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480)
- Drop dependency on m4 (replaced by Jinja2)

==== yast2-country ====
Version update (4.4.5 -> 4.4.6)
Subpackages: yast2-country-data

- Use only one server when proposing the default NTP servers to
  be used (bsc#1188980).
- 4.4.6

==== yast2-installation ====
Version update (4.4.17 -> 4.4.18)

- Display release notes during upgrade (bsc#1186044)
- 4.4.18

==== yast2-network ====
Version update (4.4.22 -> 4.4.23)

- Add support for reading the default NTP servers from the control
  file in case of defined (bsc#1180699)
- 4.4.23