Packages changed:
  LibVNCServer
  alpine (2.24 -> 2.25)
  apache2 (2.4.48 -> 2.4.49)
  apache2-manual (2.4.48 -> 2.4.49)
  apache2-prefork (2.4.48 -> 2.4.49)
  apache2-utils (2.4.48 -> 2.4.49)
  cppcheck
  cryptsetup (2.4.0 -> 2.4.1)
  e2fsprogs (1.46.3 -> 1.46.4)
  eog-plugins
  epiphany
  fetchmail
  glabels
  gnome-maps (40.4 -> 40.5)
  gnome-packagekit
  gstreamer-devtools (1.18.3 -> 1.18.5)
  libXi (1.7.10 -> 1.8)
  libcontainers-common
  libtirpc
  libzypp (17.28.3 -> 17.28.4)
  perl-Bootloader (0.935 -> 0.936)
  pidgin-sipe
  pipewire (0.3.35 -> 0.3.36)
  pitivi
  plasma5-workspace
  python-gst (1.18.4 -> 1.18.5)
  python-kiwi (9.23.54 -> 9.23.56)
  rygel
  samba (4.14.6+git.168.6a9fc8a1ddd -> 4.14.6+git.182.2205d5224e3)
  transactional-update (3.5.4 -> 3.5.5)
  xfce4-whiskermenu-plugin (2.5.3 -> 2.6.0)
  xkeyboard-config
  xorgproto (2021.4 -> 2021.5)

=== Details ===

==== LibVNCServer ====
Subpackages: libvncclient1 libvncserver1

- purposedly adding just this changelog entry
- previous version updates fixed also:
  * CVE-2020-14398 [bsc#1173880] -- improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c
  * CVE-2017-18922 [bsc#1173477] -- preauth buffer overwrite
  * CVE-2018-20748 [bsc#1123823] -- libvnc contains multiple heap out-of-bounds writes
  * CVE-2020-25708 [bsc#1178682] -- libvncserver/rfbserver.c has a divide by zero which could result in DoS
  * CVE-2018-21247 [bsc#1173874] -- uninitialized memory contents are vulnerable to Information leak
  * CVE-2018-20750 [bsc#1123832] -- heap out-of-bounds write vulnerability in libvncserver/rfbserver.c
  * CVE-2020-14397 [bsc#1173700] -- NULL pointer dereference in libvncserver/rfbregion.c
  * CVE-2019-20839 [bsc#1173875] -- buffer overflow in ConnectClientToUnixSock()
  * CVE-2020-14401 [bsc#1173694] -- potential integer overflows in libvncserver/scale.c
  * CVE-2020-14400 [bsc#1173691] -- Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c.
  * CVE-2019-20840 [bsc#1173876] -- unaligned accesses in hybiReadAndDecode can lead to denial of service
  * CVE-2020-14399 [bsc#1173743] -- Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c.
  * CVE-2020-14402 [bsc#1173701] -- out-of-bounds access via encodings.
  * CVE-2020-14403 [bsc#1173701]
  * CVE-2020-14404 [bsc#1173701]

==== alpine ====
Version update (2.24 -> 2.25)
Subpackages: pico

- Update to release 2.25
  * New configuration variable VAR_ssl-ciphers that allows users
    to list the ciphers to use when connecting to a SSL
    server.
  * New hidden feature FEAT_enable-delete-before-writing to add
    support for terminals that need lines to be deleted before
    being written.
  * Always follow ?suppress-asterisks-in-password-prompt? setting
    in the various password prompts.
  * Fixed a memory corruption when alpine searches for a string
    that is an incomplete utf8 string in a local folder.
  * Fixed: When forwarding a message, replacing an attachment
    might make Alpine re-attach the original attachment.

==== apache2 ====
Version update (2.4.48 -> 2.4.49)

- version update to 2.4.49
  * ) core/mod_proxy/mod_ssl:
    Adding `outgoing` flag to conn_rec, indicating a connection is
    initiated by the server to somewhere, in contrast to incoming
    connections from clients.
    Adding 'ap_ssl_bind_outgoing()` function that marks a connection
    as outgoing and is used by mod_proxy instead of the previous
    optional function `ssl_engine_set`. This enables other SSL
    module to secure proxy connections.
    The optional functions `ssl_engine_set`, `ssl_engine_disable` and
    `ssl_proxy_enable` are now provided by the core to have backward
    compatibility with non-httpd modules that might use them. mod_ssl
    itself no longer registers these functions, but keeps them in its
    header for backward compatibility.
    The core provided optional function wrap any registered function
    like it was done for `ssl_is_ssl`.
    [Stefan Eissing]
  * ) mod_ssl: Support logging private key material for use with
    wireshark via log file given by SSLKEYLOGFILE environment
    variable.  Requires OpenSSL 1.1.1.  PR 63391.  [Joe Orton]
  * ) mod_proxy: Do not canonicalize the proxied URL when both "nocanon" and
    "ProxyPassInterpolateEnv On" are configured.  PR 65549.
    [Joel Self <joelself gmail.com>]
  * ) mpm_event: Fix children processes possibly not stopped on graceful
    restart.  PR 63169.  [Joel Self <joelself gmail.com>]
  * ) mod_proxy: Fix a potential infinite loop when tunneling Upgrade(d)
    protocols from mod_proxy_http, and a timeout triggering falsely when
    using mod_proxy_wstunnel, mod_proxy_connect or mod_proxy_http with
    upgrade= setting.  PRs 65521 and 65519.  [Yann Ylavic]
  * ) mod_unique_id: Reduce the time window where duplicates may be generated
    PR 65159
    [Christophe Jaillet]
  * ) mpm_prefork: Block signals for child_init hooks to prevent potential
    threads created from there to catch MPM's signals.
    [Ruediger Pluem, Yann Ylavic]
  * ) Revert "mod_unique_id: Fix potential duplicated ID generation under heavy load.
    PR 65159" added in 2.4.47.
    This causes issue on Windows.
    [Christophe Jaillet]
  * ) mod_proxy_uwsgi: Fix PATH_INFO setting for generic worker.  [Yann Ylavic]
  * ) mod_md: Certificate/keys pairs are verified as matching before a renewal is accepted
    as successful or a staged renewal is replacing the existing certificates.
    This avoid potential mess ups in the md store file system to render the active
    certificates non-working. [@mkauf]
  * ) mod_proxy: Faster unix socket path parsing in the "proxy:" URL.
    [Yann Ylavic]
  * ) mod_ssl: tighten the handling of ALPN for outgoing (proxy)
    connections. If ALPN protocols are provided and sent to the
    remote server, the received protocol selected is inspected
    and checked for a match. Without match, the peer handshake
    fails.
    An exception is the proposal of "http/1.1" where it is
    accepted if the remote server did not answer ALPN with
    a selected protocol. This accomodates for hosts that do
    not observe/support ALPN and speak http/1.x be default.
  * ) mod_proxy: Fix possible reuse/merging of Proxy(Pass)Match worker instances
    with others when their URLs contain a '$' substitution.  PR 65419 + 65429.
    [Yann Ylavic]
  * ) mod_dav: Add method_precondition hook. WebDAV extensions define
    conditions that must exist before a WebDAV method can be executed.
    This hook allows a WebDAV extension to verify these preconditions.
    [Graham Leggett]
  * ) Add hooks deliver_report and gather_reports to mod_dav.h. Allows other
    modules apart from versioning implementations to handle the REPORT method.
    [Graham Leggett]
  * ) Add dav_get_provider(), dav_open_lockdb(), dav_close_lockdb() and
    dav_get_resource() to mod_dav.h. [Graham Leggett]
  * ) core: fix ap_escape_quotes substitution logic. [Eric Covener]
  * ) Easy patches: synch 2.4.x and trunk
  - mod_auth_basic: Use ap_cstr_casecmp instead of strcasecmp.
  - mod_ldap: log and abort locking errors.
  - mod_ldap: style fix for r1831165
  - mod_ldap: build break fix for r1831165
  - mod_deflate: Avoid hard-coded "%ld" format strings in mod_deflate's logging statements
  - mod_deflate: Use apr_uint64_t instead of uint64_t (follow up to r1849590)
  - mod_forensic: Follow up to r1856490: missing one mod_log_forensic test_char_table case.
  - mod_rewrite: Save a few cycles.
  - mod_request: Fix a comment (missing '_' in 'keep_body') and some style issues
  - core: remove extra whitespace in HTTP_NOT_IMPLEMENTED
    [Christophe Jaillet]
  * ) core/mpm: add hook 'child_stopping` that gets called when the MPM is
    stopping a child process. The additional `graceful` parameter allows
    registered hooks to free resources early during a graceful shutdown.
    [Yann Ylavic, Stefan Eissing]
  * ) mod_proxy: Fix icomplete initialization of BalancerMember(s) from the
    balancer-manager, which can lead to a crash.  [Yann Ylavic]
  * ) mpm_event: Fix graceful stop/restart of children processes if connections
    are in lingering close for too long.  [Yann Ylavic]
  * ) mod_md: fixed a potential null pointer dereference if ACME/OCSP
    server returned 2xx responses without content type. Reported by chuangwen.
    [chuangwen, Stefan Eissing]
  * ) mod_md:
  - Domain names in `<MDomain ...>` can now appear in quoted form.
  - Fixed a failure in ACME challenge selection that aborted further searches
    when the tls-alpn-01 method did not seem to be suitable.
  - Changed the tls-alpn-01 setup to only become unsuitable when none of the
    dns names showed support for a configured 'Protocols ... acme-tls/1'. This
    allows use of tls-alpn-01 for dns names that are not mapped to a VirtualHost.
  * ) Add CPING to health check logic. [Jean-Frederic Clere]
  * ) core: Split ap_create_request() from ap_read_request(). [Graham Leggett]
  * ) core, h2: common ap_parse_request_line() and ap_check_request_header()
    code. [Yann Ylavic]
  * ) core: Add StrictHostCheck to allow unconfigured hostnames to be
    rejected. [Eric Covener]
  * ) htcacheclean: Improve help messages.  [Christophe Jaillet]
- modified patches
  % apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch (refreshed)
- modified sources
  % apache2.keyring

==== apache2-manual ====
Version update (2.4.48 -> 2.4.49)

- version update to 2.4.49
  * ) core/mod_proxy/mod_ssl:
    Adding `outgoing` flag to conn_rec, indicating a connection is
    initiated by the server to somewhere, in contrast to incoming
    connections from clients.
    Adding 'ap_ssl_bind_outgoing()` function that marks a connection
    as outgoing and is used by mod_proxy instead of the previous
    optional function `ssl_engine_set`. This enables other SSL
    module to secure proxy connections.
    The optional functions `ssl_engine_set`, `ssl_engine_disable` and
    `ssl_proxy_enable` are now provided by the core to have backward
    compatibility with non-httpd modules that might use them. mod_ssl
    itself no longer registers these functions, but keeps them in its
    header for backward compatibility.
    The core provided optional function wrap any registered function
    like it was done for `ssl_is_ssl`.
    [Stefan Eissing]
  * ) mod_ssl: Support logging private key material for use with
    wireshark via log file given by SSLKEYLOGFILE environment
    variable.  Requires OpenSSL 1.1.1.  PR 63391.  [Joe Orton]
  * ) mod_proxy: Do not canonicalize the proxied URL when both "nocanon" and
    "ProxyPassInterpolateEnv On" are configured.  PR 65549.
    [Joel Self <joelself gmail.com>]
  * ) mpm_event: Fix children processes possibly not stopped on graceful
    restart.  PR 63169.  [Joel Self <joelself gmail.com>]
  * ) mod_proxy: Fix a potential infinite loop when tunneling Upgrade(d)
    protocols from mod_proxy_http, and a timeout triggering falsely when
    using mod_proxy_wstunnel, mod_proxy_connect or mod_proxy_http with
    upgrade= setting.  PRs 65521 and 65519.  [Yann Ylavic]
  * ) mod_unique_id: Reduce the time window where duplicates may be generated
    PR 65159
    [Christophe Jaillet]
  * ) mpm_prefork: Block signals for child_init hooks to prevent potential
    threads created from there to catch MPM's signals.
    [Ruediger Pluem, Yann Ylavic]
  * ) Revert "mod_unique_id: Fix potential duplicated ID generation under heavy load.
    PR 65159" added in 2.4.47.
    This causes issue on Windows.
    [Christophe Jaillet]
  * ) mod_proxy_uwsgi: Fix PATH_INFO setting for generic worker.  [Yann Ylavic]
  * ) mod_md: Certificate/keys pairs are verified as matching before a renewal is accepted
    as successful or a staged renewal is replacing the existing certificates.
    This avoid potential mess ups in the md store file system to render the active
    certificates non-working. [@mkauf]
  * ) mod_proxy: Faster unix socket path parsing in the "proxy:" URL.
    [Yann Ylavic]
  * ) mod_ssl: tighten the handling of ALPN for outgoing (proxy)
    connections. If ALPN protocols are provided and sent to the
    remote server, the received protocol selected is inspected
    and checked for a match. Without match, the peer handshake
    fails.
    An exception is the proposal of "http/1.1" where it is
    accepted if the remote server did not answer ALPN with
    a selected protocol. This accomodates for hosts that do
    not observe/support ALPN and speak http/1.x be default.
  * ) mod_proxy: Fix possible reuse/merging of Proxy(Pass)Match worker instances
    with others when their URLs contain a '$' substitution.  PR 65419 + 65429.
    [Yann Ylavic]
  * ) mod_dav: Add method_precondition hook. WebDAV extensions define
    conditions that must exist before a WebDAV method can be executed.
    This hook allows a WebDAV extension to verify these preconditions.
    [Graham Leggett]
  * ) Add hooks deliver_report and gather_reports to mod_dav.h. Allows other
    modules apart from versioning implementations to handle the REPORT method.
    [Graham Leggett]
  * ) Add dav_get_provider(), dav_open_lockdb(), dav_close_lockdb() and
    dav_get_resource() to mod_dav.h. [Graham Leggett]
  * ) core: fix ap_escape_quotes substitution logic. [Eric Covener]
  * ) Easy patches: synch 2.4.x and trunk
  - mod_auth_basic: Use ap_cstr_casecmp instead of strcasecmp.
  - mod_ldap: log and abort locking errors.
  - mod_ldap: style fix for r1831165
  - mod_ldap: build break fix for r1831165
  - mod_deflate: Avoid hard-coded "%ld" format strings in mod_deflate's logging statements
  - mod_deflate: Use apr_uint64_t instead of uint64_t (follow up to r1849590)
  - mod_forensic: Follow up to r1856490: missing one mod_log_forensic test_char_table case.
  - mod_rewrite: Save a few cycles.
  - mod_request: Fix a comment (missing '_' in 'keep_body') and some style issues
  - core: remove extra whitespace in HTTP_NOT_IMPLEMENTED
    [Christophe Jaillet]
  * ) core/mpm: add hook 'child_stopping` that gets called when the MPM is
    stopping a child process. The additional `graceful` parameter allows
    registered hooks to free resources early during a graceful shutdown.
    [Yann Ylavic, Stefan Eissing]
  * ) mod_proxy: Fix icomplete initialization of BalancerMember(s) from the
    balancer-manager, which can lead to a crash.  [Yann Ylavic]
  * ) mpm_event: Fix graceful stop/restart of children processes if connections
    are in lingering close for too long.  [Yann Ylavic]
  * ) mod_md: fixed a potential null pointer dereference if ACME/OCSP
    server returned 2xx responses without content type. Reported by chuangwen.
    [chuangwen, Stefan Eissing]
  * ) mod_md:
  - Domain names in `<MDomain ...>` can now appear in quoted form.
  - Fixed a failure in ACME challenge selection that aborted further searches
    when the tls-alpn-01 method did not seem to be suitable.
  - Changed the tls-alpn-01 setup to only become unsuitable when none of the
    dns names showed support for a configured 'Protocols ... acme-tls/1'. This
    allows use of tls-alpn-01 for dns names that are not mapped to a VirtualHost.
  * ) Add CPING to health check logic. [Jean-Frederic Clere]
  * ) core: Split ap_create_request() from ap_read_request(). [Graham Leggett]
  * ) core, h2: common ap_parse_request_line() and ap_check_request_header()
    code. [Yann Ylavic]
  * ) core: Add StrictHostCheck to allow unconfigured hostnames to be
    rejected. [Eric Covener]
  * ) htcacheclean: Improve help messages.  [Christophe Jaillet]
- modified patches
  % apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch (refreshed)
- modified sources
  % apache2.keyring

==== apache2-prefork ====
Version update (2.4.48 -> 2.4.49)

- version update to 2.4.49
  * ) core/mod_proxy/mod_ssl:
    Adding `outgoing` flag to conn_rec, indicating a connection is
    initiated by the server to somewhere, in contrast to incoming
    connections from clients.
    Adding 'ap_ssl_bind_outgoing()` function that marks a connection
    as outgoing and is used by mod_proxy instead of the previous
    optional function `ssl_engine_set`. This enables other SSL
    module to secure proxy connections.
    The optional functions `ssl_engine_set`, `ssl_engine_disable` and
    `ssl_proxy_enable` are now provided by the core to have backward
    compatibility with non-httpd modules that might use them. mod_ssl
    itself no longer registers these functions, but keeps them in its
    header for backward compatibility.
    The core provided optional function wrap any registered function
    like it was done for `ssl_is_ssl`.
    [Stefan Eissing]
  * ) mod_ssl: Support logging private key material for use with
    wireshark via log file given by SSLKEYLOGFILE environment
    variable.  Requires OpenSSL 1.1.1.  PR 63391.  [Joe Orton]
  * ) mod_proxy: Do not canonicalize the proxied URL when both "nocanon" and
    "ProxyPassInterpolateEnv On" are configured.  PR 65549.
    [Joel Self <joelself gmail.com>]
  * ) mpm_event: Fix children processes possibly not stopped on graceful
    restart.  PR 63169.  [Joel Self <joelself gmail.com>]
  * ) mod_proxy: Fix a potential infinite loop when tunneling Upgrade(d)
    protocols from mod_proxy_http, and a timeout triggering falsely when
    using mod_proxy_wstunnel, mod_proxy_connect or mod_proxy_http with
    upgrade= setting.  PRs 65521 and 65519.  [Yann Ylavic]
  * ) mod_unique_id: Reduce the time window where duplicates may be generated
    PR 65159
    [Christophe Jaillet]
  * ) mpm_prefork: Block signals for child_init hooks to prevent potential
    threads created from there to catch MPM's signals.
    [Ruediger Pluem, Yann Ylavic]
  * ) Revert "mod_unique_id: Fix potential duplicated ID generation under heavy load.
    PR 65159" added in 2.4.47.
    This causes issue on Windows.
    [Christophe Jaillet]
  * ) mod_proxy_uwsgi: Fix PATH_INFO setting for generic worker.  [Yann Ylavic]
  * ) mod_md: Certificate/keys pairs are verified as matching before a renewal is accepted
    as successful or a staged renewal is replacing the existing certificates.
    This avoid potential mess ups in the md store file system to render the active
    certificates non-working. [@mkauf]
  * ) mod_proxy: Faster unix socket path parsing in the "proxy:" URL.
    [Yann Ylavic]
  * ) mod_ssl: tighten the handling of ALPN for outgoing (proxy)
    connections. If ALPN protocols are provided and sent to the
    remote server, the received protocol selected is inspected
    and checked for a match. Without match, the peer handshake
    fails.
    An exception is the proposal of "http/1.1" where it is
    accepted if the remote server did not answer ALPN with
    a selected protocol. This accomodates for hosts that do
    not observe/support ALPN and speak http/1.x be default.
  * ) mod_proxy: Fix possible reuse/merging of Proxy(Pass)Match worker instances
    with others when their URLs contain a '$' substitution.  PR 65419 + 65429.
    [Yann Ylavic]
  * ) mod_dav: Add method_precondition hook. WebDAV extensions define
    conditions that must exist before a WebDAV method can be executed.
    This hook allows a WebDAV extension to verify these preconditions.
    [Graham Leggett]
  * ) Add hooks deliver_report and gather_reports to mod_dav.h. Allows other
    modules apart from versioning implementations to handle the REPORT method.
    [Graham Leggett]
  * ) Add dav_get_provider(), dav_open_lockdb(), dav_close_lockdb() and
    dav_get_resource() to mod_dav.h. [Graham Leggett]
  * ) core: fix ap_escape_quotes substitution logic. [Eric Covener]
  * ) Easy patches: synch 2.4.x and trunk
  - mod_auth_basic: Use ap_cstr_casecmp instead of strcasecmp.
  - mod_ldap: log and abort locking errors.
  - mod_ldap: style fix for r1831165
  - mod_ldap: build break fix for r1831165
  - mod_deflate: Avoid hard-coded "%ld" format strings in mod_deflate's logging statements
  - mod_deflate: Use apr_uint64_t instead of uint64_t (follow up to r1849590)
  - mod_forensic: Follow up to r1856490: missing one mod_log_forensic test_char_table case.
  - mod_rewrite: Save a few cycles.
  - mod_request: Fix a comment (missing '_' in 'keep_body') and some style issues
  - core: remove extra whitespace in HTTP_NOT_IMPLEMENTED
    [Christophe Jaillet]
  * ) core/mpm: add hook 'child_stopping` that gets called when the MPM is
    stopping a child process. The additional `graceful` parameter allows
    registered hooks to free resources early during a graceful shutdown.
    [Yann Ylavic, Stefan Eissing]
  * ) mod_proxy: Fix icomplete initialization of BalancerMember(s) from the
    balancer-manager, which can lead to a crash.  [Yann Ylavic]
  * ) mpm_event: Fix graceful stop/restart of children processes if connections
    are in lingering close for too long.  [Yann Ylavic]
  * ) mod_md: fixed a potential null pointer dereference if ACME/OCSP
    server returned 2xx responses without content type. Reported by chuangwen.
    [chuangwen, Stefan Eissing]
  * ) mod_md:
  - Domain names in `<MDomain ...>` can now appear in quoted form.
  - Fixed a failure in ACME challenge selection that aborted further searches
    when the tls-alpn-01 method did not seem to be suitable.
  - Changed the tls-alpn-01 setup to only become unsuitable when none of the
    dns names showed support for a configured 'Protocols ... acme-tls/1'. This
    allows use of tls-alpn-01 for dns names that are not mapped to a VirtualHost.
  * ) Add CPING to health check logic. [Jean-Frederic Clere]
  * ) core: Split ap_create_request() from ap_read_request(). [Graham Leggett]
  * ) core, h2: common ap_parse_request_line() and ap_check_request_header()
    code. [Yann Ylavic]
  * ) core: Add StrictHostCheck to allow unconfigured hostnames to be
    rejected. [Eric Covener]
  * ) htcacheclean: Improve help messages.  [Christophe Jaillet]
- modified patches
  % apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch (refreshed)
- modified sources
  % apache2.keyring

==== apache2-utils ====
Version update (2.4.48 -> 2.4.49)

- version update to 2.4.49
  * ) core/mod_proxy/mod_ssl:
    Adding `outgoing` flag to conn_rec, indicating a connection is
    initiated by the server to somewhere, in contrast to incoming
    connections from clients.
    Adding 'ap_ssl_bind_outgoing()` function that marks a connection
    as outgoing and is used by mod_proxy instead of the previous
    optional function `ssl_engine_set`. This enables other SSL
    module to secure proxy connections.
    The optional functions `ssl_engine_set`, `ssl_engine_disable` and
    `ssl_proxy_enable` are now provided by the core to have backward
    compatibility with non-httpd modules that might use them. mod_ssl
    itself no longer registers these functions, but keeps them in its
    header for backward compatibility.
    The core provided optional function wrap any registered function
    like it was done for `ssl_is_ssl`.
    [Stefan Eissing]
  * ) mod_ssl: Support logging private key material for use with
    wireshark via log file given by SSLKEYLOGFILE environment
    variable.  Requires OpenSSL 1.1.1.  PR 63391.  [Joe Orton]
  * ) mod_proxy: Do not canonicalize the proxied URL when both "nocanon" and
    "ProxyPassInterpolateEnv On" are configured.  PR 65549.
    [Joel Self <joelself gmail.com>]
  * ) mpm_event: Fix children processes possibly not stopped on graceful
    restart.  PR 63169.  [Joel Self <joelself gmail.com>]
  * ) mod_proxy: Fix a potential infinite loop when tunneling Upgrade(d)
    protocols from mod_proxy_http, and a timeout triggering falsely when
    using mod_proxy_wstunnel, mod_proxy_connect or mod_proxy_http with
    upgrade= setting.  PRs 65521 and 65519.  [Yann Ylavic]
  * ) mod_unique_id: Reduce the time window where duplicates may be generated
    PR 65159
    [Christophe Jaillet]
  * ) mpm_prefork: Block signals for child_init hooks to prevent potential
    threads created from there to catch MPM's signals.
    [Ruediger Pluem, Yann Ylavic]
  * ) Revert "mod_unique_id: Fix potential duplicated ID generation under heavy load.
    PR 65159" added in 2.4.47.
    This causes issue on Windows.
    [Christophe Jaillet]
  * ) mod_proxy_uwsgi: Fix PATH_INFO setting for generic worker.  [Yann Ylavic]
  * ) mod_md: Certificate/keys pairs are verified as matching before a renewal is accepted
    as successful or a staged renewal is replacing the existing certificates.
    This avoid potential mess ups in the md store file system to render the active
    certificates non-working. [@mkauf]
  * ) mod_proxy: Faster unix socket path parsing in the "proxy:" URL.
    [Yann Ylavic]
  * ) mod_ssl: tighten the handling of ALPN for outgoing (proxy)
    connections. If ALPN protocols are provided and sent to the
    remote server, the received protocol selected is inspected
    and checked for a match. Without match, the peer handshake
    fails.
    An exception is the proposal of "http/1.1" where it is
    accepted if the remote server did not answer ALPN with
    a selected protocol. This accomodates for hosts that do
    not observe/support ALPN and speak http/1.x be default.
  * ) mod_proxy: Fix possible reuse/merging of Proxy(Pass)Match worker instances
    with others when their URLs contain a '$' substitution.  PR 65419 + 65429.
    [Yann Ylavic]
  * ) mod_dav: Add method_precondition hook. WebDAV extensions define
    conditions that must exist before a WebDAV method can be executed.
    This hook allows a WebDAV extension to verify these preconditions.
    [Graham Leggett]
  * ) Add hooks deliver_report and gather_reports to mod_dav.h. Allows other
    modules apart from versioning implementations to handle the REPORT method.
    [Graham Leggett]
  * ) Add dav_get_provider(), dav_open_lockdb(), dav_close_lockdb() and
    dav_get_resource() to mod_dav.h. [Graham Leggett]
  * ) core: fix ap_escape_quotes substitution logic. [Eric Covener]
  * ) Easy patches: synch 2.4.x and trunk
  - mod_auth_basic: Use ap_cstr_casecmp instead of strcasecmp.
  - mod_ldap: log and abort locking errors.
  - mod_ldap: style fix for r1831165
  - mod_ldap: build break fix for r1831165
  - mod_deflate: Avoid hard-coded "%ld" format strings in mod_deflate's logging statements
  - mod_deflate: Use apr_uint64_t instead of uint64_t (follow up to r1849590)
  - mod_forensic: Follow up to r1856490: missing one mod_log_forensic test_char_table case.
  - mod_rewrite: Save a few cycles.
  - mod_request: Fix a comment (missing '_' in 'keep_body') and some style issues
  - core: remove extra whitespace in HTTP_NOT_IMPLEMENTED
    [Christophe Jaillet]
  * ) core/mpm: add hook 'child_stopping` that gets called when the MPM is
    stopping a child process. The additional `graceful` parameter allows
    registered hooks to free resources early during a graceful shutdown.
    [Yann Ylavic, Stefan Eissing]
  * ) mod_proxy: Fix icomplete initialization of BalancerMember(s) from the
    balancer-manager, which can lead to a crash.  [Yann Ylavic]
  * ) mpm_event: Fix graceful stop/restart of children processes if connections
    are in lingering close for too long.  [Yann Ylavic]
  * ) mod_md: fixed a potential null pointer dereference if ACME/OCSP
    server returned 2xx responses without content type. Reported by chuangwen.
    [chuangwen, Stefan Eissing]
  * ) mod_md:
  - Domain names in `<MDomain ...>` can now appear in quoted form.
  - Fixed a failure in ACME challenge selection that aborted further searches
    when the tls-alpn-01 method did not seem to be suitable.
  - Changed the tls-alpn-01 setup to only become unsuitable when none of the
    dns names showed support for a configured 'Protocols ... acme-tls/1'. This
    allows use of tls-alpn-01 for dns names that are not mapped to a VirtualHost.
  * ) Add CPING to health check logic. [Jean-Frederic Clere]
  * ) core: Split ap_create_request() from ap_read_request(). [Graham Leggett]
  * ) core, h2: common ap_parse_request_line() and ap_check_request_header()
    code. [Yann Ylavic]
  * ) core: Add StrictHostCheck to allow unconfigured hostnames to be
    rejected. [Eric Covener]
  * ) htcacheclean: Improve help messages.  [Christophe Jaillet]
- modified patches
  % apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch (refreshed)
- modified sources
  % apache2.keyring

==== cppcheck ====

- Add glibc 2.34 build fix:
  * 0001-Fix-compilation-with-recent-glibc-where-SIGSTKSZ-is-.patch

==== cryptsetup ====
Version update (2.4.0 -> 2.4.1)
Subpackages: cryptsetup-lang libcryptsetup12 libcryptsetup12-32bit libcryptsetup12-hmac

- cryptsetup 2.4.1
  * Fix compilation for libc implementations without dlvsym().
  * Fix compilation and tests on systems with non-standard libraries
  * Try to workaround some issues on systems without udev support.
  * Fixes for OpenSSL3 crypto backend (including FIPS mode).
  * Print error message when assigning a token to an inactive keyslot.
  * Fix offset bug in LUKS2 encryption code if --offset option was used.
  * Do not allow LUKS2 decryption for devices with data offset.
  * Fix LUKS1 cryptsetup repair command for some specific problems.

==== e2fsprogs ====
Version update (1.46.3 -> 1.46.4)
Subpackages: e2fsprogs-scrub libcom_err2 libcom_err2-32bit libext2fs2

- Update to 1.46.4:
  * Default to 256-byte inodes for all filesystems, not only larger ones
  * Bigalloc is considered supported now for small cluster sizes
  * E2fsck and e2image fixes for quota feature
  * Fix mke2fs creation of filesystem into non-existent file
- libss-add-newer-libreadline.so.8-to-dlopen-path.patch: libss: add newer
  libreadline.so.8 to dlopen path (bsc#1189453)
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
  * harden_e2scrub@.service.patch
  * harden_e2scrub_all.service.patch
  * harden_e2scrub_fail@.service.patch
  * harden_e2scrub_reap.service.patch

==== eog-plugins ====
Subpackages: eog-plugins-lang

- Remove obsolete translation-update-upstream support
  (jsc#SLE-21105).

==== epiphany ====
Subpackages: epiphany-lang gnome-shell-search-provider-epiphany

- Remove obsolete translation-update-upstream support
  (jsc#SLE-21105).

==== fetchmail ====
Subpackages: fetchmailconf

- Added hardening to systemd service(s) (bsc#1181400). Modified:
  * fetchmail.service

==== glabels ====
Subpackages: glabels-lang

- Remove obsolete translation-update-upstream support
  (jsc#SLE-21105).

==== gnome-maps ====
Version update (40.4 -> 40.5)
Subpackages: gnome-maps-lang

- Update to version 40.5:
  + Updated translations.

==== gnome-packagekit ====
Subpackages: gnome-packagekit-lang

- Add gnome-packagekit-drop-NEWEST-on-get-updates.patch: Don't use
  PK_FILTER_ENUM_NEWEST filter when getting updates
  (glgo#GNOME/gnome-packagekit!3, bsc#1190330).

==== gstreamer-devtools ====
Version update (1.18.3 -> 1.18.5)
Subpackages: libgstvalidate-1_0-0 typelib-1_0-GstValidate-1_0

- Update to version 1.18.5:
  + scenario: Fix EOS handling in seek_forward.scenario
  + validate-utils: Only modify structure fields that really need
    updates
  + Don't use volatile to mean atomic (fixes compiler warnings with
    gcc 11)
- Changes from version 1.18.4:
  + No changes

==== libXi ====
Version update (1.7.10 -> 1.8)
Subpackages: libXi6 libXi6-32bit

- Update to version 1.8
  * This release of libXi marks the support of XI 2.4 touchpad
    gesture events official. This feature is the only difference
    between libXi 1.8 and the latest release in the 1.7.x series
    (1.7.10).

==== libcontainers-common ====

- Comment out ostree_repo if it's blank [boo#1189893]
- Comment out ostree_repo [boo#1189893]

==== libtirpc ====
Subpackages: libtirpc-netconfig libtirpc3 libtirpc3-32bit

- Backport DoS vulnerability fix 0001-Fix-DoS-vulnerability-in-libtirpc.patch
- Replace %setup with %autosetup

==== libzypp ====
Version update (17.28.3 -> 17.28.4)

- Make sure to keep states alives while transitioning
  (bsc#1190199)
- May set techpreview variables for testing in /etc/zypp/zypp.conf.
  If environment variables are unhandy one may enable the desired
  techpreview in zypp.conf as well:
    [main]
    techpreview.ZYPP_SINGLE_RPMTRANS=1
    techpreview.ZYPP_MEDIANETWORK=1
- version 17.28.4 (22)

==== perl-Bootloader ====
Version update (0.935 -> 0.936)

- merge gh#openSUSE/perl-bootloader#136
- report error if config file could not be updated (bsc#1188768)
- 0.936

==== pidgin-sipe ====
Subpackages: libpurple-plugin-sipe libpurple-plugin-sipe-lang pidgin-plugin-sipe

- Remove obsolete translation-update-upstream support
  (jsc#SLE-21105).

==== pipewire ====
Version update (0.3.35 -> 0.3.36)
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-lang pipewire-media-session pipewire-modules pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools

- Add patches from upstream to fix an "use-after-free" error and
  to set the version number correctly:
  * 0001-media-session-dont-use-after-free-if-linking-node-removed.patch
  * 0002-update-version-number-as-well.patch
- Update to version 0.3.36:
  * Highlights
  - A quick update with mostly only bugfixes and small
    improvements.
  - Capture and playback is now avoided on unavailable devices.
    This should fix some issues where an unusable microphone was
    selected by default.
  - MIDI output should not stop randomly now.
  - The GStreamer elements are much improved, cheese should work
    a lot better now.
  - Virtual sinks and sources should now always show up
    immediately.
  - JACK processing is now delayed until buffersize and
    samplerate are emited. This should improve stability of many
    JACK apps.
  - JACK transport sync is now implemented correctly so that
    preroll in bitwig works.
  * PipeWire
  - The module dir environment variable can now contain multiple
    paths.
  - Documentation now contains dot graphs of dependencies.
    (#1585)
  - config min/max/default quantum values are now scaled with the
    samplerate.
  - A potential crash was fixed where destroyed memory was still
    used by a node. This could cause crashes in cheese.
  * pipewire-media-session
  - Only allow passthrough for passthrough formats (S/PDIF) for
    now. (#1587)
  - Improve bluetooth profile autoswitch.
  - Don't try to route audio to nodes with unavailable routes.
  * ALSA
  - Pass the right AES bits to the alsa device when opening an
    S/PDIF stream.
  - Fix a bug in the MIDI bridge port management logic. When a
    port was added and immediately removed, output would stop.
  * GStreamer
  - The GStreamer source now handles the flushing state
    correctly.
  - All blocking operations now have a 30 seconds timeout, to
    avoid infinite locks.
  * Plugins
  - V4l2 Device formats and controls are now passed on the node,
    just like with audio devices.
  - audioconvert now also exposes the softMute property.
  * JACK
  - Improve stability when changing buffer size and sample rate
    dynamically by pausing the processing until the application
    has handled the callback.
  - Improve handling of timebase master. When the master was
    moved to another driver, it did not attempt to become a new
    timebase master on the new driver. (#1589)
  - Implement transport sync to make preroll in bitwig work.
    (#1589)
  * pulse-server
  - Fix an issue where virtual sinks/sources would not show up
    immediately. (#1588)

==== pitivi ====
Subpackages: pitivi-lang

- Remove obsolete translation-update-upstream support
  (jsc#SLE-21105).

==== plasma5-workspace ====
Subpackages: gmenudbusmenuproxy plasma5-session plasma5-session-wayland plasma5-workspace-lang plasma5-workspace-libs xembedsniproxy

- Add upstream patch to fix a bug that would result in power management
  remaining inhibited even after un-inhibiting it in the UI:
  * Call-UnInhibit-with-correct-signature-in-powermanagement-dataengine.patch

==== python-gst ====
Version update (1.18.4 -> 1.18.5)

- Update to version 1.18.5:
  + No changes

==== python-kiwi ====
Version update (9.23.54 -> 9.23.56)

- Bump version: 9.23.55 ? 9.23.56
- Only wipe bundle dir when required
  The given result bundle dir must only be wiped if the
  request to turn the result files into an rpm was given.
  Only in this case the given bundle dir must start empty
- Fixed uninstall handling via dnf, microdnf, zypper
  The above package managers supports uninstall instructions
  like 'iwl*'. In kiwi there was code checking via rpm if
  the packages given to uninstall actually exists. That code
  does not work if the given package to uninstall is an
  instruction that matches a pattern. Therefore if we use
  the uninstall section in the kiwi image description, just
  pass the provided information to the package manager and
  don't try to be clever in kiwi itself.
- Allow to set --logfile for result namespace
  Setting a logfile for e.g 'kiwi-ng result bundle ...'
  is useful and should be possible
- Bump version: 9.23.54 ? 9.23.55
- Added support for building rpm package from bundle
  With the new option --package-as-rpm it is possible to
  call the kiwi result bundler such that the image build
  results gets packaged into an rpm. I think this is a
  handy feature to transport image builds via repositories
- Fixed MicroOS integration test
  With ignition/combustion in place it's not allowed
  to use tmp as a subvolume

==== rygel ====
Subpackages: librygel-core-2_6-2 librygel-server-2_6-2

- Remove obsolete translation-update-upstream support
  (jsc#SLE-21105).

==== samba ====
Version update (4.14.6+git.168.6a9fc8a1ddd -> 4.14.6+git.182.2205d5224e3)
Subpackages: libdcerpc-binding0 libdcerpc-binding0-32bit libdcerpc0 libdcerpc0-32bit libndr-krb5pac0 libndr-krb5pac0-32bit libndr-nbt0 libndr-nbt0-32bit libndr-standard0 libndr-standard0-32bit libndr1 libndr1-32bit libnetapi0 libnetapi0-32bit libsamba-credentials1 libsamba-credentials1-32bit libsamba-errors0 libsamba-errors0-32bit libsamba-hostconfig0 libsamba-hostconfig0-32bit libsamba-passdb0 libsamba-passdb0-32bit libsamba-policy0-python3 libsamba-util0 libsamba-util0-32bit libsamdb0 libsamdb0-32bit libsmbclient0 libsmbconf0 libsmbconf0-32bit libsmbldap2 libsmbldap2-32bit libtevent-util0 libtevent-util0-32bit libwbclient0 libwbclient0-32bit samba-client samba-client-32bit samba-doc samba-libs samba-libs-32bit samba-libs-python3 samba-python3 samba-winbind samba-winbind-32bit

- Add Certificate Auto Enrollment Policy; (jsc#SLE-18457).

==== transactional-update ====
Version update (3.5.4 -> 3.5.5)
Subpackages: dracut-transactional-update libtukit0 transactional-update-zypp-config tukit

- Version 3.5.5
  - t-u: Use tukit for SUSEConnect call [bsc#1190574]
    Correctly registers repositories

==== xfce4-whiskermenu-plugin ====
Version update (2.5.3 -> 2.6.0)
Subpackages: xfce4-whiskermenu-plugin-lang

- Update to version 2.6.0
  * Fix unable to resize with metacity.
    (gxo#panel-plugins/xfce4-whiskermenu-plugin#56)
  * Fix invalid desktop files when hiding applications.
    (gxo#panel-plugins/xfce4-whiskermenu-plugin#53)
  * Fix not showing focused launcher when searching.
    (gxo#panel-plugins/xfce4-whiskermenu-plugin#45)
  * Add option to disable sorting categories.
    (gxo#panel-plugins/xfce4-whiskermenu-plugin#42)
  * Translation updates

==== xkeyboard-config ====
Subpackages: xkeyboard-config-lang

- Remove obsolete translation-update-upstream support
  (jsc#SLE-21105).

==== xorgproto ====
Version update (2021.4 -> 2021.5)

- xorgproto 2021.5
  * This release introduces the version 2.4 of the X Input
    protocol. It contains the addition of the concept of touchpad
    gestures. Touchpad gesture is an interaction of two or more
    fingers that can be interpreted as a swipe or a pinch.