Packages changed:
  389-ds
  MozillaFirefox (92.0.1 -> 93.0)
  MozillaThunderbird (91.1.2 -> 91.2.0)
  atkmm1_6
  ca-certificates (2+git20210723.27a0476 -> 2+git20211004.3efbea9)
  evince (40.4 -> 41.2)
  fetchmail (6.4.21 -> 6.4.22)
  flatpak (1.11.3 -> 1.12.1)
  fwupd (1.5.8 -> 1.6.2)
  gc (8.0.4 -> 8.0.6)
  gegl (0.4.30 -> 0.4.32)
  gjs
  glibmm2_4 (2.66.1 -> 2.66.2)
  glusterfs (9.1 -> 9.3)
  gnome-shell
  gnome-shell-extensions
  grilo (0.3.13 -> 0.3.14)
  grilo-plugins (0.3.13 -> 0.3.14)
  libaom (3.1.2 -> 3.1.3)
  librsvg (2.52.0 -> 2.52.1)
  libstorage-ng (4.4.43 -> 4.4.44)
  libzypp-plugin-appdata
  nano (5.8 -> 5.9)
  ntp
  open-vm-tools (11.3.0 -> 11.3.5)
  pam-config (1.4 -> 1.5)
  pangomm1_4
  perl-Image-ExifTool
  postfix
  postgresql (13 -> 14)
  postgresql14 (13.4 -> 14.0)
  rubygem-ffi (1.15.3 -> 1.15.4)
  rubygem-nokogiri (1.12.3 -> 1.12.5)
  rubygem-parallel (1.20.1 -> 1.21.0)
  rubygem-unf_ext (0.0.7.7 -> 0.0.8)
  rubygem-yast-rake (0.2.41 -> 0.2.42)
  sscep (0.9.1 -> 0.10.0)
  xdg-desktop-portal (1.10.0 -> 1.10.1)
  xfsprogs
  yast2-installation (4.4.19 -> 4.4.20)
  yast2-python-bindings (4.4.1 -> 4.4.2)

=== Details ===

==== 389-ds ====
Subpackages: lib389 libsvrcore0

- Add missing dependency on iproute2 for lib389

==== MozillaFirefox ====
Version update (92.0.1 -> 93.0)
Subpackages: MozillaFirefox-translations-common

- Mozilla Firefox 93.0
  * supports the new AVIF image format
  * PDF viewer now supports filling more forms (XFA-based forms)
  * now blocks downloads that rely on insecure connections,
    protecting against potentially malicious or unsafe downloads
  * Improved web compatibility for privacy protections with SmartBlock 3.0
  * Introducing a new referrer tracking protection in Strict Tracking
    Protection and Private Browsing
  * TLS ciphersuites that use 3DES have been disabled. Such
    ciphersuites can only be enabled when deprecated versions of
    TLS are also enabled
  * The download panel now follows the Firefox visual styles
  MFSA 2021-43 (bsc#1191332)
  * CVE-2021-38496 (bmo#1725335)
    Use-after-free in MessageTask
  * CVE-2021-38497 (bmo#1726621)
    Validation message could have been overlaid on another origin
  * CVE-2021-38498 (bmo#1729642)
    Use-after-free of nsLanguageAtomService object
  * CVE-2021-32810 (bmo#1729813)
    https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw)
    Data race in crossbeam-deque
  * CVE-2021-38500 (bmo#1725854, bmo#1728321)
    Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15,
    and Firefox ESR 91.2
  * CVE-2021-38501 (bmo#1685354, bmo#1715755, bmo#1723176)
    Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
  * CVE-2021-38499 (bmo#1667102, bmo#1723170, bmo#1725356, bmo#1727364)
    Memory safety bugs fixed in Firefox 93
- removed obsolete mozilla-bmo1708709.patch
- require NSS >= 3.70
- allow to override wayland detection by defining MOZ_ENABLE_WAYLAND
  explicitely as 0 or 1
- fix aarch64 build by updating constraints
- add mozilla-bmo1725828.patch to fix widevine (bsc#1190842)
- add mozilla-bmo531915.patch to fix build for i586

==== MozillaThunderbird ====
Version update (91.1.2 -> 91.2.0)
Subpackages: MozillaThunderbird-translations-common

- Mozilla Thunderbird 91.2.0
  * Saving a single message as .eml now uses a unique filename
  * New mail notifications did not properly take subfolders into account
  * Decrypting binary attachments when using an external GnuPG
    configuration failed
  * Account name fields in the account manager were not big enough
    for long names
  * LDAP searches using an extensibleMatch filter returned no results
  * Read-only CalDAV calendars and CardDAV address books were not detected
  * Multipart messages containing a calendar invite did not display
    any of the human-readable alternatives
  * Some calendar days were displayed incorrectly or duplicated
    (eg. two "29th" days of a particular month)
  * Phantom event was shown at the end of each day in Calendar week view
  MFSA 2021-46 (bsc#1191332)
  * CVE-2021-38496 (bmo#1725335)
    Use-after-free in MessageTask
  * CVE-2021-38497 (bmo#1726621)
    Validation message could have been overlaid on another origin
  * CVE-2021-38498 (bmo#1729642)
    Use-after-free of nsLanguageAtomService object
  * CVE-2021-32810 (bmo#1729813,
    https://github.com/crossbeam-
    rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw)
    Data race in crossbeam-deque
  * CVE-2021-38500 (bmo#1725854, bmo#1728321)
    Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15,
    and Firefox ESR 91.2
  * CVE-2021-38501 (bmo#1685354, bmo#1715755, bmo#1723176)
    Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2

==== atkmm1_6 ====

- turn off doc build, it does not work with new doxygen

==== ca-certificates ====
Version update (2+git20210723.27a0476 -> 2+git20211004.3efbea9)

- Update to version 2+git20211004.3efbea9:
  * Ensure --root option propagates prefix properly to other scripts

==== evince ====
Version update (40.4 -> 41.2)
Subpackages: evince-lang evince-plugin-comicsdocument evince-plugin-djvudocument evince-plugin-dvidocument evince-plugin-pdfdocument evince-plugin-tiffdocument evince-plugin-xpsdocument libevdocument3-4 libevview3-3 nautilus-evince typelib-1_0-EvinceDocument-3_0 typelib-1_0-EvinceView-3_0

- Update to version 41.2:
  + data: Remove alphanumeric version from AppStream.
  + Include subproject (libhandy) as part of the tarball.
- Update to version 41.1:
  + build: Revert project name capitalization.
- Changes from version 41.0:
  + backends:
  - Add format attribute to stop warning on string literal
  - Make function static as only used in this file
  - Simplify metadata tags getters
  - Use SaveToBufferData only with "struct" before
  + browser-plugin: Remove browser-plugin support
  + build:
  - Add option to control internal vs external synctex
  - Allow building without libhandy-1 available
  - Bump version requirement for Poppler
  - Fix conversion to match new version scheme
  - Modernize and simplify meson files
  - Remove Changelog target
  - Update build libtiff-4 dependency
  - Use devel icon for unstable version installed
  - Remove c++ dependency, and use only C
  - Fix compilation error when DBus is disabled
  + data:
  - Update URL to submit issues
  - Fix AppData urls for issues
  - Add new-window desktop action
  - Fix donation link
  + help:
  - Fix 404 link to on-wiki bug reporting guidelines
  - Update Evince icon as svg
  - Correct Window action
  + libview:
  - Open new annotation window only for text annotation
  - Fix dual page option ignored for single page documents
  + shell:
  - Add mnemonics to annotations contextual menus
  - Added mnemonic for highlight option in context menu
  - Adding padding to improve readability
  - Always show the annotation window on new annotations
  - Enable annotation actions only in document that supports them
  - Enable odd pages left when dual page is on
  - Expand sidebar annotations by default
  - Fix libhandy includes
  - Implemented headerbar for Annotation Properties dialog
  - Reload annotation sidebar on annotation properties changes
  - Reload the annotation sidebar when the type changes
  - Show annotation contents in sidebar when available
  - Show content in tooltip popup in annotations sidebar
  - Fix g_critical about removing non-existant timer
  - Show filename in recent view when title has only spaces
  - Show None when missing creation/modification date
  - Add comment about logic of 'first_iteration'
  - Use a constant for GString init size
  - Support duration in decimal value
  - Be able to collapse/expand all entries
  + Updated translations.
- Replace c++_compiler with c_compiler BuildRequires.
- Replace libtiff-devel with pkgconfig(libtiff-4) BuildRequires.
- Remove obsolete translation-update-upstream support
  (jsc#SLE-21105).
- Update to version 41.alpha:
  + Backends:
  - Add format attribute to stop warning on string literal.
  - Make function static as only used in this file.
  - Simplify metadata tags getters.
  - Use SaveToBufferData only with "struct" before.
  + browser-plugin: Remove browser-plugin support.
  + Help:
  - Update Evince icon as svg.
  - Correct Window action.
  + libview: dual page option is ignored for single page documents.
  + Shell:
  - Add mnemonics to annotations contextual menus.
  - Added mnemonic for highlight option in context menu.
  - Adding padding to improve readability.
  - Always show the annotation window on new annotations.
  - Enable odd pages left when dual page is on.
  - Expand sidebar annotations by default.
  - Implemented headerbar for Annotation Properties dialog.
  - Reload annotation sidebar on annotation properties changes.
  - Reload the annotation sidebar when the type changes.
  - Show annotation contents in sidebar when available.
  - Show content in tooltip popup in annotations sidebar.
  - Show filename in recent view when title has only spaces.
  - Support duration in decimal value.
  - Be able to collapse/expand all entries.
  - Fix g_critical about removing non-existant timer.
  - Fix compilation error when DBus is disabled.
  - Add new-window desktop action.
  - Show None when missing creation/modification date.
  + Updated translations.

==== fetchmail ====
Version update (6.4.21 -> 6.4.22)
Subpackages: fetchmailconf

- Update to 6.4.22: [bsc#1190069, CVE-2021-39272]
  * OPENSSL AND LICENSING NOTE:
  - fetchmail 6.4.22 is compatible with OpenSSL 1.1.1 and 3.0.0.
    OpenSSL's licensing changed between these releases from dual
    OpenSSL/SSLeay license to Apache License v2.0, which is
    considered incompatible with GPL v2 by the FSF. For
    implications and details, see the file COPYING.
  * SECURITY FIXES:
  - CVE-2021-39272: fetchmail-SA-2021-02: On IMAP connections,
    without --ssl and with nonempty --sslproto, meaning that
    fetchmail is to enforce TLS, and when the server or an attacker
    sends a PREAUTH greeting, fetchmail used to continue an
    unencrypted connection. Now, log the error and abort the
    connection. --Recommendation for servers that support
    SSL/TLS-wrapped or "implicit" mode on a dedicated port
    (default 993): use --ssl, or the ssl user option in an rcfile.
  - On IMAP and POP3 connections, --auth ssh no longer prevents
    STARTTLS negotiation.
  - On IMAP connections, fetchmail does not permit overriding
    a server-side LOGINDISABLED with --auth password any more.
  - On POP3 connections, the possibility for RPA authentication
    (by probing with an AUTH command without arguments) no longer
    prevents STARTTLS negotiation.
  - For POP3 connections, only attempt RPA if the authentication
    type is "any".
  * BUG FIXES:
  - On IMAP connections, when AUTHENTICATE EXTERNAL fails and we
    have received the tagged (= final) response, do not send "*".
  - On IMAP connections, AUTHENTICATE EXTERNAL without username
    will properly send a "=" for protocol compliance.
  - On IMAP connections, AUTHENTICATE EXTERNAL will now check if
    the server advertised SASL-IR (RFC-4959) support and otherwise
    refuse (fetchmail <= 6.4 has not supported and does not support
    the separate challenge/response with command continuation)
  - On IMAP connections, when --auth external is requested but not
    advertised by the server, log a proper error message.
  - Fetchmail no longer crashes when attempting a connection with
  - -plugin "" or --plugout "".
  - Fetchmail no longer leaks memory when processing the arguments
    of --plugin or --plugout on connections.
  - On POP3 connections, the CAPAbilities parser is now caseblind.
  - Fix segfault on configurations with "defaults ... no envelope".
    This is a regression in fetchmail 6.4.3 and happened when
    plugging memory leaks, which did not account for that the
    envelope parameter is special when set as "no envelope". The
    segfault happens in a constant strlen(-1), triggered by trusted
    local input => no vulnerability.
  - Fix program abort (SIGABRT) with "internal error" when invalid
    sslproto is given with OpenSSL 1.1.0 API compatible SSL
    implementations.
  * CHANGES:
  - IMAP: When fetchmail is in not-authenticated state and the server
    volunteers CAPABILITY information, use it and do not re-probe.
    (After STARTTLS, fetchmail must and will re-probe explicitly.)
  - For typical POP3/IMAP ports 110, 143, 993, 995, if port and --ssl
    option do not match, emit a warning and continue.
  - fetchmail.man and README.SSL were updated in line with
    RFC-8314/8996/8997 recommendations to prefer Implicit TLS
    (--ssl/ssl) and TLS v1.2 or newer, placing --sslproto tls1.2+
    more prominently. The defaults shall not change between 6.4.X
    releases for compatibility.
  * Rebase patches:
    fetchmail-add-imap-oauthbearer-support.patch
    fetchmail-add-query_to64_outsize-utility-function.patch
    fetchmail-support-oauthbearer-xoauth2-with-pop3.patch

==== flatpak ====
Version update (1.11.3 -> 1.12.1)
Subpackages: libflatpak0 system-user-flatpak

- Update to version 1.12.1:
  + The security fix in the 1.12.0 release failed when used with
    some older versions of libseccomp (that don't know about the
    new syscalls).
- Update to version 1.12.0:
  + This is the first stable release in the 1.12.x series. The
    major changes in this series is the support for better control
    of sub-sandboxes, as used by the steam flatpak.
  + In addition, this release fixes a security vulnerability in the
    portal support. Some recently added syscalls were not blocked
    by the seccomp rules which allowed the application to create
    sub-sandboxes which can confuse the sandboxing verification
    mechanisms of the portal. This has been fixed by extending the
    seccomp rules (boo#1191507, CVE-2021-41133)
  + Some test fixes
  + Support for specifying the flatpak binary to use during exports
  + Install translations for all languages in the locale, not just
    the ones in LC_MESSAGES.
  + Fix progress reporting in flatpak fsck
  + Handle cases where /var/tmp is a symlink
  + Expose /etc/gai.conf to the sandbox
  + Fix the parental control checks for root
  + Handle missing /etc/ld.so.cache (musl)
  + Updated translations

==== fwupd ====
Version update (1.5.8 -> 1.6.2)
Subpackages: fwupd-lang libfwupd2 typelib-1_0-Fwupd-2_0

- Update to version 1.6.2
  - The fwupd efi program be separated to fwupd-efi package.
  - Removed pesign-obs-integration, moved needssslcertforbuild
    , SBAT and EFI signing stuff to fwupd-efi.
  - Moved libfwupdplugin1 to libfwupdplugin2
- Change log from upstream:
  https://github.com/fwupd/fwupd/blob/main/data/org.freedesktop.fwupd.metainfo.xml
  - This release adds the following features:
  * Add a plugin to check Lenovo firmware settings
  * Add initial support for the powerd daemon
  * Add support for CapsuleOnDisk
  * Add support for installing UEFI updates from GRUB
  * Add support for soft-requirements that can be ignored with --force
  * Allow devices to only accept version upgrades
  * Allow discovery of Redfish BMCs specified by VID-PID or MAC
  * Allow the daemon to request interactive action from the end user
  * Automatically connect the BMC network interface at startup
  * Show the build timestamp if set on the device
  * Show the user how to switch out of Wacom tablet Android-mode
  - This release fixes the following bugs:
  * Add the alternate vendor name into the 8BitDo allowlist
  * Allow multiple devices to set WAIT_FOR_REPLUG
  * Allow the client to watch for more property changes
  * Always ensure the SuperIO version string is NUL terminated
  * Automatically clear the update error as required
  * Disable all UX capsules for Lenovo hardware
  * Do not assume the metainfo file is NUL-terminated
  * Do not save invalid files on LVFS server error
  * Fix a VLI regression in enumerating the PD device
  * Fix a VLI regression when installing VL820Q7 firmware
  * Fix enumeration of the Synaptics Prometheus config child
  * Fix parsing Redfish USB/PCI network VID/PIDs
  * Fix the fwupdmgr progressbar spinner to actually work
  * Fix version number for legacy Wacom Bluetooth modules
  * Ignore virtual M.2 ATA devices
  * Preserve NEEDS_REBOOT on successful update
  * Prevent a corrupt PHAT table from allocating lots of memory
  * Read the Redfish SMBIOS table when required
  * Remove the vendor string from the device name where required
  * Save the update state to the database correctly all of the time
  * Switch from sysctl to ioctl for ESRT on FreeBSD
  * Try reading from /sys/class/dmi if SMBIOS direct access fails
  * Watch for children added or removed after setup has been completed
  * Work around a XCC-ism on Lenovo hardware
  - This release adds support for the following hardware:
  * ModemManager devices supporting Firehose or MBIM QDU
  * More models of RTS54HUB
  * More Poly DFU devices
  * Parade LSPCON
  * PixArt receiver and wireless hardware
  * Realtek MST with RTD2142
  * SuperIO IT5570
  * USB4 Dell dock

==== gc ====
Version update (8.0.4 -> 8.0.6)

- Update to release 8.0.6
  * Allocate start_info struct on the stack in GC_pthread_create.
  * Allow GC_PAUSE_TIME_TARGET environment variable values
    smaller than 5 ms.
  * Disable mprotect-based incremental GC if /proc roots are used.
  * Enable sbrk-to-mmap fallback on major supported Unix-like
    platforms.
  * Ensure process is running on one CPU core if AO ops are
    emulated with locks.
  * Fix data race regarding *rlh value in generic_malloc_many.
  * Fix handling of areas smaller than page size in
    GC_scratch_recycle.
  * Limit number of unmapped regions.

==== gegl ====
Version update (0.4.30 -> 0.4.32)
Subpackages: gegl-0_4 gegl-0_4-lang libgegl-0_4-0

- disable docs until the upstream bug is solved
  https://gitlab.gnome.org/GNOME/gegl/-/issues/294#note_1281553

==== gjs ====
Subpackages: libgjs0 typelib-1_0-GjsPrivate-1_0

- Add upstream crash fixer patches from stable branch:
  + b9e122044a7ccc1e2a3374c680b6ea82066bfa59.patch: arg: Replace
    gsize with size_t
  + 62025d4a2738a36ea5f1a7cebef08b22b5eef613.patch: Handle optional
    out parameters in callbacks
- Stop disabling lto: Following this, stop passing dtrace=true and
  systemtap=true to meson, aswell as dropping systemtap-sdt-devel
  BuildRequires, follow upstream default.
- Add optional pkgconfig(gtk4) BuildRequires: meson checks for it.

==== glibmm2_4 ====
Version update (2.66.1 -> 2.66.2)
Subpackages: libgiomm-2_4-1 libglibmm-2_4-1

- Update to version 2.66.2:
  + Glib, Gio: Replace all g_quark_from_static_string() by
    g_quark_from_string()
  + Gio:
  - FileEnumerator: Remove refreturn to avoid memory leak
  - ListModel::get_object(): Make it work for interface classes
  + Build: MSVC build: Remove extraneous GLIBMM_API in
    Glib::ustring

==== glusterfs ====
Version update (9.1 -> 9.3)
Subpackages: libgfapi0 libgfrpc0 libgfxdr0 libglusterfs0

- Update to release 9.3
  * New reset-brick command
  * Ability to get node level status of a cluster
  * Multi-threaded self-heal for Disperse volumes
  * Lock revocation feature
  * On-demand scrubbing for bitrot detection
  * Real time Cluster notifications using Events APIs
- Move mount helper to /usr/sbin [boo#1191062]

==== gnome-shell ====
Subpackages: gnome-extensions gnome-shell-calendar gnome-shell-lang

- Add 380d2db1d9047ecffcef7d78f00184963b403efc.patch: inputMethod:
  Clear preeditStr before reset. Previously, these were performed
  in a different order before GNOME 41. During some other changes
  they were swapped.
  However, this causes both GTK 3 and GTK 4 applications to scroll
  to incorrect positions from the preedit change.

==== gnome-shell-extensions ====
Subpackages: gnome-shell-classic gnome-shell-extensions-common gnome-shell-extensions-common-lang

- Update sle-classic to version 41
  + Update gse-sle-classic-ext.patch
  + Update sle-classic@suse.com.tar.gz

==== grilo ====
Version update (0.3.13 -> 0.3.14)
Subpackages: grilo-lang libgrilo-0_3-0 libgrlnet-0_3-0 libgrlpls-0_3-0 typelib-1_0-Grl-0_3

- Update to version 0.3.14:
  + CVE-2021-39365: Fix TLS cert validation not being done for any
    network call.
  + Fix double-free when using GrlNet in Python.
  + Load config from GRL_CONFIG_PATH if set.
  + Clarify LGPLv2.1 or later license.
  + Handle numeric limits for GrlOperationOptions.
  + Updated translations.
- Drop grilo-CVE-2021-39365.patch: fixed upstream.

==== grilo-plugins ====
Version update (0.3.13 -> 0.3.14)
Subpackages: grilo-plugin-tracker grilo-plugin-youtube grilo-plugins-lang

- Update to version 0.3.14:
  + Fix lua-factory crash on >= 5.4.3.
  + Clarify LGPLv2.1 or later license.
  + tracker3: Make resolve async.
  + euronews: Use YouTube feeds.
  + Updated translations.
- Drop 108.patch: fixed upstream.

==== libaom ====
Version update (3.1.2 -> 3.1.3)

- Update to version 3.1.3:
  * Update CHANGELOG for v3.1.3-rc2
  * Detect chroma subsampling more directly
  * Detect chroma subsampling more directly
  * image2yuvconfig() should calculate uv_crop_width
  * aom/aom_encoder.h: remove configure option reference
  * aom_encoder.h: fix rc_overshoot_pct range
  * Update AUTHORS,CHANGELOG,CMakeLists.txt for v3.1.3
  * aom_install: don't exclude msvc from install
  * aom_install: use relpath for install
  * aom_install: Install lib dlls to bindir

==== librsvg ====
Version update (2.52.0 -> 2.52.1)
Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 typelib-1_0-Rsvg-2_0

- Update to version 2.52.1:
  + Fix ordering of tspan inside text elements for right-to-left
    languages.
  + Fix text-anchor positioning for right-to-left languages.
  + Fix regression in computing sizes when an SVG has only one of
    width/height and a viewBox.
  + Spec compliance - the writing-mode property applies only to
    text elements, no to individual tspan elements.
  + Fix build on big-endian platforms.
  + Clarify documentation for the rsvg_handle_write() /
    rsvg_handle_close() deprecated APIs.

==== libstorage-ng ====
Version update (4.4.43 -> 4.4.44)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1

- merge gh#openSUSE/libstorage-ng#836
- added non-const versions of several existing functions
- added detect_remove_info()
- 4.4.44

==== libzypp-plugin-appdata ====

- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
  * harden_appstream-sync-cache.service.patch

==== nano ====
Version update (5.8 -> 5.9)
Subpackages: nano-lang

- GNU nano 5.9:
  * The extension of a filename is added to the name of a
    corresponding temporary file, so that spell checking a C file,
    for example, will check only the comments and strings
    (when using 'aspell').
  * The process number is added to the name of an emergency save
    file, so that when multiple nanos die they will not fight over
    a filename.
  * Undoing a cutting operation will restore an anchor that was
    located in the cut area to its original line.
  * When using --locking, saving a new buffer will create a lock
    file.
  * Syntax highlighting for YAML files has been added

==== ntp ====

- Added hardening to systemd service(s) (bsc#1181400). Modified:
  * conf.ntp-wait.service
  * conf.ntpd.service

==== open-vm-tools ====
Version update (11.3.0 -> 11.3.5)
Subpackages: libvmtools0 open-vm-tools-desktop

- Update to 11.3.5 (build 18557794) (boo#1190987)
  + New/Updated features:
  - Added a configurable logging capability to the network script.
    The network script has been updated to:
    use vmware-toolbox-cmd to query any network logging configuration from
    the tools.conf file.  Use vmtoolsd --cmd "log ..." to log a message to
    the vmx logfile when the logging handler is configured to "vmx" or when
    the logfile is full or is not writeable.
  - The hgfsmounter (mount.vmhgfs) command has been removed from
    open-vm-tools.
    The hgfsmounter (mount.vmhgfs) command is no longer used in
    Linux open-vm-tools. It has been replaced by hgfs-fuse. Therefore,
    removing all references to the hgfsmounter in Linux builds.
  + Resolved issues:
  - Customization: Retry the Linux reboot if telinit is a soft link to
    systemctl.
  - Open-vm-tools commands would hang if configured with "--enable-valgrind".
  + Spec file updates for:
  - rpmlint errors
  - arg_xmlsec1 --enable-xmlsec1 for better xmlsec1/libxml2 handling.

==== pam-config ====
Version update (1.4 -> 1.5)

- Update to Version 1.5
  - Don't print an error message if one of the systemd PAM modules
    does not exist if creating the *-pc files [bsc#1191528]
  - Drop pam_systemd_home again [bsc#1191528]

==== pangomm1_4 ====

- turn off doc build, it does not work with new doxygen

==== perl-Image-ExifTool ====
Subpackages: exiftool

- require File::RandomAccess otherwise exiftool(1) won't start

==== postfix ====
Subpackages: postfix-doc

- config.postfix not updatet after lmdb switch
  (bsc#1190945)
  Adapt config.postfix

==== postgresql ====
Version update (13 -> 14)
Subpackages: postgresql-contrib postgresql-docs postgresql-llvmjit postgresql-server

- Bump version and default to 14.

==== postgresql14 ====
Version update (13.4 -> 14.0)

- Let genlists skip non-existing binaries to avoid lots of version
  conditionals in the file lists.
- Remove postgresql-testsuite-int8.sql.patch, because its purpose
  is unclear. This affects only the test subpackage.
- Upgrade to 14.0
  https://www.postgresql.org/about/news/postgresql-14-released-2318/
  https://www.postgresql.org/docs/14/release-14.html
- Let genlists skip non-existing binaries to avoid lots of version
  conditionals in the file lists.
- Upgrade to 14~rc1
  https://www.postgresql.org/about/news/postgresql-14-rc-1-released-2309/
  https://www.postgresql.org/docs/14/release-14.html
  https://wiki.postgresql.org/wiki/PostgreSQL_14_Open_Items
- Upgrade to 14~beta2
  https://www.postgresql.org/about/news/postgresql-14-beta-2-released-2249/
  https://www.postgresql.org/docs/14/release-14.html
  https://wiki.postgresql.org/wiki/PostgreSQL_14_Open_Items
- Upgrade to 14~beta1
  https://www.postgresql.org/about/news/postgresql-14-beta-1-released-2213/
  https://www.postgresql.org/docs/14/release-14.html
  https://wiki.postgresql.org/wiki/PostgreSQL_14_Open_Items
- disable postgresql-testsuite-int8.sql.patch:
  it seems it is not needed anymore, need to be double checked.
- bsc#1185952: llvm12 breaks PostgreSQL 11 and 12 on s390x.
  Use llvm11 as a workaround.
- Upgrade to version 13.3:
  * https://www.postgresql.org/docs/13/release-13-3.html
  * CVE-2021-32027, bsc#1185924:
    Prevent integer overflows in array subscripting calculations.
  * CVE-2021-32028, bsc#1185925: Fix mishandling of ?junk?
    columns in INSERT ... ON CONFLICT ... UPDATE target lists.
  * CVE-2021-32029, bsc#1185926: Fix possibly-incorrect
    computation of UPDATE ... RETURNING
    "pg_psql_temporary_savepoint" does not exist?.
- Don't use %_stop_on_removal, because it was meant to be private
  and got removed from openSUSE. %_restart_on_update is also
  private, but still supported and needed for now (bsc#1183168).
- Re-enable build of the llvmjit subpackage on SLE, but it will
  only be delivered on PackageHub for now (boo#1183118).
- Remove leftover PreReq on chkconfig, we stopped using it long
  time ago.
- boo#1179945: Disable icu for PostgreSQL 10 (and older) on TW.
- Upgrade to version 13.2:
  * https://www.postgresql.org/docs/13/release-13-2.html
  * Updating stored views and reindexing might be needed after
    applying this update.
  * CVE-2021-3393, bsc#1182040: Fix information leakage in
    constraint-violation error messages.
  * CVE-2021-20229, bsc#1182039: Fix failure to check per-column
    SELECT privileges in some join queries.
  * Obsoletes postgresql-icu68.patch.
- Add postgresql-icu68.patch: fix build with ICU 68
- bsc#1178961: %ghost the symlinks to pg_config and ecpg.
- boo#1179765: BuildRequire libpq5 and libecpg6 when not building
  them to avoid dangling symlinks in the devel package.
- Upgrade to version 13.1:
  * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD
    and firing of deferred triggers within index expressions and
    materialized view queries.
  * CVE-2020-25694, bsc#1178667:
    a) Fix usage of complex connection-string parameters in pg_dump,
    pg_restore, clusterdb, reindexdb, and vacuumdb.
    b) When psql's \connect command re-uses connection parameters,
    ensure that all non-overridden parameters from a previous
    connection string are re-used.
  * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from
    modifying specially-treated variables.
  * Fix recently-added timetz test case so it works when the USA
    is not observing daylight savings time.
    (obsoletes postgresql-timetz.patch)
  * https://www.postgresql.org/about/news/2111/
  * https://www.postgresql.org/docs/13/release-13-1.html
- Fix a DST problem in the test suite: postgresql-timetz.patch
  https://postgr.es/m/16689-57701daa23b377bf@postgresql.org
- Initial packaging of PostgreSQL 13:
  * https://www.postgresql.org/about/news/2077/
  * https://www.postgresql.org/docs/13/release-13.html

==== rubygem-ffi ====
Version update (1.15.3 -> 1.15.4)
Subpackages: ruby2.7-rubygem-ffi ruby3.0-rubygem-ffi

- updated to version 1.15.4
  Fixed:
  * Fix build for uClibc. #913
  * Correct module lookup when including `ffi-module` gem. #912
  Changed:
  * Use ruby code of the ffi gem in JRuby-9.2.20+. #915

==== rubygem-nokogiri ====
Version update (1.12.3 -> 1.12.5)
Subpackages: ruby2.7-rubygem-nokogiri ruby3.0-rubygem-nokogiri

- updated to version 1.12.5
  [#]# 1.12.5 / 2021-09-27
  [#]## Security
  [JRuby] Address CVE-2021-41098 ([GHSA-2rr5-8q37-2w7h](https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h)).
  In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parsers resolve external entities (XXE) by default. This fix turns off entity-resolution-by-default in the JRuby SAX parsers to match the CRuby SAX parsers' behavior.
  CRuby users are not affected by this CVE.
  [#]## Fixed
  * [CRuby] `Document#to_xhtml` properly serializes self-closing tags in libxml > 2.9.10. A behavior change introduced in libxml 2.9.11 resulted in emitting start and and tags (e.g., `<br></br>`) instead of a self-closing tag (e.g., `<br/>`) in previous Nokogiri versions. [[#2324](https://github.com/sparklemotion/nokogiri/issues/2324)]
  [#]# 1.12.4 / 2021-08-29
  [#]## Notable fix: Namespace inheritance
  Namespace behavior when reparenting nodes has historically been poorly specified and the behavior diverged between CRuby and JRuby. As a result, making this behavior consistent in v1.12.0 introduced a breaking change.
  This patch release reverts the Builder behavior present in v1.12.0..v1.12.3 but keeps the Document behavior. This release also introduces a Document attribute to allow affected users to easily change this behavior for their legacy code without invasive changes.
  [#]### Compensating Feature in XML::Document
  This release of Nokogiri introduces a new `Document` boolean attribute, `namespace_inheritance`, which controls whether children should inherit a namespace when they are reparented. `Nokogiri::XML:Document` defaults this attribute to `false` meaning "do not inherit," thereby making explicit the behavior change introduced in v1.12.0.
  CRuby users who desire the pre-v1.12.0 behavior may set `document.namespace_inheritance = true` before reparenting nodes.
  See https://nokogiri.org/rdoc/Nokogiri/XML/Document.html#namespace_inheritance-instance_method for example usage.
  [#]### Fix for XML::Builder
  However, recognizing that we want `Builder`-created children to inherit namespaces, Builder now will set `namespace_inheritance=true` on the underlying document for both JRuby and CRuby. This means that, on CRuby, the pre-v1.12.0 behavior is restored.
  Users who want to turn this behavior off may pass a keyword argument to the Builder constructor like so:
  ``` ruby
  Nokogiri::XML::Builder.new(namespace_inheritance: false)
  ```
  See https://nokogiri.org/rdoc/Nokogiri/XML/Builder.html#label-Namespace+inheritance for example usage.
  [#]### Downstream gem maintainers
  Note that any downstream gems may want to specifically omit Nokogiri v1.12.0--v1.12.3 from their dependency specification if they rely on child namespace inheritance:
  ``` ruby
  Gem::Specification.new do |gem|
    [#] ...
    gem.add_runtime_dependency 'nokogiri', '!=1.12.3', '!=1.12.2', '!=1.12.1', '!=1.12.0'
    [#] ...
  end
  ```
  [#]## Fixed
  * [JRuby] Fix NPE in Schema parsing when an imported resource doesn't have a `systemId`. [[#2296](https://github.com/sparklemotion/nokogiri/issues/2296)] (Thanks, [@pepijnve](https://github.com/pepijnve)!)

==== rubygem-parallel ====
Version update (1.20.1 -> 1.21.0)

- updated to version 1.21.0
  * no changelog found

==== rubygem-unf_ext ====
Version update (0.0.7.7 -> 0.0.8)

- updated to version 0.0.8
  * No functional change in the library code.
  * Include Windows binaries for Ruby 3.0.
  * Drop support for Ruby 2.1 and earlier.
  * Replace Travis CI with Github Actions.
  * Fix cross-build after upgrading rake-compiler/rake-compiler-dock to 1.1.1/1.1.0.

==== rubygem-yast-rake ====
Version update (0.2.41 -> 0.2.42)

- Fixed running the GitHub Actions locally ("rake actions:run"),
  allow settting additional Docker options in the YAML config
  or via DOCKER_OPTIONS environment variable (bsc#1191400)
- 0.2.42

==== sscep ====
Version update (0.9.1 -> 0.10.0)

- Update to version 0.10.0
  * Added auto-selection of default protection algorithms (-E, -S
    and -F) based on getcaps, unless specified explicitly.
  * Added parameter -W sec to wait for network connectivity
    (default 0).
  * Engines are now disabled by default and need to be enabled by
    ./configure --enable-engines or cmake . -DENABLE_ENGINES=ON
  * Compatible with OpenSSL 3.0.0
  * Removed support for OpenSSL < 1.1.0

==== xdg-desktop-portal ====
Version update (1.10.0 -> 1.10.1)
Subpackages: xdg-desktop-portal-lang

- Update to version 1.10.1:
  + Revert a breaking change to the screencast and inhibit portal.

==== xfsprogs ====
Subpackages: libhandle1 xfsprogs-scrub

- move fsck.xfs, mkfs.xfs and xfs_repair from /sbin to /usr/sbin
  (bsc#1191105)
  The default rpmbuild %configure macro passes --sbindir=/usr/sbin to
  every configure script, but the xfsprogs configure script ignores it
  when --exec-prefix is also set. Unset --exec-prefix since it is not
  really required (all other paths are explicitly passed via the rpm
  configure macro), so that the --sbindir is respected.

==== yast2-installation ====
Version update (4.4.19 -> 4.4.20)

- Fix file copying when using relurl:// and file:// naming schemes
  (bsc#1191160).
- 4.4.20

==== yast2-python-bindings ====
Version update (4.4.1 -> 4.4.2)

- Fix yast2-python-bindings requires Python (bsc#1190890).
- 4.4.2