Packages changed:
  Mesa (21.3.0 -> 21.3.1)
  Mesa-drivers (21.3.0 -> 21.3.1)
  apache2-mod_php7
  bash
  bind (9.16.20 -> 9.16.23)
  blog (2.21 -> 2.26)
  freerdp
  freetype2 (2.11.0 -> 2.11.1)
  gc (8.0.6 -> 8.2.0)
  kImageAnnotator (0.5.2 -> 0.5.3)
  kio
  libopenmpt (0.5.12 -> 0.5.13)
  libreoffice
  libvirt (7.9.0 -> 7.10.0)
  mozilla-nss (3.71 -> 3.73)
  multipath-tools (0.8.7+14+suse.5a09bfa -> 0.8.8+38+suse.2bdd3a14)
  openconnect
  perl-libwww-perl (6.58 -> 6.59)
  php7
  poppler (21.10.0 -> 21.12.0)
  poppler-qt5 (21.10.0 -> 21.12.0)
  postgresql
  postgresql14
  python-libvirt-python (7.9.0 -> 7.10.0)
  python-scrypt (0.8.18 -> 0.8.19)
  rdma-core (37.1 -> 38.0)
  strace (5.14 -> 5.15)
  syslogd
  xorg-x11-server

=== Details ===

==== Mesa ====
Version update (21.3.0 -> 21.3.1)
Subpackages: Mesa-dri-devel Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1

- update to 21.3.1
  * mostly AMD, Intel & Zink fixes.

==== Mesa-drivers ====
Version update (21.3.0 -> 21.3.1)
Subpackages: Mesa-dri Mesa-gallium Mesa-libva libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libvulkan_intel libvulkan_radeon libxatracker2

- update to 21.3.1
  * mostly AMD, Intel & Zink fixes.

==== apache2-mod_php7 ====

- provide configuration for PHP-FPM out of the box (boo#1192414)
- package missing php.ini for PHP-FPM (boo#1192672)

==== bash ====
Subpackages: bash-doc bash-lang bash-sh

- avoid duplicating COPYING file in bash-doc (already in main package in
  licensedir)

==== bind ====
Version update (9.16.20 -> 9.16.23)
Subpackages: bind-doc bind-utils python3-bind

- Upgrade to 9.16.23
  Security issues fixed:
  The "lame-ttl" option is now forcibly set to 0. This
  effectively disables the lame server cache, as it could
  previously be abused by an attacker to significantly
  degrade resolver performance. (CVE-2021-25219)
  Bugs fixed:
  In 9.16.21:
  * When a dynamic zone was made available in another view
    using the "in-view" statement, running "rndc freeze"
    always reported an "already frozen" error even though
    the zone was successfully frozen.
  * Stale data in the cache could cause named to send
    non-minimized queries despite QNAME minimization being
    enabled.
  * When a DNSSEC-signed zone which only has a single
    signing key available is migrated to use KASP, that key
    is now treated as a Combined Signing Key (CSK).
  * When a member zone was removed from a catalog zone,
    journal files for the former were not deleted.
  * named-checkconf failed to detect syntactically invalid
    values of the "key" and "tls" parameters used to define
    members of remote server lists.
  * Fixed a regression which caused the EDNS TCP Keepalive option to be
    ignored inadvertently in client requests. It has now
    been fixed and this option is handled properly again.
  * Fixed a regression which altered the internal memory structure of
    zone databases, but neglected to update the MAPAPI value
    for zone files in "map" format. This caused named to
    attempt to load incompatible map files, triggering an
    assertion failure on startup. The MAPAPI value has now
    been updated, so named rejects outdated files when
    encountering them.
  * The thread-local isc_tid_v variable was not properly
    initialized when running BIND 9 as a Windows Service,
    leading to a crash on startup.
  * "map" files exceeding 2GB in size failed to load due to
    a size comparison that incorrectly treated the file size
    as a signed integer.
  In 9.16.22:
  * Remove the "adjust interface" mechanism which was
    responsible for setting up listeners on interfaces when
    the "*-source(-v6)" address and port were the same as
    the "listen-on(-v6)" address and port. Such a
    configuration is no longer supported; under certain
    timing conditions, that mechanism could prevent named
    from listening on some TCP ports. This has been fixed.
  * Multiple library names were mistakenly passed to the
    krb5-config utility when ./configure was invoked with
    the --with-gssapi=[/path/to/]krb5-config option. This
    has been fixed by invoking krb5-config separately for
    each required library.
  * Fixed a regression which broke backward compatibility for the
    "check-names master ..." and "check-names slave ..."
    options. This has been fixed.
  * Address a potential deadlock when checking zone content
    consistency.
  In 9.16.23:
  * Address Coverity warning in lib/dns/dnssec.c.
  * Fix a bug when comparing two RSA keys. There was a typo
    which caused the "p" prime factors to not being
    compared.
  * Fix an assertion failure caused by missing member zones
    during a reload of a catalog zone.
  This obsoletes bind-CVE-2021-25219.patch and
  bind-fix-build-with-older-sphinx.patch
  Other issues:
  A compile time waring about fall through in a switch statement
  has been averted by marking the cases as FALLTHROUGH.
  [bind-9.16.23.tar.xz, bind-9.16.23.tar.xz.sha512.asc,
  bind-CVE-2021-25219.patch, bind-fix-build-with-older-sphinx.patch,
  bind-avoid-fallthrough-warning-error.patch]

==== blog ====
Version update (2.21 -> 2.26)
Subpackages: libblogger2

- Update to version 2.26
  * On s390/x and PPC64 gcc misses unused arg0
- Remove patch fcb9e0c2.patch as now part of tar ball
- Add upstream patch fcb9e0c2.patch
  * On s390/x and PPC64 gcc misses unused arg0
- Update to version 2.24
  * Avoid install errror due missed directory
- Update to version 2.22
  * Avoid KillMode=none for newer systemd version as well as rework
    the systemd unit files of blog (boo#1186506)

==== freerdp ====
Subpackages: libfreerdp2-2 libwinpr2-2

- Add patch to fix connecting without H.264-enabled FFmpeg (boo#1190823):
  * 0001-Make-H.264-codec-optional-during-runtime.patch
- Use %autosetup

==== freetype2 ====
Version update (2.11.0 -> 2.11.1)
Subpackages: freetype2-devel libfreetype6 libfreetype6-32bit

- update to 2.11.1:
  * Some  fields  in  the  `CID_FaceDictRec`, `CID_FaceInfoRec`, and
    `FT_Data` structures  have been changed  from signed to unsigned
    type,  which  better reflects  the actual usage.  It is also  an
    additional means to protect against malformed input.
  * Cmake support  has been  further improved.   To do  that various
    backward-incompatible  changes were  necessary; please  see file
    `CMakeLists.txt` for more details.
  * The experimental  'COLR' v1 API  has been updated to  the latest
    OpenType standard 1.9.

==== gc ====
Version update (8.0.6 -> 8.2.0)

- Add 0001-Distribute-gc_gcj.h-and-some-other-headers-in-single.patch
  to repair `make install` forgetting to install gc_pthread.h.
- Drop C++98 build mode; just use what g++ uses.
- Update to release 8.2.0
  * Add API for accessing incremental GC time limit with
    nanosecond precision
  * Add API function to force start of incremental collection
  * Add GC_get/set_disable_automatic_collection API
  * New API (GC_set_markers_count) to control number of parallel
    markers
  * New API function to clear GC exclusion table
  * New API function to get size of object debug header
  * New API standalone functions to acquire and release the
    allocator lock
  * Always abort on failure to access /proc/self/maps
  * Avoid initial 3ms pause on world stop/start with GC_retry_signals
  * Enable mprotect-based incremental GC for Linux/arm and
    Linux/aarch64
  * Enable true incremental collection even if parallel marker is on
  * Fix mmap(PROT_NONE) failure if RLIMIT_AS value is low (Linux)
  * Report memory region bounds and errno on GC_unmap/remap failure
  * Use mprotect-based VDB on PowerPC and S390 (Linux)
  * Use soft dirty bits on Linux (i386, powerpc, s390, x86_64)
  * Fix copyright message in de_win.rc, gc_cpp.cc, ec.h and
    specific.h

==== kImageAnnotator ====
Version update (0.5.2 -> 0.5.3)

- Update to version 0.5.3
  * Fixed: Crash while typing text on wayland.
  * Changed: Show scrollbar when not all tools visible.

==== kio ====
Subpackages: kio-core kio-lang

- Add patch to fix KRun on Wayland (kde#446272,
  gh#openSUSE/kmozillahelper#33):
  * 0001-Fix-KRun-runApplication-when-xdg-activation-is-invol.patch

==== libopenmpt ====
Version update (0.5.12 -> 0.5.13)

- Update to 0.5.13:
  * [Bug] Fixed various undefined behaviour found with ubsan.
  * IMF: Change envelope interpretation to be more like in XM instead of
    IT and tighten header validation.
  * MED: Some samples had a ping-pong loop when there should be no loop at all.
  * MT2: Ignore incorrect drums chunk size in early MT2 files (fixes e.g.
    ?A little Rock? by Csumi).
  * MT2: Work around initial master volume of 0 used in some files that apply
    a fade-in a the song start using track automation that would stay silent
    forever otherwise (track automation is currently not supported).
  * OKT: Apply portamento on every tick.
  * mpg123: Update to v1.29.2 (2021-10-23).

==== libreoffice ====
Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit

- Fix UI scaling on HIDPI Wayland/KDE screens
  https://bugs.documentfoundation.org/show_bug.cgi?id=137924
  + fix-wayland-scaling-in-plasma.patch

==== libvirt ====
Version update (7.9.0 -> 7.10.0)
Subpackages: libvirt-client libvirt-daemon libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs

- libxl: Fix libvirtd deadlocks and segfaults
  23b51d7b-libxl-disable-death-event.patch,
  a4e6fba0-libxl-rename-threadinfo-struct.patch,
  e4f7589a-libxl-shutdown-thread-name.patch,
  b9a5faea-libxl-handle-death-thread.patch,
  5c5df531-libxl-search-domid-in-thread.patch,
  a7a03324-libxl-protect-logger-access.patch
  bsc#1191668, bsc#1192017
- Update to libvirt 7.10.0
  - jsc#SLE-18260, jsc#SLE-19264
  - Many incremental improvements and bug fixes, see
    https://libvirt.org/news.html#v7-10-0-2021-12-01

==== mozilla-nss ====
Version update (3.71 -> 3.73)
Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs mozilla-nss-tools

- update to NSS 3.73
  * bmo#1735028 - check for missing signedData field.
  * bmo#1737470 - Ensure DER encoded signatures are within size limits.
  * bmo#1729550 - NSS needs FiPS 140-3 version indicators.
  * bmo#1692132 - pkix_CacheCert_Lookup doesn't return cached certs
  * bmo#1738600 - sunset Coverity from NSS
  MFSA 2021-51 (bsc#1193170)
  * CVE-2021-43527 (bmo#1737470)
    Memory corruption via DER-encoded DSA and RSA-PSS signatures
- update to NSS 3.72
  * Remove newline at the end of coreconf.dep
  * bmo#1731911 - Fix nsinstall parallel failure.
  * bmo#1729930 - Increase KDF cache size to mitigate perf
    regression in about:logins

==== multipath-tools ====
Version update (0.8.7+14+suse.5a09bfa -> 0.8.8+38+suse.2bdd3a14)
Subpackages: kpartx libmpath0

- Update to 0.8.8+38+suse.2bdd3a14.obscpio
  * upstream version bump. Code-wise identical to 0.8.7+138+suse.7c9afe31
- Drop versioned dependency on libmpath0 again (bsc#1190622)
  * Since 0.8.6, libmultipath and libmpathpersist have got proper ABI
    versioning, and rpmbuild auto-generates dependencies on
    libmultipath.so.0(LIBMULTIPATH_13.0.0) etc.
- Update to version 0.8.7+138+suse.7c9afe31:
  New upstream version (pre-0.8.8)
  * deprecate "config_dir" and "multipath_dir" config options
    (will be removed in future version)
  * remove dependency on systemd-udevd-settle.service (boo#1193336)
  * fix crash in remove_map (boo#1193334)
  * CLI: add path wildcard "%I" for init state
  * CLI: add "reconfigure all" command
  * allow multiple pending "reconfigure" commands (bsc#1189551)
  * speed up "reconfigure" by avoiding unnecessary map reloads
    (bsc#1189551)
  * rework of CLI command handler (unix socket handler) to avoid
    hanging CLI commands (bsc#1189551)
  * fix multipathd startup after stop during reconfigure (boo#1193338)
  * improve error detection and warning messages in config file parser
  * fix exit status of multipath -T (bsc#1191900)
  * fix defects reported by coverity (boo#1193342)
  - avoid sleeping with locks held
  - exit if bindings file is broken
  - set umask before mkstemp
  - add bounds and consistency checks in SCSI VPD parsing code
  * add hardware table entry for DellEMC/ME4 (PowerVault ME4)

==== openconnect ====
Subpackages: libopenconnect5 openconnect-bash-completion openconnect-lang

- Import the latest version of the vpnc-script, revision
  1d35a8527e5422967514dd1d47350ff2ede55903 (boo#1140772)
  * This brings a lot of improvements for non-trivial network setups, IPv6 etc

==== perl-libwww-perl ====
Version update (6.58 -> 6.59)

- updated to 6.59
  see /usr/share/doc/packages/perl-libwww-perl/Changes
  6.59      2021-12-02 21:16:04Z
  - Use American English aspell master dictionary for POD spelling tests (GH#394) (Ville Skyttä)
  - Remove unnecessary string concatenations in mirror error messages (GH#391) (Ville Skyttä)
  - Spelling and grammar fixes (GH#390) (Ville Skyttä)

==== php7 ====
Subpackages: php7-cli php7-ctype php7-dom php7-gd php7-gettext php7-iconv php7-json php7-mbstring php7-mysql php7-openssl php7-pdo php7-sqlite php7-tokenizer php7-xmlreader php7-xmlwriter

- provide configuration for PHP-FPM out of the box (boo#1192414)
- package missing php.ini for PHP-FPM (boo#1192672)

==== poppler ====
Version update (21.10.0 -> 21.12.0)
Subpackages: libpoppler-cpp0 libpoppler-glib8 poppler-tools

- update to 21.12.0:
  * Add API to add images
  * CairoOutputDev: Fix de-duping of Flate images
  * Fix crash on broken files when using non-default ENABLE_ZLIB_UNCOMPRESS. Issue #393
  * Minor code improvements
  * Add API for validation of signatures
  * Add API to read/save to file descriptor
  * pdftohtml: Reduce sensitivity of duplicate detection. Issue #1117
  * Increase C++ standard to 17
- Update to 21.11.0:
  core:
  * Fix rendering of some non-standard confirming annotations
  * Support rendering of some non-standard Type3 charprocs
  * TextOutputDev: Respect orientation when selecting words
  * CairoOutputDev: Don't override the antialias settings from the cairo_t
  * StructElement: support MCID in XObjects
  * Fix detection of monospace fonts
  * Ignore Adobe-Identity for non embedded CID fonts
  * PageLabelInfo::labelToIndex: work on some special no style intervals
  * Fix crash in malformed files
  * Minor code improvements
  utils:
  * pdfinfo: add -url option to print all URLs in a PDF
  * pdftohtml: document what zoom means in regard to DPI
  qt6:
  * Require Qt 6.1
  * Minor code improvements

==== poppler-qt5 ====
Version update (21.10.0 -> 21.12.0)

- update to 21.12.0:
  * Add API to add images
  * CairoOutputDev: Fix de-duping of Flate images
  * Fix crash on broken files when using non-default ENABLE_ZLIB_UNCOMPRESS. Issue #393
  * Minor code improvements
  * Add API for validation of signatures
  * Add API to read/save to file descriptor
  * pdftohtml: Reduce sensitivity of duplicate detection. Issue #1117
  * Increase C++ standard to 17
- Update to 21.11.0:
  core:
  * Fix rendering of some non-standard confirming annotations
  * Support rendering of some non-standard Type3 charprocs
  * TextOutputDev: Respect orientation when selecting words
  * CairoOutputDev: Don't override the antialias settings from the cairo_t
  * StructElement: support MCID in XObjects
  * Fix detection of monospace fonts
  * Ignore Adobe-Identity for non embedded CID fonts
  * PageLabelInfo::labelToIndex: work on some special no style intervals
  * Fix crash in malformed files
  * Minor code improvements
  utils:
  * pdfinfo: add -url option to print all URLs in a PDF
  * pdftohtml: document what zoom means in regard to DPI
  qt6:
  * Require Qt 6.1
  * Minor code improvements

==== postgresql ====
Subpackages: postgresql-contrib postgresql-docs postgresql-llvmjit postgresql-server

- Move the dependency of llvmjit-devel on clang and llvm to the
  implementation packages where we can depend on the correct
  versions.
- fix postgresql_has_llvm usage
- First round of changes to make it easier to build extensions for
  - add postgresql-llvmjit-devel subpackage:
    This package will pull in clang and llvm if the distro has a
    recent enough version, otherwise it will just pull
    postgresql-server-devel.
  - add postgresql macros to the postgresql-server-devel package
    those cover all the variables from pg_config and some macros
    to remove repitition from the spec files

==== postgresql14 ====
Subpackages: libpq5 postgresql14-contrib postgresql14-docs postgresql14-llvmjit postgresql14-server

- Add a llvmjit-devel subpackage to pull in the right versions
  of clang and llvm for building extensions.
- Fix some mistakes in the interdependencies between the
  implementation packages and their noarch counterpart.
- Update the BuildIgnore section.

==== python-libvirt-python ====
Version update (7.9.0 -> 7.10.0)

- Update to 7.10.0
  - Add all new APIs and constants in libvirt 7.10.0
  - jsc#SLE-18260, jsc#SLE-19264

==== python-scrypt ====
Version update (0.8.18 -> 0.8.19)

- update to 0.8.19:
  * Use RtlGenRandom instead of CryptGenRandom on windows
  * Add check for c:\Program Files\OpenSSL-Win64 and c:\Program Files\OpenSSL-Win32

==== rdma-core ====
Version update (37.1 -> 38.0)
Subpackages: libefa1 libibverbs libibverbs1 libmlx4-1 libmlx5-1 librdmacm1

- Update to v38.0 (jsc#SLE-18383)
  - Bugfixes on all providers
  - New provider for irdma support
- Add rdma-ndd to recommended depencies of rdma-core

==== strace ====
Version update (5.14 -> 5.15)

- Update to strace 5.15
  * Improvements
  * Implemented --strings-in-hex=non-ascii-chars option for using hexadecimal
    numbers instead of octal ones in escape sequences in the output strings.
  * Implemented --decode-pids=comm option (and its alias -Y) for printing
    command names for PIDs.
  * Implemented --decode-pids=pidns as an alias to --pidns-translation option.
  * Implemented printing of current working directory when AT_FDCWD constant
    is used with --decode-fds=path option enabled.
  * Improved printing of syscall names in places where the associated
    AUDIT_ARCH_* value is present (ptrace PTRACE_GET_SYSCALL_INFO request,
    SIGSYS siginfo_t).
  * Implemented decoding of process_mrelease syscall, introduced in Linux 5.15.
  * Implemented decoding of SECCOMP_GET_NOTIF_SIZES operation of seccomp
    syscall.
  * Implemented decoding of HDIO_*, KD*, and SECCOMP_* ioctl commands.
  * Implemented decoding of RTM_NEWCACHEREPORT, RTM_{NEW,DEL,GET}NEXTHOP,
    and RTM_{NEW,GET}STATS NETLINK_ROUTE netlink messages.
  * Implemented decoding of AF_ALG, AF_IEEE802154, AF_MCTP, AF_NFC, AF_QIPCRTR,
    AF_RRPC, AF_VSOCK, and AF_XDP socket addresses.
  * Implemented decoding of AF_BRIDGE and AF_MCTP protocols for IFLA_AF_SPEC
    netlink attribute.
  * Implemented decoding of IFLA_BR_MCAST_QUERIER_STATE, IFLA_BR_MULTI_BOOLOPT,
    IFLA_INET6_RA_MTU, IFLA_INFO_SLAVE_DATA, and IFLA_VFINFO_LIST netlink
    attributes.
  * Enhanced decoding of io_uring_register and times syscalls.
  * Enhanced IFLA_BR_FORWARD_DELAY, IFLA_BR_MAX_AGE, IFLA_EXT_MASK,
    IFLA_PROTINFO, *_INTVL, and *_TIMER netlink attribute decoding.
  * Enhanced decoding of AF_IPX and AF_NETLINK socket addresses.
  * Updated lists o AF_*, ARPHRD_*, BTRFS_*, DEVCONF_*, DM_*, ETH_P_*,
    FAN_REPORT_*, IORING_*, MOVE_MOUNT_*, MPOL_*, PACKET_*, RTM_*, SO_*,
    and XFRM_MSG_* constants.
  * Updated lists of ioctl commands from Linux 5.15.
  * Bug fixes
  * Fixed printing of struct bpf_prog_info.map_ids array.
  * Fixed behaviour of "dev", "pidfd", and "socket" arguments of the --print-fds
    option to no longer imply the "path" argument.
  * Fixed insufficient buffer size used for network interface name printing,
    that previously led to assertions on attempts of printing interface names
    that require quoting, for example, names longer than 4 characters in -xx
    mode (addresses RHBZ bug #2028146).

==== syslogd ====
Subpackages: klogd syslog-service

- Remove PrivateDevices, ProtectClock and ProtectKernelLogs=true
  from klog.service and ProtectKernelLogs from klogd.service
  (bsc#1193172)

==== xorg-x11-server ====
Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra xorg-x11-server-sdk

- u_pci-primary-Fix-up-primary-PCI-device-detection-for-the-platfrom-bus.patch
  * Fix SEGFAULT when parsing bus IDs of NULL
- u_Support-configuration-files-under-run-X11-xorg.conf..patch
  * Support configuration files under /run. Required for generating
    configuration files via udev.
- u_Add-udev-scripts-for-configuration-of-platform-devic.patch
  * Generate configuration files for platform devices
- u_Revert-xf86-Accept-devices-with-the-simpledrm-driver.patch
  * Code has been obsoleted by udev patchset
- u_Add-udev-rule-for-HyperV-devices.patch
  * Same as for platform devices, but on HyperV