Packages changed:
  apache2 (2.4.51 -> 2.4.52)
  apache2-manual (2.4.51 -> 2.4.52)
  apache2-mod_php7 (7.4.26 -> 7.4.27)
  apache2-prefork (2.4.51 -> 2.4.52)
  apache2-utils (2.4.51 -> 2.4.52)
  cantarell-fonts (0.301 -> 0.303.1)
  epiphany (41.2 -> 41.3)
  fwupd (1.6.4 -> 1.7.3)
  gnome-shell
  harfbuzz (3.1.1 -> 3.2.0)
  libinput (1.19.2 -> 1.19.3)
  libqt5-qtwayland (5.15.2+kde34 -> 5.15.2+kde37)
  librsvg (2.52.4 -> 2.52.5)
  libstorage-ng (4.4.66 -> 4.4.68)
  live555 (2021.11.23 -> 2021.12.18)
  mutter
  openvpn (2.5.4 -> 2.5.5)
  php7 (7.4.26 -> 7.4.27)
  python-chardet
  remmina (1.4.22 -> 1.4.23)
  squid (5.2 -> 5.3)
  suse-module-tools (16.0.16 -> 16.0.17)
  xxhash
  yast2 (4.4.30 -> 4.4.31)
  yast2-storage-ng (4.4.27 -> 4.4.28)

=== Details ===

==== apache2 ====
Version update (2.4.51 -> 2.4.52)

- version update to 2.4.52:
  * fix CVE-2021-44224: NULL dereference or SSRF in forward proxy
    configurations [boo#1193943]
  * fix CVE-2021-44790: buffer overflow when parsing multipart
    content in mod_lua [boo#1193942]
  * ) http: Enforce that fully qualified uri-paths not to be forward-proxied
    have an http(s) scheme, and that the ones to be forward proxied have a
    hostname, per HTTP specifications.
  * ) OpenSSL autoconf detection improvement: pick up openssl.pc in the
    already sent it to the client.
  * ) mod_http: Correctly sent a 100 Continue status code when sending an interim
    response as result of an Expect: 100-Continue in the request and not the
    current status code of the request
  * ) mod_dav: Some DAV extensions, like CalDAV, specify both document
    elements and property elements that need to be taken into account
    when generating a property. The document element and property element
    are made available in the dav_liveprop_elem structure by calling
    dav_get_liveprop_element()
  * ) mod_dav: Add utility functions dav_validate_root_ns(),
    dav_find_child_ns(), dav_find_next_ns(), dav_find_attr_ns() and
    dav_find_attr() so that other modules get to play too.
  * ) mpm_event: Restart stopping of idle children after a load peak
  * ) mod_http2: fixes 2 regressions in server limit handling.
    1. When reaching server limits, such as MaxRequestsPerChild, the
    HTTP/2 connection send a GOAWAY frame much too early on new
    connections, leading to invalid protocol state and a client
    failing the request
    The module now initializes the HTTP/2 protocol correctly and
    allows the client to submit one request before the shutdown
    via a GOAWAY frame is being announced.
    2. A regression in v1.15.24 was fixed that could lead to httpd
    child processes not being terminated on a graceful reload or
    when reaching MaxConnectionsPerChild. When unprocessed h2
    requests were queued at the time, these could stall.
    See <https://github.com/icing/mod_h2/issues/212>.
  * ) mod_ssl: Add build support for OpenSSL v3
  * ) mod_proxy_connect: Honor the smallest of the backend or client timeout
    while tunneling
  * ) mod_proxy: SetEnv proxy-nohalfclose (or alike) allows to disable TCP
    half-close forwarding when tunneling protocols
  * ) core: Be safe with ap_lingering_close() called with a socket NULL-ed by
    a third-party module.  PR 65627.
  * ) mod_md: Fix memory leak in case of failures to load the private key.
  * ) mod_md: adding v2.4.8 with the following changes
  - Added support for ACME External Account Binding (EAB).
    Use the new directive `MDExternalAccountBinding` to provide the
    server with the value for key identifier and hmac as provided by
    your CA.
    While working on some servers, EAB handling is not uniform
    across CAs. First tests with a Sectigo Certificate Manager in
    demo mode are successful. But ZeroSSL, for example, seems to
    regard EAB values as a one-time-use-only thing, which makes them
    fail if you create a seconde account or retry the creation of the
    first account with the same EAB.
  - The directive 'MDCertificateAuthority' now checks if its parameter
    is a http/https url or one of a set of known names. Those are
    'LetsEncrypt', 'LetsEncrypt-Test', 'Buypass' and 'Buypass-Test'
    for now and they are not case-sensitive.
    The default of LetsEncrypt is unchanged.
  - `MDContactEmail` can now be specified inside a `<MDomain dnsname>`
    section.
  - Treating 401 HTTP status codes for orders like 403, since some ACME
    servers seem to prefer that for accessing oders from other accounts.
  - When retrieving certificate chains, try to read the repsonse even
    if the HTTP Content-Type is unrecognized.
  - Fixed a bug that reset the error counter of a certificate renewal
    and prevented the increasing delays in further attempts.
  - Fixed the renewal process giving up every time on an already existing
    order with some invalid domains. Now, if such are seen in a previous
    order, a new order is created for a clean start over again.
    See <https://github.com/icing/mod_md/issues/268>
  - Fixed a mixup in md-status handler when static certificate files
    and renewal was configured at the same time.
  * ) mod_md: values for External Account Binding (EAB) can
    now also be configured to be read from a separate JSON
    file. This allows to keep server configuration permissions
    world readable without exposing secrets.
  * ) mod_proxy_uwsgi: Remove duplicate slashes at the beginning of PATH_INFO.

==== apache2-manual ====
Version update (2.4.51 -> 2.4.52)

- version update to 2.4.52:
  * fix CVE-2021-44224: NULL dereference or SSRF in forward proxy
    configurations [boo#1193943]
  * fix CVE-2021-44790: buffer overflow when parsing multipart
    content in mod_lua [boo#1193942]
  * ) http: Enforce that fully qualified uri-paths not to be forward-proxied
    have an http(s) scheme, and that the ones to be forward proxied have a
    hostname, per HTTP specifications.
  * ) OpenSSL autoconf detection improvement: pick up openssl.pc in the
    already sent it to the client.
  * ) mod_http: Correctly sent a 100 Continue status code when sending an interim
    response as result of an Expect: 100-Continue in the request and not the
    current status code of the request
  * ) mod_dav: Some DAV extensions, like CalDAV, specify both document
    elements and property elements that need to be taken into account
    when generating a property. The document element and property element
    are made available in the dav_liveprop_elem structure by calling
    dav_get_liveprop_element()
  * ) mod_dav: Add utility functions dav_validate_root_ns(),
    dav_find_child_ns(), dav_find_next_ns(), dav_find_attr_ns() and
    dav_find_attr() so that other modules get to play too.
  * ) mpm_event: Restart stopping of idle children after a load peak
  * ) mod_http2: fixes 2 regressions in server limit handling.
    1. When reaching server limits, such as MaxRequestsPerChild, the
    HTTP/2 connection send a GOAWAY frame much too early on new
    connections, leading to invalid protocol state and a client
    failing the request
    The module now initializes the HTTP/2 protocol correctly and
    allows the client to submit one request before the shutdown
    via a GOAWAY frame is being announced.
    2. A regression in v1.15.24 was fixed that could lead to httpd
    child processes not being terminated on a graceful reload or
    when reaching MaxConnectionsPerChild. When unprocessed h2
    requests were queued at the time, these could stall.
    See <https://github.com/icing/mod_h2/issues/212>.
  * ) mod_ssl: Add build support for OpenSSL v3
  * ) mod_proxy_connect: Honor the smallest of the backend or client timeout
    while tunneling
  * ) mod_proxy: SetEnv proxy-nohalfclose (or alike) allows to disable TCP
    half-close forwarding when tunneling protocols
  * ) core: Be safe with ap_lingering_close() called with a socket NULL-ed by
    a third-party module.  PR 65627.
  * ) mod_md: Fix memory leak in case of failures to load the private key.
  * ) mod_md: adding v2.4.8 with the following changes
  - Added support for ACME External Account Binding (EAB).
    Use the new directive `MDExternalAccountBinding` to provide the
    server with the value for key identifier and hmac as provided by
    your CA.
    While working on some servers, EAB handling is not uniform
    across CAs. First tests with a Sectigo Certificate Manager in
    demo mode are successful. But ZeroSSL, for example, seems to
    regard EAB values as a one-time-use-only thing, which makes them
    fail if you create a seconde account or retry the creation of the
    first account with the same EAB.
  - The directive 'MDCertificateAuthority' now checks if its parameter
    is a http/https url or one of a set of known names. Those are
    'LetsEncrypt', 'LetsEncrypt-Test', 'Buypass' and 'Buypass-Test'
    for now and they are not case-sensitive.
    The default of LetsEncrypt is unchanged.
  - `MDContactEmail` can now be specified inside a `<MDomain dnsname>`
    section.
  - Treating 401 HTTP status codes for orders like 403, since some ACME
    servers seem to prefer that for accessing oders from other accounts.
  - When retrieving certificate chains, try to read the repsonse even
    if the HTTP Content-Type is unrecognized.
  - Fixed a bug that reset the error counter of a certificate renewal
    and prevented the increasing delays in further attempts.
  - Fixed the renewal process giving up every time on an already existing
    order with some invalid domains. Now, if such are seen in a previous
    order, a new order is created for a clean start over again.
    See <https://github.com/icing/mod_md/issues/268>
  - Fixed a mixup in md-status handler when static certificate files
    and renewal was configured at the same time.
  * ) mod_md: values for External Account Binding (EAB) can
    now also be configured to be read from a separate JSON
    file. This allows to keep server configuration permissions
    world readable without exposing secrets.
  * ) mod_proxy_uwsgi: Remove duplicate slashes at the beginning of PATH_INFO.

==== apache2-mod_php7 ====
Version update (7.4.26 -> 7.4.27)

- updated to 7.4.27: This is a bug fix release. See
  https://www.php.net/ChangeLog-7.php#7.4.27

==== apache2-prefork ====
Version update (2.4.51 -> 2.4.52)

- version update to 2.4.52:
  * fix CVE-2021-44224: NULL dereference or SSRF in forward proxy
    configurations [boo#1193943]
  * fix CVE-2021-44790: buffer overflow when parsing multipart
    content in mod_lua [boo#1193942]
  * ) http: Enforce that fully qualified uri-paths not to be forward-proxied
    have an http(s) scheme, and that the ones to be forward proxied have a
    hostname, per HTTP specifications.
  * ) OpenSSL autoconf detection improvement: pick up openssl.pc in the
    already sent it to the client.
  * ) mod_http: Correctly sent a 100 Continue status code when sending an interim
    response as result of an Expect: 100-Continue in the request and not the
    current status code of the request
  * ) mod_dav: Some DAV extensions, like CalDAV, specify both document
    elements and property elements that need to be taken into account
    when generating a property. The document element and property element
    are made available in the dav_liveprop_elem structure by calling
    dav_get_liveprop_element()
  * ) mod_dav: Add utility functions dav_validate_root_ns(),
    dav_find_child_ns(), dav_find_next_ns(), dav_find_attr_ns() and
    dav_find_attr() so that other modules get to play too.
  * ) mpm_event: Restart stopping of idle children after a load peak
  * ) mod_http2: fixes 2 regressions in server limit handling.
    1. When reaching server limits, such as MaxRequestsPerChild, the
    HTTP/2 connection send a GOAWAY frame much too early on new
    connections, leading to invalid protocol state and a client
    failing the request
    The module now initializes the HTTP/2 protocol correctly and
    allows the client to submit one request before the shutdown
    via a GOAWAY frame is being announced.
    2. A regression in v1.15.24 was fixed that could lead to httpd
    child processes not being terminated on a graceful reload or
    when reaching MaxConnectionsPerChild. When unprocessed h2
    requests were queued at the time, these could stall.
    See <https://github.com/icing/mod_h2/issues/212>.
  * ) mod_ssl: Add build support for OpenSSL v3
  * ) mod_proxy_connect: Honor the smallest of the backend or client timeout
    while tunneling
  * ) mod_proxy: SetEnv proxy-nohalfclose (or alike) allows to disable TCP
    half-close forwarding when tunneling protocols
  * ) core: Be safe with ap_lingering_close() called with a socket NULL-ed by
    a third-party module.  PR 65627.
  * ) mod_md: Fix memory leak in case of failures to load the private key.
  * ) mod_md: adding v2.4.8 with the following changes
  - Added support for ACME External Account Binding (EAB).
    Use the new directive `MDExternalAccountBinding` to provide the
    server with the value for key identifier and hmac as provided by
    your CA.
    While working on some servers, EAB handling is not uniform
    across CAs. First tests with a Sectigo Certificate Manager in
    demo mode are successful. But ZeroSSL, for example, seems to
    regard EAB values as a one-time-use-only thing, which makes them
    fail if you create a seconde account or retry the creation of the
    first account with the same EAB.
  - The directive 'MDCertificateAuthority' now checks if its parameter
    is a http/https url or one of a set of known names. Those are
    'LetsEncrypt', 'LetsEncrypt-Test', 'Buypass' and 'Buypass-Test'
    for now and they are not case-sensitive.
    The default of LetsEncrypt is unchanged.
  - `MDContactEmail` can now be specified inside a `<MDomain dnsname>`
    section.
  - Treating 401 HTTP status codes for orders like 403, since some ACME
    servers seem to prefer that for accessing oders from other accounts.
  - When retrieving certificate chains, try to read the repsonse even
    if the HTTP Content-Type is unrecognized.
  - Fixed a bug that reset the error counter of a certificate renewal
    and prevented the increasing delays in further attempts.
  - Fixed the renewal process giving up every time on an already existing
    order with some invalid domains. Now, if such are seen in a previous
    order, a new order is created for a clean start over again.
    See <https://github.com/icing/mod_md/issues/268>
  - Fixed a mixup in md-status handler when static certificate files
    and renewal was configured at the same time.
  * ) mod_md: values for External Account Binding (EAB) can
    now also be configured to be read from a separate JSON
    file. This allows to keep server configuration permissions
    world readable without exposing secrets.
  * ) mod_proxy_uwsgi: Remove duplicate slashes at the beginning of PATH_INFO.

==== apache2-utils ====
Version update (2.4.51 -> 2.4.52)

- version update to 2.4.52:
  * fix CVE-2021-44224: NULL dereference or SSRF in forward proxy
    configurations [boo#1193943]
  * fix CVE-2021-44790: buffer overflow when parsing multipart
    content in mod_lua [boo#1193942]
  * ) http: Enforce that fully qualified uri-paths not to be forward-proxied
    have an http(s) scheme, and that the ones to be forward proxied have a
    hostname, per HTTP specifications.
  * ) OpenSSL autoconf detection improvement: pick up openssl.pc in the
    already sent it to the client.
  * ) mod_http: Correctly sent a 100 Continue status code when sending an interim
    response as result of an Expect: 100-Continue in the request and not the
    current status code of the request
  * ) mod_dav: Some DAV extensions, like CalDAV, specify both document
    elements and property elements that need to be taken into account
    when generating a property. The document element and property element
    are made available in the dav_liveprop_elem structure by calling
    dav_get_liveprop_element()
  * ) mod_dav: Add utility functions dav_validate_root_ns(),
    dav_find_child_ns(), dav_find_next_ns(), dav_find_attr_ns() and
    dav_find_attr() so that other modules get to play too.
  * ) mpm_event: Restart stopping of idle children after a load peak
  * ) mod_http2: fixes 2 regressions in server limit handling.
    1. When reaching server limits, such as MaxRequestsPerChild, the
    HTTP/2 connection send a GOAWAY frame much too early on new
    connections, leading to invalid protocol state and a client
    failing the request
    The module now initializes the HTTP/2 protocol correctly and
    allows the client to submit one request before the shutdown
    via a GOAWAY frame is being announced.
    2. A regression in v1.15.24 was fixed that could lead to httpd
    child processes not being terminated on a graceful reload or
    when reaching MaxConnectionsPerChild. When unprocessed h2
    requests were queued at the time, these could stall.
    See <https://github.com/icing/mod_h2/issues/212>.
  * ) mod_ssl: Add build support for OpenSSL v3
  * ) mod_proxy_connect: Honor the smallest of the backend or client timeout
    while tunneling
  * ) mod_proxy: SetEnv proxy-nohalfclose (or alike) allows to disable TCP
    half-close forwarding when tunneling protocols
  * ) core: Be safe with ap_lingering_close() called with a socket NULL-ed by
    a third-party module.  PR 65627.
  * ) mod_md: Fix memory leak in case of failures to load the private key.
  * ) mod_md: adding v2.4.8 with the following changes
  - Added support for ACME External Account Binding (EAB).
    Use the new directive `MDExternalAccountBinding` to provide the
    server with the value for key identifier and hmac as provided by
    your CA.
    While working on some servers, EAB handling is not uniform
    across CAs. First tests with a Sectigo Certificate Manager in
    demo mode are successful. But ZeroSSL, for example, seems to
    regard EAB values as a one-time-use-only thing, which makes them
    fail if you create a seconde account or retry the creation of the
    first account with the same EAB.
  - The directive 'MDCertificateAuthority' now checks if its parameter
    is a http/https url or one of a set of known names. Those are
    'LetsEncrypt', 'LetsEncrypt-Test', 'Buypass' and 'Buypass-Test'
    for now and they are not case-sensitive.
    The default of LetsEncrypt is unchanged.
  - `MDContactEmail` can now be specified inside a `<MDomain dnsname>`
    section.
  - Treating 401 HTTP status codes for orders like 403, since some ACME
    servers seem to prefer that for accessing oders from other accounts.
  - When retrieving certificate chains, try to read the repsonse even
    if the HTTP Content-Type is unrecognized.
  - Fixed a bug that reset the error counter of a certificate renewal
    and prevented the increasing delays in further attempts.
  - Fixed the renewal process giving up every time on an already existing
    order with some invalid domains. Now, if such are seen in a previous
    order, a new order is created for a clean start over again.
    See <https://github.com/icing/mod_md/issues/268>
  - Fixed a mixup in md-status handler when static certificate files
    and renewal was configured at the same time.
  * ) mod_md: values for External Account Binding (EAB) can
    now also be configured to be read from a separate JSON
    file. This allows to keep server configuration permissions
    world readable without exposing secrets.
  * ) mod_proxy_uwsgi: Remove duplicate slashes at the beginning of PATH_INFO.

==== cantarell-fonts ====
Version update (0.301 -> 0.303.1)

- Update to version 0.303.1:
  + Add missing font.
- Changes from version 0.303:
  + Actually update the version number in the fonts.
- Changes from version 0.302:
  + Maintenance release: Make the variable font the default, only
    build statics on demand. Also build two packages with variable
    and static fonts. Packagers can chose the statics package if
    they run into problems with the variable font, but you should
    probably not install both at the same time.
  + Amended OS/2 super- and subscript values so that new Pango can
    use them properly.
  + Update production names for Jacute, bulletoperator,
    commercialMinusSign, divisionslash, notidentical,
    ringcomb_acutecomb and ringcomb_acutecomb.case.
  + Updated appstream translations.

==== epiphany ====
Version update (41.2 -> 41.3)
Subpackages: epiphany-lang gnome-shell-search-provider-epiphany

- Update to version 41.3:
  + Fix Reload buttons on error pages.
  + Fix delete button in about:applications.

==== fwupd ====
Version update (1.6.4 -> 1.7.3)
Subpackages: fwupd-lang libfwupd2 typelib-1_0-Fwupd-2_0

- Update to version 1.7.3:
  * This release adds the following features:
    + Add a sync-bkc subcommand to ensure a known set of firmware
    versions
    + Add FuArchiveFirmware for plugins that use archives as
    firmware files
    + Add quirkable page and sector size properties to FuCfiDevice
    + Make Upower and powerd support optional
  * This release fixes the following bugs:
    + Add some sanity checks to the elanfp firmware parser
    + Add the CFI JEDEC instance ID if using the vendor-extended
    version
    + Check the value range when parsing the quirk keys
    + Do not wait for a USB runtime if will-disappear is set
    + Enable the MOTD integration when using pam_motd
    + Fix DFU regression when merging the FuProgress work
    + Fix running the tests when fwupd is not installed
    + Fix the GLib error message when inotify max_user_instances is
    too low
    + Fix VLI VL820Q7 detection to fix flashing of the Lenovo TBT3
    dock
    + Ignore a USB error for STM32 attach when the device goes away
    + Make the HSI tests optional for embedded targets
    + Make the plugin startup order deterministic
    + Set Thunderbolt ports offline on host controller
    + Use endian-safe version functions when enumerating Logitech
    hardware
    + Use lowercase flag names in intel-spi to prevent a runtime
    warning
    + Wait for the System76 Launch device to come back from DFU
    mode
  * This release adds support for the following hardware:
    + Most Nordic Semiconductor nRF Secure devices
- Fix build when not on TW: add BR protobuf-c
- Fix build issue in spec
  (references to libfwupdplugin2 -> libfwupdplugin5)

==== gnome-shell ====
Subpackages: gnome-extensions gnome-shell-calendar gnome-shell-lang

- Add gnome-shell-exit-crash-workaround.patch:
  + Backport from Ubuntu, This is a workaround to maintain a clean
    environment for gnome-shell and particularly JavaScript/GJS to
    shutdown without crashing.
  + Proper fixes are still pending
    https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1759
    https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/648
    (bsc#1190878 glgo#GNOME/gnome-shell#4344).

==== harfbuzz ====
Version update (3.1.1 -> 3.2.0)
Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 libharfbuzz0-32bit typelib-1_0-HarfBuzz-0_0

- Update to 3.2.0:
  + Fixed shaping of Apple Color Emoji flags in right-to-left context
  + Fixed positioning of CFF fonts in HB_TINY profile
  + OpenType 1.9 language tags update
  + Add HB_NO_VERTICAL config option
  + Add HB_CONFIG_OVERRIDE_H for easier configuration
  + Improved packing of cmap, loca, and Ligature tables
  + Significantly improved overflow-resolution strategy in the repacker
- Update to 3.1.2:
  + hb-shape / hb-view: revert treating text on the commandline as
    single paragraph (was introduced in 3.0.0); add new
  - -single-par to do that
  + Subsetter bug fixes

==== libinput ====
Version update (1.19.2 -> 1.19.3)
Subpackages: libinput-udev libinput10

- Update to release 1.19.3
  * quirks: add ModelBouncingKeys for A4Tech X-710BK Mouse
  * quirks: Dell 15R touchpad settings for firmware v3
  * quirks: change touchpad pressure on Lenovo Yoga 2 Pro
  * gestures: cancel hold gestures on thumb detection

==== libqt5-qtwayland ====
Version update (5.15.2+kde34 -> 5.15.2+kde37)
Subpackages: libQt5WaylandClient5 libQt5WaylandCompositor5

- Update to version 5.15.2+kde37:
  * Fix backport, context destruction was omitted
  * Client: do not empty clipboard when a new popup/window is opened
  * Wayland client: use wl_keyboard to determine active state
- Add patch to fix crashes triggered by unintentional actions when
  showing a window (kde#421700):
  * 0001-Client-Avoid-processing-of-events-when-showing-windo.patch

==== librsvg ====
Version update (2.52.4 -> 2.52.5)
Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0

- Update to version 2.52.5:
  + Fix mangled output in rsvg-convert when redirecting output to
    a pipe on Windows.
  + When outputting to SVG, rsvg-convert now uses the width/height
    units specified in the command line; it always used pixels
    before.
  + Fix incorrect top/left margins for SVG/PS/EPS/PDF output.
  + Fix incorrect placement of glyphs when text has non-uniform
    scaling in the X/Y axes. This is not a librsvg bug, but is
    fixed by Pango 1.49.3 and later. Hopefully Pango 1.48.11 will
    be released soon with this fix as well. Note that this release
    of librsvg cannot increase the minimum Pango version to 1.48.11
    because it is not released yet.
  + Miscellaneous: Updated crate dependencies: assert_cmd, cast,
    clap cssparser, float-cmp, itertools, nalgebra, png, proptest,
    rctree, selectors, system-deps.

==== libstorage-ng ====
Version update (4.4.66 -> 4.4.68)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1

- merge gh#openSUSE/libstorage-ng#851
- updated pot and po files
- 4.4.68
- merge gh#openSUSE/libstorage-ng#850
- extended callbacks for probing problems
- 4.4.67

==== live555 ====
Version update (2021.11.23 -> 2021.12.18)
Subpackages: libBasicUsageEnvironment1 libUsageEnvironment3 libgroupsock30 libliveMedia102

- Update to version 2021.12.18:
  + Fixed a bug in the way that "RTSPClient" handles its two
    separate TCP connections when it does RTSP-over-HTTP.
  + Updated "RTPInterface::sendDataOverTCP()" so that if it's
    necessary to do a blocking send(), we call
    "makeSocketNonBlocking()" immediately after the call to
    "send()".
  + Performed the annual update of the copyright years near the
    start of each file.
- update to 2021.12.07:
  - Added #ifndef NO_OPENSSL/#endif around "#include <openssl/err.h>" in
    "liveMedia/TLSState.cpp", so that the code will compile if you're compiling
    with no OpenSSL headers, and NO_OPENSSL
    defined.

==== mutter ====
Subpackages: mutter-lang

- Add mutter-allow-disable-hardware-cursors.patch: Add a debug
  environment variable MUTTER_DEBUG_DISABLE_HW_CURSORS to disable
  hardware cursors and force using software cursors to avoid some
  driver or hardware bug (glgo#GNOME/mutter#2045,
  glgo#GNOME/mutter!2150).

==== openvpn ====
Version update (2.5.4 -> 2.5.5)

- update to 2.5.5:
  * SWEET32/64bit cipher deprecation change was postponed to 2.7
  * improve "make check" to notice if "openvpn --show-cipher" crashes
  * improve argv unit tests
  * ensure unit tests work with mbedTLS builds without BF-CBC ciphers
  * include "--push-remove" in the output of "openvpn --help"
  * fix error in iptables syntax in example firewall.sh script
  * fix "resolvconf -p" invocation in example "up" script
  * fix "common_name" environment for script calls when
    "--username-as-common-name" is in effect (Trac #1434)
  * move "push-peer-info" documentation from "server options" to "client"
  * correct "foreign_option_{n}" typo in manpage
  * README.down-root: fix plugin module name

==== php7 ====
Version update (7.4.26 -> 7.4.27)
Subpackages: php7-cli php7-ctype php7-dom php7-gd php7-gettext php7-iconv php7-json php7-mbstring php7-mysql php7-openssl php7-pdo php7-sqlite php7-tokenizer php7-xmlreader php7-xmlwriter

- updated to 7.4.27: This is a bug fix release. See
  https://www.php.net/ChangeLog-7.php#7.4.27

==== python-chardet ====

- pytest-runner is not required for build

==== remmina ====
Version update (1.4.22 -> 1.4.23)
Subpackages: remmina-lang remmina-plugin-rdp remmina-plugin-secret remmina-plugin-vnc

- Updated to remmina version 1.4.23
  * Patch for a Remmina segfault and stats code cleaning !2358
  * Make Appindicator optional !2359
  * Added check-box to force tight encoding for VNC connections !2360
  * remote resolution: use multiple of four !2353
  * Add Keyboard mapping per client RDP !2361
  * Improve TLS error message, fixes #2364 (closed) !2362
  * Triage policy language reworked !2363

==== squid ====
Version update (5.2 -> 5.3)

- update to 5.3:
  * Bug 5169: StoreMap.cc:517 "!s.reading()" assertion
  * Bug 5158: AnyP::Uri::host() mishandles [escaped] IPv6 addresses
  * Bug 5060: Parallel builds are not reliable
  * Documentation updates for logformat directive

==== suse-module-tools ====
Version update (16.0.16 -> 16.0.17)

- Update to version 16.0.17:
  * 60-io-scheduler.rules: add rules for virtual devices
    (boo#1193759)
  * 60-io-scheduler.rules: enforce "none" for loop devices
    (boo#1193759)
  * install some modprobe.d files only for relevant architectures
    (apm_bios, sonypi, toshiba, legacy rtc) (bsc#1192974)

==== xxhash ====

- fix racy check execution

==== yast2 ====
Version update (4.4.30 -> 4.4.31)
Subpackages: yast2-logs

- Do not reinitialize the packaging system during offline
  upgrade (bsc#1193784 and bsc#1192437).
- 4.4.31

==== yast2-storage-ng ====
Version update (4.4.27 -> 4.4.28)

- Partitioner: added a warning if a required mount option, eg.
  _netdev, is missing in a mount point (jsc#SLE-20535).
- 4.4.28