Packages changed:
  btrfsmaintenance
  dhcp (4.3.5 -> 4.4.2)
  elfutils (0.182 -> 0.183)
  fuse3 (3.10.1 -> 3.10.2)
  json-glib (1.6.0 -> 1.6.2)
  libcap (2.47 -> 2.48)
  procps (3.3.16 -> 3.3.17)
  python-Jinja2 (2.11.2 -> 2.11.3)
  python-cffi (1.14.4 -> 1.14.5)
  python-cryptography (3.3.1 -> 3.3.2)
  python-idna (2.10 -> 3.1)
  python-pyrsistent
  python-pytz (2020.5 -> 2021.1)
  python-pyzmq (20.0.0 -> 22.0.3)
  reiserfs
  salt
  system-users
  sysuser-tools
  util-linux
  util-linux-systemd
  xen (4.14.1_08 -> 4.14.1_11)

=== Details ===

==== btrfsmaintenance ====

- Require libzypp plugin only if zypper is used (Required for e.g.
  image based systems).

==== dhcp ====
Version update (4.3.5 -> 4.4.2)
Subpackages: dhcp-client

- update to 4.4.2:
  * Please note that that ISC DHCP is now licensed under the Mozilla Public
  License, MPL 2.0.
  In general, the areas of focus for ISC DHCP 4.4 were:
  1. Dynamic DNS additions
  2. dhclient improvements
  3. Support for dynamic shared libraries
  * Added the interface name to socket initialization failure log messages.
    Prior to this the log messages stated only the error reason without
    stating the target interface.
  * Corrected buffer pointer logic in dhcrelay functions that manipulate
    agent relay options. Thanks to Thomas Imbert of MSRC Vulnerabilities
    & Mitigations for reporting the issue.
  * Corrected unresolved symbol errors building relay_unittests when
    configured to build using libtool.
  * A new configuration parameter, ping-cltt-secs (v4 operation only), has
    been added to allow the user to specify the number of seconds that must
    elapse since CLTT before a ping check is conducted.  Prior to this, the
    value was hard coded at 60 seconds.  Please see the server man pages for
    a more detailed discussion.
  * A new configuration parameter, ping-timeout-ms (v4 operation only),
    has been added that allows the user to specify the amount of time
    the server waits for a ping-check response in milliseconds rather
    than in seconds (via ping-timeout). When greater than zero, the value
    of ping-timeout-ms will override the value of ping-timeout.  Thanks
    to Jay Doran from Bluecat Networks for suggesting this feature.
  * An experimental tool called, Keama (KEA Migration Assistant), which helps
    translate ISC DHCP configurations to Kea configurations, is now included
    in the distribution.
  * Corrected a misuse of the BIND9 DDNS API which caused DDNS updates to be
    carried out over TCP rather than UDP. The coding error was exposed by
    migration to BIND9 9.11.  Thanks to Jinmei Tatuya at Infoblox for
    reporting the issue.
  * Bind9 now defaults to requiring python to build. The Makefile for
    building Bind9 when bundled with ISC DHCP was modified to turn off
    this dependency.
  * Corrected a dual-stack mixed-mode issue that occurs when both
    ddns-guard-id-must-match and ddns-other-guard-is-dynamic
    are enabled and that caused the server to incorrectly interpret
    the presence of a guard record belonging to another client as
    a case of no guard record at all.  Thanks to Fernando Soto
    from BlueCat Networks for reporting this issue.
  * Corrected a compilation issue that occurred when building without DNS
    update ability (e.g. by undefining NSUPDATE).
  * Corrected an issue that was causing the server, when running in
    DHPCv4 mode, to segfault when class lease limits are reached.
    Thanks to Peter Nagy at Porion-Digital for reporting the matter
    and submitting a patch.
  * Made minor changes to eliminate warnings when compiled with GCC 9.
    Thanks to Brett Neumeier for bringing the matter to our attention.
  * Fixed potential memory leaks in parser error message generation
    spotted by Coverity, CIDs: 1448191, 1448193, 1448194, 1448195
  * Updated URL of IEEE oui.txt in contrib/dhcp-lease-list.pl. Thanks
    to Tommy Smith for contributing the patch.
  * Fixed define flags when using SO_BINDTODEVICE. Thanks to Joe LeVeque for
    reporting the issue.
  * Applied a patch from OpenBSD to always set the scope id of outbound
    DHPCv6 packets.  Note this change only applies when compiling under
    OpenBSD.  Thanks to Brad Smith at OpenBSD from bringing it to our
    attention.
  * Modified dhclient to not discard config file leases that are
    duplicates of server-provided leases and to retain such leases
    after they have been used as the fallback active lease and
    DHCP service has been restored.  This allows them to be used
    more than once during the lifetime of a dhclient instance.
    This applies to DHCPv4 operation only.
  * Corrected a number of reference counter and zero-length buffer leaks.
    Thanks to Christopher Ertl of MSRC Vulnerabilities & Mitigations for
    pointing them out.
  * Closed a small window of time between the installation of graceful
    shutdown signal handlers and application context startup, during which
    the receipt of shutdown signal would cause a REQUIRE() assertion to
    occur.  Note this issue is only visible when compiling with
    ENABLE_GENTLE_SHUTDOWN defined.
  * Corrected a buffer overflow that can occur when retrieving zone
    names that are more than 255 characters in length.
  * The "d" domain name option format was incorrectly handled as text
    instead of RFC 1035 wire format. Thanks to Jay Doran at BlueCat Networks
    for reporting this issue.
  * Improved the error message issued when a host declaration has both
    a uid and a dhcp-client-identifier. Server configuration parsing will
    now fail if a host declaration specifies more than one uid.
  * Updated developer's documentation on building and running unit tests.
    Removed support for --with-atf=bind as BIND9 no longer bundles in ATF
    source.
  * Fixed a syntax error in ldap.c which cropped up under Ubuntu
    18.04.1/gcc 7.4.0. Thanks to Charles Hedrick for pointing it out.
  * Added clarification to dhcp-options.5 section on ip-address values
    describing the first-use DNS resolution of options with hostnames as
    values (e.g. next-server).
  * The option format for the server option omapi-key was changed to a
    format type 'k' (key name); while server options ldap-port and
    ldap-init-retry were changed to 'L' (unsigned 32-bit integer). These
    three options were inadvertantly broken when the 'd' format content
    was changed to comply with RFC 1035 wire format (see Gitlab #2).
  * A delayed-ack value of 0 (the default), now correctly disables the delayed
    feature.  A change in 4.4.0 prohibited lease updates marking leases active
    from be written to the lease file when delayed-ack is 0. This in turn,
    caused servers to lose active lease assignments upon restart.
  ! Option reference count was not correctly decremented in error path
    when parsing buffer for options. Reported by Felix Wilhelm, Google
    Security Team.
    CVE: CVE-2018-5733
  ! Corrected an issue where large sized 'X/x' format options were causing
    option handling logic to overwrite memory when expanding them to human
    readable form. Reported by Felix Wilhelm, Google Security Team.
    CVE: CVE-2018-5732
  * Added use of new Bind9 compatibility header files, that are now necessary
    to supply type definitions for primitive data types, removed from Bind9
    proper.  Altered util/bind.sh to pull from Bind9 repo on gitlab.
  * Duplicate address detection when binding to a new IPv6 address was added
    to the following dhclient scripts: linux,freebsd,netbsd,openbsd, and macos.
    The scripts will check for DAD errors after binding to a new IPv6 address
    for at most --dad-wait-time seconds.  If a DAD error is detected the script
    will exit with a value of 3, instructing dhclient to decline the address. If
    dad-wait-time is zero (the default), DAD error checking is not peformed.
  * Support for sending and receiving additional DHCP4 options has been added
    to both the dhcpd and dhclient.  Specifically: option codes 93,94, and 97
    (RFC 4578); code 150 (RFC 5859); and codes 209,219, and 211 (RFC 5071).
    Beyond configuring, sending, requesting, and receiving these options neither
    server nor client apply any additional logic based on their values.
    Thanks to Peter Lewis for requesting this change.
  * Added clarifying text to dhcpd.conf.5 explaining the class match expressions
    cannot rely on the results of executable statements.
  * Fixed a bug which causes dhcpd and dhclient to crash on certain
    systems when given relative path names for lease or pid files on
    the command line.  Affected systems are those on which the C library
    function, realpath() does not support a second parameter value of
    NULL (see manpages for realpath(3)).
  * Fixed a build issue when building with embedded BIND9 under OpenBSD that
    was causing BIND9 build to not generate dns/enumclass.h and dns/enumtype.h.
  * Added <dhcp>/m4/README to the distribution tarball.  Some versions of
    ac_local() treat the absence of the m4 subdirectory as error rather than
    warning.  This was causing the call to autoreconf, necessary for building
    with libtool, to fail.
  * Added experimental support for relay port (draft-ietf-dhc-relay-port-10.txt)
    feature for DHCPv4, DHCPv6 and DHCPv4-over-DHCPv6.  Relay port has to be
    enabled at compile time via --enable-relay-port and is fully backward
    compatible (i.e. works with previous implementations of servers and relays
    using the standard ports).  A new --rp <relay-port> command line option
    specifies to dhcrelay an alternate source port for upstream (i.e. toward
    the server) messages.  Thanks to Naiming Shen and Enke Chen of Cisco
    systems for submitting these patches.
  * Added --release-on-roam to dhcpd server. When enabled and the server detects
    that a DHCPv6 client (IAID+DUID) has roamed to a new network, it will release
    the pre-existing leases on the old network and emit a log statement similar
    to the following:
    "Client: <id> roamed to new network, releasing lease: <address>"
    The server will carry out all of the same steps that would normally occur
    when a client explicitly releases a lease.  This behavior is disabled by
    default and may only be specified globally. Prior to this the server renders
    the leases unavailable until they expire or the server is restarted. Clients
    that need leases in multiple networks must supply a unique IAID in each IA.
    When release-on-roam is disabled (the default) the server maintains the
    prior behavior of making such leases unavailable until they expire or the
    server is restarted. Clients that need leases in multiple networks must
    supply a unique IAID in each IA.  This parameter may only be specified at
    the global level.  Thanks to Fernando Soto from BlueCat Networks for
    suggesting this change.
  * Support for delayed-ack is now compiled in by default. Prior to this
    it had to be enabled at compile time via --enable-delayed-acks. The
    default value for delayed-ack, however, has been changed from 28 to 0
    (i.e. disabled).  This was done to minimize the impact on users not
    currently using the feature.  Please note that the delayed-ack feature
    is not currently compatible with support for DHPCv4-over-DHCPv6 so
    when a 4to6 port command line argument enables this in the server the
    delayed-ack value is reset to 0.
  * Added to the server (-6) a new statement, local-address6, which specifies
    the source address of packets sent by the server. An additional flag,
    bind-local-address6, disabled by default, binds the service socket to
    to local-address6. Note that bind-local-address does not work with direct
    clients: a relay has to forward packets to the server using the
    local-address6 destination.
  * The server now recognizes environment variables PATH_DHCPD_DB and
    PATH_DHCPD_PID.  These had been incorrectly compiled out of the code
    unless DHCPv6 support was disabled. Additionally, the server man
    pages were corrected to accurately reflect how the server chooses
    file names (see lease-file-name and pid-file-name statements). Thanks
    to Fernando Soto at Bluecat Networks for bringing this matter to our
    attention.
  * Removed an "Impossible condition" error upon exit in the dhcpd server that
    has been shutdown via OMAPI. This condition was only apparent under Solaris
    when building with --enable-use-sockets and --enable-ipv4-pktinfo.
  * Corrected some minor Coverity issues: CID 1426059, 1426058, and 1426057.
  * Added missing text to dhclient.8 and expanded release note coverage
    for --address-prefix-len changes.
- remove dhcp-CVE-2019-6470.patch,
  0013-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch: merged upstream
- 0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch
  0009-dhcp-4.2.6-close-on-exec.patch
  0016-infiniband-support.patch
  0018-client-fail-on-script-pre-init-error-bsc-912098.patch
  0021-dhcp-ip-family-symlinks.patch: refresh against newer code base
- build with --enable-log-pid (log pid) and enable-binary-leases (faster
  binary looup for large leases files)

==== elfutils ====
Version update (0.182 -> 0.183)
Subpackages: libasm1 libdw1 libelf1

- Update to version 0.183:
  debuginfod: New thread-busy metric and more detailed error metrics.
    New --fdcache-mintmp and tracking of filesystem freespace.
    New increased webapi concurrency while grooming.
  debuginfod-client: DEBUGINFOD_SONAME macro added to debuginfod.h which
    can be used to dlopen the libdebuginfod.so library.
    New function debuginfod_set_verbose_fd and
    DEBUGINFOD_VERBOSE environment variable.
  config: profile.sh and profile.csh won't export DEBUGINFOD_URLS unless
    configured --enable-debuginfod-urls[=URLS]
  elflint, readelf: Recognize SHF_GNU_RETAIN.
    Handle SHT_X86_64_UNWIND as valid relocation target.
- Remove config-do-not-define-DEBUGINFOD_URLS-environment-var.patch patch.

==== fuse3 ====
Version update (3.10.1 -> 3.10.2)

- Update to release 3.10.2
  * Allow "nonempty" as a mount option, for backwards
    compatibility with fusermount 2. The option has no effect
    since mounting over non-empty directories is allowed by default.
  * FUSE filesystems can now be mounted underneath EXFAT
    mountpoints.

==== json-glib ====
Version update (1.6.0 -> 1.6.2)

- Update to version 1.6.2:
  + Fix build reproducibility.
  + Fix parsing of UTF-16 surrogate pairs.
  + Ignore UTF-8 BOM.

==== libcap ====
Version update (2.47 -> 2.48)

- update to 2.48:
  * More uniform use of $(MAKE) in Makefiles
  * No longer include symlinks in the git tree
  * Provide support for make GOLANG=no ...
  * Provide support for pointing at a specific build of the go binary
  * camelCase the contrib/seccomp/explore.go program
  * A number of documentation fixes to man pages and source code comments
  * Last use of GO major version 0

==== procps ====
Version update (3.3.16 -> 3.3.17)
Subpackages: libprocps8

- Add /usr/share/man/uk dir to file list for lang sub package
- Fix directory for Ukrainian man pages translations.
- Move localized man pages to lang package.
- Remove obsolete conditionals.
- Remove obsolete --enable-oomem option.
- Run spec-cleaner.
- Update to procps-ng-3.3.17
  * library: Incremented to 8:3:0
    (no removals or additions, internal changes only)
  * all: properly handle utf8 cmdline translations         issue #176
  * kill: Pass int to signalled process                    merge #32
  * pgrep: Pass int to signalled process                   merge #32
  * pgrep: Check sanity of SG_ARG_MAX                      issue #152
  * pgrep: Add older than selection                        merge #79
  * pidof: Quiet mode                                      merge #83
  * pidof: show worker threads                             Redhat #1803640
  * ps.1: Mention stime alias                              issue #164
  * ps: check also match on truncated 16 char comm names
  * ps: Add exe output option                              Redhat #1399206
  * ps: A lot more sorting available                       merge #99
  * pwait: New command waits for a process                 merge #97
  * sysctl: Match systemd directory order                  Debian #950788
  * sysctl: Document directory order                       Debian #951550
  * top: ensure config file backward compatibility         Debian #951335
  * top: add command line 'e' for symmetry with 'E'        issue #165
  * top: add '4' toggle for two abreast cpu display        issue #172
  * top: add '!' toggle for combining multiple cpus
  * top: fix potential SEGV involving -p switch            merge #114
  * vmstat: Wide mode gives wider proc columns             merge #48
  * watch: Add environment variable for interval           merge #62
  * watch: Add no linewrap option                          issue #182
  * watch: Support more colors                             merge #106,#109
  * free,uptime,slabtop: complain about extra ops          issue #181
- Remove now obsolete upstream patches
  * procps-check-sanity-of-SC_ARG_MAX.patch
  * procps-ng-3e1c00d0.patch
- Port patches
  * procps-ng-3.3.10-integer-overflow.patch
  * procps-ng-3.3.10-large_pcpu.patch
  * procps-ng-3.3.8-accuracy.dif
  * procps-ng-3.3.8-bnc634840.patch
  * procps-ng-3.3.8-petabytes.patch
  * procps-ng-3.3.8-tinfo.dif
  * procps-ng-3.3.9-w-notruncate.diff
  * procps-v3.3.3-read-sysctls-also-from-boot-sysctl.conf-kernelversion.diff

==== python-Jinja2 ====
Version update (2.11.2 -> 2.11.3)

- update to 2.11.3
  * Improve the speed of the urlize filter by reducing regex backtracking.
    Email matching requires a word character at the start of the domain part
    and only word characters in the TLD (CVE-2020-28493 bsc#1181944).

==== python-cffi ====
Version update (1.14.4 -> 1.14.5)

- update to 1.14.5:
  * Source fix for old gcc versions

==== python-cryptography ====
Version update (3.3.1 -> 3.3.2)

- update to 3.3.2:
  * SECURITY ISSUE: Fixed a bug where certain sequences of update()
    calls when symmetrically encrypting very large payloads (>2GB) could
    result in an integer overflow, leading to buffer overflows.
    CVE-2020-36242

==== python-idna ====
Version update (2.10 -> 3.1)

- update to 3.1:
  - Ensure license is included in package (Thanks, Julien Schueller)
  - No longer mark wheel has universal (Thanks, Matthieu Darbois)
  - Test on PowerPC using Travis CI
  - Python 2 is no longer supported (the 2.x branch supports Python 2,
    use "idna<3" in your requirements file if you need Python 2 support)
  - Support for V2 UTS 46 test vectors.

==== python-pyrsistent ====

- Remove remnant requirements of six and numpy: These are neither
  used anywhere in the package code, nor in the tests.

==== python-pytz ====
Version update (2020.5 -> 2021.1)

- update to 2021.1:
  * update to IANA 2021a timezone release

==== python-pyzmq ====
Version update (20.0.0 -> 22.0.3)

- Update to 22.0.3
  * Fix fork-safety bug in garbage collection thread (regression
    in 20.0) when using subprocesses.
- Changes in 22.0.1
  * Fix type of Frame.bytes for non-copying recvs with CFFI
    backend (regression in 21.0)
- Changes in 22.0.0
  * This is a major release due to changes in wheels and building
    on Windows. Code changes from 21.0 are minimal.
  * Some typing fixes
  * Bump bundled libzmq to 4.3.4
- Relevant Changes in 21.0
  * pyzmq 21 is a major version bump because of dropped support
    for old Pythons and some changes in packaging. CPython users
    should not face major compatibility issues if installation
    works at all :) PyPy users may see issues with the new
    implementation of send/recv. If you do, please report them!
  The big changes are:
  * drop support for Python 3.5. Python >= 3.6 is required
  * mypy type stubs, which should improve static analysis of
    pyzmq, especially for dynamically defined attributes such as
    zmq constants. These are new! Let us know if you find any
    issues.
  * support for zero-copy and sending bufferables with cffi
    backend. This is experimental! Please report issues.
  Packaging updates:
  * Require Python >= 3.6, required for good type annotation
    support
  * rework cffi backend in setup.py
  New features:
  * zero-copy support in CFFI backend (send(copy=False) now does
    something).
  * Support sending any buffer-interface-providing objects in CFFI
    backend.
  Bugs fixed:
  * Errors during teardown of asyncio Sockets
- Don't test numpy on python36 flavor, because python36-numpy is
  no longer available in Tumbleweed (NEP 29)
- Make sure we use the Cython backend, not CFFI, wich is for PyPy.
  * fixes gh#zeromq/pyzmq#1431 and gh#zeromq/pyzmq#1432
- Remove skip_test_tracker.patch
- Got an oom error on the build service: Require at least 8GB of
  RAM through _constraints file

==== reiserfs ====

- Move soname link to library package

==== salt ====
Subpackages: python3-salt salt-master salt-minion salt-standalone-formulas-configuration

- virt: search for grub.xen path
- Xen spicevmc, DNS SRV records backports:
  Fix virtual network generated DNS XML for SRV records
  Don't add spicevmc channel to xen VMs
- virt UEFI fix: virt.update when efi=True
- Added:
  * virt-uefi-fix-backport-312.patch
  * 3002.2-xen-spicevmc-dns-srv-records-backports-314.patch
  * open-suse-3002.2-xen-grub-316.patch
- Do not crash when unexpected cmd output at listing patches (bsc#1181290)
- Added:
  * do-not-crash-when-unexpected-cmd-output-at-listing-p.patch
- Fix behavior for "onlyif/unless" when multiple conditions (bsc#1180818)
- Added:
  * fix-onlyif-unless-when-multiple-conditions-bsc-11808.patch

==== system-users ====
Subpackages: system-group-hardware system-group-kvm system-user-nobody

- system-user-tss.conf: Remove group entry, not needed and did
  contain syntax errors
- remove duplicate group entry:
  - system-user-tftp.conf
  - system-user-uuidd.conf
  - system-user-uucp.conf
  - system-user-uucp.conf
  - system-user-ftp.conf
  - system-user-games.conf
  - system-user-news.conf

==== sysuser-tools ====

- Don't abort on unbound first argument
- Remove sysusers/nscd workaround
- Use systemd-sysusers only if /proc is mounted, don't require it
- Set --replace option for systemd-sysusers
- Ignore nscd return code
- If systemd-sysusers is used to create a new user/group, invalidate
  the nscd passwd and group cache to make the new user/group
  visible immediately as workaround [bsc#1181121].
  Needs to be removed after sytemd-sysusers get's fixed, since we
  invalidate the cache even if the user/group file wasn't changed.
- An "u" in a sysusers.d file will create an user and a group.
  Create provides for both, user and group.
- Use systemd-sysusers as default to create and update the user
  account. Fixes the problem that a modified sysusers config file
  get's ignored by useradd and adduser [bsc#1180549].

==== util-linux ====
Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1

- libmount: don't use "symfollow" for helpers on user mounts
  (boo#1181750, util-linux-libmount-dont-use-symfollow.patch)
- Override GTKDOCIZE with /bin/true so we can run autoreconf
  without needing gtk-doc as a dependency.

==== util-linux-systemd ====

- libmount: don't use "symfollow" for helpers on user mounts
  (boo#1181750, util-linux-libmount-dont-use-symfollow.patch)
- Override GTKDOCIZE with /bin/true so we can run autoreconf
  without needing gtk-doc as a dependency.

==== xen ====
Version update (4.14.1_08 -> 4.14.1_11)

- bsc#1181921 - GCC 11: xen package fails
  gcc11-fixes.patch
- Drop gcc10-fixes.patch
- Upstream bug fixes (bsc#1027519)
  5fedf9f4-x86-hpet_setup-fix-retval.patch
  5ff458f2-x86-vPCI-tolerate-disabled-MSI-X-entry.patch
  5ff71655-x86-dpci-EOI-regardless-of-masking.patch
  5ffc58e8-x86-ACPI-dont-overwrite-FADT.patch
  600999ad-x86-dpci-do-not-remove-pirqs-from.patch (Replaces xsa360.patch)
  600ab341-x86-vioapic-EOI-check-IRR-before-inject.patch
  6013e4bd-memory-bail-from-page-scrub-when-CPU-offline.patch
  6013e546-x86-HVM-reorder-domain-init-error-path.patch
- bsc#1180491 - "Panic on CPU 0: IO-APIC + timer doesn't work!"
  6011bbc7-x86-timer-fix-boot-without-PIT.patch