Packages changed:
  ceph (16.2.6.462+g5fefbbf8888 -> 16.2.6.463+g22e7612f9ad)
  cups
  dbus-1
  gpg2 (2.2.27 -> 2.3.3)
  installation-images-MicroOS (17.22 -> 17.27)
  librsvg (2.52.3 -> 2.52.4)
  ncurses (6.3.20211115 -> 6.3.20211120)
  python-PyYAML (5.4.1 -> 6.0)
  python-psutil
  toolbox (2.2+git20210823.dd0fff8 -> 2.2+git20211124.09791b1)

=== Details ===

==== ceph ====
Version update (16.2.6.462+g5fefbbf8888 -> 16.2.6.463+g22e7612f9ad)
Subpackages: ceph-common libcephfs2 librados2 librbd1 librgw2 python3-ceph-argparse python3-ceph-common python3-cephfs python3-rados python3-rbd python3-rgw

- Update to 16.2.6-463-g22e7612f9ad:
  + (bsc#1178073) mgr/dashboard: fix downstream NFS doc links
- Preservation of Bugzilla, Jira and CVE citations from earlier incarnations of
  this changes file after double-checking that none of these fixes got lost in
  the pacific rebase:
  + bsc#1163764 (--container-init feature cherry-picked to octopus)
  + bsc#1170200 (mgr/dashboard: Fix for CrushMap viewer items getting compressed vertically)
  + bsc#1172926 (mgr/orchestrator: Sort 'ceph orch device ls' by host)
  + bsc#1173079 (mgr/devicehealth: device_health_metrics pool gets created even without any OSDs in the cluster)
  + bsc#1174466 (mon: have 'mon stat' output json as well)
  + bsc#1174526 (mgr/dashboard: allow getting fresh inventory data from the orchestrator)
  + bsc#1174529 (rpm: on SUSE, podman is required for cephadm to work)
  + bsc#1174644 (cephadm: log to file)
  + bsc#1175120 (downstream branding)
  + bsc#1175161 (downstream branding)
  + bsc#1175169 (downstream branding)
  + bsc#1176390 (mgr/dashboard: enable different URL for users of browser to Grafana)
  + bsc#1176451 (Drop patch "rpm: on SUSE, podman is required for cephadm to work")
  + bsc#1176489 (mgr/cephadm: lock multithreaded access to OSDRemovalQueue)
  + bsc#1176499 (mgr/cephadm: fix RemoveUtil.load_from_store())
  + bsc#1176638 (ceph-volume: batch: call the right prepare method)
  + bsc#1176679 (mgr/dashboard: enable different URL for users of browser to Grafana)
  + bsc#1176828 (cephadm: command_unit: call systemctl with verbose=True)
  + bsc#1177078 (mgr/dashboard: Fix bugs in a unit test and i18n translation)
  + bsc#1177151 (python-common: do not skip unavailable devices)
  + bsc#1177319 (--container-init feature cherry-picked to octopus)
  + bsc#1177344 (mgr/dashboard: support Orchestrator and user-defined Ganesha cluster)
  + bsc#1177360 (cephadm: silence "Failed to evict container" log msg)
  + bsc#1177450 (ceph-volume: don't exit before empty report can be printed)
  + bsc#1177643 (Revert "spec: Podman (temporarily) requires apparmor-abstractions on suse")
  + bsc#1177676 (cephadm: allow uid/gid == 0 in copy_tree, copy_files, move_files)
  + bsc#1177843 (CVE-2020-25660)
  + bsc#1177857 (mgr/cephadm: upgrade: fail gracefully, if daemon redeploy fails)
  + bsc#1177933 (cephadm: configure journald as the logdriver)
  + bsc#1178531 (cephadm: set default container_image to registry.suse.com/ses/7/ceph/ceph)
  + bsc#1178837 (rgw: cls/user: set from_index for reset stats calls)
  + bsc#1178860 (mgr/dashboard: Disable TLS 1.0 and 1.1)
  + bsc#1178905 (CVE-2020-25678)
  + bsc#1178932 (cephadm: reference the last local image by digest)
  + bsc#1179016 (rpm: require smartmontools on SUSE)
  + bsc#1179452 (mgr/insights: Test environment requires 'six')
  + bsc#1179526 (rgw: during GC defer, prevent new GC enqueue)
  + bsc#1179569 (cephadm: reference the last local image by digest)
  + bsc#1179802 (CVE-2020-27781)
  + bsc#1179997 (CVE-2020-27839)
  + bsc#1180107 (ceph-volume: pass --filter-for-batch from drive-group subcommand)
  + bsc#1180155 (CVE-2020-27781)
  + bsc#1181291 (mgr/cephadm: alias rgw-nfs -> nfs)
  + bsc#1182766 (cephadm: fix 'inspect' and 'pull')
  + bsc#1183074 (CVE-2021-20288)
  + bsc#1183561 (mgr/cephadm: on ssh connection error, advice chmod 0600)
  + bsc#1183899 (bluestore: fix huge reads/writes at BlueFS)
  + bsc#1184231 (cephadm: Allow to use paths in all <_devices> drivegroup sections)
  + bsc#1184517 (cls/rgw: look for plane entries in non-ascii plain namespace too)
  + bsc#1185246 (rgw: check object locks in multi-object delete)
  + bsc#1185619 (CVE-2021-3524)
  + bsc#1185619 (CVE-2021-3524)
  + bsc#1186020 (CVE-2021-3531)
  + bsc#1186021 (CVE-2021-3509)
  + bsc#1186348 (mgr/zabbix: adapt zabbix_sender default path)
  + bsc#1188979 ("mgr/cephadm: pass --container-init to "cephadm deploy" if specified" and "Revert "cephadm: default container_init to False")
  + bsc#1189173 (downstream branding)
  + jsc#SES-1071 (ceph-volume: major batch refactor - upstream PR#34740)
  + jsc#SES-185 (SES support with cache software)
  + jsc#SES-704 (mgr/snap_schedule)

==== cups ====
Subpackages: cups-config libcups2

- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
  * harden_cups.service.patch

==== dbus-1 ====
Subpackages: libdbus-1-3

- Add CONFIG parameter to %sysusers_generate_pre
- Added BuildRequires alts for libalternatives.
- Fixed spec file regarding removing old update-alternatives
  entries.
- Use libalternatives instead of update-alternatives.

==== gpg2 ====
Version update (2.2.27 -> 2.3.3)

- GnuPG 2.3.3:
  * agent: Fix segv in GET_PASSPHRASE (regression)
  * dirmngr: Fix Let's Encrypt certificate chain validation
  * gpg: Change default and maximum AEAD chunk size to 4 MiB
  * gpg: Print a warning when importing a bad cv25519 secret key
  * gpg: Fix --list-packets for undecryptable AEAD packets
  * gpg: Verify backsigs for v5 keys correctly
  * keyboxd: Fix checksum computation for no UBID entry on disk
  * keyboxd: Fix "invalid object" error with cv448 keys
  * dirmngr: New option --ignore-cert
  * agent: Fix calibrate_get_time use of clock_gettime
  * Support a gpgconf.ctl file under Unix and use this for the
    regression tests
- GnuPG 2.3.2:
  * gpg: Allow fingerprint based lookup with --locate-external-key.
  * gpg: Allow decryption w/o public key but with correct card inserted.
  * gpg: Auto import keys specified with --trusted-keys.
  * gpg: Do not use import-clean for LDAP keyserver imports.
  * gpg: Fix mailbox based search via AKL keyserver method.
  * gpg: Fix memory corruption with --clearsign introduced with 2.3.1.
  * gpg: Use a more descriptive prompt for symmetric decryption.
  * gpg: Improve speed of secret key listing.
  * gpg: Support keygrip search with traditional keyring.
  * gpg: Let --fetch-key return an exit code on failure.
  * gpg: Emit the NO_SECKEY status again for decryption.
  * gpgsm: Support decryption of password based encryption (pwri).
  * gpgsm: Support AES-GCM decryption.
  * gpgsm: Let --dump-cert --show-cert also print an OpenPGP fingerprint.
  * gpgsm: Fix finding of issuer in use-keyboxd mode.
  * gpgsm: New option --ldapserver as an alias for --keyserver.
  * agent: Use SHA-256 for SSH fingerprint by default.
  * agent: Fix calling handle_pincache_put.
  * agent: Fix importing protected secret key.
  * agent: Fix a regression in agent_get_shadow_info_type.
  * agent: Add translatable text for Caps Lock hint.
  * agent: New option --pinentry-formatted-passphrase.
  * agent: Add checkpin inquiry for pinentry.
  * agent: New option --check-sym-passphrase-pattern.
  * agent: Use the sysconfdir for a pattern file.
  * agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pinentry.
  * dirmngr: LDAP search by a mailbox now ignores revoked keys.
  * dirmngr: For KS_SEARCH return the fingerprint also with LDAP.
  * dirmngr: Allow for non-URL specified ldap keyservers.
  * dirmngr: New option --ldapserver.
  * dirmngr: Fix regression in KS_GET for mail address pattern.
  * card: New option --shadow for the list command.
  * tests: Make sure the built keyboxd is used.
  * scd: Fix computing shared secrets for 512 bit curves.
  * scd: Fix unblock PIN by a Reset Code with KDF.
  * scd: Fix PC/SC removed card problem.
  * scd: Recover the partial match for PORTSTR for PC/SC.
  * scd: Make sure to release the PC/SC context.
  * scd: Fix zero-byte handling in ECC.
  * scd: Fix serial number detection for Yubikey 5.
  * scd: Add basic support for AET JCOP cards.
  * scd: Detect external interference when --pcsc-shared is in use.
  * scd: Fix access to the list of cards.
  * gpgconf: Do not list a disabled tpm2d.
  * gpgconf: Make runtime changes with different homedir work.
  * keyboxd: Fix searching for exact mail adddress.
  * keyboxd: Fix searching with multiple patterns.
  * tools: Extend gpg-check-pattern.
  * wkd: Fix client issue with leading or trailing spaces in user-ids.
  * Pass XDG_SESSION_TYPE and QT_QPA_PLATFORM envvars to Pinentry.
  * Change the default keyserver to keyserver.ubuntu.com. This is a
    temporary change due to the shutdown of the SKS keyserver pools.
- GnuPG 2.3.1:
  * The new configuration file common.conf is now used to enable
    the use of the key database daemon with "use-keyboxd". Using
    this option in gpg.conf and gpgsm.conf is supported for a
    transitional period. See doc/example/common.conf for more.
  * gpg: Force version 5 key creation for ed448 and cv448 algorithms.
  * gpg: By default do not use the self-sigs-only option when
    importing from an LDAP keyserver.
  * gpg: Lookup a missing public key of the active card via LDAP.
  * gpgsm: New command --show-certs.
  * scd: Fix CCID driver for SCM SPR332/SPR532.
  * scd: Further improvements for PKCS#15 cards.
  * New configure option --with-tss to allow the selection of the
    TSS library.
- Rebase patches:
  * gnupg-add_legacy_FIPS_mode_option.patch
  * gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
  * gnupg-dont-fail-with-seahorse-agent.patch
  * gnupg-set_umask_before_open_outfile.patch
- GnuPG 2.3.0:
  * A new experimental key database daemon is provided.  To enable
    it put "use-keyboxd" into gpg.conf and gpgsm.conf.  Keys are stored
    in a SQLite database and make key lookup much faster.
  * New tool gpg-card as a flexible frontend for all types of
    supported smartcards.
  * New option --chuid for gpg, gpgsm, gpgconf, gpg-card, and
    gpg-connect-agent.
  * The gpg-wks-client tool is now installed under bin; a wrapper for
    its old location at libexec is also installed.
  * tpm2d: New daemon to physically bind keys to the local machine.
  * gpg: Switch to ed25519/cv25519 as default public key algorithms.
  * gpg: Verification results now depend on the --sender option and
    the signer's UID subpacket.
  * gpg: Do not use any 64-bit block size cipher algorithm for
    encryption.  Use AES as last resort cipher preference instead of
    3DES.  This can be reverted using --allow-old-cipher-algos.
  * gpg: Support AEAD encryption mode using OCB or EAX.
  * gpg: Support v5 keys and signatures.
  * gpg: Support curve X448 (ed448, cv448).
  * gpg: Allow use of group names in key listings.
  * gpg: New option --full-timestrings to print date and time.
  * gpg: New option --force-sign-key.
  * gpg: New option --no-auto-trust-new-key.
  * gpg: The legacy key discovery method PKA is no longer supported.
    The command --print-pka-records and the PKA related import and
    export options have been removed.
  * gpg: Support export of Ed448 Secure Shell keys.
  * gpgsm: Add basic ECC support.
  * gpgsm: Support creation of EdDSA certificates.  [#4888]
  * agent: Allow the use of "Label:" in a key file to customize the
    pinentry prompt.
  * agent: Support ssh-agent extensions for environment variables.
    With a patched version of OpenSSH this avoids the need for the
    "updatestartuptty" kludge.
  * scd: Improve support for multiple card readers and tokens.
  * scd: Support PIV cards.
  * scd: Support for Rohde&Schwarz Cybersecurity cards.
  * scd: Support Telesec Signature Cards v2.0
  * scd: Support multiple application on certain smartcard.
  * scd: New option --application-priority.
  * scd: New option --pcsc-shared; see man page for important notes.
  * dirmngr: Support a gpgNtds parameter in LDAP keyserver URLs.
  * The symcryptrun tool, a wrapper for the now obsolete external
    Chiasmus tool, has been removed.
  * Full Unicode support for the command line.
- dropped legacy commands: gpg-zip

==== installation-images-MicroOS ====
Version update (17.22 -> 17.27)

- merge gh#openSUSE/installation-images#550
- always include bash -> sh link
- 17.27
- merge gh#openSUSE/installation-images#549
- use xz with threading to compress the initrd
- 17.26
- merge gh#openSUSE/installation-images#546
- linuxrc handles LIBSTORAGE_* and YAST_* boot options
  (jsc#SLE-21308)
- 17.25
- merge gh#openSUSE/installation-images#540
- add kernel modules for MPS3 USB (jsc#SLE-20148)
- 17.24
- merge gh#openSUSE/installation-images#544
- xf86-input-libinput now exists on s390x
- 17.23

==== librsvg ====
Version update (2.52.3 -> 2.52.4)
Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2

- Disable testsuite for now, let upstream figure out the issue with
  harfbuzz 3.1.1.
- Update to version 2.52.4:
  + New features:
  - Support the isolation property from the Compositing and
    Blending Level 1 specification.
  - Support Visual Studio 2022.
  + Bug fixes:
  - The opacity and mix-blend-mode properties were not being
    applied when an element has a mask.
  - Fix panic when an empty group has a pattern fill and filters.
  - Fix the tests on Windows; the still only work when Fontconfig
    is present.
  - Work around a bug in the cairo-rs bindings in the test suite,
    that only manifests itself in s/390x due to its calling
    convention. See
    https://github.com/gtk-rs/gtk-rs-core/issues/335

==== ncurses ====
Version update (6.3.20211115 -> 6.3.20211120)
Subpackages: libncurses6 ncurses-utils terminfo-base

- Add ncurses patch 20211120
  + add dim, ecma+strikeout to st-0.6 -TD
  + deallocate the tparm cache when del_curterm is called for the last
    allocated TERMINAL structure (report/testcase by Bram Moolenaar,
    cf: 20200531).
  + modify test-package to more closely conform to Debian multi-arch.
  + if the --with-pkg-config-libdir option is not given, use
    ${libdir}/pkgconfig as a default (prompted by discussion with Ross
    Burton).
- Correct offsets of patch ncurses-6.3.dif

==== python-PyYAML ====
Version update (5.4.1 -> 6.0)

- Add patch setuptools.patch
- update to 6.0
  * drop Python 2.7
  * always require `Loader` arg to `yaml.load()`
  * fix float resolver to ignore `.` and `._`
  * fix representation of Enum subclasses
  * fix libyaml extension compiler warnings
  * fix ResourceWarning on leaked file descriptors
  * remove remaining direct distutils usage

==== python-psutil ====

- Update skip-obs.patch to also skip TestProcess.test_ionice_linux

==== toolbox ====
Version update (2.2+git20210823.dd0fff8 -> 2.2+git20211124.09791b1)

- Update to version 2.2+git20211124.09791b1:
  * Introduce -n/--nostop switch so mutiple sessions can be run inside an existing toolbox