Packages changed:
  audit-secondary
  bash (5.1.8 -> 5.1.12)
  busybox-links
  containers-systemd (0.0+git20210507.9afe2a6 -> 0.0+git20211129.1b144ae)
  efibootmgr (14 -> 17)
  gnutls
  haproxy (2.4.8+git0.d1f8d41e0 -> 2.5.0+git0.f2e0833f1)
  libarchive
  libimagequant (2.15.1 -> 2.17.0)
  python-charset-normalizer (2.0.7 -> 2.0.8)
  python38
  python38-core
  tpm2.0-abrmd
  xmlsec1 (1.2.32 -> 1.2.33)

=== Details ===

==== audit-secondary ====
Subpackages: audit python3-audit system-group-audit

- Use %autosetup
- Don't include sample rules as %doc, they're already installed
  as normal files
- Fix create-augenrules-service.patch:
  * auditd.service needs to require augenrules.service,
    not the other way around
- Fix documentation for enable-stop-rules.patch

==== bash ====
Version update (5.1.8 -> 5.1.12)

- Update bash 5.1 to patch level 12
  * Add official patch bash51-009
    The bash malloc implementation of malloc_usable_size() does not follow the
    specification. This can cause library functions that use it to overwrite
    memory bounds checking.
  * Add official patch bash51-010
    If `wait -n' is interrupted by a trapped signal other than SIGINT, it does
    not completely clean up state, and that can prevent subsequent calls to
    `wait -n' from working correctly.
  * Add official patch bash51-011
    When reading a compound assignment, and running it through the parser to
    split it into words, we need to save and restore any alias we're currently
    expanding.
  * Add official patch bash51-012
    There is a possible race condition that arises when a child process receives
    a signal trapped by the parent before it can reset the signal dispositions.
    The child process is not supposed to trap the signal in this circumstance.
- Using package bash-sh instead of the update-alternative
  mechanism.

==== busybox-links ====
Subpackages: busybox-coreutils busybox-gawk busybox-grep busybox-gzip busybox-hostname busybox-sed busybox-xz

- Removed libalternatives machanism. Using direct link from
  /usr/bin/busybox to /usr/bin/sh. The package is conflicting with
  the new packages bash-sh which has a link for /usr/bin/sh too.
- Use libalternatives instead of update-alternatives.

==== containers-systemd ====
Version update (0.0+git20210507.9afe2a6 -> 0.0+git20211129.1b144ae)

- Update to version 0.0+git20211129.1b144ae:
  * Add roundcube files

==== efibootmgr ====
Version update (14 -> 17)

- Update to v17:
  * use efivar's logging facility more (more info in -v2 , -v3, etc)
  * Various bug fixes
  * Better -e parsing
  * fix pkg-config invocation for ldflags
  * Make efibootmgr use EFIDIR / efibootmgr.efidir like fwupdate does
  * make --loader default build-time configurable
  * sanitize set_mirror()/get_mirror()
  * Add support for parsing loader options as UCS2
  * GCC 7 fixes
  * Don't use -fshort-wchar since we don't run on EFI machines.
- Drop 0001-Don-t-use-fshort-wchar-when-building-63.patch (upstreamed)
- Drop 0002-Remove-extra-const-keywords-gcc-7-gripes-about.patch
  (upstreamed)
- Drop 0003-Add-support-for-parsing-optional-data-as-ucs2.patch
  (upstreamed)
- Drop MARM-sanitize-set_mirror.diff (upstreamed)
- Drop efibootmgr-derhat.diff (upstreamed)
- Rebase efibootmgr-delete-multiple.diff

==== gnutls ====

- Drop bogus condition "> 1550": that would mean 'more recent than
  Tumbleweed' which is technically impossible, as Tumbleweed is the
  leading project (and the condition causes issues as Tumbleweed
  needs to move away from 1550 due to CODE 15 SP5 plans).

==== haproxy ====
Version update (2.4.8+git0.d1f8d41e0 -> 2.5.0+git0.f2e0833f1)

- Update to version 2.5.0+git0.f2e0833f1:
  https://www.mail-archive.com/haproxy@formilux.org/msg41508.html
- refreshed patches to apply cleanly again
  haproxy-1.6.0-sec-options.patch
  haproxy-1.6.0_config_haproxy_user.patch
  lua54.patch

==== libarchive ====

- fix permission settings on following symlinks (fix-following-symlinks.patch)
  this fixes also wrong permissions of /var/tmp in factory systems

==== libimagequant ====
Version update (2.15.1 -> 2.17.0)

- update to 2.17.0:
  * Do not build as unversioned DSO
  * use float as in SSE
  * Initialize rows using heap to handle large images
  * Free rows after remapping
  * Disable SSE on arm64

==== python-charset-normalizer ====
Version update (2.0.7 -> 2.0.8)

- update to 2.0.8:
  * Improvement over Vietnamese detection
  * MD improvement on trailing data and long foreign (non-pure latin)
  * Efficiency improvements in cd/alphabet_languages
  * call sum() without an intermediary list following PEP 289 recommendations
  * Code style as refactored by Sourcery-AI
  * Minor adjustment on the MD around european words
  * Remove and replace SRTs from assets / tests
  * Initialize the library logger with a `NullHandler` by default
  * Setting kwarg `explain` to True will add provisionally
  * Fix large (misleading) sequence giving UnicodeDecodeError
  * Avoid using too insignificant chunk
  * Add and expose function `set_logging_handler` to configure a specific
    StreamHandler
- require lower-case name instead of breaking build
- Use lower-case name of prettytable package

==== python38 ====

- Remove shebangs from from python-base libraries in _libdir
  (bsc#1193179).
- Readjust patches:
  - bpo-31046_ensurepip_honours_prefix.patch
  - decimal.patch
  - python-3.3.0b1-fix_date_time_compiler.patch

==== python38-core ====
Subpackages: libpython3_8-1_0 python38-base

- Remove shebangs from from python-base libraries in _libdir
  (bsc#1193179).
- Readjust patches:
  - bpo-31046_ensurepip_honours_prefix.patch
  - decimal.patch
  - python-3.3.0b1-fix_date_time_compiler.patch

==== tpm2.0-abrmd ====
Subpackages: libtss2-tcti-tabrmd0 tpm2.0-abrmd-selinux

- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
  * harden_tpm2-abrmd.service.patch

==== xmlsec1 ====
Version update (1.2.32 -> 1.2.33)
Subpackages: libxmlsec1-1 libxmlsec1-openssl1

- update to 1.2.33:
  * Fix decrypting session key for two recipients
  * Added --privkey-openssl-engine option to enhance openssl engine support