Packages changed:
  colord
  hwinfo (21.78 -> 21.80)
  installation-images-MicroOS (17.28 -> 17.30)
  iputils (20210722 -> 20211215)
  kernel-source (5.15.7 -> 5.15.8)
  kubernetes (1.22.2 -> 1.23.0)
  kubernetes1.22 (1.22.2 -> 1.22.4)
  kubic-control (0.12.2 -> 0.12.3)
  libgcrypt
  ncurses (6.3.20211120 -> 6.3.20211127)
  openssl-1_1
  p11-kit
  pam
  pango (1.48.10 -> 1.50.1)
  patterns-base
  python-SQLAlchemy (1.4.26 -> 1.4.27)
  qemu
  runc (1.0.3 -> 1.1.0~rc1)
  shadow
  util-linux
  util-linux-systemd
  wireless-regdb (20210828 -> 20211209)
  xen
  xfsprogs (5.14.0 -> 5.14.2)
  xxhash (0.8.0 -> 0.8.1)
  yast2 (4.4.27 -> 4.4.30)

=== Details ===

==== colord ====

- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
  * harden_colord.service.patch

==== hwinfo ====
Version update (21.78 -> 21.80)

- merge gh#openSUSE/hwinfo#109
- fix logic around cdrom detection
- 21.80
- merge gh#openSUSE/hwinfo#108
- Donot close the open tray after read_cdrom_info.
- Donot close the open tray after read.
- 21.79

==== installation-images-MicroOS ====
Version update (17.28 -> 17.30)

- merge gh#openSUSE/installation-images#555
- don't add Y2* install boot options to target system (jsc#SLE-21308)
- 17.30
- merge gh#openSUSE/installation-images#552
- etc: update module.config to match 5.16
- etc/module.config: sort the network modules
- kernel 5.16 update
- 17.29

==== iputils ====
Version update (20210722 -> 20211215)

- Update to version 20211215
  https://github.com/iputils/iputils/releases/tag/20211215
- rarpd and rdisc are going to be removed in next release
  (https://github.com/iputils/iputils/issues/363)
  therefore don't pack it since this release
- Drop harden_rdisc.service.patch, which was 1) merged upstream
  4bb0ace ("systemd: Add ProtectHostname, ProtectKernelLogs")
  for all services
  2) we don't build rdisc since this release

==== kernel-source ====
Version update (5.15.7 -> 5.15.8)

- Revert "- rpm/*build: use buildroot macro instead of env variable"
  buildroot macro is not being expanded inside a shell script. go
  back to the environment variable usage. This reverts parts of
  commit e2f60269b9330d7225b2547e057ef0859ccec155.
- commit fe85f96
- kernel-obs-build: include the preferred kernel parameters
  Currently the Open Build Service hardcodes the kernel boot parameters
  globally. Recently functionality was added to control the parameters
  by the kernel-obs-build package, so make use of that. parameters here
  will overwrite what is used by OBS otherwise.
- commit a631240
- Linux 5.15.8 (bsc#1012628).
- bpf: Add selftests to cover packet access corner cases
  (bsc#1012628).
- clocksource/drivers/dw_apb_timer_of: Fix probe failure
  (bsc#1012628).
- misc: fastrpc: fix improper packet size calculation
  (bsc#1012628).
- irqchip: nvic: Fix offset for Interrupt Priority Offsets
  (bsc#1012628).
- irqchip/irq-gic-v3-its.c: Force synchronisation when issuing
  INVALL (bsc#1012628).
- aio: Fix incorrect usage of eventfd_signal_allowed()
  (bsc#1012628).
- irqchip/armada-370-xp: Fix support for Multi-MSI interrupts
  (bsc#1012628).
- irqchip/armada-370-xp: Fix return value of
  armada_370_xp_msi_alloc() (bsc#1012628).
- irqchip/aspeed-scu: Replace update_bits with write_bits
  (bsc#1012628).
- csky: fix typo of fpu config macro (bsc#1012628).
- bus: mhi: core: Add support for forced PM resume (bsc#1012628).
- bus: mhi: pci_generic: Fix device recovery failed issue
  (bsc#1012628).
- nvmem: eeprom: at25: fix FRAM byte_len (bsc#1012628).
- misc: rtsx: Avoid mangling IRQ during runtime PM (bsc#1012628).
- iio: accel: kxcjk-1013: Fix possible memory leak in probe and
  remove (bsc#1012628).
- iio: ad7768-1: Call iio_trigger_notify_done() on error
  (bsc#1012628).
- iio: adc: axp20x_adc: fix charging current reporting on AXP22x
  (bsc#1012628).
- iio: adc: stm32: fix a current leak by resetting pcsel before
  disabling vdda (bsc#1012628).
- iio: at91-sama5d2: Fix incorrect sign extension (bsc#1012628).
- iio: dln2: Check return value of devm_iio_trigger_register()
  (bsc#1012628).
- iio: dln2-adc: Fix lockdep complaint (bsc#1012628).
- iio: itg3200: Call iio_trigger_notify_done() on error
  (bsc#1012628).
- iio: kxsd9: Don't return error code in trigger handler
  (bsc#1012628).
- iio: ltr501: Don't return error code in trigger handler
  (bsc#1012628).
- iio: mma8452: Fix trigger reference couting (bsc#1012628).
- iio: stk3310: Don't return error code in interrupt handler
  (bsc#1012628).
- iio: trigger: stm32-timer: fix MODULE_ALIAS (bsc#1012628).
- iio: trigger: Fix reference counting (bsc#1012628).
- iio: gyro: adxrs290: fix data signedness (bsc#1012628).
- xhci: avoid race between disable slot command and host runtime
  suspend (bsc#1012628).
- usb: core: config: using bit mask instead of individual bits
  (bsc#1012628).
- xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from
  runtime suspending (bsc#1012628).
- usb: core: config: fix validation of wMaxPacketValue entries
  (bsc#1012628).
- Revert "usb: dwc3: dwc3-qcom: Enable tx-fifo-resize property
  by default" (bsc#1012628).
- USB: gadget: zero allocate endpoint 0 buffers (bsc#1012628).
- USB: gadget: detect too-big endpoint 0 requests (bsc#1012628).
- selftests/fib_tests: Rework fib_rp_filter_test() (bsc#1012628).
- net/qla3xxx: fix an error code in ql_adapter_up() (bsc#1012628).
- net, neigh: clear whole pneigh_entry at alloc time
  (bsc#1012628).
- net: fec: only clear interrupt of handling queue in
  fec_enet_rx_queue() (bsc#1012628).
- net: altera: set a couple error code in probe() (bsc#1012628).
- net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero
  (bsc#1012628).
- tools build: Remove needless libpython-version feature check
  that breaks test-all fast path (bsc#1012628).
- dt-bindings: net: Reintroduce PHY no lane swap binding
  (bsc#1012628).
- Documentation/locking/locktypes: Update migrate_disable() bits
  (bsc#1012628).
- perf tools: Fix SMT detection fast read path (bsc#1012628).
- drm/amd/display: Fix DPIA outbox timeout after S3/S4/reset
  (bsc#1012628).
- Revert "PCI: aardvark: Fix support for PCI_ROM_ADDRESS1 on
  emulated bridge" (bsc#1012628).
- i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc
  (bsc#1012628).
- bpf, sockmap: Re-evaluate proto ops when psock is removed from
  sockmap (bsc#1012628).
- mtd: rawnand: fsmc: Fix timing computation (bsc#1012628).
- mtd: rawnand: fsmc: Take instruction delay into account
  (bsc#1012628).
- i40e: Fix pre-set max number of queues for VF (bsc#1012628).
- i40e: Fix failed opcode appearing if handling messages from VF
  (bsc#1012628).
- clk: qcom: clk-alpha-pll: Don't reconfigure running Trion
  (bsc#1012628).
- clk: imx: use module_platform_driver (bsc#1012628).
- hwmon: (dell-smm) Fix warning on /proc/i8k creation error
  (bsc#1012628).
- RDMA/hns: Do not destroy QP resources in the hw resetting phase
  (bsc#1012628).
- RDMA/hns: Do not halt commands during reset until later
  (bsc#1012628).
- ASoC: codecs: wcd934x: return correct value from mixer put
  (bsc#1012628).
- ASoC: codecs: wcd934x: handle channel mappping list correctly
  (bsc#1012628).
- ASoC: codecs: wsa881x: fix return values from kcontrol put
  (bsc#1012628).
- ASoC: qdsp6: q6routing: Fix return value from
  msm_routing_put_audio_mixer (bsc#1012628).
- ASoC: rt5682: Fix crash due to out of scope stack vars
  (bsc#1012628).
- PM: runtime: Fix pm_runtime_active() kerneldoc comment
  (bsc#1012628).
- qede: validate non LSO skb length (bsc#1012628).
- ALSA: usb-audio: Reorder snd_djm_devices[] entries
  (bsc#1012628).
- scsi: scsi_debug: Fix buffer size of REPORT ZONES command
  (bsc#1012628).
- scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc()
  (bsc#1012628).
- block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2)
  (bsc#1012628).
- i2c: mpc: Use atomic read and fix break condition (bsc#1012628).
- tracefs: Set all files to the same group ownership as the
  mount option (bsc#1012628).
- aio: fix use-after-free due to missing POLLFREE handling
  (bsc#1012628).
- aio: keep poll requests on waitqueue until completed
  (bsc#1012628).
- signalfd: use wake_up_pollfree() (bsc#1012628).
- binder: use wake_up_pollfree() (bsc#1012628).
- wait: add wake_up_pollfree() (bsc#1012628).
- io_uring: ensure task_work gets run as part of cancelations
  (bsc#1012628).
- libata: add horkage for ASMedia 1092 (bsc#1012628).
- drm/syncobj: Deal with signalled fences in
  drm_syncobj_find_fence (bsc#1012628).
- thermal: int340x: Fix VCoRefLow MMIO bit offset for TGL
  (bsc#1012628).
- clk: qcom: regmap-mux: fix parent clock lookup (bsc#1012628).
- mmc: renesas_sdhi: initialize variable properly when tuning
  (bsc#1012628).
- hwmon: (pwm-fan) Ensure the fan going on in .probe()
  (bsc#1012628).
- selftests: KVM: avoid failures due to reserved HyperTransport
  region (bsc#1012628).
- tracefs: Have new files inherit the ownership of their parent
  (bsc#1012628).
- nfsd: Fix nsfd startup race (again) (bsc#1012628).
- nfsd: fix use-after-free due to delegation race (bsc#1012628).
- md: fix update super 1.0 on rdev size change (bsc#1012628).
- perf intel-pt: Fix error timestamp setting on the decoder
  error path (bsc#1012628).
- perf intel-pt: Fix missing 'instruction' events with 'q' option
  (bsc#1012628).
- perf intel-pt: Fix next 'err' value, walking trace
  (bsc#1012628).
- perf intel-pt: Fix state setting when receiving overflow (OVF)
  packet (bsc#1012628).
- perf intel-pt: Fix intel_pt_fup_event() assumptions about
  setting state type (bsc#1012628).
- perf intel-pt: Fix sync state when a PSB (synchronization)
  packet is found (bsc#1012628).
- perf intel-pt: Fix some PGE (packet generation enable/control
  flow packets) usage (bsc#1012628).
- btrfs: free exchange changeset on failures (bsc#1012628).
- btrfs: replace the BUG_ON in btrfs_del_root_ref with proper
  error handling (bsc#1012628).
- btrfs: fix re-dirty process of tree-log nodes (bsc#1012628).
- btrfs: clear extent buffer uptodate when we fail to write it
  (bsc#1012628).
- scsi: qla2xxx: Format log strings only if needed (bsc#1012628).
- cifs: Fix crash on unload of cifs_arc4.ko (bsc#1012628).
- ALSA: pcm: oss: Handle missing errors in
  snd_pcm_oss_change_params*() (bsc#1012628).
- ALSA: pcm: oss: Limit the period size to 16MB (bsc#1012628).
- ALSA: pcm: oss: Fix negative period/buffer sizes (bsc#1012628).
- ALSA: hda/realtek: Fix quirk for TongFang PHxTxX1 (bsc#1012628).
- ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897
  platform (bsc#1012628).
- ALSA: ctl: Fix copy of updated id with element read/write
  (bsc#1012628).
- mm: bdi: initialize bdi_min_ratio when bdi is unregistered
  (bsc#1012628).
- mm/slub: fix endianness bug for alloc/free_traces attributes
  (bsc#1012628).
- mm/damon/core: fix fake load reports due to uninterruptible
  sleeps (bsc#1012628).
- timers: implement usleep_idle_range() (bsc#1012628).
- KVM: x86: Wait for IPIs to be delivered when handling Hyper-V
  TLB flush hypercall (bsc#1012628).
- KVM: x86: Ignore sparse banks size for an "all CPUs", non-sparse
  IPI req (bsc#1012628).
- KVM: x86: Don't WARN if userspace mucks with RCX during string
  I/O exit (bsc#1012628).
- net: mvpp2: fix XDP rx queues registering (bsc#1012628).
- net/sched: fq_pie: prevent dismantle issue (bsc#1012628).
- net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering
  (bsc#1012628).
- net: dsa: mv88e6xxx: error handling for serdes_power functions
  (bsc#1012628).
- net: bcm4908: Handle dma_set_coherent_mask error codes
  (bsc#1012628).
- devlink: fix netns refcount leak in devlink_nl_cmd_reload()
  (bsc#1012628).
- IB/hfi1: Correct guard on eager buffer deallocation
  (bsc#1012628).
- iavf: Fix reporting when setting descriptor count (bsc#1012628).
- iavf: restore MSI state on reset (bsc#1012628).
- netfilter: conntrack: annotate data-races around ct->timeout
  (bsc#1012628).
- netfilter: nft_exthdr: break evaluation if setting TCP option
  fails (bsc#1012628).
- udp: using datalen to cap max gso segments (bsc#1012628).
- seg6: fix the iif in the IPv6 socket control block
  (bsc#1012628).
- nfp: Fix memory leak in nfp_cpp_area_cache_add() (bsc#1012628).
- bonding: make tx_rebalance_counter an atomic (bsc#1012628).
- ethtool: do not perform operations on net devices being
  unregistered (bsc#1012628).
- ice: ignore dropped packets during init (bsc#1012628).
- bpf: Fix the off-by-two error in range markings (bsc#1012628).
- bpf: Make sure bpf_disable_instrumentation() is safe vs
  preemption (bsc#1012628).
- bpf, sockmap: Attach map progs to psock early for feature probes
  (bsc#1012628).
- bpf, x86: Fix "no previous prototype" warning (bsc#1012628).
- vrf: don't run conntrack on vrf with !dflt qdisc (bsc#1012628).
- selftests: netfilter: add a vrf+conntrack testcase
  (bsc#1012628).
- nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done
  (bsc#1012628).
- platform/x86: amd-pmc: Fix s2idle failures on certain AMD
  laptops (bsc#1012628).
- x86/sme: Explicitly map new EFI memmap table as encrypted
  (bsc#1012628).
- net: dsa: mv88e6xxx: allow use of PHYs on CPU and DSA ports
  (bsc#1012628).
- net: dsa: mv88e6xxx: fix "don't use PHY_DETECT on internal
  PHY's" (bsc#1012628).
- can: m_can: Disable and ignore ELO interrupt (bsc#1012628).
- can: m_can: pci: fix iomap_read_fifo() and iomap_write_fifo()
  (bsc#1012628).
- can: m_can: pci: fix incorrect reference clock rate
  (bsc#1012628).
- can: m_can: m_can_read_fifo: fix memory leak in error branch
  (bsc#1012628).
- can: pch_can: pch_can_rx_normal: fix use after free
  (bsc#1012628).
- can: sja1000: fix use after free in ems_pcmcia_add_card()
  (bsc#1012628).
- can: kvaser_pciefd: kvaser_pciefd_rx_error_frame(): increase
  correct stats->{rx,tx}_errors counter (bsc#1012628).
- can: kvaser_usb: get CAN clock frequency from device
  (bsc#1012628).
- IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (bsc#1012628).
- IB/hfi1: Fix early init panic (bsc#1012628).
- IB/hfi1: Insure use of smp_processor_id() is preempt disabled
  (bsc#1012628).
- nft_set_pipapo: Fix bucket load in AVX2 lookup routine for
  six 8-bit groups (bsc#1012628).
- platform/x86/intel: hid: add quirk to support Surface Go 3
  (bsc#1012628).
- HID: Ignore battery for Elan touchscreen on Asus UX550VE
  (bsc#1012628).
- HID: sony: fix error path in probe (bsc#1012628).
- mmc: spi: Add device-tree SPI IDs (bsc#1012628).
- mtd: dataflash: Add device-tree SPI IDs (bsc#1012628).
- HID: check for valid USB device for many HID drivers
  (bsc#1012628).
- HID: wacom: fix problems when device is not a valid USB device
  (bsc#1012628).
- HID: bigbenff: prevent null pointer dereference (bsc#1012628).
- HID: add USB_HID dependancy on some USB HID drivers
  (bsc#1012628).
- HID: add USB_HID dependancy to hid-chicony (bsc#1012628).
- HID: add USB_HID dependancy to hid-prodikeys (bsc#1012628).
- HID: add hid_is_usb() function to make it simpler for USB
  detection (bsc#1012628).
- HID: intel-ish-hid: ipc: only enable IRQ wakeup when requested
  (bsc#1012628).
- HID: google: add eel USB id (bsc#1012628).
- HID: quirks: Add quirk for the Microsoft Surface 3 type-cover
  (bsc#1012628).
- usb: gadget: uvc: fix multiple opens (bsc#1012628).
- commit 3f92609
- kernel-obs-build: inform build service about virtio-serial
  Inform the build worker code that this kernel supports virtio-serial,
  which improves performance and relability of logging.
- commit 301a3a7
- rpm/*.spec.in: use buildroot macro instead of env variable
  The RPM_BUILD_ROOT variable is considered deprecated over
  a buildroot macro. future proof the spec files.
- commit e2f6026
- Update BT fix patch for regression with 8087:0026 device (bsc#1193124)
  Also corrected the references and patch description
- commit 634695b

==== kubernetes ====
Version update (1.22.2 -> 1.23.0)
Subpackages: kubernetes-client kubernetes-kubeadm kubernetes-kubelet

- Bump coredns to 1.8.6 and coredns for *-minus1 to 1.8.4
- Bump kubernetes-* to 1.23.0, *-minus1 to 1.22.4 and etcd to 3.5.1

==== kubernetes1.22 ====
Version update (1.22.2 -> 1.22.4)

- Update to version 1.22.4:
  * defer close the rotated log open
  * proxy/iptables: fix all-vs-ready endpoints a bit
  * proxy/iptables: Remove a no-op check
  * proxy/iptables: Add more stuff to the unit test
  * proxy/iptables: Fix TestOnlyLocalNodePortsNoClusterCIDR
  * proxy/iptables: test that we create a consistent set of iptables rules
  * proxy/iptables: Misc improvements to unit test
  * proxy/iptables: Improve the sorting logic in TestOverallIPTablesRulesWithMultipleServices
  * proxy/iptables: Fix sync_proxy_rules_iptables_total metric
  * Fixed nil pointer dereference
  * Add tests for checking bind mounts
  * Check subpath file
  * Add check for subpaths
  * Fixed unit test SELinux support
  * Add shortcut for SELinux detection
  * Don't guess SELinux support on error
  * Manual cherry pick of kube-openapi changes for release-1.22 Bump kube-openapi against kube-openapi/release-1.22 branch
  * kube-proxy: fix stale detection logic
  * Use separate pathSpec for local and remote to properly handle cleaning paths
  * [go1.16] Update to go1.16.10
  * Automated cherry pick of #105122: added keys for structured logging (#105137)
  * Update debian, debian-iptables, setcap images to pick up CVE-2021-33910 fixes
  * Fixing how EndpointSlice Mirroring handles Service selector transitions
  * Add unit tests to cover scheduler's setup
  * sched: ensure feature gate is honored when instantiating scheduler
  * Fix race condition in logging when request times out
  * use original requests in NodeResourcesBalancedAllocation instead of NonZero
  * Remove nodes with Cluster Autoscaler taint from LB backends.
  * Fix issue in node status updating VolumeAttached list
  * Support cgroupv2 in node problem detector test
  * Update CHANGELOG/CHANGELOG-1.22.md for v1.22.3
  * Free APF seats for watches handled by an aggregated apiserver.
  * parameter 'disabled-metrics' is invalid
  * Run storage hostpath e2e test client pod as privileged
  * support more than 100 disk mounts on Windows
  * [go1.16] Update to go1.16.9
  * Clear initial UDP conntrack entries for loadBalancerIPs
  * Verifying the auth headers are set for upgraded aggregated API requests
  * apiserver aggregator upgrade unit test
  * Aggregator uses the regular transport even if the request requires upgrades
  * Fix PreferNominatedNode test
  * Remove Error Message Check Dynamic PV Tests
  * go fmt
  * Add e2e test to verify kubelet restart behaviour
  * kubelet: set terminated podWorker status for terminated pods
  * Fix quota controller hotloop in integration tests
  * remove StartedPodsErrorsTotal metrice message
  * Copy VolumeSnapshotContent annotations in snapshottable.go test
  * Fix bugs in e2e pod test
  * Ensure terminal pods maintain terminal status
  * Do not sync Waiting statuses for Terminated pods
  * Adds CancelRequest function to CommandHeadersRoundTripper
  * Fixes kubectl command headers which hangs on kubectl run
  * Revert "Build non-static binaries with PIE buildmode"
  * Ignore VMs in vmss delete backend pools
  * Fix CSR test to accept certs shorter than the requested duration
  * fix: skip not found nodes when reconciling LB backend address pools
  * fix: consolidate logs for instance not found error
  * Remove a duplicate StorageClass creation call
  * Update Containerd version - GCE Windows
  * e2e scheduling priorities: do not reference control loop variable
  * storege e2etest: Delete restored PVC/Pod in snapshottable
  * pkg/kubelet/cm/memorymanager: Fix ErrorS key/value pair
  * v1.22: Fix test flake in old svc registry
  * 'New' Event namespace validate failed
  * kubelet: Handle UID reuse in pod worker
  * Add test for recreating a static pod
  * Update CHANGELOG/CHANGELOG-1.22.md for v1.22.2
  * Refine locking in API Priority and Fairness config controller
  * kube-controller-manager: properly check generic ephemeral volume feature
  * Fix null JSON round tripping
  * Propagate conversion errors
  * integration test
  * fix 104329: check for headless before trying to release the ClusterIPs
  * fix detach disk issue on deleting node
  * kubelet: fix sandbox creation error suppression when pods are quickly deleted
  * remove listx from OWNERS_ALIASES

==== kubic-control ====
Version update (0.12.2 -> 0.12.3)
Subpackages: kubic-haproxycfg kubicctl kubicd

- Revert to go 1.14 until we have a solution for the go certificate
  handling changes
- Update to version 0.12.3
  - Fix last PR
- Require go 1.17 or newer

==== libgcrypt ====

- FIPS: Fix gcry_mpi_sub_ui subtraction [bsc#1193480]
  * gcry_mpi_sub_ui: fix subtracting from negative value
  * Add libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch

==== ncurses ====
Version update (6.3.20211120 -> 6.3.20211127)
Subpackages: libncurses6 ncurses-utils terminfo-base

- Add ncurses patch 20211127
  + fix errata in description fields (report by Eric Lindblad) -TD
  + add x10term+sl, aixterm+sl, ncr260vp+sl, ncr260vp+vt, wyse+sl -TD
- Correct offsets of patch ncurses-6.3.dif

==== openssl-1_1 ====
Subpackages: libopenssl1_1

- Added openssl-1_1-use-include-directive.patch so that the default
  /etc/ssl/openssl.cnf file will include any configuration files that
  other packages might place into /etc/ssl/engines.d/ and
  /etc/ssl/engdef.d/ This is a fix for bsc#1004463 where scripting was
  being used to modify the openssl.cnf file. The scripting would fail
  if either the default openssl.cnf file, or the sample openssl-ibmca
  configuration file would be changed by upstream.
- Updated spec file to create the two new necessary directores for
  the above patch.

==== p11-kit ====
Subpackages: libp11-kit0 p11-kit-tools

- Enable systemd support

==== pam ====
Subpackages: pam_unix

- Drop pam_umask-usergroups-login_defs.patch, does more harm
  than helps. If not explizit specified as module option, we
  use UMASK from login.defs unmodified.

==== pango ====
Version update (1.48.10 -> 1.50.1)

- Update to version 1.50.1:
  + Fix a crash in tab handling.
  + Fix tab positioning without line wrapping.
  + Fix an assertion failure found by fuzzing.
  + Make underlines work again for broken fonts.
- Update to version 1.50.0:
  + Fix glyph placement in gravity east
  + Fix line heights in improper gravities
  + Only shown selected ignorables with nicks
  + Support tab alignments other than left
  + Support custom decimal points on decimal tabs
  + Fix a pango-view crash
  + Optimize handling of many tabs
  + Drop json-glib dependency
- Drop pkgconfig(json-glib-1.0) BuildRequires, no longer needed.
- Update to version 1.49.4:
  + Require fontconfig 2.13
  + Require harfbuzz 2.6
  + Many fixes to line breaking accuracy
  + coretext: Correctly clamp text weights at min/max values
  + Add serialization api for PangoLayout, PangoFont and
    PangoAttrList
  + Require json-glib
  + tests:
  - Use serialized layouts for test cases
  - Include fonts in git
  + pango-view: Accept serialized layouts
  + Fix a rounding problem with font metrics
  + Fix visible space display using ?
- Changes from version 1.49.3:
  + Fix hinting of glyph metrics
  + Fix logical glyph extents in vertical gravities
  + Visualize more default-ignorable glyphs
  + Fix advance widths in transformed contexts
  + Implement Small Caps and other casing variations
- Changes from version 1.49.2:
  + Update Unicode data to Unicode 14
  + Fix underlining of spaces
  + Round font metrics when appropriate
  + Fix some corner cases of cursor positioning
  + Handle Catalan middle-dot in text segmentation
- Changes from version 1.49.1:
  + Only recompute log attrs when needed
  + Validate log attrs
  + Fix conformance issues in Thai and Indic linebreaking
  + Add pango_attr_break to support customizing line and word
    breaks
  + Add font-dependent baseline shifts and sizing for super- and
    subscripts
  + Improve hyphenation support
  + pango-view:
  - Visualize caret positions and slopes
  - Show glyph rects
  - Make --annotate easier to use
  + Add pango_layout_get_caret_pos to support sloped carets
  + Improve caret positioning for ligatures
  + Better under- and overline placement
  + layout:
  - Allocate a bit less
  - Fix cluster extents with rise
  + Add pango_layout_iter_get_run_baseline
  + Add pango_glyph_string_index_to_x_full
  + coretext: Set size on font descriptions
  + Add color information to PangoGlyphVisAttr
- Changes from version 1.49.0:
  + Require fribidi 1.0.6
  + Fix threadsafety issues with Thai
  + Fix a rounding problem on i386
  + Fix font choice for ellipsis
  + New api:
  - pango_font_get_languages
  - Introspection helpers for attributes
  + Ignore width in horizontal context when itemizing
  + markup:
  - Allow specifying size and rise in points
  - Allow specifying size as percentage
  + Rewrite pango_layout_move_cursor_visually
  + Add a line-height attribute and make logical line extents
    respect it
  + Add pango_justify_last_line
  + Add pango_shape_item
  + Add a text-transform attribute and implement it
  + Clean up fribidi api usage
  + Fix a bug in the gravity data table
  + pango-view: Improve the --annotate option
  + Fix a possible crash in rendering strikethroughs
- Add pkgconfig(json-glib-1.0) BuildRequires, new dependency.

==== patterns-base ====
Subpackages: patterns-base-apparmor patterns-base-bootloader patterns-base-minimal_base

- Drop low-memory-monitor: It's not enabled by default, not used by
  any of the default applications and would conflict with other
  installed OOM handling daemons like earlyoom or oomd
- Run pre_checkin.sh
- base: favour psmisc over busybox-psmisc or other equivalents
- enhanced_base: Recommend low-memory-monitor an early boot daemon
  to monitor memory pressure and react to low memory.
- Run pre_checkin.sh to sync 32-bit patterns.

==== python-SQLAlchemy ====
Version update (1.4.26 -> 1.4.27)

- update to 1.4.27:
  Bugfixes
  * see https://docs.sqlalchemy.org/en/14/changelog/changelog_14.html#change-1.4.27

==== qemu ====

- Reinstate Lin Ma's fixes for bsc#1192147 as they were
  submitted only to IBS.
  * Patches added:
  hw-acpi-ich9-Add-compat-prop-to-keep-HPC.patch
  hw-i386-acpi-build-Deny-control-on-PCIe-.patch
  pcie-rename-native-hotplug-to-x-native-h.patch
- Rename the Guest Agent service qemu-guest-agent, like in other
  distros (and upstream). bsc#1185543
- disable QOM cast debug outside the testsuite as the corresponding
  asserts show up occassionally as top #1 in perf(1) traces under
  heavy virtio load
- enable LTO when we'd like to use LTO

==== runc ====
Version update (1.0.3 -> 1.1.0~rc1)

- Update to runc v1.1.0~rc1. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1.
  + Add support for RDMA cgroup added in Linux 4.11.
  * runc exec now produces exit code of 255 when the exec failed.
    This may help in distinguishing between runc exec failures
    (such as invalid options, non-running container or non-existent
    binary etc.) and failures of the command being executed.
  + runc run: new --keep option to skip removal exited containers artefacts.
    This might be useful to check the state (e.g. of cgroup controllers) after
    the container has?exited.
  + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD
    (the latter is just an alias for SCMP_ACT_KILL).
  + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows
    users to create sophisticated seccomp filters where syscalls can be
    efficiently emulated by privileged processes on the host.
  + checkpoint/restore: add an option (--lsm-mount-context) to set
    a different LSM mount context on restore.
  + intelrdt: support ClosID parameter.
  + runc exec --cgroup: an option to specify a (non-top) in-container cgroup
    to use for the process being executed.
  + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1
    machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc
    run/exec now adds the container to the appropriate cgroup under it).
  + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s
    behaviour.
  + mounts: add support for bind-mounts which are inaccessible after switching
    the user namespace. Note that this does not permit the container any
    additional access to the host filesystem, it simply allows containers to
    have bind-mounts configured for paths the user can access but have
    restrictive access control settings for other users.
  + Add support for recursive mount attributes using mount_setattr(2). These
    have the same names as the proposed mount(8) options -- just prepend r
    to the option name (such as rro).
  + Add runc features subcommand to allow runc users to detect what features
    runc has been built with. This includes critical information such as
    supported mount flags, hook names, and so on. Note that the output of this
    command is subject to change and will not be considered stable until runc
    1.2 at the earliest. The runtime-spec specification for this feature is
    being developed in opencontainers/runtime-spec#1130.
  * system: improve performance of /proc/$pid/stat parsing.
  * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change
    the ownership of certain cgroup control files (as per
    /sys/kernel/cgroup/delegate) to allow for proper deferral to the container
    process.
  * runc checkpoint/restore: fixed for containers with an external bind mount
    which destination is a symlink.
  * cgroup: improve openat2 handling for cgroup directory handle hardening.
    runc delete -f now succeeds (rather than timing out) on a paused
    container.
  * runc run/start/exec now refuses a frozen cgroup (paused container in case of
    exec). Users can disable this using --ignore-paused.
- Update version data embedded in binary to correctly include the git commit of
  the release.
- Drop runc-rpmlintrc because we don't have runc-test anymore.

==== shadow ====
Subpackages: login_defs

- Really enable USERGROUPS_ENAB [bsc#1189139].
  Did go lost during merges.

==== util-linux ====
Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1

- The legacy code does not support /etc/login.defs.d used by YaST.
  Enable libeconf to read it (bsc#1192954) on released products.

==== util-linux-systemd ====

- The legacy code does not support /etc/login.defs.d used by YaST.
  Enable libeconf to read it (bsc#1192954) on released products.

==== wireless-regdb ====
Version update (20210828 -> 20211209)

- Update to version 20211209:
  * wireless-regdb: Raise DFS TX power limit to 250 mW (24 dBm) for the US

==== xen ====

- bsc#1193307 - pci backend does not exist when attach a vf to a pv
  guest
  libxl-PCI-defer-backend-wait.patch

==== xfsprogs ====
Version update (5.14.0 -> 5.14.2)

- update to 5.14.2:
  - libxfs: move rogue fallthrough macro out of linux.h
  - libxfs: fix atomic64_t for 32-bit architectures
  - libfrog: fix crc32c self test code on cross builds

==== xxhash ====
Version update (0.8.0 -> 0.8.1)

- update to 0.8.1:
  * perf : much improved performance for XXH3 streaming variants, notably on
    gcc and msvc
  * perf : improved XXH64 speed and latency on small inputs
  * perf : small XXH32 speed and latency improvement on small inputs of random
    size
  * perf : minor stack usage improvement for XXH32 and XXH64
  * api  : new experimental variants XXH3_*_withSecretandSeed()
  * api  : update XXH3_generateSecret(), can no generate secret of any size (>=
    XXH3_SECRET_SIZE_MIN)
  * cli  : xxhsum can now generate and check XXH3 checksums, using command `-H3`
  * build: can build xxhash without XXH3, with new build macro XXH_NO_XXH3
  * build: fix xxh_x86dispatch build with MSVC, by @apankrat
  * build: XXH_INLINE_ALL can always be used safely, even after XXH_NAMESPACE
    or a previous XXH_INLINE_ALL
  * build: improved PPC64LE vector support
  * install: fix pkgconfig
  * install: compatibility with Haiku
  * doc  : code comments made compatible with doxygen
  * misc : XXH_ACCEPT_NULL_INPUT_POINTER is no longer necessary, all functions
    can accept NULL input pointers, as long as size == 0
  * misc : complete refactor of CI tests on Github Actions, offering much
    larger coverage
  * misc : xxhsum code base split into multiple specialized units, within
    directory cli/
- add 836f4e735cf368542f14005e41d2f84ec29dfd60.patch (fix manpage installation)

==== yast2 ====
Version update (4.4.27 -> 4.4.30)

- Fixed RelURL to work properly with the FTP URLs (related to
  jsc#SLE-22669)
- 4.4.30
- Fixed RelURL unit test randomly crashing (related to
  jsc#SLE-22669)
- 4.4.29
- Added RelURL class for working with relative URLs ("relurl://")
  (jsc#SLE-22669)
- 4.4.28