Packages changed:
  avahi
  ca-certificates-mozilla (2.44 -> 2.46)
  dracut (051+suse.85.g04886430 -> 052+suse.93.g7bfaa6d9)
  drpm
  ell (0.36 -> 0.38)
  filesystem
  fwupd (1.5.3 -> 1.5.6)
  gnome-desktop (3.38.3 -> 3.38.4)
  gtk3 (3.24.24 -> 3.24.25)
  ipset (7.10 -> 7.11)
  kmod
  ldacBT
  libaio (0.3.112 -> 0.3.112+29.696a5e6483ba)
  libnettle (3.7 -> 3.7.1)
  libpcap (1.9.1 -> 1.10.0)
  libqt5-qtwebengine
  llvm11
  mpg123
  pam
  patterns-base
  pcre
  pipewire
  python-py (1.9.0 -> 1.10.0)
  supportutils
  systemd
  tar (1.33 -> 1.34)
  util-linux (2.36.1 -> 2.36.2)
  util-linux-systemd (2.36.1 -> 2.36.2)
  vim
  webkit2gtk3
  xkeyboard-config (2.31 -> 2.32)
  xmlsec1

=== Details ===

==== avahi ====
Subpackages: libavahi-client3 libavahi-common3 libavahi-core7

- Update avahi-daemon-check-dns.sh from Debian. Our previous
  version relied on ifconfig, route, and init.d.
- Rebase avahi-daemon-check-dns-suse.patch, and drop privileges
  when invoking avahi-daemon-check-dns.sh (boo#1180827
  CVE-2021-26720).
- Add sudo to requires: used to drop privileges.

==== ca-certificates-mozilla ====
Version update (2.44 -> 2.46)

- Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994)
- Added new root CAs:
  - NAVER Global Root Certification Authority
- Removed old root CA:
  - GeoTrust Global CA
  - GeoTrust Primary Certification Authority
  - GeoTrust Primary Certification Authority - G3
  - GeoTrust Universal CA
  - GeoTrust Universal CA 2
  - thawte Primary Root CA
  - thawte Primary Root CA - G2
  - thawte Primary Root CA - G3
  - VeriSign Class 3 Public Primary Certification Authority - G4
  - VeriSign Class 3 Public Primary Certification Authority - G5

==== dracut ====
Version update (051+suse.85.g04886430 -> 052+suse.93.g7bfaa6d9)
Subpackages: dracut-ima

- Update to version 052+suse.93.g7bfaa6d9:
  * fix(dbus-daemon): make sure that dbus.socket is stopped before switch root (bsc#1181167)
- Update to version 052+suse.91.gb30dce3c:
  * chore: update suse/dracut.spec
- Update to version 052+suse.88.gc78b4ac8:
  * fix(i18n): get rid of `eval` calls
  * fix(i18n): create the keyboard symlinks again
  * docs: update NEWS.md and AUTHORS
  * chore: add `CONTRIBUTORS` target to Makefile
  * fix: shellcheck across multipl emodules
  * docs: fix dracut.cmdline.7
  * fix: update dbus module directory in spec file
  * fix: add sdaskpw and sdsyctl to spec file
  * fix: cosmetic comment fixes
  * feat(systemd-ask-password): introducing systemd-ask-password module
  * Revert "nbd: use systemd-run to start nbd-client"
  * dmsquash-live-root: squashfs in bare device
  * feat(systemd-sysctl): introducing systemd-sysctl module
  * fix: adding missing efi paths
  * fix: correct the squash quirk
  * feat(systemd-modules-load): introducing systemd-modules-load module
  * fix(shutdown): add timeout to umount calls
  * fix: revise all module checks
  * fix: add missing line continuation
  * fix: BuildRequiring git-core is enough in dracut.spec
  * fix(kernel-modules): add reset controllers for arm
  * 35network-legacy: discard pointless RTNETLINK message
  * fix(plymouth): install binaries with dependencies
  * fix: correct the line continuation
  * fix(dbus-daemon): use uid/gid from sysroot is dracutsysrootdir is set
  * fix(network-manager): allow override network manager version
  * feat(dracut.sh): allow overriding the systemctl command for sysroot
  * fix: use find_binary
  * fix(dracut.sh): don't override path with foreign sysroot
  * fix: quote globbing in module-setup.sh for inst_multiple
  * fix(dracut-install): allow globbing for multiple sources
  * Fix bad ls parsing
  * fix: move ldconfig after library workaround
  * feat(kernel-modules): add driver memory
  * feat(systemd-repart): introducing systemd-repart module
  * feat(dbus-daemon): introducing the dbus-daemon module
  * feat(dbus-broker): introducing the dbus-broker module
  * feat(dbus): introducing a meta module for dbus
  * fix(network-legacy): silent check for leaseinfo
  * 95nfs: fix rpc.statd installation
  * fix: do not set cmdline for uefi images unless asked
  * feat(network-legacy): send dhcp in parallel on all devices
  * fix(mdraid): remove offroot
  * fix(mdraid): add grow continue service
  * fix(spec): add new systemd-coredump module to spec
  * fix(watchdog): replace return with echo
  * feat(systemd-coredump): introducing systemd-coredump module
  * prepare usrmerge (boo#1029961)
  * test: incr. disk size for TEST 35 ISCSI-MULTI
  * fix(skipcpio): edit skipcpio.c: strstr -> memmem
  * fix(1007): adding shared keyring mode to type unit
  * feat(systemd-sysusers): introducing systemd-sysuser module
  * feat(systemd-sysusers): introducing systemd-sysuser module
  * fix(1001): use efivars fs over the deprecated sysfs entries
  * fix(kernel-network-modules): also install modules from mdio subdirectory
  * fix(06dbus): do not hardcode path to dbus utils
  * fix(06dbus): do not hardcode path to systemd unit
  * fix(dracut-init.sh): make inst_libdir_file work with dracutsysrootdir set
  * fix(99squash): use kernel config instead of modprobe to check modules
  * fix(dracut-functions.sh): check kernel config from $dracutsysrootdir
  * fix(90kernel-modules): install generic crypto modules with hostonly unset
  * feat: add addional global variables
  * fix: add a missing efi support
  * chore(removal): eliminate bootchart module
  * feat: add addional global variables
  * feat(cli): add --no-uefi option
  * chore(github): add CODEOWNERS file
  * chore(cleanup): remove logrotate file
  * fix(35network-manager): avoid restarting NetworkManager
  * chore: Add configuration for vim
  * chore: Add editorconfig
  * chore: Editors
  * test(conventional): add Conventional Commits PR github action
  * docs(development): add HACKING.md

==== drpm ====

- skip valgrind checking on aarch64 (bsc#1182493)

==== ell ====
Version update (0.36 -> 0.38)

- Update to release 0.38 :
  * Fix issue with DHCP v6 Rapid Commit option check.
  * Fix issue with handling RFC8018/RFC1423 padding.
  * Fix issue with D-Bus filter messages with no interfaces set.
  * Add support for PKCS#12 certification loading.

==== filesystem ====

- Add Ukrainian to the list of localized man directories.

==== fwupd ====
Version update (1.5.3 -> 1.5.6)
Subpackages: libfwupd2 libfwupdplugin1 typelib-1_0-Fwupd-2_0

- Update to 1.5.6:
  New features:
  * Add SBAT metadata to the fwupd EFI binary
  * Add support for GD32VF103 as found in the Longan Nano
  * Add support for RMI PS2 devices
  * Add support for the System76 Keyboard
  * Allow downloading firmware from IPFS
  * Install the UX data into a single .tar.xz file
  * Add a plugin to update PixArt RF devices
  * Add new hardware to use the elantp and rts54hid plugins
  * Allow specifying more than one VendorID for a device
  * Detect the AMD TSME encryption state for HSI-4
  * Detect the AMI PK test key is not installed for HSI-1
  * Add Maple Ridge Thunderbolt firmware parsing support
  * Add --no-remote-check to ignore checking for download remotes
  * Allow creating FMAP and Synaptics firmware using builder.xml
  Fixes:
  * Add support for the Starlabs LabTop L4
  * Allow using an external ESP again
  * Ask the user to reboot when required if downgrading
  * Be more paranoid when parsing ASCII buffers and devices
  * Check if the fwupd BootXXXX entry exists on failure
  * Clear the pending flag if restarting the system
  * Do not allow flashing using flashrom if BLE is enabled
  * Do not allow Lenovo hardware to install multiple capsules
  * Do not parse the OptionROM image
  * Do not show Unknown [***] for every client connection
  * Fix dnload wBlockNum wraparound for ST devices
  * Fix OOM when using large ArchiveSizeMax values
  * Fix several crashes spotted by AddressSanitizer
  * Fix several places where the Goodix MOC plugin could crash
  * Include the PCR0 to the report metadata
  * Report the lockdown status from UEFI and SuperIO plugins
  * Show a console warning if the system clock is not set
  * Fix flashing a fingerprint reader that is in use
  * Fix several critical warnings when parsing invalid firmware
  * Fix updating DFU devices that use DNLOAD_BUSY
  * Ignore the legacy UEFI OVMF dummy GUID
  * Make libfwupd more thread safe to fix a crash in gnome-software
  * Never show unprintable chars from invalid firmware in the logs
  * Allow using fwupdtool as non-root for firmware commands
  * Do not trust the Block.HintSystem boolean for ESP filtering
  * Fix a memory leak when parsing Synaptics firmware
  * Fix a possible crash when reading the Goodix MOC USB request
  * Fix crashes when parsing invalid FMAP, DMC, Solokey and Synaptics images
- Deprecate fwupd-bsc1179790-disable-hintsystem.patch

==== gnome-desktop ====
Version update (3.38.3 -> 3.38.4)
Subpackages: gnome-version libgnome-desktop-3-19 libgnome-desktop-3_0-common typelib-1_0-GnomeDesktop-3_0

- Update to version 3.38.4:
  + Updated translations.

==== gtk3 ====
Version update (3.24.24 -> 3.24.25)
Subpackages: gtk3-data gtk3-schema gtk3-tools libgtk-3-0 typelib-1_0-Gtk-3_0

- Update to version 3.24.25:
  + Settings: Make cursor aspect ratio setting work.
  + Broadway:
  - Fix touchscreen event handling.
  - Support Android / Chrome on-screen keyboard.
  + Wayland:
  - Avoid crashes with tablet input.
  - Add api to support clients with subsurfaces better.
  + Inspector: Make the inspector available in non-debug builds.
  + Theme:
  - Make scrollbars larger.
  - Disable shadows on maximized, fullscreen and tiled windows.
  + Printing: Support Avahi-discovered printers better.
  + Input:
  - Show preedit for compose sequences.
  - Support long compose sequences.
  - Support compose sequences producing multiple characters.
  + Updated translations.

==== ipset ====
Version update (7.10 -> 7.11)
Subpackages: libipset13

- Update to release 7.11
  * Argument parsing buffer overflow in ipset_parse_argv fixed

==== kmod ====
Subpackages: libkmod2

- Fix grub's requoted kernel parameters (bsc#1181111)
  * 0001-libkmod-config-revamp-kcmdline-parsing-into-a-state-.patch
  * 0002-libkmod-config-re-quote-option-from-kernel-cmdline.patch

==== ldacBT ====

- Exclude building in big-endian architectures (s390 s390x ppc64)
  since ldacBT requires a little-endian cpu to build.

==== libaio ====
Version update (0.3.112 -> 0.3.112+29.696a5e6483ba)

- Update to version libaio0.3.112+29.696a5e6483ba:
  * Fix test issue with gcc-11 (bsc#1181869)
  * harness: Skip the test if io_pgetevents() is not implemented
  * harness: Print better error messages on error conditions in 22.t
  * harness: Fix PROT_WRITE mmap check
  * harness: fix read into PROT_WRITE mmap test
  * harness: skip 22.p if async_poll isn't supported
  * harness: Handle -ENOTSUP from io_submit() with RWF_NOWAIT
  * harness: Add fallback code for filesystems not supporting O_DIRECT
  * harness: add support for skipping tests
  * harness: Make the test exit with a code matching the pass/fail state

==== libnettle ====
Version update (3.7 -> 3.7.1)
Subpackages: libhogweed6 libnettle8

- GNU Nettle 3.7.1:
  * Fix bug in chacha counter update logic (ppc64 and ppc64el)
  * Restore support for big-endian ARM platforms
  * Fix corner case bug in ECDSA verify, it would produce incorrect
    result in the unlikely case of an all-zero message hash
  * Support for pbkdf2_hmac_sha384 and pbkdf2_hmac_sha512
  * Remove poorly performing ARM Neon code for doing single-block
    Salsa20 and Chacha

==== libpcap ====
Version update (1.9.1 -> 1.10.0)

- Update to 1.10.0
  * Require, and assume, some level of C99 support in the C compiler
  * Add support for capturing on DPDK devices
  * rpcap: support rpcap-over-TLS
  * Fix some memory leaks, including in pcap_compile()
  * Linux: handle systems without AF_INET or AF_UNIX socket support
  * Catch invalid IPv4 addresses in filters
  * Show special Linux BPF offsets symbolically in bpf_image()
    and bpf_dump()
  * Linux: get rid of Wireless Extensions for turning monitor mode on
  * Linux: proper memory sync for PACKET_MMAP
  * Linux: drop support for libnl 1 and 2.
  * Linux: Require PF_PACKET support, and kernel 2.6.27 or later
  * Add DLT_LINUX_SLL2
  * Add a new filter "ifindex" for DLT_LINUX_SLL2 files and live
    Linux captures
  * optimizer: add a hack to try to catch certain optimizer loops
  * Probe CONFIGURATION descriptor of connected USB devices
  * Linux: return error on interface going away, but not if it just
    went down
  * Linux: set socket protocol only after packet ring configured,
    reducing bogus packet drop reports
  * Linux: get ifdrop stats from sysfs.
  * Fix various security issues reported by Charles Smith at
    Tangible Security
  * Fix various security issues reported by Include Security
  * rpcapd: on UN*X, don't tell the client why authentication failed
  * Linux: when adjusting BPF programs, do not subtract the
    SLL[2]_HDR_LEN if the location is negative (special
    metadata offset)
  * Linux: with a timeout of zero, wait indefinitely
  * Linux: clean up support for some non-GNU libc C libraries
  * Increase the maximum snaplen for LINKTYPE_USBPCAP/DLT_USBPCAP
  * Fix handling of some ioctls that fail with "permission denied"
    even when the ioctl isn't supported at all
  * Added support for ICMPv6 types 1-4 as tokens in filters
  * Report the DLT description in error messages
  * Linux: Add support for DSA data link types
  * Linux USB: use the snapshot length to set the buffer size,
    and set the len field to reflect the length in the URB
  * rpcapd: allow rpcapd to rebind more rapidly
  * Add Haiku pcap implementation
  * rpcap: redo protocol version negotiation to avoid problems
    with old servers (it still works with servers using the old
    negotiation, as well as servers not supporting negotiation)
  * Remove (unused) SITA support here.
  * Correctly handle pcapng captures with more than one IDB with a
    snspshot length greater than the supported maximum
- Remove libpcap-no-old-socket.patch
- Rebase libpcap-1.0.0-s390.patch

==== libqt5-qtwebengine ====

- Add patch to fix sandbox with glibc 2.33 on 32bit:
  * sandbox-statx-futex_time64.patch
- Relax constraints for armv6 and armv7

==== llvm11 ====

- Don't use gold and ThinLTO on ppc64le because of boo#1181621.
- Fix-missing-include.patch: fix build with GCC 11. (boo#1181875)
- CMake-Look-up-target-subcomponents-in-LLVM_AVAILABLE_LIBS.patch:
  Fix target component lookup. (boo#1180748)

==== mpg123 ====

- Avoid unconditional Supplements

==== pam ====

- Add missing conflicts for pam_unix-nis
- Split out pam_unix module and build without NIS support

==== patterns-base ====
Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11

- Don't pull in update_test pattern from sw_management
- Move aaa_base-malloccheck from update_test to base

==== pcre ====

- package testsuite in a separate RPM (boo#1182235)

==== pipewire ====
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-modules pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools

- ldacBT only builds on little endian architectures, so we can't
  buildrequire it on big endian systems like s390, s390x or ppc64.

==== python-py ====
Version update (1.9.0 -> 1.10.0)

- Update to 1.10.0
  * Fix a regular expression DoS vulnerability in the py.path.svnwc
    SVN blame functionality (CVE-2020-29651)
- Devendor apipkg and iniconfig
- Add pr_222.patch to activate test suite

==== supportutils ====

- Additions to version 3.1.14
  + [powerpc] Collect logs for power specific components (HNV) #88 (bsc#1181911)
  + Updated pam.txt documentation explaining GDPR
  + ha.txt: Fix pacemaker.log location for SLE15 #90
  + supportconfig: use readlink /proc/<pid>/cwd to get cwd list instead of lsof #91
  + supportconfig: sssd_info consistency #93
  + Includes NVMe information with OPTION_NVME=1 in nvme.txt (bsc#1176370, SLE-15932)
- No longer truncates boot log (bsc#1181610)
- Require the awk, which and sed commands instead of packages to
  allow alternate implementations on embedded/Edge systems
- Additions to version 3.1.13
  + Added update-alternatives to etc.txt #82
  + Collects rotated logs with different compression types (bsc#1180478)
  + Added GPL-2.0-only license tag to spec file
- Additions to version 3.1.12
  + btrfs_info: add -pce argument to qgroup show #80
  + docker: add /etc/docker/daemon.json contents #81
- Additions to version 3.1.12
  + Capture IBM Power bootlist (SLE-15557)
  + Fix spelling typos in man pages #78
  + Collect multipath wwids file #77
  + Removed unnecessary appname parameter from HTTP upload URL
  + added aa-status #74
- Additions to version 3.1.12
  + [powerpc] Collect logs for power specific components #72 (bscn#1176895)
  + supportconfig: fs-btrfs: Add "btrfs device stats" output #73
- Additions to version 3.1.11
  + Changes affecting supportconfig
  - disk_info: Show discard information in lsblk #70
  - memory_info: Show VMware memory balloon infomation #71
- Addition to version 3.1.10
  + Changes affecting analyzevmcore
  - Fixed typo in error message #67
  + Changes affecting supportconfig
  - Fixed btrfs errors (bsc#1168894)
  - Large ntp.txt with binary data (bsc#1169122)
  - Check btrfs balance status #69
- Addition to version 3.1.9
  + Changes affecting getappcore
  - Added core file validation (bsc#1166126)
  - Added -j <PID> to extract core from systemd journal
  - Capture coredumptctl info in getappcore.log
  + Changed filename prefixes from nts_ to scc_ (SLE-8702, SLE-6762)
  - The new prefix references SUSE Customer Center
- Addition to version 3.1.8
  + Changes affecting getappcore
  - Added -u for HTTPS and -f for FTPES uploads to SUSE FTP servers
  - Replaced Novell with SUSE FTP servers (bsc#1165475)
  - Uses /etc/getappcore.conf if present
  + Changes affecting supportconfig
  - Added missed Power collection per bsc#1162539
  - Added zypper patterns output to updates.txt #66
- Addition to version 3.1.7
  + exclude /proc/pagetypeinfo as it can be an expensive operation on some systems (bsc#1162357)
  + Readded LPM/DLPAR data for Power (bsc#1162539)
- Addition to version 3.1.6
  + Strip trailing commas from process names #64 (bsc#1156837)
  + Dynamically select compression method (bsc#1145233)
  + Updated detailed unit information fix in systemd.txt (bsc#1023308)
  + Fixed supportconig.conf man page with order placement
  + Include IPv6 routes (bsc#1089877)
- Updated to version 3.1.5
  + Removed root .snapshots directory from full file list (bsc#1154482)
- Updated to version 3.1.4
  + Removed LPM/DLPAR data for POWER (bsc#1111029)
  + prevent running 'systool -vb memory' by default on systems with 16TB or more #57 (bsc#1127734)
  + Tumbleweed support #50
  + Added zypper orphaned packages check to updates.txt
  + Cpuset listing #52
  + Docker disunite #53
  + Added sed and gawk to spec requirements (bsc#1137336)
  + Added nstat to network
  + Add collection of livepatch information #63
  + Check for missing ldap.conf file
- Updated to version 3.1.3
  + Uses SUSE FTP servers (bsc#1132865)
  + btrfs quota #43
  + supportconfig: open-files: add file flags #44
  + Merged etc_info: Add support for .cfg files in /etc dir #46
  + Silence warning in rpm backup db collection path #47
  + Set files in tarball to 660 instead of 600 #48
  + SUSE separation finalized (bsc#1125623)
  + Default compression through xz, but -z forces bzip2
  + Updated man pages (bsc#1088234)
  + Changed VAR_OPTION_BIN_TIMEOUT_SEC from 300 to 120
  + Avoids some IO delays (bsc#1100529)
  + Corrected supported services help info for -U
  + Collects iSCSI Target information (bsc#1133844)
  + FTPES uses --ssl-reqd instead of depricated --ftp-ssl
  + Defaults to https FTP server uploads (bsc#1134599)
- Updated to version 3.1.2
  + Fixed missing sapconf and log (bsc#1081326)
  + Added timed_log_cmd to hwinfo and showmount commands (bsc#1120967)
- Updated to version 3.1.1
  + Fixed X missing /prob/fb error (bsc#1127069)
  + Fixed dasdview -f (bsc#1109664)
  + Clarified -t help description (bsc#1121043)
  + Fixed grep error in NTP when /etc/cron.d is empty (bsc#1127063)
  + Collects systemd journal with minimum install (bsc#1094225)
  + Supportconfig fails on bzip archives (bsc#1120049)
  + Get few drbd output & configuration #42
- Corrected missed SUSE separation lines
- Fixed invalid exit code commands (bsc#1125666)
- CVE-2018-19640: supportutils: Users can kill arbitrary processes
  (CVE-2018-19640 bsc#1118463)
- User can overwrite arbitrary log files in support tar
  (CVE-2018-19638 bsc#1118460)
- Code execution if run with -v
  (CVE-2018-19639 bsc#1118462)
- Static temporary filename allows overwriting of files
  (CVE-2018-19637 bsc#1117776)
- Included additional SUSE separation (bsc#1125609)
- Merged added listing of locked packes by zypper #41
- Corrected spec file errors
- Added firewall-cmd info
- btrfs filesystem usage
- Add ls -lA --time-style=long-iso /etc/products.d/
- Dump lsof errors
- Added corosync status to ha_info
- Clarified -x functionality in supportconfig(8) (bsc#1115245)
- Dump find errors in ib_info
- Exclude pam.txt per GDPR by default (bsc#1112461)
- udev service and journal content (bsc#1051797)
- supportconfig collects tuned profile settings (bsc#1071545)
- sfdisk -d no disk device specified (bsc#1043311)
- Added vulnerabilites check in basic-health.txt (bsc#1105849)
- Added backup rpm database directory
- Updated URLs in documentation
- Added only sched_domain from cpu0
- Blacklist sched_domain from proc.txt (bsc#1046681)
- Use %license instead of %doc [bsc#1082318]
- Accounts for firewalld now (bsc#1079137)
- Added dmesg taint seach
- Removed mii-tool from networking
- Updated HA to use chrony
- Added kdumptool calibrate to crash.txt
- Removed SLES_VER case for sles8,9 and 10
- Added tuned feature OPTION_TUNED tuned.txt (bsc#1071545)
- Fixed udev service
- Fixed no disk device with sfdisk (bsc#1078638)
- Removed OPTION_SAM from man pages and resource file
- Validated missing commands
- Updated apparmor with systemctl service
- Replaced deprecated networking commands (bsc#1078318)
- Removed sam_info since suse_sam is no longer available
- Assigned SLE15 to SLES_VER selections (bsc#1078168)
- Includes X without display issue (bsc#1077813)
- Fixes for Infiniband (bsc#1071294)
- Using chrony for NTP (bsc#1077818)
- Added os-release processing (bsc#1077758)
- Removed invalid string tty string (bsc#1077681)
- Added SLE15 taint values (bsc#1077683)
- Added transactional update with OPTION_TRANSACTIONAL=1
- Updated supportconfig.conf.5 with OPTION_TRANSACTIONAL
- Fixed docker package detection (bsc#1069457)
- Replaced route with ip route (bsc#1070379)
- Added systemd-delta to systemd.txt (bsc#1071924)
- Changed repos -u to repos -d (bsc#1071926)
- Added rdma-core for infiniband (bsc#1071294)

==== systemd ====
Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev

- Add 0001-conf-parser-introduce-early-drop-ins.patch
  Introduce early configuration drop-in file. This type of drop-ins
  are reserved for vendor own purposes only and should never been used
  by users. It might be removed in the future without any notice.
- Drop use of %systemd_postun in %postun
  This macro is supposed to operate on units but it was used without
  passing any parameters. This call was probably used for issuing a
  daemon-reload but the following calls to
  %systemd_postun_with_restart imply that already. So let's simply
  drop it.

==== tar ====
Version update (1.33 -> 1.34)

- GNU tar 1.34:
  * Fix extraction over pipe
  * Fix memory leak in read_header
  * Fix extraction when . and .. are unreadable
  * Gracefully handle duplicate symlinks when extracting
  * Re-initialize supplementary groups when switching to user
    privileges

==== util-linux ====
Version update (2.36.1 -> 2.36.2)
Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1

- Update to version 2.36.2:
  * agetty: tty eol defaults to REPRINT
  * fsck.cramfs: fix fsck.cramfs crashes on blocksizes > 4K
  * lib/caputils: add fall back for last cap using prctl.
  * lib/signames: change license to public domain
  * libfdisk:
  * (dos) fix last possible sector calculation
  * (script) ignore empty values for start and size
  * ignore 33553920 byte optimal I/O size
  * libmount:
  * add vboxsf, virtiofs to pseudo filesystems
  * do not canonicalize ZFS source dataset
  * don't use "symfollow" for helpers on user mounts (boo#1181750,
    obsoletes util-linux-libmount-dont-use-symfollow.patch)
  * fix /{etc,proc}/filesystems use
  * login: use full tty path for PAM_TTY
  * lsblk: read SCSI_IDENT_SERIAL also from udev
  * rfkill: stop execution when rfkill device cannot be opened
  * setpriv: allow using [-+]all for capabilities.
  * su: use full tty path for PAM_TTY
  * switch_root: check if mount point to move even exists
  * umount:
  * ignore --no-canonicalize,-c for non-root users
  * Show the 'r' option in the help menu
  * Code cleanups and documentation improvements.
  * Translation updates.

==== util-linux-systemd ====
Version update (2.36.1 -> 2.36.2)

- Update to version 2.36.2:
  * agetty: tty eol defaults to REPRINT
  * fsck.cramfs: fix fsck.cramfs crashes on blocksizes > 4K
  * lib/caputils: add fall back for last cap using prctl.
  * lib/signames: change license to public domain
  * libfdisk:
  * (dos) fix last possible sector calculation
  * (script) ignore empty values for start and size
  * ignore 33553920 byte optimal I/O size
  * libmount:
  * add vboxsf, virtiofs to pseudo filesystems
  * do not canonicalize ZFS source dataset
  * don't use "symfollow" for helpers on user mounts (boo#1181750,
    obsoletes util-linux-libmount-dont-use-symfollow.patch)
  * fix /{etc,proc}/filesystems use
  * login: use full tty path for PAM_TTY
  * lsblk: read SCSI_IDENT_SERIAL also from udev
  * rfkill: stop execution when rfkill device cannot be opened
  * setpriv: allow using [-+]all for capabilities.
  * su: use full tty path for PAM_TTY
  * switch_root: check if mount point to move even exists
  * umount:
  * ignore --no-canonicalize,-c for non-root users
  * Show the 'r' option in the help menu
  * Code cleanups and documentation improvements.
  * Translation updates.

==== vim ====
Subpackages: vim-data-common vim-small

- source correct suse.vimrc file (boo#1182324)

==== webkit2gtk3 ====
Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles

- Update _constraints for armv6/armv7

==== xkeyboard-config ====
Version update (2.31 -> 2.32)

- Update to version 2.32
  * latest bugfix release

==== xmlsec1 ====
Subpackages: libxmlsec1-1 libxmlsec1-openssl1

- Relax the crypto policies for the test-suite. This allows the
  tests using certificates with small key lengths to pass.