Packages changed:
  aaa_base (84.87+git20210317.2c04190 -> 84.87+git20210601.8cb043f)
  alsa (1.2.4 -> 1.2.5)
  alsa-plugins (1.2.2 -> 1.2.5)
  boost-base
  chrony (3.5.1 -> 4.1)
  cups-filters (1.27.2 -> 1.28.8)
  curl (7.76.1 -> 7.77.0)
  gnutls (3.7.1 -> 3.7.2)
  gupnp (1.2.4 -> 1.2.6)
  kmod (28 -> 29)
  libX11
  libcap
  libimagequant (2.13.1 -> 2.14.1)
  libmodulemd (2.12.0 -> 2.12.1)
  libtasn1 (4.16.0 -> 4.17.0)
  malcontent (0.9.0 -> 0.10.1)
  openssl
  pcre2 (10.36 -> 10.37)
  pipewire
  python-pycurl
  rtkit
  vim (8.2.2850 -> 8.2.2918)
  wget
  xen (4.14.1_16 -> 4.15.0_01)
  yast2 (4.4.5 -> 4.4.9)

=== Details ===

==== aaa_base ====
Version update (84.87+git20210317.2c04190 -> 84.87+git20210601.8cb043f)

- Update to version 84.87+git20210601.8cb043f:
  * Use shell builtins for $HOSTTYPE and others (boo#1186296)

==== alsa ====
Version update (1.2.4 -> 1.2.5)

- Update to version 1.2.5
  * https://www.alsa-project.org/wiki/Changes_v1.2.4_v1.2.5#alsa-lib
- Drop upstream fixed patches
  * 0001-dlmisc-the-snd_plugin_dir_set-snd_plugin_dir-must-be.patch
  * 0002-dlmisc-fix-snd_plugin_dir-locking-for-not-DL_ORIGIN_.patch
  * 0003-pcm-snd_pcm_mmap_readi-fix-typo-in-comment.patch
  * 0004-topology-use-inclusive-language-for-bclk.patch
  * 0005-topology-use-inclusive-language-for-fsync.patch
  * 0006-topology-use-inclusive-language-in-documentation.patch
  * 0007-pcm-set-the-snd_pcm_ioplug_status-tstamp-field.patch
  * 0009-pcm-Add-snd_pcm_audio_tstamp_type_t-constants.patch
  * 0045-pcm-direct-Fix-the-missing-appl_ptr-update.patch
  * 0019-pcm-fix-__snd_pcm_state-return-value.patch
  * 0025-pcm-plugin-optimize-sync-in-snd_pcm_plugin_status.patch
  * 0026-Revert-pcm_plugin-fix-delay.patch
  * 0014-rawmidi-fix-memory-leak-in-snd_rawmidi_virtual_open.patch
  * 0037-topology-tplg_decode_pcm-add-missing-log-argument-co.patch
  * 0040-topology-sort_config-cleanups-use-goto-for-the-error.patch
  * 0028-pcm-rate-tidy-up-snd_pcm_rate_avail_update.patch
  * 0046-pcm-ioplug-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_statu.patch
  * 0030-pcm-rate-use-pcm_frame_diff-in-snd_pcm_rate_playback.patch
  * 0047-pcm-null-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_status.patch
  * 0043-pcm-dmix-dshare-delay-calculation-fixes-and-cleanups.patch
  * 0042-pcm_plugin-set-the-initial-hw_ptr-appl_ptr-from-the-.patch
  * 0011-pcm-Fix-a-typo-in-SND_PCM_AUDIO_TSTAMP_TYPE_LAST-def.patch
  * 0017-pcm_multi-remove-dead-assignment-from-_snd_pcm_multi.patch
  * 0027-pcm-ioplug-fix-the-delay-calculation-in-the-status-c.patch
  * 0041-conf-USB-add-Xonar-U7-MKII-to-USB-Audio.pcm.iec958_d.patch
  * 0016-pcm-remove-dead-assignments-from-snd_pcm_rate_-commi.patch
  * 0035-topology-tplg_pprint_integer-fix-coverity-uninitaliz.patch
  * 0034-ucm-fix-possible-memory-leak-in-parse_verb_file.patch
  * 0021-conf-fix-return-code-in-_snd_config_load_with_includ.patch
  * 0023-pcm-plugin-status-revert-the-recent-changes.patch
  * 0020-confmisc-fix-memory-leak-in-snd_func_concat.patch
  * 0029-pcm-ioplug-fix-the-delay-calculation-for-old-plugins.patch
  * 0039-ucm-uc_mgr_substitute_tree-fix-use-after-free.patch
  * 0024-pcm-plugin-tidy-snd_pcm_plugin_avail_update.patch
  * 0010-test-audio_time-Make-use-of-SND_PCM_AUDIO_TSTAMP_TYP.patch
  * 0033-pcm-rate-fix-the-capture-delay-values.patch
  * 0015-timer-fix-sizeof-operator-mismatch-in-snd_timer_quer.patch
  * 0036-topology-tplg_add_widget_object-do-not-use-invalid-e.patch
  * 0044-topology-fix-parse_tuple_set-remove-dead-condition-c.patch
  * 0038-topology-parse_tuple_set-remove-dead-condition-code.patch
  * 0018-conf-fix-get_hexachar-return-value.patch
  * 0013-ucm-fix-bad-frees-in-get_list0-and-get_list20.patch
  * 0012-conf-fix-use-after-free-in-_snd_config_load_with_inc.patch
  * 0031-pcm-plugin-fix-status-code-for-capture.patch
  * 0048-pcm-share-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_status.patch
  * 0032-pcm-rate-use-pcm_frame_diff-on-related-places.patch
  * 0022-pcm-plugin-status-fix-the-return-value-regression.patch

==== alsa-plugins ====
Version update (1.2.2 -> 1.2.5)

- Update to 1.2.5
  * Support alsa 1.2.5
  * Fixed A52 Output plugin
  * upmix: complete generalizing format
  * jack: add option to allow non-jack-aligned period size
  * oss: fix the config (port -> device)
  * pulse: pcm - handle reading pulse stream hole
  * usb_stream: use snd_config_get_card() to decode the card number

==== boost-base ====
Subpackages: boost-license1_76_0 libboost_thread1_76_0

- Compile boost iostreams with lzma support for reading .xz files

==== chrony ====
Version update (3.5.1 -> 4.1)
Subpackages: chrony-pool-openSUSE

- Update to 4.1
  * Add support for NTS servers specified by IP address (matching
    Subject Alternative Name in server certificate)
  * Add source-specific configuration of trusted certificates
  * Allow multiple files and directories with trusted certificates
  * Allow multiple pairs of server keys and certificates
  * Add copy option to server/pool directive
  * Increase PPS lock limit to 40% of pulse interval
  * Perform source selection immediately after loading dump files
  * Reload dump files for addresses negotiated by NTS-KE server
  * Update seccomp filter and add less restrictive level
  * Restart ongoing name resolution on online command
  * Fix dump files to not include uncorrected offset
  * Fix initstepslew to accept time from own NTP clients
  * Reset NTP address and port when no longer negotiated by NTS-KE
    server
- Update clknetsim to snapshot f89702d.
- Refresh chrony.keyring from
  https://chrony.tuxfamily.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc
- Ensure the correct pool packages are installed for openSUSE
  and SLE (bsc#1180689).
- Enable syscallfilter unconditionally [boo#1181826].
- drop buildrequires on NSS. We need gnutls for NTS anyway and we
  can do all the other required crypto via nettle+gnutls. no need
  for another crypto library.
- Update to 4.0
  - Enhancements
  - Add support for Network Time Security (NTS) authentication
  - Add support for AES-CMAC keys (AES128, AES256) with Nettle
  - Add authselectmode directive to control selection of
    unauthenticated sources
  - Add binddevice, bindacqdevice, bindcmddevice directives
  - Add confdir directive to better support fragmented
    configuration
  - Add sourcedir directive and "reload sources" command to
    support dynamic NTP sources specified in files
  - Add clockprecision directive
  - Add dscp directive to set Differentiated Services Code Point
    (DSCP)
  - Add -L option to limit log messages by severity
  - Add -p option to print whole configuration with included
    files
  - Add -U option to allow start under non-root user
  - Allow maxsamples to be set to 1 for faster update with -q/-Q
    option
  - Avoid replacing NTP sources with sources that have
    unreachable address
  - Improve pools to repeat name resolution to get "maxsources"
    sources
  - Improve source selection with trusted sources
  - Improve NTP loop test to prevent synchronisation to itself
  - Repeat iburst when NTP source is switched from offline state
    to online
  - Update clock synchronisation status and leap status more
    frequently
  - Update seccomp filter
  - Add "add pool" command
  - Add "reset sources" command to drop all measurements
  - Add authdata command to print details about NTP
    authentication
  - Add selectdata command to print details about source
    selection
  - Add -N option and sourcename command to print original names
    of sources
  - Add -a option to some commands to print also unresolved
    sources
  - Add -k, -p, -r options to clients command to select, limit,
    reset data
  - Bug fixes
  - Don?t set interface for NTP responses to allow asymmetric
    routing
  - Handle RTCs that don?t support interrupts
  - Respond to command requests with correct address on
    multihomed hosts
  - Removed features
  - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320)
  - Drop support for long (non-standard) MACs in NTPv4 packets
    (chrony 2.x clients using non-MD5/SHA1 keys need to use
    option "version 3")
  - Drop support for line editing with GNU Readline
- add BuildRequires for gnutls-devel (which also pulls nettle to
  enable the new features)
- drop patches which are included in the update:
  chrony-test-update-processing-of-packet-log.patch
  chrony-test-fix-util-unit-test-for-NTP-era-split.patch
- refreshed chrony-config.patch
- track series file for easier quilt setup
- added option to turn off testsuite with
  osc build --without=testsuite
  testsuite still runs by default

==== cups-filters ====
Version update (1.27.2 -> 1.28.8)

- Version upgrade to 1.28.8
  * libcupsfilters: Made check whether the driverless PPD to
    generate should be a fax out PPD more reliable (Issue #343).
  * foomatic-rip: Options in the 5th command line argument of
    the CUPS filter command line are separated only by white
    space and not by comma, also make sure that an option "none"
    is not considered a custom page size (Issue #348).
  * implicitclass: Raise timeout for cups-browsed's answer from
    20s to 60s (Pull request #346).
  * libcupsfilters: In the PPD generator really give priority to
    Apple Raster against PDF (Issue #331).
- Version upgrade to 1.28.7
  * driverless: Removed the support quality check from Pull
    request #235 as it takes significant time for each printer
    being listed, making cups-driverd (`lpinfo -m`) timing out
    when there are many printers (OpenPrinting CUPS issue #65).
  * libcupsfilters: In the PPD generator give priority to Apple
    Raster against PDF (Issue #331).
  * libcupsfilters: Added NULL check when removing ".Borderless"
    suffixes from page size names (Issue #314, Pull request #328).
  * libcupsfilters: In the cupsRasterParseIPPOptions() map the
    color spaces the same way as in the PPD generator
    (Issue #326, Pull request #327).
  * libcupsfilters: Fixed addition of grayscale mode in
    generated PPD files, to avoid duplicate entries
    (OpenPrinting CUPS issue #59).
- Version upgrade to 1.28.6
  * libcupsfilters: In generated PPDs add a grayscale mode if
    there are only color printing modes (from OpenPrinting CUPS).
  * libcupsfilters: In generated PPDs add an "OutputBin" option
    also if it has only one choice (OpenPrinting CUPS pull
    request #18).
  * libcupsfilters: Generated PPDs could have an "Unknown"
    default InputSlot (OpenPrinting CUPS issue #44).
  * cups-browsed: Removed unneeded IPP attribute additions
    preventing the created local queues from preserving a
    location or description the user assigns to them (Issue #323).
  * cups-browsed: Removed all calls of the resolve_uri() function
    of libcupsfilters, as these are not actually needed and in case
    the supplied DNS-SD-based URI is not resolvable, the function
    gets stuck for ~5 seconds.
  * cups-browsed: Fixed several memory leaks, mainly from the
    code to merge printer IPP attributes for clusters
    (Pull request #322).
  * cups-browsed: Silenced compiler warning.
  * foomatic-rip: Fix infinite loop and input from file on raw
    printing (Pull request #318).
  * foomatic-rip: Remove temporary file created during pdf-to-ps
    conversion (Pull request #313).
- Version upgrade to 1.28.5
  * cups-browsed: UUID from IPP response was used after its
    pointer was freed by ippDelete() (Pull request #311).
- Version upgrade to 1.28.4
  * driverless: Avoid duplicate PPD list entries from the same
    device via UUID
  * driverless: Reduce ippfind calls by "driverless" and
    "driverless-fax"called by CUPS. Let "driverless list" list
    both print and fax PPDs and "driverless-fax list" do nothing.
  * driverless: Avoid duplicate listings in printer discovery,
    by "driverless-fax" not listing any URI as "driverless"
    lists them all already.
  * driverless: Vastly improve performance by doing only one
    ippfind call instead of two (IPP, IPPS) as ippfind accepts
    more than one reg type on the command line.
  * Sample PPDs: Corrected manufacturer name in
    Fuji_Xerox-DocuPrint_CM305_df-PDF.ppd.
- Version upgrade to 1.28.3
  * libcupsfilters, cups-browsed: Fixed inconsistency between
    resolvers for DNS-SD-based URIs, resolve_uri() and
    ippfind_based_uri_converter(). Now both return a freeable
    string.
  * libcupsfilters: Fix uninitialized buffer and parsing ippfind
    output in ippfind_based_uri_converter() function
    (Issue #308, Pull request #309).
- Version upgrade to 1.28.2
  * driverless: Free allocated memory, use MAX_OUTPUT_LEN
    (Pull request #304).
  * driverless: Make the two ippfind tasks(for IPP
    and IPPS) run in parallel (Pull request #302, #305, #306).
  * braille: Support new liblouis tables not containing a
    display name (Pull request #303)
  * Build system: Let ./configure not error out when there is
    more than one DejaVuSans.ttf test font candidate (Issue #300).
  * cups-browsed: Crash when a remote printer set as default gets
    removed, due to missing variable in printf() call (Issue #299).
  * libcupsfilters: Removed all signal handling and global
    variables from get_printer_attributes() and
    ippfind_based_uri_converter(). This is overkill for these
    quick operations and causes problems when shutting down
    cups-browsed (Issue #298).
- Version upgrade to 1.28.1
  * COPYING: Fixed several typos
  * libcupsfilters: Fixed typo in log message of
    get_printer_attributes functions.
  * cups-browsed: Fixed typos in configuration file and man page
  * libcupsfilters: Let the PPD generator not suffix page size
    names with ".Borderless" if all page sizes would get this
    suffix, for example for printers which generally print
    borderless.
  * libcupsfilters: Added "faxPrefix" option for generated IPP Fax
    Out PPDs, so that this option also appears in print dialogs.
  * driverless: List addresses for local services correctly when
    using "--std-ipp-uris" (with "localhost" hostname).
  * driverless: Make calls of the ippfind utility somewhat faster,
    setting the timeout of ippfind to automatic.
  * libcupsfilters: Resolve DNS-SD-based URIs for local services
    correctly (using hostname "localhost").
  * libcupsfilters: In get_printer_attributes() functions do not
    try to convert URIs which are not DNS-SD-based (Issue #294).
  * libcupsfilters: In get_printer_attributes() functions also
    support URIs with "dnssd://..." scheme.
  * libcupsfilters: Moved signal handling back into main
    function of the get_printer_attributes() variants, it got
    moved out accidentally.
  * driverless: For generating a PPD, independent whether via
    "driverless URI" or "driverless cat URI", always allow CUPS
    driver URIs (prefixed with "driverless: " or
    "driverless-fax:") and pure IPP URIs.
  * driverless: Accept clean IPP URIs also for 'driverless cat ...'
    (Issue #295, Pull request #296).
  * driverless-fax: Do not use fixed path for call of driverless
    itself (Pull request #293).
- Version upgrade to 1.28.0
  * driverless, driverless-fax, libcupsfilters: Added IPP Fax
    Out support. Now printer setup tools list an additional fax
    "driver".  A fax queue is created by selecting this driver.
    Jobs have to be sent with "-o phone=12345" to supply
    the destination phone number (Pull request #280).
  * libfontembed: Silenced warning with gcc 10.x
    (Pull request #287).
  * cups-browsed: Added ./configure
    options --enable-saving-created-queues
    and --with-remote-cups-local-queue-naming
    (Pull request: #253, #285).
  * cups-browsed: Fixed several memory leaks, mainly from
    the code to merge printer IPP attributes for clusters
    (Pull request #281, #283).
  * driverless: Added "--std-ipp-uris" command line option to
    show listed URIs in standard hostname-based form (not the
    CUPS DNS-SD-service-name-based form. Only for manual call of
    the utility, for debugging purposes (Pull request #277).
  * libfontembed: Removed assert() calls which cause crashes
    when unsupported emoji fonts are installed (Issue #254,
    Pull request #276).
  * driverless: Added support for IPPS (use "ipps://..." URIs if
    possible, Issue #251, Pull request #270, #273).
  * gstoraster, gstopdf: When converting PostScript to PDF use
    the "pdfwrite" output device with "-dPDFSETTINGS=/default"
    instead of with "-dPDFSETTINGS=/printer". This reproduces
    bitmaps in the PostScript file with their original image
    quality (Issue #272).
  * cups-browsed: Limit log file size and add backup file for
    previous log entries. Introduced the configuration option
    DebugLogFileSize in cups-browsed.conf to set the actual limit
    in kilobytes or 0 to get the old behavior of an unlimited
    size for the log file (Issue #260, Pull request #267).
  * gstoraster, gstopdf: Do not apply margins when output format
    is PDF, as then we convert an incoming PostScript file to
    PDF (pre-pdftopdf) and do not prepare the pages for the
    printer (post-pdftopdf, Issue #250).
  * cups-browsed: Do not write any log messages directly to
    stderr, there were some concerning timeouts on queue
    creation (Issue #260).
  * Build system: Fix cross-compilation without DejaVu test font
    in configure.ac (Issue #262, Pull request #263).
  * libcupsfilters: Respect the fact that PPD keywords
    are case-sensitive when adding "*cupsManualCopies: True" in
    PPD file (Issue #242).
  * libcupsfilters: Older versions of libcups (< 2.3.1)
    had the enum name for fold-accordion finishings mistyped.
    Added a workaround.
  * cups-browsed: Remove left-over local queues from the previous
    session more quickly when CUPS legacy browsing is turned on.
  * cups-browsed: Left-over local queues from the previous
    session for which the corresponding remote printer did not
    appear again did not get removed as they were considered
    externally overwritten.
  * gstoraster, gstopdf: Add option "-dDoNumCopies" to Ghostscript
    command line if we are outputting PDF (called via gstopdf
    wrapper) and the number of copies supplied to CUPS is 1 (4th
    command line argument). In this case we convert incoming
    PostScript to PDF and need to respect  embedded PostScript
    commands to implement the number of copies (Issue #255,
    CUPS Issue #5796, OpenSUSE bug #1173345).
  * imagetoraster: Potential null dereference fix (when no valid
    PPD is supplied, Pull request #256).
  * cups-browsed: Call cupsGetNamedDest() only if
    "OnlyUnsupportedByCUPS No"
  * Sample PPDs: Corrected ColorModel default for Generic PWG
    Raster PPD to Color (Pull request #247).
  * cups-browsed: Mark the temp queue as cups-browsed-generated
    during setting printer-is-shared (Pull request #246).
  * cups-browsed: Remove mentions of README and AUTHORS files in
    the man page (Pull request #244).
  * pclmtoraster: Added new filter to extract Raster data from
    raster-only PDF files, here for the special case of PCLm
    files (Pull request #243, #257).
  * Sample PPDs: In Generic-PDF_Printer-PDF.ppd add option to switch
    between color and grayscale printing (Pull request #237).
- Version upgrade to 1.27.5
  * cups-browsed: Do not remove the created local queues on
    shutdown, to avoid their re-creation on restart, so that
    desktops get no cluttered with notifications of new queues
    being created. One can return to the old behavior via
    "KeepGeneratedQueuesOnShutdown No" in cups-browsed.conf
    (Ubuntu bug #1869981, #1878241).
  * cups-browsed: Do not accept DNS-SD broadcasts of IPPS type
    of "remote" CUPS queues of another CUPS instance on the
    local machine. This way we get a local queue pointing to
    such a printer only in unencrypted version (IPP). For some
    reason printing from one CUPS server to another on the same
    machine works only unencrypted.
  * foomatic-rip: Map two-sided-short-edge to DuplexTumble
    (Pull request #236)
  * Build system: In configure.ac use AS_IF instead of
    AC_CHECK_FILE for font check (Issue #239, Pull request #240)
  * cups-browsed: Cleaned up code for determining to which CUPS
    server (host/port/domain socket) to connect, so that connection
    via DomainSocket cups-browsed.conf directive, CUPS_SERVER and
    IPP_PORT environment variables and all defaults and methods
    of libcups, including CUPS' client.conf work.
  * gstoraster, rastertopdf: Do not pass NULL to fprintf()
    (Pull request #230).
  * libcupsfilters: Silence compiler warning (Pull request #229).
- Version upgrade to 1.27.4
  * libcupsfilters, cups-browsed: Fix memory issues in
    ppdgenerator and cups-browsed (Pull request #226).
  * pdftops: Mention cups-filters README, CUPS README in debug log
    (Pull request #225).
  * pdftopdf, gstoraster, foomatic-rip: Use "-dSAFER" Ghostscript
    option, instead of the deprecated "-dPARANOIDSAFER"
    (Pull request #224).
  * Build System: Replace '==' in configure.ac test with '=', as
    the former is a bashism (Pull request #222).
- Version upgrade to 1.27.3
  * cups-browsed: Allow sharing local queues pointing to remote
    CUPS queues and re-sharing printers discovered via
    BrowsePoll by default, using AllowResharingRemoteCUPSPrinters
    and NewBrowsePollQueuesShared directives in cups-browsed.conf
    (Issue #101, Pull request #218).
  * driverless: Correctly unlink temporary file when generating
    PPD file (Pull request #220).
  * cups-browsed: Fixed memory leaks (Pull request #219).
  * foomatic-rip: PDF page count side-loads the PDF file to count
    the pages in, so it cannot be run in -dSAFER mode. Run even
    in -dNOSAFER mode to override the -dSAFER default of newer
    Ghostscript versions. This should not cause a security problem
    as we do not take an input file which could do arbitrary
    side-loads but we run hard-coded PostScript commands instead
    (Issue #216).
  * libfontembed: Add checks to the test programs to not segfault
    if the test font file is not found (Pull request #214).
  * Build System: Let ./configure fail if the supplied test font
    file path (or the default) does not exist (Pull request #214),
    also use the "find" command to find the test font file
    DejaVuSans.ttf under /usr/share/fonts, as every
    distribution has it somewhere else.
- fix_upstream_issue348.patch is no longer needed because
  it is now fixed in the upstream sources, see the above
  entry about "Issue #348". Entries like "Issue #NNN" or
  "Pull request #NNN" mean cups-filters upstream issues
  or cups-filters upstream GitHub pull requests at
  https://github.com/OpenPrinting/cups-filters

==== curl ====
Version update (7.76.1 -> 7.77.0)
Subpackages: libcurl4

- Update to 7.77.0: [bsc#1186114, CVE-2021-22898]
  [bsc#1186115, bsc#1185579, CVE-2021-22901]
  * Security fixes:
  - CVE-2021-22297: schannel cipher selection surprise
  - CVE-2021-22298: TELNET stack contents disclosure
  - CVE-2021-22901: TLS session caching disaster
  * Changes:
  - configure: make the TLS library choice(s) explicit
  - curl: ignore options asking for SSLv2 or SSLv3
  - hsts: enable by default
  - SSL: support in-memory CA certs for some backends
  - vtls: refuse setting any SSL version
  * Bugfixes:
  - configure: provide --with-openssl, deprecate --with-ssl
  - cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies
  - curl: include libmetalink version in --version output
  - data_pending: check only SECONDARY socket for FTP(S) transfers
  - gnutls: don't allow TLS 1.3 for versions that don't support it
  - gnutls: make setting only the MAX TLS allowed version work
  - http2: fix resource leaks in set_transfer_url() and push_promise()
  - http: limit the initial send amount to used upload buffer size
  - rustls: only return CURLE_AGAIN when TLS session is fully drained
  - rustls: use ALPN
  - schannel: Disable auto credentials; add an option to enable it
  - schannel: Support strong crypto option
  - sectransp: allow cipher name to be specified
  - sockfilt: avoid getting stuck waiting for writable socket

==== gnutls ====
Version update (3.7.1 -> 3.7.2)

- Update to version 3.7.2
  * Added Linux kernel AF_ALG based acceleration
  * Fixed timing of early data exchange
  * The priority string option DISABLE_TLS13_COMPAT_MODE was added
    to disable TLS 1.3 middlebox compatibility mode
  * The GNUTLS_NO_EXPLICIT_INIT envvar has been renamed to
    GNUTLS_NO_IMPLICIT_INIT to reflect the purpose
  * certtool:
  * When signing a CSR, CRL distribution point (CDP) is no
    longer copied from the signing CA by default
  * When producing certificates and certificate requests, subject
    DN components that are provided individually will now be
    ordered by assumed scale
- Rework the crypto-policies dependencies in libraries [bsc#1186385]

==== gupnp ====
Version update (1.2.4 -> 1.2.6)

- Update to version 1.2.6
  + Fix CVE-2021-33516 ( boo#1186590 )
  + Fix potential fd leak in linux CM
  + Fix potential NULL pointer dereference when evaluating unset
    ServiceProxyActions
  + Fix leaking the message string if an action is never sent
  + Fix leaking the ServiceProxyAction if sending fails in
    call_action
  + Fix potential use-after-free if service proxy is
    destroxed before libsoup request finishes in control point
  + Fix potential data leak due to being vulnerable to DNS
    rebind attacs
  + Fix introspection annotation for send_action and
    call_action_finish to prevent a double-free
  + Fix introspection annotation for send_action_list
  + Make ServiceIntrospection usable from gobject-introspection
- Fix dependencies
- Update to version 1.2.6:
  + Fix wrong dependency on GSSDP 1.2.4
- Changes from version 1.2.5:
  + Fix introspection annotation for send_action_list
  + Fix potential fd leak in linux CM
  + Fix potential NULL pointer dereference when evaluating unset
    ServiceProxyActions
  + Fix leaking the message string if an action is never sent
  + Fix leaking the ServiceProxyAction if sending fails in
    call_action
  + Fix introspection annotation for send_action and
    call_action_finish to prevent a double-free
  + Make ServiceIntrospection usable from gobject-introspection
  + Add Python example
  + Add C example
  + Fix JavaScript example
  + Fix potential use-after-free if service proxy is destroxed
    before libsoup request finishes in control point
  + Fix potential data leak due to being vulnerable to DNS rebind
    attacks

==== kmod ====
Version update (28 -> 29)
Subpackages: libkmod2

- /usr/lib should override /lib where both are available. Support /usr/lib for
  depmod.d as well.
  * Refresh usr-lib-modprobe.patch
- Remove test patches included in release 29
  - kmod-populate-modules-Use-more-bash-more-quotes.patch
  - kmod-testsuite-compress-modules-if-feature-is-enabled.patch
  - kmod-also-test-xz-compression.patch
- Update to release 29
  * Fix `modinfo -F` not working for built-in modules and
    certain fields.
  * Fix a memory leak, overflow and double free on error path.
- Drop 0001-Fix-modinfo-F-always-shows-name-for-built-ins.patch,
  0001-libkmod-config-revamp-kcmdline-parsing-into-a-state-.patch,
  0002-libkmod-config-re-quote-option-from-kernel-cmdline.patch
  (all merged)

==== libX11 ====
Subpackages: libX11-6 libX11-data libX11-xcb1

- U_Check-for-NULL-strings-before-getting-their-lengths.patch
  * regression in libX11 1.7.1 (boo#1186643)
    fixes segfaults for xforms applications like fdesign

==== libcap ====

- Fix a broken symlink. libcap-devel installs libpsx.so but
  didn't install the library it's pointing to.

==== libimagequant ====
Version update (2.13.1 -> 2.14.1)

- update to 2.14.1:
  * improved Rust API
  * quality improvements for remapping overlays over a background

==== libmodulemd ====
Version update (2.12.0 -> 2.12.1)

- Updated to 2.12.1
  This is a bug-fix release fully compatible with the previous 2.12.0
  version. Notable changes:
  Enhancements:
  - Improve diagnostic messages for compression tests.
  - Tests performed in a GitHub continues integration are faster.
  - Use GitHub actions to perform CI tests also on ArchLinux, Mageia,
    Mandriva, and OpenSUSE.
  Fixes:
  - Relax context value up to 13 characters including an underscore
    character in modulemd v2 format. This reenables scratch-builds in MBS.
    Migrate Packit tests from a deprecated current_version_command to
    a newer actions/get-current-version.

==== libtasn1 ====
Version update (4.16.0 -> 4.17.0)

- libtasn1 4.17.0:
  * Print deprecation messages for deprecated macros
  * Fix some clang issues due to illegal pointers
  * Restore handling of SIZE nodes
  * Fix memory leak caught by oss-fuzz
  * Gtk-doc fixes
  * Fix bugs unveiled by Static Analysis
  * Update gnulib files and many build fixes
- move tools to -tools packages and clarify licenses
- update upstream signing keyring
- remove deprecated texinfo packaging macros

==== malcontent ====
Version update (0.9.0 -> 0.10.1)
Subpackages: libmalcontent-0-0 typelib-1_0-Malcontent-0

- Update to version 0.10.1
  + Improve support for systems without accountsservice
  + Fix some data loss-causing state synchronisation problems
  + Hide support for flatpak user repositories, as they are
    typically not configured on systems
  + Add manpage docs for malcontent-client
  + Consider terminology of ?parental controls?
  + Improving padding/spacing in malcontent-control UI
  + Reload ?Restrict Apps? list when installed apps change on system
  + Add command line option to malcontent-control to pre-select a user
  + Fails closed if accountsservice isn't available on the bus
  + Fix partial loss of parental controls settings when partially
    updating them
  + libmalcontent-ui: Drop handling of eos-link desktop files
  + user-controls: Only save the app filter if it?s changed
  + Add Danish translation
  + Update Ukrainian, Italian, Swedish, and Polish translation

==== openssl ====

- Provide openssl(cli) by the meta package: Together with the
  suggests openssl in the base patterns, any consumer of this
  symbols should get the openssl meta package as candidate, which
  allows us to easier change the recommended default version.

==== pcre2 ====
Version update (10.36 -> 10.37)
Subpackages: libpcre2-16-0 libpcre2-8-0

- pcre2 10.37:
  * removal of the actual POSIX names regcomp etc. from the POSIX
    wrapper library because these have caused issues for some
    applications, replacing pcre2-symbol-clash.patch
  * fix a hypothetical NULL dereference
  * fix two bugs related to over-large numbers so the behaviour is
    now the same as Perl
  * Fix propagation of \K back from the full pattern recursion
  * Restore single character repetition optimization in JIT

==== pipewire ====
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-modules pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools

- Add patch from upstream to use the independent switch to mute
  Lineout or Speaker instead of setting the volume, which on
  some soundcards might be shared by Headphone and Lineout or
  Headphone and Speaker (fixes boo#1186572):
  * 0001-alsa-mixer-only-use-switch-to-mute-Front-in-the-Headphone-path.patch
- Introduce a workaround for systems where %systemd_user_post
  didn't enable the user services correctly due to different
  reasons . This workaround is only executed once, and only if
  it's really needed. In order to execute only once a lock file
  is created in /var/lib/pipewire. The lockfile can be removed
  when the workaround is removed.
  Everyone who upgraded their TW system between (aprox.) the 14th
  of January and the 16th of March and who didn't enable the
  services manually is affected by this. It also happens for
  everyone who installed a new TW system since (aprox.) the 14th
  of January and also for everyone doing a new installation of
  SLE15-SP3 / Leap 15.3 from the iso (new installations using
  online repositories will work fine once the fix in
  systemd-presets-common-SUSE is released).
  Fixes boo#1184852, boo#1183012 and boo#1186561.

==== python-pycurl ====

- Add curl7770_compatibility.patch to have package compatible
  with curl 7.77.0.

==== rtkit ====

- Replace systemd-devel BuildRequires with pkgconfig(libsystemd):
  allow OBS to shortcut through the systemd-mini flavors.

==== vim ====
Version update (8.2.2850 -> 8.2.2918)
Subpackages: vim-data-common vim-small

- Updated to version 8.2.2918, fixes the following problems
  * Using <Cmd> mapping on the command line triggers CmdlineChanged. (Naohiro
  Ono)
  * Configure can add --as-needed a second time.
  * Window is not updated after using <Cmd> mapping.
  * Custom statusline cannot contain % items.
  * White space after "->" does not give E274.
  * Get readonly error for device that can't be written to.
  * Vim9: exception in ISN_INSTR caught at wrong level.
  * Test fails because of changed error message.
  * Tcl test fails because of changed error message.
  * Adding a text property causes the whole window to be redawn.
  * Vim9: "legacy return" is not recognized as a return statement.
  * Removing a text property causes the whole window to be redawn.
  * Removing a text property does not redraw optimally.
  * Vim9: crash when using inline function.
  * Skipping over function body fails.
  * Vim9: memory leak when using inline function.
  * Build failure.
  * Vim9: When executing a compiled expression the trylevel at start is
  changed but not restored. (closes #8214)
  * Using unified diff is not tested.
  * CmdlineChange event triggered twice for CTRL-R.
  * Unnessary VIM_ISDIGIT() calls, badly indented code.
  * Python tests fail without the channel feature.
  * Not enough tests for writing buffers.
  * Cancelling inputlist() after a digit does not return zero.
  * Configure cannot detect Python 3.10.
  * Insufficient tests for popup menu rightleft.
  * Vim9: for loop list unpack only allows for one "_".
  * File extension .hsig not recognized.
  * Unified diff fails if actually used.
  * Various pieces of code not covered by tests.
  * Vim9: memory leak when lambda has an error.
  * Not enough cscope code is covered by tests.
  * searching for \%'> does not match linewise end of line. (Tim Chase)
  * Various pieces of code not covered by tests.
  * Crash when passing null string to fullcommand().
  * Vim9: "k" command recognized in Vim9 script.
  * Typo and verbose comment in Makefiles.
  * Text property duplicated when data block splits.
  * Cannot build with Perl 5.34.
  * Error message contains random characters.
  * Multi-byte text in popup title shows up wrong.
  * Vim9: random characters appear in some error messages.
  * Spellfile functionality not fully tested.
  * Vim9: can use reserved words at the script level.
  * QuitPre and ExitPre not triggered when GUI window is closed.
  * Appveyor script does not detect nmake failure.
  * QuitPre is triggered before :wq writes the file, which is different from
  other commands.
  * Some operators not fully tested.
  * Spellfile functionality not fully tested.
  * Cursor position wrong on wrapped line with 'signcolumn'.
  * "g$" causes scroll if half a double width char is visible.
  * No error when defaults.vim cannot be loaded.
  * ASAN reports errors for test_startup for unknown reasons.
  * Memory leak when running out of memory.
  * Crash when using a terminal popup window from the cmdline window.
  * Build error with non-Unix system.
  * Test for cmdline window and terminal fails on MS-Windows.
  * Pattern "\%V" does not match all of block selection. (Rick Howe)
  * MS-Windows: most users expect using Unicode.
  * MS-Windows conpty supports using mouse events.
  * Cannot paste a block without adding padding.
  * Operators are not fully tested.
  * Spellfile functionality not fully tested.
  * Builtin function can be shadowed by global variable.

==== wget ====

- When running recursively, wget will verify the length of the whole
  URL when saving the files. This will make it overwrite files with
  truncated names, throwing the "The name is too long, ... trying to
  shorten" messages. The patch moves the length check code to a
  separate function and call it from the append_dir_structure() for each
  path element.
  [ bsc#1181173, 0001-src-main.c-Introduce-truncate_filename-option.patch]
- If wget for an http URL is redirected to a different site (hostname
  parts of URLs differ), then any "Authenticate" and "Cookie" header
  entries are discarded.
  [bsc#1175551, wget-do-not-propagate-credentials.patch]

==== xen ====
Version update (4.14.1_16 -> 4.15.0_01)

- Add xen.sysconfig-fillup.patch to make sure xencommons is in a
  format as expected by fillup. (bsc#1185682)
  Each comment needs to be followed by an enabled key. Otherwise
  fillup will remove manually enabled key=value pairs, along with
  everything that looks like a stale comment, during next pkg update
- Remove init.xen_loop and /etc/modprobe.d/xen_loop.conf
  The number of loop devices is unlimited since a while
- Refresh xenstore-launch.patch to cover also daemon case
- Now that SOURCE_DATE_EPOCH is defined and Xen Makefile uses it,
  drop reproducible.patch
- Update to Xen 4.15.0 FCS release
  xen-4.15.0-testing-src.tar.bz2
  * Xen can now export Intel Processor Trace (IPT) data from guests to tools in dom0.
  * Xen now supports Viridian enlightenments for guests with more than 64 vcpus.
  * Xenstored and oxenstored both now support LiveUpdate (tech preview).
  * Unified boot images
  * Switched x86 MSR accesses to deny by default policy.
  * Named PCI devices for xl/libxl and improved documentation for xl PCI configuration format.
  * Support for zstd-compressed dom0 (x86) and domU kernels.
  * Reduce ACPI verbosity by default.
  * Add ucode=allow-same option to test late microcode loading path.
  * Library improvements from NetBSD ports upstreamed.
  * x86: Allow domains to use AVX-VNNI instructions.
  * Added XEN_SCRIPT_DIR configuration option to specify location for Xen scripts.
  * xennet: Documented a way for the backend (or toolstack) to specify MTU to the frontend.
  * On detecting a host crash, some debug key handlers can automatically triggered to aid in debugging.
  * Increase the maximum number of guests which can share a single IRQ from 7 to 16, and make this configurable with irq-max-guests.
- Dropped patches contained in new tarball
  5fca3b32-tools-libs-ctrl-fix-dumping-of-ballooned-guest.patch
  5fedf9f4-x86-hpet_setup-fix-retval.patch
  5ff458f2-x86-vPCI-tolerate-disabled-MSI-X-entry.patch
  5ff71655-x86-dpci-EOI-regardless-of-masking.patch
  5ffc58c4-ACPI-reduce-verbosity-by-default.patch
  5ffc58e8-x86-ACPI-dont-overwrite-FADT.patch
  600999ad-x86-dpci-do-not-remove-pirqs-from.patch
  600ab341-x86-vioapic-EOI-check-IRR-before-inject.patch
  6011bbc7-x86-timer-fix-boot-without-PIT.patch
  6013e4bd-memory-bail-from-page-scrub-when-CPU-offline.patch
  6013e546-x86-HVM-reorder-domain-init-error-path.patch
  601d4396-x86-EFI-suppress-ld-2-36-debug-info.patch
  602bd768-page_alloc-only-flush-after-scrubbing.patch
  602cfe3d-IOMMU-check-if-initialized-before-teardown.patch
  602e5a8c-gnttab-never-permit-mapping-transitive-grants.patch
  602e5abb-gnttab-bypass-IOMMU-when-mapping-own-grant.patch
  602ffae9-tools-libs-light-fix-xl-save--c-handling.patch
  6037b02e-x86-EFI-suppress-ld-2-36-base-relocs.patch
  60787714-x86-HPET-avoid-legacy-replacement-mode.patch
  60787714-x86-HPET-factor-legacy-replacement-mode-enabling.patch
  60410127-gcc11-adjust-rijndaelEncrypt.patch
  60422428-x86-shadow-avoid-fast-fault-path.patch
  604b9070-VT-d-disable-QI-IR-before-init.patch
  60535c11-libxl-domain-soft-reset.patch (Replaces xsa368.patch)
  60700077-x86-vpt-avoid-pt_migrate-rwlock.patch
  libxc-bitmap-50a5215f30e964a6f16165ab57925ca39f31a849.patch
  libxc-bitmap-longs.patch
  libxc-sr-3cccdae45242dab27198b8e150be0c85acd5d3c9.patch
  libxl.fix-libacpi-dependency.patch
  stubdom-have-iovec.patch
  xenwatchdogd-options.patch

==== yast2 ====
Version update (4.4.5 -> 4.4.9)

- AutoYaST: SectionWithAttributes allows to indicate whether an
  attribute accepts blank values (related to jsc#PM-2620).
- 4.4.9
- revert disable of hibernation based on product and virtual
  machines (bsc#1184470)
- 4.4.8
- Improve Yast2::Equatable mixin making the #hash method to be fine
  tuned easelly (related to bsc#11806082).
- 4.4.7
- Added some names to the list of parameters handled by CFA for the
  login.defs configuration (related to jsc#PM-2620).
- 4.4.6