Packages changed:
  NetworkManager (1.32.2 -> 1.32.4)
  apparmor
  curl (7.77.0 -> 7.78.0)
  gnome-shell
  gtk3 (3.24.29 -> 3.24.30)
  ibus
  keylime
  kwin5
  libapparmor
  libidn2 (2.3.1 -> 2.3.2)
  libproxy
  makedumpfile (1.6.8 -> 1.6.9)
  ncurses (6.2.20210626 -> 6.2.20210718)
  open-iscsi
  openssh
  osinfo-db
  shim-leap
  systemd
  webkit2gtk3 (2.32.1 -> 2.32.2)
  xorg-x11-server

=== Details ===

==== NetworkManager ====
Version update (1.32.2 -> 1.32.4)
Subpackages: libnm0 typelib-1_0-NM-1_0

- Update to version 1.32.4:
  + core:
  - Remove stale entries from "seen-bssids" and "timestamp" files
    in "/var/lib/NetworkManager".
  - Add ipv[46].required-timeout option to wait for IP
    configuration while activating.
  - Send ARP announcements when there is carrier.
  - Start DHCPv6 when a prefix delegation is needed for shared
    mode.
  + bond: support the peer_notif_delay option.
  + firewall: fix nftables backend to create "ip" table for IPv4
    only.
  + initrd: set required-timeout of 20 seconds for default IPv4
    configuration to opportunistically wait for IPv4.
  + ifcfg:
  - Log warning about invalid keys in ifcfg files.
  - Reject non-UTF-8 from ifcfg files.
  + nmcli: show DNS SEARCH field in device information.
  + cloud-setup: add support for Aliyun cloud.

==== apparmor ====
Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor

- added apparmor-dovecot-stats-metrics.diff to allow Prometheus metrics end-point

==== curl ====
Version update (7.77.0 -> 7.78.0)
Subpackages: libcurl4

- Update to 7.78.0:
  [bsc#1188217, CVE-2021-22922][bsc#1188218, CVE-2021-22923]
  [bsc#1188219, CVE-2021-22924][bsc#1188220, CVE-2021-22925]
  * Changes:
  - curl_url_set: reject spaces in URLs w/o CURLU_ALLOW_SPACE
  - CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntax
  - hostip: make 'localhost' return fixed values
  - mbedtls: add support for cert and key blob options
  - metalink: remove all support for it
  - mqtt: add support for username and password
  * Bugfixes:
  - ares: always store IPv6 addresses first
  - c-hyper: abort CONNECT response reading early on non 2xx responses
  - c-hyper: add support for transfer-encoding in the request
  - c-hyper: bail on too long response headers
  - c-hyper: clear NTLM auth buffer when request is issued
  - c-hyper: fix NTLM on closed connection tested with test159
  - conncache: lowercase the hash key for better match
  - curl_multibyte: Remove local encoding fallbacks
  - Curl_ntlm_core_mk_nt_hash: fix OOM in error path
  - Curl_ssl_getsessionid: fail if no session cache exists
  - easy: during upkeep, attach Curl_easy to connections in the cache
  - gnutls: set the preferred TLS versions in correct order
  - hsts: ignore numberical IP address hosts
  - HSTS: not experimental anymore
  - http2: init recvbuf struct for pushed streams
  - http: fix crash in rate-limited upload
  - http: make the haproxy support work with unix domain sockets
  - http_proxy: deal with non-200 CONNECT response with Hyper
  - lib: don't compare fd to FD_SETSIZE when using poll
  - lib: fix compiler warnings with CURL_DISABLE_NETRC
  - lib: fix type of len passed to *printf's %*s
  - lib: more %u for port and int for %*s fixes
  - lib: use %u instead of %ld for port number printf
  - libssh2: limit time a disconnect can take to 1 second
  - mqtt: detect illegal and too large file size
  - msnprintf: return number of printed characters excluding null byte
  - multi: add scan-build-6 work-around in curl_multi_fdset
  - multi: alter transfer timeout ordering
  - multi: do not switch off connect_only flag when closing
  - multi: fix crash in curl_multi_wait / curl_multi_poll
  - ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS
  - openssl: avoid static variable for seed flag
  - openssl: don't remove session id entry in disassociate
  - socketpair: fix potential hangs
  - socks4: scan for the IPv4 address in resolve results
  - ssl: read pending close notify alert before closing the connection
  - telnet: fix option parser to not send uninitialized contents
  - TLS: prevent shutdown loops to get stuck
  - vtls: exit addsessionid if no cache is inited
  - vtls: fix connection reuse checks for issuer cert and case sensitivity

==== gnome-shell ====
Subpackages: gnome-shell-calendar

- Drop gnome-shell-lock-bg-on-primary.patch: the
  gnome-shell-1007468-lock-screen-SUSE-logo-missing.patch has been
  removed, we don't need this patch now(bsc#1188533).

==== gtk3 ====
Version update (3.24.29 -> 3.24.30)
Subpackages: gtk3-data gtk3-schema gtk3-tools libgtk-3-0 typelib-1_0-Gtk-3_0

- Update to version 3.24.30:
  + Input:
  - Ignore NoSymbol key events (happens with some XKB options).
  - Fix incomplete reset in some cases.
  + GtkEmojiChooser:
  - Update data from CLDR 39.
  - Support translated keywords for multiple languages.
  - Allow inserting multiple Emoji with Ctrl.
  - Match keywords for search.
  - Fix a memory leak.
  + GtkFileChooser: Accessibility improvements.
  + GtkTreeView:
  - Fix an accessibility-related memory leak.
  - Fix assertion failures in some cases.
  + Printing: Remove the Google Cloud Print backend, since the
    service was shut down.
  + Wayland: Work with pointer-gestures v1 protocol.
  + Updated translations.

==== ibus ====
Subpackages: libibus-1_0-5 typelib-1_0-IBus-1_0

- Own /usr/share/GConf and /usr/share/GConf/gsettings: the time
  has come where the migration code is drying out and we can't
  expect the deps to just be in the buildroot (but it still works).

==== keylime ====
Subpackages: keylime-agent keylime-config keylime-firewalld keylime-registrar keylime-tpm_cert_store keylime-verifier python38-keylime

- Add tenant-do_cvdelete-wait-until-404.patch to fix the update command
- Adjust the default revocation notifier binding IP
- Default to CFSSL in keylime.conf

==== kwin5 ====

- Add patch to fix issues with EGLStream clients:
  * 0001-platforms-drm-check-wl_eglstream-buffers-before-atta.patch

==== libapparmor ====

- added apparmor-dovecot-stats-metrics.diff to allow Prometheus metrics end-point

==== libidn2 ====
Version update (2.3.1 -> 2.3.2)

- Update to 2.3.2:
  * Upgrade TR46 tables from Unicode 11 to Unicode 13.
- Refresh libidn2.keyring

==== libproxy ====

- Do no longer BuildRequire libmodman-devel: libproxy 0.4.17 was
  changed upstream to only support to internal version (no other
  consumer of libmodman exists).
- No longer pass -DFORCE_SYSTEM_LIBMODMAN=ON to cmake: not
  understood anymore (boo#1188265).

==== makedumpfile ====
Version update (1.6.8 -> 1.6.9)

- Update to 1.6.9
  * Add initial mips64 support
  * Support newer kernels up to v5.12
  * x86_64: fix a use-after-free bug in -e option
  * arm64: support flipped VA and 52-bit kernel VA
  * Add shorthand --show-stats option to show report stats
  * Add --dry-run option to prevent writing the dumpfile
  * printk: add support for lockless ringbuffer
- Fix rpmlintrc to not be version agnostic
- Refresh makedumpfile-override-libtinfo.patch
- Drop upstream merged
  * makedumpfile-printk-add-support-for-lockless-ringbuffer.patch
  * makedumpfile-printk-use-committed-finalized-state-value.patch
  * makedumpfile-use-uts_namespace.name-offset-VMCOREINFO.patch
  * makedumpfile-1-3-Use-vmcoreinfo-note-in-proc-kcore-for-mem-.patch
  * makedumpfile-2-3-arm64-Make-use-of-NUMBER-VA_BITS-in-vmcore.patch
  * makedumpfile-3-3-arm64-support-flipped-VA-and-52-bit-kernel.patch

==== ncurses ====
Version update (6.2.20210626 -> 6.2.20210718)
Subpackages: libncurses6 ncurses-utils terminfo-base

- Add ncurses patch 20210718
  + correct typo in "vip" comments (report by Nick Black), reviewed this
    against Glink manual -TD
  + fill in some missing pieces for pccons, to make it comparable to the
    vt220 entry -TD
  + modify mk-1st.awk to account for extra-suffix configure option
    (report by Juergen Pfeifer).
  + change default for --disable-wattr-macros option to help packagers
    who reuse wide ncursesw header file with non-wide ncurses library.
  + build-fix for test/test_opaque.c, for configurations without opaque
    curses structs.
- Add ncurses patch 20210710
  + improve history section for tset manpage based on the 1BSD tarball,
    which preceded BSD's SCCS checkins by more than three years.
  + improve CF_XOPEN_CURSES macro used in test/configure (report by Urs
    Jansen).
  + further improvement of libtool configuration, adding a dependency of
    the install.tic rule, etc., on the library in the build-tree.
  + update config.sub

==== open-iscsi ====
Subpackages: iscsiuio libopeniscsiusr0_2_0

- Merge latest upstream, which includeds:
  * Support the "qede" CMA-card driver. (bsc#1188579)
  * iscsistart: fix null pointer deref before exit

==== openssh ====
Subpackages: openssh-clients openssh-common openssh-server

- The linux kernel has close_range(2) syscall which current glibc
  uses to implement closefrom(3) which will be then used by openssh.
  whitelist the new system call so closefrom does not fail or
  fallback to iterating proc/self/fd (openssh-whitelist-syscalls.patch)

==== osinfo-db ====

- bsc#1188336 - openSUSE Tumbleweed unattended installation in
  libvirt fails due to invalid autoyast.xml
  Drop fix-autoyast-validation.patch

==== shim-leap ====

- Update to shim to 15.4-lp152.4.17.1 from openSUSE Leap 15.2
  + Version: 15.4, "Thu Jul 15 2021"
  + Updated openSUSE x86 signature
  + Include the fixes for bsc#1187696, bsc#1185261, bsc#1185441,
    bsc#1187071, bsc#1185621, bsc#1185261, bsc#1185232, bsc#1185261,
    bsc#1187260, bsc#1185232.
- Remove shim-install because the shim-install is updated in Leap
  15.2 RPM.

==== systemd ====
Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev

- Added patches to fix CVE-2021-33910 (bsc#1188063)
  Added 1001-unit-name-generate-a-clear-error-code-when-convertin.patch
  Added 1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch
  Added 1003-basic-unit-name-adjust-comments.patch
  These patches will be moved to the git repo once the bug will become
  public.
- systemd-hwdb-update.service should be shipped by the udev package

==== webkit2gtk3 ====
Version update (2.32.1 -> 2.32.2)
Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles

- Update to version 2.32.2:
  + Improve calculation of initial WebKitWebView size.
  + Fix kinetic scrolling on touchpad with async scrolling off.
  + Fix a crash on empty drag operation in X11.
  + Fix rendering on HiDPI /4k screen and scaling.
  + Handle null native surface for for surfaceless rendering.
  + Fix JavaScriptCore crash on 32-bit big endian systems.
  + Fix several crashes and rendering issues.

==== xorg-x11-server ====
Subpackages: xorg-x11-server-Xvfb

- U_modesetting-unflip-not-possible-when-glamor-is-not-s.patch
  * this should fixes crashes of xfce when running under qemu
    (boo#1188559)
- add U_present-get_crtc-should-not-return-crtc-when-its-scr.patch (bsc#1188559)
  https://gitlab.freedesktop.org/xorg/xserver/-/issues/1195