Packages changed:
  avahi
  btrfsprogs (5.15 -> 5.16)
  busybox (1.34.1 -> 1.35.0)
  flatpak (1.12.2 -> 1.12.3)
  frameworkintegration
  gdm (41.0 -> 41.3)
  ghostscript
  gnome-session (40.1.1 -> 41.3)
  grub2
  iproute2 (5.15 -> 5.16)
  libqt5-qtwebengine (5.15.7 -> 5.15.8)
  nautilus (41.1 -> 41.2)
  patterns-base
  perl-HTTP-Message (6.35 -> 6.36)
  podman
  poppler (21.12.0 -> 22.01.0)
  poppler-qt5 (21.12.0 -> 22.01.0)
  qemu
  yast2 (4.4.34 -> 4.4.36)

=== Details ===

==== avahi ====
Subpackages: libavahi-client3 libavahi-common3 libavahi-core7

- Move sftp-ssh and ssh services to the doc directory. They allow
  a host's up/down status to be easily discovered and should not
  be enabled by default (boo#1179060).

==== btrfsprogs ====
Version update (5.15 -> 5.16)
Subpackages: btrfsprogs-udev-rules libbtrfs0

- Update to 5.16
  * rescue: new subcommand clear-uuid-tree to fix failed mount due to bad uuid
    subvolume keys, caught by tree-checker
  * fi du: skip inaccessible files
  * prop: properly resolve to symlink targets
  * send, receive: fix crash after parent subvolume lookup errors
  * build:
  * fix build on 5.12+ kernels due to changes in linux/kernel.h
  * fix build on musl with old kernel headers
  * other:
  * error handling fixes, cleanups, refactoring
  * extent tree v2 preparatory work
  * lots of RST documentation updates (last release with asciidoc sources),
    https://btrfs.readthedocs.io
- Update to 5.15.1
  * fi usage: fix wrongly reported space of used or unallocated space
  * fix detection of block device discard capability
  * check: add more sanity checks for checksum items
  * build: make sphinx optional backend for documentation

==== busybox ====
Version update (1.34.1 -> 1.35.0)

- Update to 1.35.0
  - Adjust busybox.config for new features in find, date and cpio
- Annotate CVEs already fixed in upstream, but not mentioned in .changes:
  * CVE-2017-16544 (bsc#1069412): Insufficient sanitization of filenames when autocompleting
  * CVE-2015-9261 (bsc#1102912): huft_build misuses a pointer, causing segfaults
  * CVE-2016-2147 (bsc#970663): out of bounds write (heap) due to integer underflow in udhcpc
  * CVE-2016-2148 (bsc#970662): heap-based buffer overflow in OPTION_6RD parsing
  * CVE-2016-6301 (bsc#991940): NTP server denial of service flaw
  * CVE-2017-15873 (bsc#1064976): The get_next_block function in archival/libarchive/decompress_bunzip2.c has an Integer Overflow
  * CVE-2017-15874 (bsc#1064978): archival/libarchive/decompress_unlzma.c has an Integer Underflow
  * CVE-2019-5747 (bsc#1121428): out of bounds read in udhcp components
  * CVE-2021-42373, CVE-2021-42374, CVE-2021-42375, CVE-2021-42376,
    CVE-2021-42377, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380,
    CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384,
    CVE-2021-42385, CVE-2021-42386 (bsc#1192869) : v1.34.0 bugfixes
  - CVE-2021-28831 (bsc#1184522): invalid free or segmentation fault via malformed gzip data
  - CVE-2018-20679 (bsc#1121426): out of bounds read in udhcp
  - CVE-2018-1000517 (bsc#1099260):  Heap-based buffer overflow in the retrieve_file_data()
  - CVE-2011-5325 (bsc#951562): tar directory traversal
  - CVE-2018-1000500 (bsc#1099263):  wget: Missing SSL certificate validation

==== flatpak ====
Version update (1.12.2 -> 1.12.3)
Subpackages: libflatpak0 system-user-flatpak

- Update to 1.12.3:
  + CVE-2021-43860: a malicious repository could have sent invalid
    application metadata in a way that hides some of the app
    permissions displayed during installation (boo#1194610)
  + flatpak-builder could allow --mirror-screenshots-url commands
    to create directories outside of the build directory
    (boo#1194611)
  + Extra-data downloading now properly handles compressed
    content-encodings which fixes checksum verification
  + Note: In some corner case server setups this may require the
    extra-data checksum to be changed
  + Avoid unnecessary policy-kit dialog due to auto-pinning when
    installing runtimes
  + Better handling of updates of extensions that exist in multiple
    repositories
  + Fixed (initial) installation apps with renamed ids
  + Fixed regression in updates from no-enumerate remotes
  + We now verify checksums of summary caches, to better handle
    local file corruption
  + Improved cli output for non-terminal targets
  + Flatpak run --session-bus now works
  + Fix build with PyParsing >= 3.0.4
  + Fixed "Since" annotations on FlatpakTransaction signals
  + bash auto completion now doesn't complete on command name
    aliases
  + Minor improvements to the search command
  + Minor improvements to the list command
  + Minor improvements to the repair command
  + Add more tests
  + Updated translations.
- Drop support-new-pyparsing.patch: Fixed upstream.

==== frameworkintegration ====
Subpackages: frameworkintegration-plugin libKF5Style5

- Add upstream change to fix a regression in 5.90.0 (kde#448237)
  * 0001-Fix-wrong-porting-of-KNSCore-Engine-configSearchLoca.patch

==== gdm ====
Version update (41.0 -> 41.3)
Subpackages: gdm-schema gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0

- Update to version 41.3:
  + Juggle Xorg's -listen/-nolisten command line change better.
  + Fix session type selection.
  + Fix crash.
  + Drop vestigial gdm-pin service.
  + XDMCP fixes.
  + Wayland nvidia udev updates.
  + Updated translations.
- Rebase gdm-disable-wayland-on-mgag200-chipsets.patch.
- Drop gdm-daemon-Infer-session-type-from-desktop-file.patch and
  gdm-restart-greeter-session-after-crash.patch: fixed upstream.

==== ghostscript ====

- CVE-2021-45949.patch fixes CVE-2021-45949
  heap-based buffer overflow in sampled_data_finish
  cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml
  (bsc#1194304)
- CVE-2021-45944 use-after-free in sampled_data_sample
  is already fixed in the Ghostscript 9.54.0 upstream sources
  (bsc#1194303)

==== gnome-session ====
Version update (40.1.1 -> 41.3)
Subpackages: gnome-session-core gnome-session-default-session gnome-session-wayland

- Update to version 41.3:
  + No changes, just version synching.
- Changes from version 40.8:
  + data: Install GNOME on Wayland session for X11 preferred setups
  + Don't spew as much into log when falling back to non-systemd sessions
  + Work better with certain versions of meson
  + Correct screwed up check for gnome-shell
  + Various cleanups and leak fixes
  + Updated translations.
- Rebase gnome-session-better-handle-empty-xdg_session_type.patch.
- Drop gnome-session-exit-when-lost-name-on-bus.patch: no longer
  applicable.

==== grub2 ====
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi

- Power guest secure boot with static keys: GRUB2 signing portion
  (jsc#SLE-18271) (bsc#1192764)
  * 0001-grub-install-Add-SUSE-signed-image-support-for-power.patch
- Power guest secure boot with static keys: GRUB2 signing portion
  (jsc#SLE-18271) (bsc#1192764)
  * grub2.spec
- Power guest secure boot with static keys: GRUB2 portion (jsc#SLE-18144)
  (bsc#1192686)
  * 0001-ieee1275-Drop-HEAP_MAX_ADDR-and-HEAP_MIN_SIZE-consta.patch
  * 0002-ieee1275-claim-more-memory.patch
  * 0003-ieee1275-request-memory-with-ibm-client-architecture.patch
  * 0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch
  * 0005-docs-grub-Document-signing-grub-under-UEFI.patch
  * 0006-docs-grub-Document-signing-grub-with-an-appended-sig.patch
  * 0007-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch
  * 0008-pgp-factor-out-rsa_pad.patch
  * 0009-crypto-move-storage-for-grub_crypto_pk_-to-crypto.c.patch
  * 0010-posix_wrap-tweaks-in-preparation-for-libtasn1.patch
  * 0011-libtasn1-import-libtasn1-4.18.0.patch
  * 0012-libtasn1-disable-code-not-needed-in-grub.patch
  * 0013-libtasn1-changes-for-grub-compatibility.patch
  * 0014-libtasn1-compile-into-asn1-module.patch
  * 0015-test_asn1-test-module-for-libtasn1.patch
  * 0016-grub-install-support-embedding-x509-certificates.patch
  * 0017-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch
  * 0018-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch
  * 0019-appended-signatures-support-verifying-appended-signa.patch
  * 0020-appended-signatures-verification-tests.patch
  * 0021-appended-signatures-documentation.patch
  * 0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch
  * 0023-x509-allow-Digitial-Signature-plus-other-Key-Usages.patch
- Fix no menuentry is found if hibernation on btrfs RAID1 (bsc#1193090)
  * grub2-systemd-sleep-plugin

==== iproute2 ====
Version update (5.15 -> 5.16)

- remove routef from links; it doesn't exist anymore
- update to 5.16:
  * devlink: Fix cmd_dev_param_set() to check configuration mode
  * ip: add AMT support
  * iplink_can: fix configuration ranges in print_usage() and add
    unit
  * tc: flower: Fix buffer overflow on large labels
  * ip/ipnexthop: fix unsigned overflow in parse_nh_group_type_res()
  * tc/m_vlan: fix print_vlan() conditional on TCA_VLAN_ACT_PUSH_ETH
  * iplink_can: add new CAN FD bittiming parameters:
    Transmitter Delay Compensation (TDC)

==== libqt5-qtwebengine ====
Version update (5.15.7 -> 5.15.8)

- Update to version 5.15.8:
  * Update Chromium:
    [Backport] CVE-2021-3517: libxml2: Heap-based buffer overflow
    in xmlEncodeEntitiesInternal() in entities.c
    [Backport] CVE-2021-3541 libxml2: Exponential entity expansion
    attack bypasses all existing protection mechanisms
    [Backport] CVE-2021-37984 : Heap buffer overflow in PDFium
    [Backport] CVE-2021-37987 : Use after free in Network APIs
    [Backport] CVE-2021-37989 : Inappropriate implementation in Blink
    [Backport] CVE-2021-37992 : Out of bounds read in WebAudio
    [Backport] CVE-2021-37993 : Use after free in PDF Accessibility
    [Backport] CVE-2021-37996 : Insufficient validation of untrusted
    input in Downloads
    [Backport] CVE-2021-38001 : Type Confusion in V8
    [Backport] CVE-2021-38003 : Inappropriate implementation in V8
    [Backport] CVE-2021-38005: Use after free in loader (1/3)
    [Backport] CVE-2021-38005: Use after free in loader (2/3)
    [Backport] CVE-2021-38005: Use after free in loader (3/3)
    [Backport] CVE-2021-38007: Type Confusion in V8
    [Backport] CVE-2021-38009: Inappropriate implementation in cache
    [Backport] CVE-2021-38010: Inappropriate implementation in serviceworkers
    [Backport] CVE-2021-38012: Type Confusion in V8
    [Backport] CVE-2021-38015: Inappropriate implementation in input
    [Backport] CVE-2021-38017: Insufficient policy enforcement in iframe
    sandbox
    [Backport] CVE-2021-38018: Inappropriate implementation in navigation
    [Backport] CVE-2021-38019: Insufficient policy enforcement in CORS
    [Backport] CVE-2021-38021: Inappropriate implementation in referrer
    [Backport] CVE-2021-38022: Inappropriate implementation in WebAuthentication
    [Backport] CVE-2021-4057: Use after free in file API
    [Backport] CVE-2021-4058: Heap buffer overflow in ANGLE (1/2)
    [Backport] CVE-2021-4058: Heap buffer overflow in ANGLE (2/2)
    [Backport] CVE-2021-4059: Insufficient data validation in loader
    [Backport] CVE-2021-4062: Heap buffer overflow in BFCache
    [Backport] CVE-2021-4078: Type confusion in V8
    [Backport] CVE-2021-4079: Out of bounds write in WebRTC
    [Backport] CVE-2021-4098: Insufficient data validation in Mojo
    [Backport] CVE-2021-4099: Use after free in Swiftshader
    [Backport] CVE-2021-4101: Heap buffer overflow in Swiftshader.
    [Backport] CVE-2021-4102: Use after free in V8
    [Backport] Dependency for CVE-2021-37989
    [Backport] Dependency for CVE-2021-38009
    [Backport] Security bug 1245870
    [Backport] Security bug 1252858
    [Backport] Security bug 1259899
    Bump V8_PATCH_LEVEL
    Compile with GCC 11 -std=c++20
    Fix stack overflow on gpu channel recreate with an error
    Use wglSetPixelFormat directly only if in software mode
    [Backport] Handle long SIGSTKSZ in glibc > 2.33
    [Backport] abseil-cpp: Fixes build with latest glibc
  * Handle qtpdf compilation with static runtime
  * Add bitcode support for qtpdf on ios
  * Do not access accessibility from qt post routines
  * Blacklist javascriptClipboard test on ubuntu 20.04
  * Re-enable network-service-in-process
  * Bump version from 5.15.7 to 5.15.8
  * Update patch level
  * Fix pinch gesture
  * Fix leak of properties after XkbRF_GetNamesProp
  * Fix leak on getDefaultScreeenId
- Drop patch:
  * 0001-Fix-build-with-glibc-2.34.patch

==== nautilus ====
Version update (41.1 -> 41.2)
Subpackages: gnome-shell-search-provider-nautilus libnautilus-extension1

- Update to version 41.2:
  + Avoid cropping format popover in Compress dialog.
  + Fix "Move to"/"Copy to" from Starred.
  + Fix memory leak on tab switch.
  + Updated translations.

==== patterns-base ====
Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11

- Install PAM manual pages instead of the PDFs
- specfile cleanup
- Don't recommend ntfs-3g by default on TW, the kernel module got
  improved

==== perl-HTTP-Message ====
Version update (6.35 -> 6.36)

- updated to 6.36
  see /usr/share/doc/packages/perl-HTTP-Message/Changes
  6.36      2022-01-05 14:39:42Z
  - Fix examples in HTTP::Request::Common synopsis: HTTP::Request::Common
    does not put headers in an arrayref, unlike HTTP::Request (GH#170) (Karen
    Etheridge)
  - Update to contributing information (GH#171) (Håkon Hægland)

==== podman ====
Subpackages: podman-cni-config

- Add: Provides: podman:/usr/bin/podman-remote subpackage for a clearer upgrade
  path from podman < 3.1.2

==== poppler ====
Version update (21.12.0 -> 22.01.0)
Subpackages: libpoppler-cpp0 libpoppler-glib8

- Update to 22.01.0:
  core:
  * Allow local (relative to dll) fonts dir on Windows
  * TextOutputDev: require more spacing between columns.
    Issue #1093
  * Fix crash in Splash::gouraudTriangleShadedFill. Issue #1183
  * Fix crash when calling Form::reset()
  * GfxSeparationColorSpace: Check validity of colorspace and
    function. Issue #1184
  * Minor code improvements
  glib:
  * Include glib.h before using defines from it
  * Close file descriptors on error
  * Plug some memory leaks
  * Replace use of deprecated g_memdup/g_time_zone_new
  * Remove FD-taking functions on windows
  utils:
  * pdfsig: Add support for documents with passwords
  * pdfsig: Fix signing with -sign if nss password is needed

==== poppler-qt5 ====
Version update (21.12.0 -> 22.01.0)

- Update to 22.01.0:
  core:
  * Allow local (relative to dll) fonts dir on Windows
  * TextOutputDev: require more spacing between columns.
    Issue #1093
  * Fix crash in Splash::gouraudTriangleShadedFill. Issue #1183
  * Fix crash when calling Form::reset()
  * GfxSeparationColorSpace: Check validity of colorspace and
    function. Issue #1184
  * Minor code improvements
  glib:
  * Include glib.h before using defines from it
  * Close file descriptors on error
  * Plug some memory leaks
  * Replace use of deprecated g_memdup/g_time_zone_new
  * Remove FD-taking functions on windows
  utils:
  * pdfsig: Add support for documents with passwords
  * pdfsig: Fix signing with -sign if nss password is needed

==== qemu ====

- It's time to really start requiring -F when using -b in
  qemu-img for us as well. Users/customers have been warned
  in the relevant release notes (bsc#1190135)
  * Patches dropped:
  Revert-qemu-img-Improve-error-for-rebase.patch
  Revert-qemu-img-Require-F-with-b-backing.patch

==== yast2 ====
Version update (4.4.34 -> 4.4.36)

- Adapted Report.yesno_popup to Ruby 3 (bsc#1193192)
- 4.4.36
- Simplify slide show to support future parallel installations
  (jsc#SLE-20437)
- 4.4.35