Packages changed:
  SVT-AV1 (0.8.7 -> 0.9.0)
  ell (0.46 -> 0.48)
  ethtool (5.15 -> 5.16)
  gstreamer-plugins-bad
  iputils
  keylime
  libimobiledevice (1.3.0+git.20200910 -> 1.3.0+git.20210921)
  libplist
  neon (0.32.1 -> 0.32.2)
  polkit
  toolbox
  util-linux (2.37.2 -> 2.37.3)
  webkit2gtk3
  webkit2gtk3-soup2
  wireplumber (0.4.6 -> 0.4.7)
  xen
  yast2 (4.4.39 -> 4.4.42)

=== Details ===

==== SVT-AV1 ====
Version update (0.8.7 -> 0.9.0)

- Update to 0.9.0
  * New faster presets M9-M12, M12 reaching similar complexity level to that of x264 veryfast
  * New multi-pass and single pass VBR implementation minimizing the quality difference vs CRF while reducing the cycle overhead
  * Quality vs density tradeoffs improvements across all presets in CRF mode
  * Added support for CRF with capped bitrate
  * Added support for overlay frames and super resolution
  * Fixed film grain synthesis bugs
  * Added experimental support for > 4k resolutions
  * Added experimental support for the low delay prediction structure
  * Significant memory reduction especially for faster presets in a multi-threaded environment
  * API configuration structure cleanup removing all invalid or out of date parameters
  * Speedup legacy CPUs for faster development by adding SSE code for corresponding C-kernels
  * Updated the code license from BSD 2-clause to BSD 3-clause clear

==== ell ====
Version update (0.46 -> 0.48)

- update to 0.48:
  * Fix issue with memory leaking from ICMPv6 RA.
  * Fix issue with memory leaking from DHCP leases.
  * Fix issue with NULL terminating of Base64 encoding.

==== ethtool ====
Version update (5.15 -> 5.16)

- update to upstream release 5.16
  * Feature: use memory maps for module EEPROM parsing (-m)
  * Feature: show CMIS diagnostic information (-m)
  * Fix: fix dumping advertised FEC modes (--show-fec)
  * Fix: ignore cable test notifications from other devices
    (--cable-test)
  * Fix: do not show duplicate options in help text (--help)

==== gstreamer-plugins-bad ====
Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsturidownloader-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0

- Add some conditionals to build as many plugins as possible
  in SLE-15-SP4 and move all conditional logic to the beginning
  of the spec file using bcond_with/without.

==== iputils ====

- temporarily reintroduce rarpd and rdisc tools to get them into
  15sp4 [jsc#SLE-23521]

==== keylime ====
Subpackages: keylime-agent keylime-config keylime-firewalld keylime-registrar keylime-tpm_cert_store keylime-verifier python38-keylime

- Set /var/lib/keylime under the same permissions expected by the code

==== libimobiledevice ====
Version update (1.3.0+git.20200910 -> 1.3.0+git.20210921)

- Add python-rpm-macros to BuildRequires (boo#1194755).
- Update to version 1.3.0+git.20210921:
  * Remove common code in favor of new libimobiledevice-glue
  * tools: idevicebackup2: Exit on service startup failure and improve error messages
  * idevice: Reset receive length variable in internal_ssl_read retry loop and fix wrong variable in debug message
  * lockdown: Get DeviceClass to make sure OS version dependent code is executed correctly
  * Handle error cases in relevant code when retrieving pair record fails
  * common: Return proper error codes from userpref_read_pair_record
  * Add support for MbedTLS
  * idevice: Make sure to handle timeout condition for network connections too
  * installation_proxy: Ignore non-status messages instead of terminating loop
  * mobilesync: Set DeviceLink version to 400 to support iOS 14b4+
  * tools/idevicecrashreport: Fix illegal filenames on Windows
  * tools: Fix entering recovery mode on iOS 14.5+ which now requires a pairing
  * tools: Fix delays in idevicedebugserverproxy when using SSL
  * debugserver: Return success when a receive timed out but actualy bytes have been read
  * idevice: Allow partial reads in idevice_connection_receive_timeout() and handle timeouts more adequate
  * Fixed bytes/strings checks in lockdown.pxi for compatibility with Python2/3
  * Fixed bytes/strings check in imobiledevice.pyx for compatibility with Python2/3
  * Fixed debugserver.pxi PyString_AsString compatibility with Python3
  * Fixed AFC afc.pxi definitions for Python2/3 compatibility. Added missing public method 'remove_path_and_contents'
  * ideviceprovision: Fix date output by adding MAC_EPOCH
  * docs: Improve --quiet command line switch description in idevicesyslog man page
  * idevicescreenshot: Choose a better filename, prevent overwriting existing files
  * idevicedebug: Add --detach option to start an app and exit idevicedebug without killing the app
  * idevicebackup2: Handle DLMessagePurgeDiskSpace by sending back error code
  * idevicebackup2: Update errno to device error mapping
  * idevice: Handle -EAGAIN in case usbmuxd_send() returns it
  * idevicebackup2: Don't fail on restore when source backup doesn't have any application info

==== libplist ====

- Add python-rpm-macros to BuildRequires (boo#1194756).

==== neon ====
Version update (0.32.1 -> 0.32.2)

- update to 0.32.2:
  * Fix auth handling for request-target of "*"

==== polkit ====
Subpackages: libpolkit-agent-1-0 libpolkit-gobject-1-0 typelib-1_0-Polkit-1_0

- Switch from mozjs to duktape:
  * Add duktape-support.patch
- Fixed pkexec Local Privilege Escalation aka pwnkit (CVE-2021-4034 bsc#1194568)
  CVE-2021-4034-pkexec-fix.patch

==== toolbox ====

- Allow docker as an alternative to podman in the package Requires. This was
  supported since 2.2.

==== util-linux ====
Version update (2.37.2 -> 2.37.3)
Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1

- update to 2.37.3 (bsc#1194976):
  This release fixes two security mount(8) and umount(8) issues:
  * CVE-2021-3996
    Improper UID check in libmount allows an unprivileged user to unmount FUSE
    filesystems of users with similar UID.
  * CVE-2021-3995
    This issue is related to parsing the /proc/self/mountinfo file allows an
    unprivileged user to unmount other user's filesystems that are either
    world-writable themselves or mounted in a world-writable directory.

==== webkit2gtk3 ====
Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 webkit2gtk-4_1-injected-bundles

- Add webkit2gtk3-gcc12.patch: fix the build with gcc 12.
- Require glib2 2.44 to match source.

==== webkit2gtk3-soup2 ====
Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles

- Add webkit2gtk3-gcc12.patch: fix the build with gcc 12.
- Require glib2 2.44 to match source.

==== wireplumber ====
Version update (0.4.6 -> 0.4.7)
Subpackages: libwireplumber-0_4-0 wireplumber-audio

- Update to version 0.4.7:
  * Fixed a regression in 0.4.6 that caused the selection of the
    default audio sources and sinks to be delayed until some event,
    which effectively caused losing audio output in many
    circumstances (glfo#pipewire/wireplumber#148,
    glfo#pipewire/wireplumber#150, glfo#pipewire/wireplumber#151,
    glfo#pipewire/wireplumber#153)
  * Fixed a regression in 0.4.6 that caused the echo-cancellation
    pipewire module (and possibly others) to not work
  * A default sink or source is now not selected if there is no
    available route for it (glfo#pipewire/wireplumber#145)
  * Fixed an issue where some clients would wait for a bit while
    seeking (glfo#pipewire/wireplumber#146)
  * Fixed audio capture in the endpoints-based policy
  * Fixed an issue that would cause certain lua scripts to error
    out with older configuration files
    (glfo#pipewire/wireplumber#158)
- Drop patches already included upstream:
  * 0001-policy-node-schedule-rescan-without-timeout-if-defined-target-is-not-found.patch
  * 0002-policy-node-find-best-linkable-if-default-one-cannot-be-linked.patch
- Add patch from upstream to fix selection of Pro Audio nodes
  as default nodes:
  * 0001-default-nodes-handle-nodes-without-Routes.patch

==== xen ====

- bsc#1194576 - VUL-0: CVE-2022-23033: xen: arm:
  guest_physmap_remove_page not removing the p2m mappings (XSA-393)
  xsa393.patch
- bsc#1194581 - VUL-0: CVE-2022-23034: xen: a PV guest could DoS
  Xen while unmapping a grant (XSA-394)
  xsa394.patch
- bsc#1194588 - VUL-0: CVE-2022-23035: xen: insufficient cleanup of
  passed-through device IRQs (XSA-395)
  xsa395.patch
- bsc#1191668 - L3: issue around xl and virsh operation - virsh
  list not giving any output
  libxl-dont-try-to-free-a-NULL-list-of-vcpus.patch
  libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch

==== yast2 ====
Version update (4.4.39 -> 4.4.42)

- Added Y2Packager::NewRepositorySetup to track new repositories
  (related to bsc#1194453)
- 4.4.42
- Fix PackageAI call to PackagesProposal.GetResolvable. It prevents
  a crash when cloning a system (bsc#1195137).
- 4.4.41
- Use Package module instead of PackageSystem (bsc#1194886).
- 4.4.40