Packages changed:
  apparmor
  fcoe-utils
  fontconfig
  glib2 (2.70.2 -> 2.70.3)
  graphite2
  keylime (6.2.1 -> 6.3.0)
  libapparmor
  libical (3.0.12 -> 3.0.13)
  libical-glib (3.0.12 -> 3.0.13)
  llvm13
  perl-Net-HTTP (6.21 -> 6.22)
  perl-libwww-perl (6.60 -> 6.61)
  pipewire (0.3.43 -> 0.3.44)
  procps
  snapper (0.9.0 -> 0.9.1)
  solid
  udisks2
  userspace-rcu (0.13.0 -> 0.13.1)

=== Details ===

==== apparmor ====
Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor

- add ruby-3.1-build-fix.diff: fix build with ruby 3.1 (boo#1194221,
  MR 827)

==== fcoe-utils ====

- Added upstream commit to fix gcc12 warning/errors:
  * fcoe-utils-Fix-GCC-12-warning.patch

==== fontconfig ====
Subpackages: libfontconfig1

- adding bug reference to this changelog [bsc#1172301]

==== glib2 ====
Version update (2.70.2 -> 2.70.3)
Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0

- Update to version 2.70.3:
  + Several important fixes to FD handling in gspawn.
  + Several important fixes to GDBus message and GVariant parsing
    of invalid data.
  + Fix potential data loss due to missing fsync when saving files
    on btrfs.
  + Bugs fixed: glgo#GNOME/GLib#2503, glgo#GNOME/GLib#2506,
    glgo#GNOME/GLib#2557, glgo#GNOME/GLib#2572,
    glgo#GNOME/GLib#2580, glgo#GNOME/GLib!2394,
    glgo#GNOME/GLib!2415, glgo#GNOME/GLib!2437,
    glgo#GNOME/GLib!2444, glgo#GNOME/GLib!2455.
  + Updated translations.

==== graphite2 ====

- Fix license header so that it corresponds to SPDX abbreviation

==== keylime ====
Version update (6.2.1 -> 6.3.0)
Subpackages: keylime-agent keylime-config keylime-firewalld keylime-registrar keylime-tpm_cert_store keylime-verifier python38-keylime

- Drop patches beacuse merged upstream:
  * 0001-Drop-dataclasses-module-usage.patch
  * 0001-config-support-merge-multiple-config-files.patch
  * 0001-ca-support-back-old-cyptography-API.patch
- Update to version v6.3.0:
  * Coordinated update to fix:
    + bsc#1193997 (CVE-2022-23948)
    + bsc#1193998 (CVE-2021-43310)
    + bsc#1194000 (CVE-2022-23949)
    + bsc#1194002 (CVE-2022-23950)
    + bsc#1194004 (CVE-2022-23951)
    + bsc#1194005 (CVE-2022-23952)
  * secure_mount: add umount function
  * secure_mount: use /proc/self/mountinfo
  * Validate user ID in all public interfaces
  * validators: add uuid and agent_id validators
  * validators: create validators module
  * revocation_notifier: move zmq socket to /var/run/keylime
  * Update API version from 1.0 to 2.0
  * tpm: do not compress quote with zlib by default
  * verifier: persist AK and mTLS certificate to DB
  * verifier: use "supported_version" for agent connections
  * tenant: add support for "supported_version" option for the verifier
  * api_version: add the option for basic validation
  * verifier: add supported_version field to DB and API
  * agent: add /version to REST API
  * verifier, tenant: allow agents to not use mTLS
  * tenant, verifier: allow manual configuration of agent mTLS
  * tests: migrate to mTLS
  * tenant: connect to the agent via mTLS
  * verifier: connect to the agent via mTLS
  * tornado_requests: handle SSLError
  * web_util: add mTLS context generation for agent
  * agent: Enable mTLS for agent REST API
  * crypto: add helper function for creating self signed certs
  * registrar: Allow the agent to registrar with a mTLS certificate
  * request_client: add workaround for handling certificates
  * request_client: add the option to ignore hostname validation
  * Better docs and errors about IMA hash mismatches
  * tests: use JSON instead Python string for IMA tests
  * verifier: use json.loads(..) instead of ast.literal_eval(..)
  * Adding Nuvoton certificate for a post 2020 TPM device. The EK cert
    of the device directs to the following download site:
    'https://www.nuvoton.com/security/NTC-TPM-EK-Cert/Nuvoton TPM Root
    CA 1111.cer' (yes, including the spaces)
  * Improve revocation notifier IP description in keylime.conf
  * tornado_requests: set Content-Type header correctly for JSON
  * tenant: post U key to agent with correct Content-Type header
  * Explicitly set permissions on new keylime.conf files installed
  * tpm_main: close file descriptor for aik handle
  * verifier: do not call finish() twice
  * agent: fix payload execution
  * tests: add initial tests for web_util module
  * config, web_util: move get_restful_params(..) to web_util
  * verifier: Also retry on HTTP 500 status code
  * agent: improve startup and shutdown
  * registrar: cleanup start function
  * web_util: move echo_json_response(..) out of config.py
  * verifier: fix failure generation for V key
  * tornado_requests: cleanup TornadoResponse class
  * web_util, verifier: move mTLS SSLContext generation into separate module
  * ca: support back old cyptography API
  * Fix test branch reference in packit.yaml
  * ci: disable DeprecationWarning from pylint in tox
  * Enable new test in Packit CI
  * tenant: fix reactivate command
  * config: support merge multiple config files
  * ci: use only fedora-stable for packit
  * elchecking: harden example policy against event type manipulation
  * elchecking: add new tests
  * tests: fix stdout formatting for agent and verifier
  * Drop dataclasses module usage
  * revocation notifier: handle shutdown of process gracefully
  * verifier: handle SIGINT and SIGTERM correctly
  * ima_emulator: fix IMA hash validation and add more options
  * ima_ast: fix handling ToMToU errors
  * Remove leftovers of TPM 1.2 support
  * agent: improved validation for post function
  * agent: better validation for mask and nonce
  * config: add function to validate hex strings
  * agent: keys/verify check if challenge was provided
  * tpm_main: do not append /usr/local/{bin,lib} to default env
  * db: only set length on Text type if supported
  * json: do not make sqlalchemy a hard requirement
  * Enable functional testing with Packit CI
  * ima_emulator: specify sys.argv as the named parameter argv in main()
  * elchecking example policy: make it work with Fedora 34
  * elchecking example policy: initrd* might be also called initramfs*
  * scripts: add mb_refstate generator for example policy
  * config: change tpm_hash_alg to SHA1 by default
  * parse_mb_bootlog: specify the used hash algorithm used for PCRs
  * agent: add warning that on kernels <5.10 IMA only works with SHA1
  * tpm: explicitly pass hash alg to sim_extend(..)
  * ima emulator: use IMA AST and support multiple hash algorithms
  * tests: update IMA allowlist version number
  * ima: add option 'log_hash_alg' to IMA allowlist
  * ima: remove hard requirement for SHA1 PCR 10
  * algorithms: extend Hash class to simplify computing hash values
  * config, tpm_main: explicitly handle YAML load errors
  * config: private_key must be set to -private.pem not -public.pem
  * agent: add UUID option environment
  * agent: drop openstack uuid option

==== libapparmor ====

- add ruby-3.1-build-fix.diff: fix build with ruby 3.1 (boo#1194221,
  MR 827)

==== libical ====
Version update (3.0.12 -> 3.0.13)

- update to 3.0.13:
  * icalcomponent_get_dtend() return icaltime_null_time(), unless called on
    VEVENT, VAVAILABILITY or VFREEBUSY
  * icalcomponent_get_duration() for VTODO calculate with DUE instead of DTEND
  * Replace CMake FindBDB with FindBerleyDB
  * Fix finding ICU and BerkeleyDB on Mac

==== libical-glib ====
Version update (3.0.12 -> 3.0.13)

- update to 3.0.13:
  * icalcomponent_get_dtend() return icaltime_null_time(), unless called on
    VEVENT, VAVAILABILITY or VFREEBUSY
  * icalcomponent_get_duration() for VTODO calculate with DUE instead of DTEND
  * Replace CMake FindBDB with FindBerleyDB
  * Fix finding ICU and BerkeleyDB on Mac

==== llvm13 ====

- Add support for experimental targets and enable the M68k backend
- Add patch to fix testsuite after enabling the M68k backend
  + llvm-update-extract-section-script.patch

==== perl-Net-HTTP ====
Version update (6.21 -> 6.22)

- updated to 6.22
  see /usr/share/doc/packages/perl-Net-HTTP/Changes
  6.22      2022-01-21 20:41:21Z
  - Format method bullet points as code in docs (GH#77) (Paul Cochrane)
  - Ignore automatically generated directories (GH#76) (Paul Cochrane)
  - Use copyright start year rather than range (issue raised by Paul
    Cochrane)

==== perl-libwww-perl ====
Version update (6.60 -> 6.61)

- updated to 6.61
  see /usr/share/doc/packages/perl-libwww-perl/Changes
  6.61      2022-01-21 21:41:18Z
  - Use File::Copy::move to attempt an atomic mirror (GH#401) (Andrew Fresh)
  - Require Getopt::Long at runtime, too (GH#402) (Ville Skyttä)

==== pipewire ====
Version update (0.3.43 -> 0.3.44)
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools

- Update to version 0.3.44:
  * Highlights:
  - It is now possible to run a minimal PipeWire server without a
    session manager, enough to run JACK clients.
  - The maximum buffer size is now configurable and can be larger
    than the previously hardcoded limit of 8192 samples.
    When using high sample rates, the larger buffer size can
    avoid xruns.
  - The default maximum latency was reduced from 170ms to 42ms.
    This should improve overall latency for application that ask
    for a large latency, such as notifications.
  - Better JACK compatibility. Patchbays should now get less
    confused about ports appearing and disappearing.
  - Fix some bluetooth crashes.
  - Fix some races in ALSA device detection.
  - Many bug fixes and improvements all over the place.
  * PipeWire:
  - Bump the meson requirement to 0.59.0.
  - pw-top now reports correct times for filter-chain and
    loopback.
  - max-quantum is now also scaled with the rate. A new
    quantum-limit property was added as a hard limit for the
    quantum. This makes it possible to configure for larger than
    8192 buffer sizes. Note than many JACK applications have a
    hardcoded 8192 limit.
  - The max-quantum was reduced to 2048, This gives a 42ms
    default latency.
  - pw-filter can now return a NULL buffer from _get_dsp_buffer()
  - Add a PIPEWIRE_RATE and PIPEWIRE_QUANTUM env variable to set
    the graph rate and the graph quantum and rate respectively.
  - Fix a potential file descriptor leak in the connection.
  - A new minimal.conf file was added to demonstrate a static
    setup of a daemon that doesn't require a session manager and
    is able to run JACK applicaions.
  - Nice levels are now only changed on the servers, not the
    clients.
  - Add an option to suspend nodes when idle.
  - Make it possible to avoid quantum and rate changes with
    pw-metadata. This is essential in a locked down system.
  - Handle mixer port errors better and fail to create the link
    instead of silently not working.
  - Nodes that are moved to a driver now have all the linked
    nodes moved as well. This makes it possible to run some
    graphs without a driver, such as paplay -> zita-j2n.
  - pw-cli and pw-dump can now also list objects by name, serial
    and object.path using glob style pattern matching.
  * modules:
  - filter-chain can now also configure parameters by index.
  - Fix the client name of module-protocol-simple.
  - module-rtkit was merged into module-rt. This makes it easier
    to ship a default config that works on more systems by
    default.
  - module-adapter can now configure the adapter node from the
    config. Previously, this was a task only performed by the
    session manager.
  - module-metadata can now also create metadata object from the
    config file.
  - The ROC module should now work again.
  - An X11-bell module was added to handle X11 bell events.
  - filter-chain and loopback modules now have better unique
    default names for the streams, which makes it possible to
    save and restore their volumes independently.
  - module-echo-cancel now has properties to control the delay
    and buffer size.
  * ALSA:
  - The monitor names are now correctly parsed.
  - The default period size for batch devices is limited now to
    avoid large latency.
  - The unused min/max-latency properties were removed.
  - Internal latency is now also configurable with params at
    runtime.
  - The udev rule for TI2902 was removed because it causes
    problems.
  - Fix a race where some devices would sometimes be missing.
  - Add some more timeouts to work around a race in udev device
    permission changes when switching VTs.
  * SPA:
  - Fix potential infinite loop in audioconvert.
  - The spa-resample tools can now also use optimised
    implementations.
  - Fix a potential crash in resampler.
  - audioconvert can now also handle F64 formats.
  - The channelmixer now does normalization by default to avoid
    clipping when downmixing is active.
  - The channelmixer will now generate LFE channels when the
    lfe_cutoff frequency is set, even when upmix is disabled.
  - The channelmixer will now always generate FC when the target
    has it.
  - Adapter now reports latency correctly, even after linking the
    monitor ports.
  - Reduce memory usage and preallocated memory in some of the
    audioconvert nodes.
  - Many properties are now exposed in adapter, such as the
    resample quality.
  - The resampler and channelmixer can now be disabled.
  * V4L2:
  - pw-v4l2 now also works for ffplay.
  - Take product names from udev now that the kernel returns
    generic name.
  * JACK:
  - The jack pkgconfig file now has the
    jack_implementation=pipewire variable to be able to
    distinguish jack implementations.
  - jconvolver now starts correctly again.
  - The object.serial is now used for the port_id. This makes it
    easier to track old objects in the cache.
  - Add a dummy jacknet implementation.
  - A bug in the port allocation was fixed that would make it
    impossible to allocate ports at some point.
  * Bluetooth:
  - Bluetooth profiles are now saved properly by the
    session manager.
  - Improved profile detections, increased timeouts for slow
    devices.
  - Implement HFP call indicator for improved compatibility.
  - Handle the case where bluez does not set the adapter or
    address properties on the device instead of crashing.
  - Improved support for setting the profile from the
    session manager.
  * pulse-server:
  - Monitor sources now have the device.class=monitor for better
    compatibility.
  - Behaviour after seeking is improved. The algorithm for
    requesting bytes from the client was simplified and improved.
  - module-ladspa-sink implements the control argument now.
  - A potential memory leak in the message queue was fixed.
  - Use the object.serial for the pulseaudio object index. The
    index is not supposed to be reused and this would cause
    problems with some clients.
  - Servers should now again be able to listen in IPv4.
  - module-x11-bell was added.
  - There is now support for per-application quirks and
    properties in the pipewire-pulse.conf file. Per-application
    latency and buffering properties can also be configured.
  - Fix a regression in telegram sounds not playing.
- Drop patches already included upstream:
  * 0001-alsa-improve-rate-selection.patch
  * 0001-audioconvert-avoid-infinite-loop.patch
  * 0001-bluez5-dont-create-device-if-adapter-is-missing.patch
  * 0001-bluez5-handle-missing-device-and-adapter-in-quirks.patch
  * 0001-jack-remember-last-return-from-jack_get_buffer_size.patch
  * 0001-loop-invoke-immediately-when-loop-is-not-running.patch
  * 0001-merger-also-reconfigure-when-monitor-changes.patch
  * 0001-pulse-server-show-monitor-sources-with-device_class_monitor.patch
  * 0001-pw-metadata-handle-NULL-props-from-metadata-object.patch
  * 0001-raop-fix-errno-check.patch

==== procps ====
Subpackages: libprocps8

- Correct used URLs

==== snapper ====
Version update (0.9.0 -> 0.9.1)
Subpackages: libsnapper5

- added bash completion provided by community
- look for most configuration files in /etc/snapper and
  /usr/share/snapper (bsc#1189601)
- version 0.9.1

==== solid ====
Subpackages: libKF5Solid5 solid-imports

- Also use libplist-2.0 in SLE15-SP4/Leap 15.4

==== udisks2 ====
Subpackages: libudisks2-0

- Stop packaging libudisks_vdo standalone module, it is deprecated.
  Do this via passing explicit disable-vdo to configure and
  dropping libblockdev-vdo-devel BuildRequires. Add a
  libudisks2_0_vdo Obsoletes to ease updates.
- No longer remove upstream config files, we want to be able to
  load modules on demand. Note that we move an example file to docs
  to keep sysconfdir clean of non-conf files.
- Add a default_luks_encryption define, and set it to luks2, sed
  this macro into source, future versions of udisks will not need
  this, as upstream moves to luks2 by default.
- Ghost a dir/file created by us.
- Split out API docs into separate docs sub-package.

==== userspace-rcu ====
Version update (0.13.0 -> 0.13.1)

- update to 0.13.1:
  * fix: properly detect 'cmpxchg' on x86-32
  * fix: use urcu-tls compat with c++ compiler
  * fix: remove autoconf features default value in help message
  * fix: add missing pkgconfig file for memb flavour lib
  * Make temporary variable in _rcu_dereference non-const
  * Fix: x86 and s390: uatomic __hp() macro C++ support
  * Fix: x86 and s390: uatomic __hp() macro clang support
  * Fix: x86 and s390 uatomic: __hp() macro warning with gcc 11