Packages changed:
  ldb (2.4.2 -> 2.5.0)
  libmnl (1.0.4 -> 1.0.5)
  libnfnetlink (1.0.1 -> 1.0.2)
  libopenmpt (0.6.1 -> 0.6.2)
  libqt5-qtdeclarative
  libqt5-qtwebengine
  mozilla-nss (3.75 -> 3.76.1)
  open-iscsi
  qemu
  re2 (20220201 -> 20220401)
  samba (4.15.5+git.328.f1f29505d84 -> 4.16.0+git.224.70319beb8f8)
  systemd
  tdb (1.4.4 -> 1.4.6)
  xen (4.16.0_06 -> 4.16.0_08)

=== Details ===

==== ldb ====
Version update (2.4.2 -> 2.5.0)

- Update to version 2.5.0
  + No code changes, just bump version for samba 4.16.0 release

==== libmnl ====
Version update (1.0.4 -> 1.0.5)

- Update to release 1.0.5
  * New example program
  * "MNL_SOCKET_DUMP_SIZE" define, holding a recommended buffer
    size for netlink dumps.
  * Resolved compiler warnings

==== libnfnetlink ====
Version update (1.0.1 -> 1.0.2)

- Update to release 1.0.2
  * Resolved Valgrind warnings due to uninitialized padding in
    netlink messages.

==== libopenmpt ====
Version update (0.6.1 -> 0.6.2)

- Update to 0.6.2:
  * [**Sec**] Possible out-of-bounds write in malformed IT / XM / MPTM files
    using the internal LFO plugin. (r17076)
  * [**Sec**] Possible out-of-bounds read when using Amiga BLEP interpolation
    with extremely high-pitched notes. (r17078, r17079)
  * ISO-8859-1-related charsets from Amiga OS and RISC OS are now handled more
    accurately, thus avoiding some unwanted control characters.
  * MO3: Pattern indices 254 / 255 were not treated as playable patterns even if
    the original file was a MOD / XM.
  * Correctly apply ST3-style effect memory when seeking in S3M files.
  * Command S (S3M / IT style) effect memory was not applied when seeking.
  * Initial channel mute status was not reported correctly in `get_channel_mute_status`
    since libopenmpt 0.6.0.
- Fix build on Leap by using GCC-11 as charconv header is only included
  from GCC-8 onwards

==== libqt5-qtdeclarative ====

- Increase the disk constraint to 6GB since the SLE build use
  5.5GB already (boo#1197992)

==== libqt5-qtwebengine ====

- Add security fixes:
  * CVE-2022-0971-qtwebengine-5.15.patch (CVE-2022-0971, boo#1197163)
  * CVE-2022-1096-qtwebengine-5.15.patch (CVE-2022-1096, boo#1197552)

==== mozilla-nss ====
Version update (3.75 -> 3.76.1)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs

- update to NSS 3.76.1
  NSS 3.76.1
  * bmo#1756271 - Remove token member from NSSSlot struct.
  NSS 3.76
  * bmo#1755555 - Hold tokensLock through nssToken_GetSlot calls in
    nssTrustDomain_GetActiveSlots.
  * bmo#1370866 - Check return value of PK11Slot_GetNSSToken.
  * bmo#1747957 - Use Wycheproof JSON for RSASSA-PSS
  * bmo#1679803 - Add SHA256 fingerprint comments to old
    certdata.txt entries.
  * bmo#1753505 - Avoid truncating files in nss-release-helper.py.
  * bmo#1751157 - Throw illegal_parameter alert for illegal extensions
    in handshake message.

==== open-iscsi ====
Subpackages: iscsiuio libopeniscsiusr0_2_0

- Updated to latest upstream, including bug fixes and cleanups.
  Changes included:
  * add handling name/value pairs for firmware login (bsc#1196113),
    including man page update for same
  * Fix bug where some package parts were installed using
    DESTDIR twice
  * general build cleanup (in prep for removing DB files from
    /etc/iscsi some day soon)
  Also, now delivering a "package config" file for libopeniscsiusr.

==== qemu ====

- Backport aqmp patches from upstream which can fix iotest issues
  * Patches added:
  python-aqmp-add-__del__-method-to-legacy.patch
  python-aqmp-add-_session_guard.patch
  python-aqmp-add-SocketAddrT-to-package-r.patch
  python-aqmp-add-socket-bind-step-to-lega.patch
  python-aqmp-add-start_server-and-accept-.patch
  python-aqmp-copy-type-definitions-from-q.patch
  python-aqmp-drop-_bind_hack.patch
  python-aqmp-fix-docstring-typo.patch
  python-aqmp-Fix-negotiation-with-pre-oob.patch
  python-aqmp-fix-race-condition-in-legacy.patch
  Python-aqmp-fix-type-definitions-for-myp.patch
  python-aqmp-handle-asyncio.TimeoutError-.patch
  python-aqmp-refactor-_do_accept-into-two.patch
  python-aqmp-remove-_new_session-and-_est.patch
  python-aqmp-rename-accept-to-start_serve.patch
  python-aqmp-rename-AQMPError-to-QMPError.patch
  python-aqmp-split-_client_connected_cb-o.patch
  python-aqmp-squelch-pylint-warning-for-t.patch
  python-aqmp-stop-the-server-during-disco.patch
  python-introduce-qmp-shell-wrap-convenie.patch
  python-machine-raise-VMLaunchFailure-exc.patch
  python-move-qmp-shell-under-the-AQMP-pac.patch
  python-move-qmp-utilities-to-python-qemu.patch
  python-qmp-switch-qmp-shell-to-AQMP.patch
  python-support-recording-QMP-session-to-.patch
  python-upgrade-mypy-to-0.780.patch
- Drop the patches which are workaround to fix iotest issues
  * Patches dropped:
  Revert-python-iotests-replace-qmp-with-a.patch
  Revert-python-machine-add-instance-disam.patch
  Revert-python-machine-add-sock_dir-prope.patch
  Revert-python-machine-handle-fast-QEMU-t.patch
  Revert-python-machine-move-more-variable.patch
  Revert-python-machine-remove-_remove_mon.patch

==== re2 ====
Version update (20220201 -> 20220401)

- Update to 2022-04-01:
  * Improve performance slightly
  * Prog::Fangout() is no longer experimental

==== samba ====
Version update (4.15.5+git.328.f1f29505d84 -> 4.16.0+git.224.70319beb8f8)
Subpackages: samba-client samba-client-libs samba-libs

- Update to 4.16.0
  * New samba-dcerpcd binary to provide DCERPC in the member server
    setup
  * Certificate Auto Enrollment
  * Ability to add ports to dns forwarder addresses in internal DNS
    backend
  * No longer using Linux mandatory locks for sharemodes
  * SMB1 protocol has been deprecated, particularly older dialects
  * SMB1 protocol SMBCopy command removed
  * SMB1 server-side wildcard expansion removed
- Add python3-dnspython to samba-ad-dc recommens; (bsc#1187101);
- Use systemd-sysusers to create system users; (bsc#1182847);
- Update to 4.15.6
  * Renaming file on DFS root fails with
    NT_STATUS_OBJECT_PATH_NOT_FOUND; (bso#14169);
  * Samba does not response STATUS_INVALID_PARAMETER when opening 2
    objects with same lease key; (bso#14737);
  * NT error code is not set when overwriting a file during rename
    in libsmbclient; (bso#14938);
  * Fix ldap simple bind with TLS auditing; (bso#14996);
  * net ads info shows LDAP Server: 0.0.0.0 depending on contacted
    server; (bso#14674);
  * Problem when winbind renews Kerberos; (bso#14979);
    (bsc#1196224);
  * pam_winbind will not allow gdm login if password about to
    expire; (bso#8691);
  * virusfilter_vfs_openat: Not scanned: Directory or special file;
    (bso#14971);
  * DFS fix for AIX broken; (bso#13631);
  * Solaris and AIX acl modules: wrong function arguments;
    (bso#14974);
  * Function aixacl_sys_acl_get_file not declared / coredump;
    (bso#7239);
  * Regression: Samba 4.15.2 on macOS segfaults intermittently
    during strcpy in tdbsam_getsampwnam; (bso#14900);
  * Fix a use-after-free in SMB1 server; (bso#14989);
  * smb2_signing_decrypt_pdu() may not decrypt with
    gnutls_aead_cipher_decrypt() from gnutls before 3.5.2;
    (bso#14968);
  * Changing the machine password against an RODC likely destroys
    the domain join; (bso#14984);
  * authsam_make_user_info_dc() steals memory from its struct
    ldb_message *msg argument; (bso#14993);
  * Use Heimdal 8.0 (pre) rather than an earlier snapshot;
    (bso#14995);
  * Samba autorid fails to map AD users if id rangesize fits in the
    id range only once; (bso#14967);
- Fix mismatched version of libldb2; (bsc#1196788).
- Drop obsolete SuSEfirewall2 service files.
- Drop obsolete Samba fsrvp v0->v1 state upgrade functionality;
  (bsc#1080338).
- Fix ntlm authentications with "winbind use default domain = yes";
  (bso#13126); (bsc#1173429); (bsc#1196308).
- Fix samba-ad-dc status warning notification message by disabling
  systemd notifications in bgqd; (bsc#1195896); (bso#14947).
- libldb version mismatch in Samba dsdb component; (bsc#1118508);

==== systemd ====
Subpackages: libsystemd0 libudev1 udev

- Import commit e43a1b018899266b764ab81afb9c30fb417675c6
  1c229f8fc1 cryptsetup: fall back to traditional unlocking if any TPM2 operation fails
  8881f21539 cryptsetup: fix typo
  5882148902 journald: make use of CLAMP() in cache_space_refresh()
  6ee0601f73 journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114)
  fe928f3d49 fs-util: make sure openat_report_new() initializes return param also on shortcut
  3881af1806 fs-util: fix typos in comments
  96060b73ba journal-file: port journal_file_open() to openat_report_new()
  611d9955bb fs-util: add openat_report_new() wrapper around openat()
  f16edb41d4 network: ignore all errors in loading .network files (bsc#1197968)
  5422730a7b meson: build kernel-install man page when necessary
  45c627cfc2 build: include status of TPM2 in the feature string show by --version
- Drop 0001-meson-build-kernel-install-man-page-when-necessary.patch
  It's been merged in the SUSE git repo.
- spec: define %bootstrap with %bcond_with so it can be used with %when. Also
  re-order the meson options a bit.
- spec: make sure /lib exists when installing conf files in /lib/modprobe.d

==== tdb ====
Version update (1.4.4 -> 1.4.6)

- Update to 1.4.6
  + Drop obsolete patch 0001-tdb-Fix-invalid-syntax-in-tdb.h.patch
  + Fix Python docstrings
  + Use atomic operations for tdb_[increment|get]_seqnum
  + Raw performance torture to beat tdb_increment_seqnum

==== xen ====
Version update (4.16.0_06 -> 4.16.0_08)

- bsc#1197423 - VUL-0: CVE-2022-26356: xen: Racy interactions
  between dirty vram tracking and paging log dirty hypercalls
  (XSA-397)
  xsa397.patch
- bsc#1197425 - VUL-0: CVE-2022-26357: xen: race in VT-d domain ID
  cleanup (XSA-399)
  xsa399.patch
- bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359,
  CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity
  map (AMD-Vi) handling issues (XSA-400)
  xsa400-01.patch
  xsa400-02.patch
  xsa400-03.patch
  xsa400-04.patch
  xsa400-05.patch
  xsa400-06.patch
  xsa400-07.patch
  xsa400-08.patch
  xsa400-09.patch
  xsa400-10.patch
  xsa400-11.patch
  xsa400-12.patch
- Additional upstream bug fixes for XSA-400 (bsc#1027519)
  61d6ea2d-VT-d-split-domid-map-cleanup-check-into-a-function.patch
  61d6ea7b-VT-d-dont-leak-domid-mapping-on-error-path.patch
  6229ba46-VT-d-drop-undue-address-of-from-check_cleanup_domid_map.patch