New Tumbleweed snapshot 20210605 released!

7 Jun 2021

      Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20210605

Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports

Packages changed:
  aaa_base (84.87+git20210317.2c04190 -> 84.87+git20210601.8cb043f)
  alsa (1.2.4 -> 1.2.5)
  alsa-oss
  alsa-plugins (1.2.2 -> 1.2.5)
  alsa-ucm-conf (1.2.4 -> 1.2.5)
  boost-base
  boost-extra
  chrony (3.5.1 -> 4.1)
  cups-filters (1.27.2 -> 1.28.8)
  curl (7.76.1 -> 7.77.0)
  epiphany (40.1 -> 40.2)
  gnutls (3.7.1 -> 3.7.2)
  gupnp (1.2.4 -> 1.2.6)
  kimap
  kmod (28 -> 29)
  libX11
  libcap
  libimagequant (2.13.1 -> 2.14.1)
  libkgapi
  libmodulemd (2.12.0 -> 2.12.1)
  libtasn1 (4.16.0 -> 4.17.0)
  libvirt (7.2.0 -> 7.4.0)
  malcontent (0.9.0 -> 0.10.1)
  openssl
  ovmf (202102 -> 202105)
  pcre2 (10.36 -> 10.37)
  perl-Convert-ASN1 (0.27 -> 0.29)
  pipewire
  python-libvirt-python (7.2.0 -> 7.4.0)
  python-pycurl
  rtkit
  rubygem-ffi (1.15.0 -> 1.15.1)
  rubygem-mini_portile2 (2.5.1 -> 2.6.1)
  rubygem-nokogiri (1.11.3 -> 1.11.6)
  skopeo (1.2.1 -> 1.2.3)
  suitesparse
  sushi (3.38.0 -> 3.38.1)
  unbound
  vim (8.2.2850 -> 8.2.2918)
  wget
  xen (4.14.1_16 -> 4.15.0_01)
  xorgproto
  yast2 (4.4.5 -> 4.4.9)
  yast2-bootloader (4.4.0 -> 4.4.1)
  yast2-network (4.4.12 -> 4.4.13)

=== Details ===

==== aaa_base ====
Version update (84.87+git20210317.2c04190 -> 84.87+git20210601.8cb043f)
Subpackages: aaa_base-extras

- Update to version 84.87+git20210601.8cb043f:
  * Use shell builtins for $HOSTTYPE and others (boo#1186296)

==== alsa ====
Version update (1.2.4 -> 1.2.5)
Subpackages: libasound2 libasound2-32bit libatopology2

- Update to version 1.2.5
  * https://www.alsa-project.org/wiki/Changes_v1.2.4_v1.2.5#alsa-lib
- Drop upstream fixed patches
  * 0001-dlmisc-the-snd_plugin_dir_set-snd_plugin_dir-must-be.patch
  * 0002-dlmisc-fix-snd_plugin_dir-locking-for-not-DL_ORIGIN_.patch
  * 0003-pcm-snd_pcm_mmap_readi-fix-typo-in-comment.patch
  * 0004-topology-use-inclusive-language-for-bclk.patch
  * 0005-topology-use-inclusive-language-for-fsync.patch
  * 0006-topology-use-inclusive-language-in-documentation.patch
  * 0007-pcm-set-the-snd_pcm_ioplug_status-tstamp-field.patch
  * 0009-pcm-Add-snd_pcm_audio_tstamp_type_t-constants.patch
  * 0045-pcm-direct-Fix-the-missing-appl_ptr-update.patch
  * 0019-pcm-fix-__snd_pcm_state-return-value.patch
  * 0025-pcm-plugin-optimize-sync-in-snd_pcm_plugin_status.patch
  * 0026-Revert-pcm_plugin-fix-delay.patch
  * 0014-rawmidi-fix-memory-leak-in-snd_rawmidi_virtual_open.patch
  * 0037-topology-tplg_decode_pcm-add-missing-log-argument-co.patch
  * 0040-topology-sort_config-cleanups-use-goto-for-the-error.patch
  * 0028-pcm-rate-tidy-up-snd_pcm_rate_avail_update.patch
  * 0046-pcm-ioplug-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_statu.patch
  * 0030-pcm-rate-use-pcm_frame_diff-in-snd_pcm_rate_playback.patch
  * 0047-pcm-null-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_status.patch
  * 0043-pcm-dmix-dshare-delay-calculation-fixes-and-cleanups.patch
  * 0042-pcm_plugin-set-the-initial-hw_ptr-appl_ptr-from-the-.patch
  * 0011-pcm-Fix-a-typo-in-SND_PCM_AUDIO_TSTAMP_TYPE_LAST-def.patch
  * 0017-pcm_multi-remove-dead-assignment-from-_snd_pcm_multi.patch
  * 0027-pcm-ioplug-fix-the-delay-calculation-in-the-status-c.patch
  * 0041-conf-USB-add-Xonar-U7-MKII-to-USB-Audio.pcm.iec958_d.patch
  * 0016-pcm-remove-dead-assignments-from-snd_pcm_rate_-commi.patch
  * 0035-topology-tplg_pprint_integer-fix-coverity-uninitaliz.patch
  * 0034-ucm-fix-possible-memory-leak-in-parse_verb_file.patch
  * 0021-conf-fix-return-code-in-_snd_config_load_with_includ.patch
  * 0023-pcm-plugin-status-revert-the-recent-changes.patch
  * 0020-confmisc-fix-memory-leak-in-snd_func_concat.patch
  * 0029-pcm-ioplug-fix-the-delay-calculation-for-old-plugins.patch
  * 0039-ucm-uc_mgr_substitute_tree-fix-use-after-free.patch
  * 0024-pcm-plugin-tidy-snd_pcm_plugin_avail_update.patch
  * 0010-test-audio_time-Make-use-of-SND_PCM_AUDIO_TSTAMP_TYP.patch
  * 0033-pcm-rate-fix-the-capture-delay-values.patch
  * 0015-timer-fix-sizeof-operator-mismatch-in-snd_timer_quer.patch
  * 0036-topology-tplg_add_widget_object-do-not-use-invalid-e.patch
  * 0044-topology-fix-parse_tuple_set-remove-dead-condition-c.patch
  * 0038-topology-parse_tuple_set-remove-dead-condition-code.patch
  * 0018-conf-fix-get_hexachar-return-value.patch
  * 0013-ucm-fix-bad-frees-in-get_list0-and-get_list20.patch
  * 0012-conf-fix-use-after-free-in-_snd_config_load_with_inc.patch
  * 0031-pcm-plugin-fix-status-code-for-capture.patch
  * 0048-pcm-share-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_status.patch
  * 0032-pcm-rate-use-pcm_frame_diff-on-related-places.patch
  * 0022-pcm-plugin-status-fix-the-return-value-regression.patch

==== alsa-oss ====
Subpackages: alsa-oss-32bit

- Use https for URL and SourceURL

==== alsa-plugins ====
Version update (1.2.2 -> 1.2.5)
Subpackages: alsa-plugins-pulse alsa-plugins-pulse-32bit alsa-plugins-speexrate alsa-plugins-upmix

- Update to 1.2.5
  * Support alsa 1.2.5
  * Fixed A52 Output plugin
  * upmix: complete generalizing format
  * jack: add option to allow non-jack-aligned period size
  * oss: fix the config (port -> device)
  * pulse: pcm - handle reading pulse stream hole
  * usb_stream: use snd_config_get_card() to decode the card number

==== alsa-ucm-conf ====
Version update (1.2.4 -> 1.2.5)

- Update to version 1.2.5
  * tegra: Add UCM for more devices
  * codecs/rt5640: Make headset optional
  * rt715: add mic led support
  * bytcr-rt5640: Add support for controlling a speaker-mute LED
  * cht-bsw-rt5672: Add support for controlling speaker- and
    mic-mute LEDs, Add support for the components string
  * ucm2: add support to for Qualcomm RB5 Platform
  * codecs/rt5672: Add hardware volume-control support
  * codecs/rt5640: Add hardware volume-control support
  * bytcr-wm5102: Add new UCM profile for BYT boards with a WM5102 codec
  * bytcr-rt5640: Add support for devices without speakers and/or
    an internal mic
  * chtrt5645: Enable Internal MIC of ECS EF20EA
  * chtnau8824: Add support for laptops using stereo DMICs and fix
    mono speaker config not working
  * Full changes:
    https://www.alsa-project.org/wiki/Changes_v1.2.4_v1.2.5#alsa-ucm-conf
- Drop upstream fixes
  * 0001-fix-the-ucm2-codecs-hda-hdmi.conf-use.patch
  * 0002-codecs-hda-hdmi.conf-add-DisplayPort-to-the-device-d.patch
  * 0003-sof-soundwire-use-the-codecs-hda-hdmi.conf-macro.patch
  * 0004-Revert-ucm2-HDA-acp-add-Capture-simple-mixer-element.patch
  * 0005-chtnau8824-Fix-mono-speaker-config-not-working.patch
  * 0006-chtnau8824-Add-support-for-laptops-using-stereo-DMIC.patch
  * 0007-chtnau8824-Boost-analog-mic-volumes-a-bit.patch
  * 0008-rt715-init-setup-ADC07-to-a-proper-volume.patch
  * 0009-sof-hda-dsp-Set-Master-Playback-Switch-on-in-the-Boo.patch
  * 0010-HDA-Intel-HiFi-dual-Add-EnableSequence-and-DisableSe.patch
  * 0011-HDA-Intel-HiFi-dual-Add-BootSequence-and-disable-pla.patch
  * 0012-chtrt5645-Enable-Internal-MIC-of-ECS-EF20EA.patch
  * 0013-bytcr-rt5640-Add-support-for-devices-without-speaker.patch
  * 0014-rt5640-Move-standard-DAC-setup-to-EnableSeq.conf.patch
  * 0015-bytcr-rt5640-fix-the-execution-order.patch
  * 0016-ucm2-add-initial-configuration-for-TRX40-Gigabyte-Ao.patch
  * 0017-USB-Audio-ALC1220-Bump-analog-Speaker-priority-over-.patch
  * 0018-USB-Audio-ALC1220-fix-indentation-for-Speaker-device.patch
  * 0019-USB-Audio-fix-indentation-in-Gigabyte-Aorus-Master-M.patch
  * 0020-chtnau8824-Add-a-SST-define-variable.patch
  * 0021-kblrt5660-Fix-file-permissions.patch

==== boost-base ====
Subpackages: boost-license1_76_0 libboost_date_time1_76_0 libboost_filesystem1_76_0 libboost_iostreams1_76_0 libboost_locale1_76_0 libboost_program_options1_76_0 libboost_thread1_76_0

- Compile boost iostreams with lzma support for reading .xz files

==== boost-extra ====

- Compile boost iostreams with lzma support for reading .xz files

==== chrony ====
Version update (3.5.1 -> 4.1)
Subpackages: chrony-pool-openSUSE

- Update to 4.1
  * Add support for NTS servers specified by IP address (matching
    Subject Alternative Name in server certificate)
  * Add source-specific configuration of trusted certificates
  * Allow multiple files and directories with trusted certificates
  * Allow multiple pairs of server keys and certificates
  * Add copy option to server/pool directive
  * Increase PPS lock limit to 40% of pulse interval
  * Perform source selection immediately after loading dump files
  * Reload dump files for addresses negotiated by NTS-KE server
  * Update seccomp filter and add less restrictive level
  * Restart ongoing name resolution on online command
  * Fix dump files to not include uncorrected offset
  * Fix initstepslew to accept time from own NTP clients
  * Reset NTP address and port when no longer negotiated by NTS-KE
    server
- Update clknetsim to snapshot f89702d.
- Refresh chrony.keyring from
  https://chrony.tuxfamily.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC...
- Ensure the correct pool packages are installed for openSUSE
  and SLE (bsc#1180689).
- Enable syscallfilter unconditionally [boo#1181826].
- drop buildrequires on NSS. We need gnutls for NTS anyway and we
  can do all the other required crypto via nettle+gnutls. no need
  for another crypto library.
- Update to 4.0
  - Enhancements
  - Add support for Network Time Security (NTS) authentication
  - Add support for AES-CMAC keys (AES128, AES256) with Nettle
  - Add authselectmode directive to control selection of
    unauthenticated sources
  - Add binddevice, bindacqdevice, bindcmddevice directives
  - Add confdir directive to better support fragmented
    configuration
  - Add sourcedir directive and "reload sources" command to
    support dynamic NTP sources specified in files
  - Add clockprecision directive
  - Add dscp directive to set Differentiated Services Code Point
    (DSCP)
  - Add -L option to limit log messages by severity
  - Add -p option to print whole configuration with included
    files
  - Add -U option to allow start under non-root user
  - Allow maxsamples to be set to 1 for faster update with -q/-Q
    option
  - Avoid replacing NTP sources with sources that have
    unreachable address
  - Improve pools to repeat name resolution to get "maxsources"
    sources
  - Improve source selection with trusted sources
  - Improve NTP loop test to prevent synchronisation to itself
  - Repeat iburst when NTP source is switched from offline state
    to online
  - Update clock synchronisation status and leap status more
    frequently
  - Update seccomp filter
  - Add "add pool" command
  - Add "reset sources" command to drop all measurements
  - Add authdata command to print details about NTP
    authentication
  - Add selectdata command to print details about source
    selection
  - Add -N option and sourcename command to print original names
    of sources
  - Add -a option to some commands to print also unresolved
    sources
  - Add -k, -p, -r options to clients command to select, limit,
    reset data
  - Bug fixes
  - Don?t set interface for NTP responses to allow asymmetric
    routing
  - Handle RTCs that don?t support interrupts
  - Respond to command requests with correct address on
    multihomed hosts
  - Removed features
  - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320)
  - Drop support for long (non-standard) MACs in NTPv4 packets
    (chrony 2.x clients using non-MD5/SHA1 keys need to use
    option "version 3")
  - Drop support for line editing with GNU Readline
- add BuildRequires for gnutls-devel (which also pulls nettle to
  enable the new features)
- drop patches which are included in the update:
  chrony-test-update-processing-of-packet-log.patch
  chrony-test-fix-util-unit-test-for-NTP-era-split.patch
- refreshed chrony-config.patch
- track series file for easier quilt setup
- added option to turn off testsuite with
  osc build --without=testsuite
  testsuite still runs by default

==== cups-filters ====
Version update (1.27.2 -> 1.28.8)

- Version upgrade to 1.28.8
  * libcupsfilters: Made check whether the driverless PPD to
    generate should be a fax out PPD more reliable (Issue #343).
  * foomatic-rip: Options in the 5th command line argument of
    the CUPS filter command line are separated only by white
    space and not by comma, also make sure that an option "none"
    is not considered a custom page size (Issue #348).
  * implicitclass: Raise timeout for cups-browsed's answer from
    20s to 60s (Pull request #346).
  * libcupsfilters: In the PPD generator really give priority to
    Apple Raster against PDF (Issue #331).
- Version upgrade to 1.28.7
  * driverless: Removed the support quality check from Pull
    request #235 as it takes significant time for each printer
    being listed, making cups-driverd (`lpinfo -m`) timing out
    when there are many printers (OpenPrinting CUPS issue #65).
  * libcupsfilters: In the PPD generator give priority to Apple
    Raster against PDF (Issue #331).
  * libcupsfilters: Added NULL check when removing ".Borderless"
    suffixes from page size names (Issue #314, Pull request #328).
  * libcupsfilters: In the cupsRasterParseIPPOptions() map the
    color spaces the same way as in the PPD generator
    (Issue #326, Pull request #327).
  * libcupsfilters: Fixed addition of grayscale mode in
    generated PPD files, to avoid duplicate entries
    (OpenPrinting CUPS issue #59).
- Version upgrade to 1.28.6
  * libcupsfilters: In generated PPDs add a grayscale mode if
    there are only color printing modes (from OpenPrinting CUPS).
  * libcupsfilters: In generated PPDs add an "OutputBin" option
    also if it has only one choice (OpenPrinting CUPS pull
    request #18).
  * libcupsfilters: Generated PPDs could have an "Unknown"
    default InputSlot (OpenPrinting CUPS issue #44).
  * cups-browsed: Removed unneeded IPP attribute additions
    preventing the created local queues from preserving a
    location or description the user assigns to them (Issue #323).
  * cups-browsed: Removed all calls of the resolve_uri() function
    of libcupsfilters, as these are not actually needed and in case
    the supplied DNS-SD-based URI is not resolvable, the function
    gets stuck for ~5 seconds.
  * cups-browsed: Fixed several memory leaks, mainly from the
    code to merge printer IPP attributes for clusters
    (Pull request #322).
  * cups-browsed: Silenced compiler warning.
  * foomatic-rip: Fix infinite loop and input from file on raw
    printing (Pull request #318).
  * foomatic-rip: Remove temporary file created during pdf-to-ps
    conversion (Pull request #313).
- Version upgrade to 1.28.5
  * cups-browsed: UUID from IPP response was used after its
    pointer was freed by ippDelete() (Pull request #311).
- Version upgrade to 1.28.4
  * driverless: Avoid duplicate PPD list entries from the same
    device via UUID
  * driverless: Reduce ippfind calls by "driverless" and
    "driverless-fax"called by CUPS. Let "driverless list" list
    both print and fax PPDs and "driverless-fax list" do nothing.
  * driverless: Avoid duplicate listings in printer discovery,
    by "driverless-fax" not listing any URI as "driverless"
    lists them all already.
  * driverless: Vastly improve performance by doing only one
    ippfind call instead of two (IPP, IPPS) as ippfind accepts
    more than one reg type on the command line.
  * Sample PPDs: Corrected manufacturer name in
    Fuji_Xerox-DocuPrint_CM305_df-PDF.ppd.
- Version upgrade to 1.28.3
  * libcupsfilters, cups-browsed: Fixed inconsistency between
    resolvers for DNS-SD-based URIs, resolve_uri() and
    ippfind_based_uri_converter(). Now both return a freeable
    string.
  * libcupsfilters: Fix uninitialized buffer and parsing ippfind
    output in ippfind_based_uri_converter() function
    (Issue #308, Pull request #309).
- Version upgrade to 1.28.2
  * driverless: Free allocated memory, use MAX_OUTPUT_LEN
    (Pull request #304).
  * driverless: Make the two ippfind tasks(for IPP
    and IPPS) run in parallel (Pull request #302, #305, #306).
  * braille: Support new liblouis tables not containing a
    display name (Pull request #303)
  * Build system: Let ./configure not error out when there is
    more than one DejaVuSans.ttf test font candidate (Issue #300).
  * cups-browsed: Crash when a remote printer set as default gets
    removed, due to missing variable in printf() call (Issue #299).
  * libcupsfilters: Removed all signal handling and global
    variables from get_printer_attributes() and
    ippfind_based_uri_converter(). This is overkill for these
    quick operations and causes problems when shutting down
    cups-browsed (Issue #298).
- Version upgrade to 1.28.1
  * COPYING: Fixed several typos
  * libcupsfilters: Fixed typo in log message of
    get_printer_attributes functions.
  * cups-browsed: Fixed typos in configuration file and man page
  * libcupsfilters: Let the PPD generator not suffix page size
    names with ".Borderless" if all page sizes would get this
    suffix, for example for printers which generally print
    borderless.
  * libcupsfilters: Added "faxPrefix" option for generated IPP Fax
    Out PPDs, so that this option also appears in print dialogs.
  * driverless: List addresses for local services correctly when
    using "--std-ipp-uris" (with "localhost" hostname).
  * driverless: Make calls of the ippfind utility somewhat faster,
    setting the timeout of ippfind to automatic.
  * libcupsfilters: Resolve DNS-SD-based URIs for local services
    correctly (using hostname "localhost").
  * libcupsfilters: In get_printer_attributes() functions do not
    try to convert URIs which are not DNS-SD-based (Issue #294).
  * libcupsfilters: In get_printer_attributes() functions also
    support URIs with "dnssd://..." scheme.
  * libcupsfilters: Moved signal handling back into main
    function of the get_printer_attributes() variants, it got
    moved out accidentally.
  * driverless: For generating a PPD, independent whether via
    "driverless URI" or "driverless cat URI", always allow CUPS
    driver URIs (prefixed with "driverless: " or
    "driverless-fax:") and pure IPP URIs.
  * driverless: Accept clean IPP URIs also for 'driverless cat ...'
    (Issue #295, Pull request #296).
  * driverless-fax: Do not use fixed path for call of driverless
    itself (Pull request #293).
- Version upgrade to 1.28.0
  * driverless, driverless-fax, libcupsfilters: Added IPP Fax
    Out support. Now printer setup tools list an additional fax
    "driver".  A fax queue is created by selecting this driver.
    Jobs have to be sent with "-o phone=12345" to supply
    the destination phone number (Pull request #280).
  * libfontembed: Silenced warning with gcc 10.x
    (Pull request #287).
  * cups-browsed: Added ./configure
    options --enable-saving-created-queues
    and --with-remote-cups-local-queue-naming
    (Pull request: #253, #285).
  * cups-browsed: Fixed several memory leaks, mainly from
    the code to merge printer IPP attributes for clusters
    (Pull request #281, #283).
  * driverless: Added "--std-ipp-uris" command line option to
    show listed URIs in standard hostname-based form (not the
    CUPS DNS-SD-service-name-based form. Only for manual call of
    the utility, for debugging purposes (Pull request #277).
  * libfontembed: Removed assert() calls which cause crashes
    when unsupported emoji fonts are installed (Issue #254,
    Pull request #276).
  * driverless: Added support for IPPS (use "ipps://..." URIs if
    possible, Issue #251, Pull request #270, #273).
  * gstoraster, gstopdf: When converting PostScript to PDF use
    the "pdfwrite" output device with "-dPDFSETTINGS=/default"
    instead of with "-dPDFSETTINGS=/printer". This reproduces
    bitmaps in the PostScript file with their original image
    quality (Issue #272).
  * cups-browsed: Limit log file size and add backup file for
    previous log entries. Introduced the configuration option
    DebugLogFileSize in cups-browsed.conf to set the actual limit
    in kilobytes or 0 to get the old behavior of an unlimited
    size for the log file (Issue #260, Pull request #267).
  * gstoraster, gstopdf: Do not apply margins when output format
    is PDF, as then we convert an incoming PostScript file to
    PDF (pre-pdftopdf) and do not prepare the pages for the
    printer (post-pdftopdf, Issue #250).
  * cups-browsed: Do not write any log messages directly to
    stderr, there were some concerning timeouts on queue
    creation (Issue #260).
  * Build system: Fix cross-compilation without DejaVu test font
    in configure.ac (Issue #262, Pull request #263).
  * libcupsfilters: Respect the fact that PPD keywords
    are case-sensitive when adding "*cupsManualCopies: True" in
    PPD file (Issue #242).
  * libcupsfilters: Older versions of libcups (< 2.3.1)
    had the enum name for fold-accordion finishings mistyped.
    Added a workaround.
  * cups-browsed: Remove left-over local queues from the previous
    session more quickly when CUPS legacy browsing is turned on.
  * cups-browsed: Left-over local queues from the previous
    session for which the corresponding remote printer did not
    appear again did not get removed as they were considered
    externally overwritten.
  * gstoraster, gstopdf: Add option "-dDoNumCopies" to Ghostscript
    command line if we are outputting PDF (called via gstopdf
    wrapper) and the number of copies supplied to CUPS is 1 (4th
    command line argument). In this case we convert incoming
    PostScript to PDF and need to respect  embedded PostScript
    commands to implement the number of copies (Issue #255,
    CUPS Issue #5796, OpenSUSE bug #1173345).
  * imagetoraster: Potential null dereference fix (when no valid
    PPD is supplied, Pull request #256).
  * cups-browsed: Call cupsGetNamedDest() only if
    "OnlyUnsupportedByCUPS No"
  * Sample PPDs: Corrected ColorModel default for Generic PWG
    Raster PPD to Color (Pull request #247).
  * cups-browsed: Mark the temp queue as cups-browsed-generated
    during setting printer-is-shared (Pull request #246).
  * cups-browsed: Remove mentions of README and AUTHORS files in
    the man page (Pull request #244).
  * pclmtoraster: Added new filter to extract Raster data from
    raster-only PDF files, here for the special case of PCLm
    files (Pull request #243, #257).
  * Sample PPDs: In Generic-PDF_Printer-PDF.ppd add option to switch
    between color and grayscale printing (Pull request #237).
- Version upgrade to 1.27.5
  * cups-browsed: Do not remove the created local queues on
    shutdown, to avoid their re-creation on restart, so that
    desktops get no cluttered with notifications of new queues
    being created. One can return to the old behavior via
    "KeepGeneratedQueuesOnShutdown No" in cups-browsed.conf
    (Ubuntu bug #1869981, #1878241).
  * cups-browsed: Do not accept DNS-SD broadcasts of IPPS type
    of "remote" CUPS queues of another CUPS instance on the
    local machine. This way we get a local queue pointing to
    such a printer only in unencrypted version (IPP). For some
    reason printing from one CUPS server to another on the same
    machine works only unencrypted.
  * foomatic-rip: Map two-sided-short-edge to DuplexTumble
    (Pull request #236)
  * Build system: In configure.ac use AS_IF instead of
    AC_CHECK_FILE for font check (Issue #239, Pull request #240)
  * cups-browsed: Cleaned up code for determining to which CUPS
    server (host/port/domain socket) to connect, so that connection
    via DomainSocket cups-browsed.conf directive, CUPS_SERVER and
    IPP_PORT environment variables and all defaults and methods
    of libcups, including CUPS' client.conf work.
  * gstoraster, rastertopdf: Do not pass NULL to fprintf()
    (Pull request #230).
  * libcupsfilters: Silence compiler warning (Pull request #229).
- Version upgrade to 1.27.4
  * libcupsfilters, cups-browsed: Fix memory issues in
    ppdgenerator and cups-browsed (Pull request #226).
  * pdftops: Mention cups-filters README, CUPS README in debug log
    (Pull request #225).
  * pdftopdf, gstoraster, foomatic-rip: Use "-dSAFER" Ghostscript
    option, instead of the deprecated "-dPARANOIDSAFER"
    (Pull request #224).
  * Build System: Replace '==' in configure.ac test with '=', as
    the former is a bashism (Pull request #222).
- Version upgrade to 1.27.3
  * cups-browsed: Allow sharing local queues pointing to remote
    CUPS queues and re-sharing printers discovered via
    BrowsePoll by default, using AllowResharingRemoteCUPSPrinters
    and NewBrowsePollQueuesShared directives in cups-browsed.conf
    (Issue #101, Pull request #218).
  * driverless: Correctly unlink temporary file when generating
    PPD file (Pull request #220).
  * cups-browsed: Fixed memory leaks (Pull request #219).
  * foomatic-rip: PDF page count side-loads the PDF file to count
    the pages in, so it cannot be run in -dSAFER mode. Run even
    in -dNOSAFER mode to override the -dSAFER default of newer
    Ghostscript versions. This should not cause a security problem
    as we do not take an input file which could do arbitrary
    side-loads but we run hard-coded PostScript commands instead
    (Issue #216).
  * libfontembed: Add checks to the test programs to not segfault
    if the test font file is not found (Pull request #214).
  * Build System: Let ./configure fail if the supplied test font
    file path (or the default) does not exist (Pull request #214),
    also use the "find" command to find the test font file
    DejaVuSans.ttf under /usr/share/fonts, as every
    distribution has it somewhere else.
- fix_upstream_issue348.patch is no longer needed because
  it is now fixed in the upstream sources, see the above
  entry about "Issue #348". Entries like "Issue #NNN" or
  "Pull request #NNN" mean cups-filters upstream issues
  or cups-filters upstream GitHub pull requests at
  https://github.com/OpenPrinting/cups-filters

==== curl ====
Version update (7.76.1 -> 7.77.0)
Subpackages: libcurl4

- Update to 7.77.0: [bsc#1186114, CVE-2021-22898]
  [bsc#1186115, bsc#1185579, CVE-2021-22901]
  * Security fixes:
  - CVE-2021-22297: schannel cipher selection surprise
  - CVE-2021-22298: TELNET stack contents disclosure
  - CVE-2021-22901: TLS session caching disaster
  * Changes:
  - configure: make the TLS library choice(s) explicit
  - curl: ignore options asking for SSLv2 or SSLv3
  - hsts: enable by default
  - SSL: support in-memory CA certs for some backends
  - vtls: refuse setting any SSL version
  * Bugfixes:
  - configure: provide --with-openssl, deprecate --with-ssl
  - cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies
  - curl: include libmetalink version in --version output
  - data_pending: check only SECONDARY socket for FTP(S) transfers
  - gnutls: don't allow TLS 1.3 for versions that don't support it
  - gnutls: make setting only the MAX TLS allowed version work
  - http2: fix resource leaks in set_transfer_url() and push_promise()
  - http: limit the initial send amount to used upload buffer size
  - rustls: only return CURLE_AGAIN when TLS session is fully drained
  - rustls: use ALPN
  - schannel: Disable auto credentials; add an option to enable it
  - schannel: Support strong crypto option
  - sectransp: allow cipher name to be specified
  - sockfilt: avoid getting stuck waiting for writable socket

==== epiphany ====
Version update (40.1 -> 40.2)
Subpackages: epiphany-lang gnome-shell-search-provider-epiphany

- Update to version 40.2:
  + Fix some memory leaks.
  + Fix memory corruption in history dialog.
  + Fix crash when checking for modified forms.

==== gnutls ====
Version update (3.7.1 -> 3.7.2)
Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-32bit libgnutls30-hmac

- Update to version 3.7.2
  * Added Linux kernel AF_ALG based acceleration
  * Fixed timing of early data exchange
  * The priority string option DISABLE_TLS13_COMPAT_MODE was added
    to disable TLS 1.3 middlebox compatibility mode
  * The GNUTLS_NO_EXPLICIT_INIT envvar has been renamed to
    GNUTLS_NO_IMPLICIT_INIT to reflect the purpose
  * certtool:
  * When signing a CSR, CRL distribution point (CDP) is no
    longer copied from the signing CA by default
  * When producing certificates and certificate requests, subject
    DN components that are provided individually will now be
    ordered by assumed scale
- Rework the crypto-policies dependencies in libraries [bsc#1186385]

==== gupnp ====
Version update (1.2.4 -> 1.2.6)

- Update to version 1.2.6
  + Fix CVE-2021-33516 ( boo#1186590 )
  + Fix potential fd leak in linux CM
  + Fix potential NULL pointer dereference when evaluating unset
    ServiceProxyActions
  + Fix leaking the message string if an action is never sent
  + Fix leaking the ServiceProxyAction if sending fails in
    call_action
  + Fix potential use-after-free if service proxy is
    destroxed before libsoup request finishes in control point
  + Fix potential data leak due to being vulnerable to DNS
    rebind attacs
  + Fix introspection annotation for send_action and
    call_action_finish to prevent a double-free
  + Fix introspection annotation for send_action_list
  + Make ServiceIntrospection usable from gobject-introspection
- Fix dependencies
- Update to version 1.2.6:
  + Fix wrong dependency on GSSDP 1.2.4
- Changes from version 1.2.5:
  + Fix introspection annotation for send_action_list
  + Fix potential fd leak in linux CM
  + Fix potential NULL pointer dereference when evaluating unset
    ServiceProxyActions
  + Fix leaking the message string if an action is never sent
  + Fix leaking the ServiceProxyAction if sending fails in
    call_action
  + Fix introspection annotation for send_action and
    call_action_finish to prevent a double-free
  + Make ServiceIntrospection usable from gobject-introspection
  + Add Python example
  + Add C example
  + Fix JavaScript example
  + Fix potential use-after-free if service proxy is destroxed
    before libsoup request finishes in control point
  + Fix potential data leak due to being vulnerable to DNS rebind
    attacks

==== kimap ====
Subpackages: kimap-lang libKF5IMAP5

- Add hard dependency on SASL modules (boo#1186591)

==== kmod ====
Version update (28 -> 29)
Subpackages: kmod-bash-completion libkmod2

- /usr/lib should override /lib where both are available. Support /usr/lib for
  depmod.d as well.
  * Refresh usr-lib-modprobe.patch
- Remove test patches included in release 29
  - kmod-populate-modules-Use-more-bash-more-quotes.patch
  - kmod-testsuite-compress-modules-if-feature-is-enabled.patch
  - kmod-also-test-xz-compression.patch
- Update to release 29
  * Fix `modinfo -F` not working for built-in modules and
    certain fields.
  * Fix a memory leak, overflow and double free on error path.
- Drop 0001-Fix-modinfo-F-always-shows-name-for-built-ins.patch,
  0001-libkmod-config-revamp-kcmdline-parsing-into-a-state-.patch,
  0002-libkmod-config-re-quote-option-from-kernel-cmdline.patch
  (all merged)

==== libX11 ====
Subpackages: libX11-6 libX11-6-32bit libX11-data libX11-devel libX11-xcb1

- U_Check-for-NULL-strings-before-getting-their-lengths.patch
  * regression in libX11 1.7.1 (boo#1186643)
    fixes segfaults for xforms applications like fdesign

==== libcap ====
Subpackages: libcap2 libcap2-32bit

- Fix a broken symlink. libcap-devel installs libpsx.so but
  didn't install the library it's pointing to.

==== libimagequant ====
Version update (2.13.1 -> 2.14.1)

- update to 2.14.1:
  * improved Rust API
  * quality improvements for remapping overlays over a background

==== libkgapi ====
Subpackages: libKPimGAPICalendar5 libKPimGAPIContacts5 libKPimGAPICore5 libKPimGAPITasks5 libkgapi-lang sasl2-kdexoauth2

- Add hard dep on sasl2-kdexoauth2, needed for authentication

==== libmodulemd ====
Version update (2.12.0 -> 2.12.1)

- Updated to 2.12.1
  This is a bug-fix release fully compatible with the previous 2.12.0
  version. Notable changes:
  Enhancements:
  - Improve diagnostic messages for compression tests.
  - Tests performed in a GitHub continues integration are faster.
  - Use GitHub actions to perform CI tests also on ArchLinux, Mageia,
    Mandriva, and OpenSUSE.
  Fixes:
  - Relax context value up to 13 characters including an underscore
    character in modulemd v2 format. This reenables scratch-builds in MBS.
    Migrate Packit tests from a deprecated current_version_command to
    a newer actions/get-current-version.

==== libtasn1 ====
Version update (4.16.0 -> 4.17.0)
Subpackages: libtasn1-6 libtasn1-6-32bit

- libtasn1 4.17.0:
  * Print deprecation messages for deprecated macros
  * Fix some clang issues due to illegal pointers
  * Restore handling of SIZE nodes
  * Fix memory leak caught by oss-fuzz
  * Gtk-doc fixes
  * Fix bugs unveiled by Static Analysis
  * Update gnulib files and many build fixes
- move tools to -tools packages and clarify licenses
- update upstream signing keyring
- remove deprecated texinfo packaging macros

==== libvirt ====
Version update (7.2.0 -> 7.4.0)
Subpackages: libvirt-client libvirt-daemon libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs

- Update to libvirt 7.4.0
  - Many incremental improvements and bug fixes, see
    https://libvirt.org/news.html
  - Dropped patches:
    ee890f25-libxl-mock-funcs.patch
- Update to libvirt 7.3.0
  - libvirt-admin package merged with libvirt-daemon
  - libvirt-bash-completion package merged with libvirt-client and
    libvirt-daemon packages
  - Many incremental improvements and bug fixes, see
    https://libvirt.org/news.html
  - Dropped patches:
    suse-bump-xen-version.patch
  - Added patches:
    ee890f25-libxl-mock-funcs.patch

==== malcontent ====
Version update (0.9.0 -> 0.10.1)
Subpackages: libmalcontent-0-0 libmalcontent-ui-0-0 malcontent-control malcontent-lang typelib-1_0-Malcontent-0

- Update to version 0.10.1
  + Improve support for systems without accountsservice
  + Fix some data loss-causing state synchronisation problems
  + Hide support for flatpak user repositories, as they are
    typically not configured on systems
  + Add manpage docs for malcontent-client
  + Consider terminology of ?parental controls?
  + Improving padding/spacing in malcontent-control UI
  + Reload ?Restrict Apps? list when installed apps change on system
  + Add command line option to malcontent-control to pre-select a user
  + Fails closed if accountsservice isn't available on the bus
  + Fix partial loss of parental controls settings when partially
    updating them
  + libmalcontent-ui: Drop handling of eos-link desktop files
  + user-controls: Only save the app filter if it?s changed
  + Add Danish translation
  + Update Ukrainian, Italian, Swedish, and Polish translation

==== openssl ====

- Provide openssl(cli) by the meta package: Together with the
  suggests openssl in the base patterns, any consumer of this
  symbols should get the openssl meta package as candidate, which
  allows us to easier change the recommended default version.

==== ovmf ====
Version update (202102 -> 202105)
Subpackages: qemu-ovmf-x86_64 qemu-uefi-aarch64

- Update to edk2-stable202105
  * MdeModulePkg/UfsPassThruDxe: Improve Device initialization
    polling Loop
  * MdePkg: MmUnblockMemoryLib: Added definition and null instance
  * OvmfPkg: resolve MmUnblockMemoryLib (mainly for
    VariableSmmRuntimeDxe)
  * MdeModulePkg: VariableSmmRuntimeDxe: Added request unblock
    memory interface
  * SecurityPkg: Tcg2Smm: Switching from gSmst to gMmst
  * SecurityPkg: Tcg2Smm: Separate Tcg2Smm into 2 modules
  * SecurityPkg: Tcg2Smm: Added support for Standalone Mm
  * SecurityPkg: Tcg2Acpi: Added unblock memory interface for NVS
    region
  * UefiCpuPkg/MpInitLib: Use NASM struc to avoid hardcode offset
  * UefiCpuPkg/MpInitLib: Remove unused Lock from
    MP_CPU_EXCHANGE_INFO
  * UefiCpuPkg/SmmCpuFeaturesLib: Move multi-instance function decl
    to header
  * UefiCpuPkg/SmmCpuFeaturesLib: Rename SmmCpuFeaturesLib.c
  * UefiCpuPkg/SmmCpuFeaturesLib: Cleanup library constructors
  * UefiCpuPkg/SmmCpuFeaturesLib: Abstract PcdCpuMaxLogicalProcessorNumber
  * UefiCpuPkg/SmmCpuFeaturesLib: Add Standalone MM support
  * UefiCpuPkg/PiSmmCpu: Don't allocate Token for SmmStartupThisAp
  * RedfishPkg/Library: RedfishLib
  * OvmfPkg/CpuHotplugSmm: refactor hotplug logic
  * OvmfPkg/CpuHotplugSmm: collect hot-unplug events
  * OvmfPkg/CpuHotplugSmm: add Qemu Cpu Status helper
  * OvmfPkg/CpuHotplugSmm: introduce UnplugCpus()
  * OvmfPkg: define CPU_HOT_EJECT_DATA
  * OvmfPkg/SmmCpuFeaturesLib: init CPU ejection state
  * OvmfPkg/SmmCpuFeaturesLib: call CPU hot-eject handler
  * OvmfPkg/CpuHotplugSmm: add EjectCpu()
  * OvmfPkg/CpuHotplugSmm: do actual CPU hot-eject
  * OvmfPkg/SmmControl2Dxe: negotiate CPU hot-unplug
  * EmbeddedPkg/PrePiHobLib: replace duplicate GUID
  * MdePkg/UefiLib: Correct the arguments passed to
    IsLanguageSupported()
  * UefiCpuPkg/CpuCacheInfoLib: Collect cache associative type
  * UefiCpuPkg/MpInitLib: avoid printing debug messages in AP
  * UefiCpuPkg/CpuDxe: Rename variables to follow EDKII coding
    standard
  * UefiCpuPkg/CpuDxe: Guarantee GDT is below 4GB
  * BaseTools/Ecc: Make Ecc only check first include guard
  * ShellPkg/SmbiosView: add more items for smbiosview -t 3
  * MdePkg: Support standalone MM Driver Unload capability
  * OvmfPkg/X86QemuLoadImageLib: Handle allocation failure for
    CommandLine
  * ShellPkg/Pci: Add valid check for PCI extended config space
    parser
  * CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1j
  * OvmfPkg: strip build paths in release builds
  * MdeModulePkg: Initialize local variable value before they are
    used
  * UefiCpuPkg/SmmCommunication: Remove out-dated comments
  * MdePkg: use CpuPause() in CpuDeadLoop()
  * MdePkg/Include: EFI Redfish Discover protocol
  * ShellPkg/UefiHandleParsingLib: Support EFI Redfish protocols
  * MdePkg/Include/Protocol: EFI_HII POPUP_PROTOCOL duplicate
    declaration
  * MdePkg/Include/Protocol: EFI_RESET_NOTIFICATION_PROTOCOL
    duplicate
  * CryptoPkg/Private/Protocol/Crypto.h: Remove duplicate function
    type
  * MdePkg/BaseLib: Add support for the XSETBV instruction
  * MdeModulePkg/PiDxeS3BootScriptLib: Rename mAcpiS3Enable to
    avoid dup symbol
  * MdePkg/IoLib: Filter/trace port IO/MMIO access
  * MdePkg/Baseib: Filter/trace MSR access for IA32/X64
  * UefiCpuPkg: Remove PEI/DXE instances of CpuTimerLib.
  * UefiCpuPkg: Add MicrocodeLib for loading microcode
  * OvmfPkg: Add MicrocodeLib in DSC files.
  * UefiPayloadPkg/UefiPayloadPkg.dsc: Consume MicrocodeLib
  * UefiCpuPkg/MpInitLib: Consume MicrocodeLib to remove duplicated
    code
  * UefiCpuPkg/PiSmmCpuDxeSmm: Support detect SMM shadow stack
    overflow
  * ShellPkg: Fix smbiosview system enclosure type table
  * UefiCpuPkg/CpuTimerLib: Update LIBRARY_CLASS of Base instance.
  * RedfishPkg/RedfishDiscoverDxe: EFI Redfish Discover Protocol
  * RedfishPkg/RedfishConfigHandler: EDKII RedfishConfigHandler
    Protocol
  * UefiCpuPkg: PiSmmCpuDxeSmm: Check buffer size before accessing
  * BaseTools/Conf: Fix MAKE_FLAGS typos in tools_def.template
  * MdeModulePkg: Initialize temp variable in VarCheckPolicyLib
  * SecurityPkg/Tcg2Smm: Initialize local Status variable
  * DynamicTablesPkg: add validation for PcdNonBsaCompliant16550SerialHid
  * OvmfPkg/XenResetVector: Silent a warning from nasm
  * MdePkg: Allow PcdFSBClock to by Dynamic
  * OvmfPkg/IndustryStandard/Xen: Apply EDK2 coding style to
    XEN_VCPU_TIME_INFO
  * OvmfPkg/IndustryStandard: Introduce PageTable.h
  * OvmfPkg/XenPlatformPei: Map extra physical address
  * OvmfPkg/XenPlatformPei: Calibrate APIC timer frequency
  * OvmfPkg/OvmfXen: Set PcdFSBClock
  * DynamicTablesPkg: Re-order GicItsIdentifierArray struct
  * DynamicTablesPkg: Remove EArmObjExtendedInterruptInfo
  * MdePkg: Fix AsmReadMsr64() and AsmWriteMsr64() with GCC
    toolchain
  * BaseTools/PlatformAutoGen: MAKE_FLAGS and MAKE_PATH fixes
  * RedfishPkg/RestJsonStructureDxe: Fix typo in function header
  * MdePkg/Include: Allow CPU specific defines to be predefined
  * CryptoPkg/Library/Include: Allow CPU specific defines to be
    predefined
  * ArmPlatformPkg: Fix Ecc error 8001
  * ArmPlatformPkg: Fix Ecc error 9001
  * ArmPlatformPkg: Remove package dependency in
    NorFlashStandaloneMm
  * ArmPkg: Fix Ecc error 8001 in Chipset
  * ArmPkg: Fix Ecc error 8001 in SemihostLib
  * ArmPkg: Fix Ecc error 8001 in ArmArchTimerLib
  * ArmPkg: Fix Ecc error 9005 in CpuDxe
  * ArmPkg: Fix Ecc error 10006 in ArmPkg.dsc
  * ArmPkg: Fix Ecc error 10016 in StandaloneMmMmuLib
  * ArmPkg: Fix Ecc error 10014 in ArmScmiDxe
  * ArmPkg: Fix Ecc error 10014 in GenericWatchdogDxe
  * ArmPkg: Fix Ecc error 10014 in MmCommunicationDxe
  * ArmPkg: Fix Ecc error 10014 in SemihostLib
  * ArmPkg: Remove ArmGic/ArmGicSecLib.c
  * ArmPkg: Fix Ecc error 5003 in ArmExceptionLib
  * ArmPkg: Fix Ecc error 6001 in MmCommunicationDxe
  * ArmPkg: Fix Ecc error 6001 in ArmSoftFloatLib
  * ArmPkg: Rename include guard in ArmGicLib.h
  * ArmPkg: Fix Ecc error 7008 for SCMI_CLOCK_RATE
  * ArmPkg: Fix Ecc error 7008 for OPTEE_MESSAGE_PARAM
  * ArmPkg: Fix Ecc error 8005/8007 in ArmDisassemblerLib
  * ArmPkg: Fix Ecc error 8005 for SCMI_PROTOCOL_ID
  * ArmPkg: Fix Ecc error 8005 for SCMI_MESSAGE_TYPE
  * ArmPkg: Fix Ecc error 8005 for SCMI_STATUS
  * ArmPkg: Fix Ecc error 8005 for SCMI_MESSAGE_ID
  * ArmPkg: Fix Ecc error 8005 for SCMI_MESSAGE_ID_BASE
  * ArmPkg: Fix Ecc error 8005 for SCMI_MESSAGE_ID_CLOCK
  * ArmPkg: Fix Ecc error 8005 for SCMI_CLOCK_RATE_FORMAT
  * ArmPkg: Fix Ecc error 8005 for SCMI_MESSAGE_ID_PERFORMANCE
  * RedfishPkg: Add EDK2 Redfish Foundation diagrams
  * SecurityPkg/FvReportPei: remove redundant sizeof
  * ShellPkg: Rename Address Size to Access size
  * DynamicTablesPkg: Add access size to CM_ARM_SERIAL_PORT_INFO
  * DynamicTablesPkg: Set the Access size for the SPCR table
  * DynamicTablesPkg: Set the Access size for the DBG2 table
  * UefiCpuPkg: PiSmmCpuDxeSmm: Not to Change Bitwidth During
    Static Paging
  * MdePkg/Cpuid.h: Define new element in CPUID Leaf(07h) data
    structure.
  * SecurityPkg: Add constraints on PK strength
  * ArmPkg: Allow platforms to supply more data for SMBIOS Type3
    record
  * ArmPkg: Allow platforms to report their boot status via
    OemMiscLib call
  * ArmPkg: Fix calculation of offset of chassis SKU Number in
    SmbiosMiscDxe
  * ArmPkg: Fix typo of Manufacturer in comment in SmbiosMiscDxe
  * ArmPkg: Fix Ecc error 8003
  * ArmPkg: Fix Ecc error 3002 in StandaloneMmMmuLib
  * ArmPkg: Add missing library headers to ArmPkg.dec
  * ArmPlatformPkg: Document libraries in ArmPlatformPkg.dec
  * ArmPkg: Add OemMiscLibNull library to ArmPkg.dsc
  * ArmPkg: Correct small typos
  * ArmPlatformPkg: Add ArmPlatformPkg.ci.yaml
  * OvfmPkg/VmgExitLib: Properly decode MMIO MOVZX and MOVSX
    opcodes
  * OvmfPkg/VmgExitLib: Add support for new MMIO MOV opcodes
  * OvmfPkg: Define a new PPI GUID to signal TPM MMIO accessability
  * OvmfPkg/TpmMmioSevDecryptPei: Mark TPM MMIO range as
    unencrypted for SEV-ES
  * OvmfPkg/Tcg2ConfigPei: Update Depex for IA32 and X64
  * ArmPkg: Update SCMI Base Protocol version to 0x20000
  * MdePkg/BaseRngLib: Add support for ARMv8.5 RNG instructions
  * SecurityPkg: Add support for RngDxe on AARCH64
  * UefiCpuPkg/MpInitLib: Properly cast from PCD to SEV-ES jump
    table pointer
  * BaseTools: Add support for version 3 of FMP Image Header
    structure
  * CryptoPkg: BaseCryptLib: Add RSA PSS verify support
  * ShellPkg/UefiShellCommandLib: suppress incorrect gcc warning
  * OvmfPkg/VirtioFsDxe: suppress incorrect gcc warnings
  * UefiCpuPkg/CpuExceptionHandler: Add missing comma to exception
    name array
  * UefiCpuPkg/PiSmmCpu: Remove hardcode 48 address size limitation
  * MdeModulePkg: Retrieve boot manager menu from any fv
  * ShellPkg/HttpDynamicCommand: Fix possible uninitialized use
  * MdeModulePkg/PciBusDxe: Fix possible uninitialized use
  * CryptoPkg/BaseCryptLib: Fix possible uninitialized use
  * MdeModulePkg/PlatformDriOverrideDxe: Fix overflow condition
    check
  * MdeModulePkg/VariableLock: downgrade compatibility warnings to
    DEBUG_WARN
  * ArmPkg/ArmGic: Fix maximum number of interrupts in GICv3
- Update openssl to 1.1.1j
- Drop upstreamed patch: ovmf-bsc1184801-fix-sev-with-tpm.patch
- Add the new Xen flavor for x86_64
  + Update 50-xen-hvm-x86_64.json to use ovmf-x86_64-xen-4m.bin as
    the default firmware for Xen

==== pcre2 ====
Version update (10.36 -> 10.37)
Subpackages: libpcre2-16-0 libpcre2-32-0 libpcre2-8-0 libpcre2-8-0-32bit

- pcre2 10.37:
  * removal of the actual POSIX names regcomp etc. from the POSIX
    wrapper library because these have caused issues for some
    applications, replacing pcre2-symbol-clash.patch
  * fix a hypothetical NULL dereference
  * fix two bugs related to over-large numbers so the behaviour is
    now the same as Perl
  * Fix propagation of \K back from the full pattern recursion
  * Restore single character repetition optimization in JIT

==== perl-Convert-ASN1 ====
Version update (0.27 -> 0.29)

- Update to version 0.29
  * typo fixes
  * Fix unsafe decoding CVE-2013-7488
- Drop upstream fixed perl-Convert-ASN1-CVE-2013-7488.patch

==== pipewire ====
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-modules pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools

- Add patch from upstream to use the independent switch to mute
  Lineout or Speaker instead of setting the volume, which on
  some soundcards might be shared by Headphone and Lineout or
  Headphone and Speaker (fixes boo#1186572):
  * 0001-alsa-mixer-only-use-switch-to-mute-Front-in-the-Headphone-path.patch
- Introduce a workaround for systems where %systemd_user_post
  didn't enable the user services correctly due to different
  reasons . This workaround is only executed once, and only if
  it's really needed. In order to execute only once a lock file
  is created in /var/lib/pipewire. The lockfile can be removed
  when the workaround is removed.
  Everyone who upgraded their TW system between (aprox.) the 14th
  of January and the 16th of March and who didn't enable the
  services manually is affected by this. It also happens for
  everyone who installed a new TW system since (aprox.) the 14th
  of January and also for everyone doing a new installation of
  SLE15-SP3 / Leap 15.3 from the iso (new installations using
  online repositories will work fine once the fix in
  systemd-presets-common-SUSE is released).
  Fixes boo#1184852, boo#1183012 and boo#1186561.

==== python-libvirt-python ====
Version update (7.2.0 -> 7.4.0)

- Update to 7.4.0
  - Add all new APIs and constants in libvirt 7.4.0
- Update to 7.3.0
  - Add all new APIs and constants in libvirt 7.3.0

==== python-pycurl ====

- Add curl7770_compatibility.patch to have package compatible
  with curl 7.77.0.

==== rtkit ====

- Replace systemd-devel BuildRequires with pkgconfig(libsystemd):
  allow OBS to shortcut through the systemd-mini flavors.

==== rubygem-ffi ====
Version update (1.15.0 -> 1.15.1)
Subpackages: ruby2.7-rubygem-ffi ruby3.0-rubygem-ffi

- updated to version 1.15.1
  Fixed:
  * Append -pthread to linker options. #893
  * Use arm or aarch64 to identify Apple ARM CPU arch. #899
  * Allow overriding `gcc` with the `CC` env var in `const_generator.rb` and `struct_generator.rb`. #897

==== rubygem-mini_portile2 ====
Version update (2.5.1 -> 2.6.1)

- updated to version 2.6.1
  [#]### Dependencies
  Make `net-ftp` an optional dependency, since requiring it as a hard dependency in v2.5.2 caused warnings
  to be emitted by Ruby 2.7 and earlier. A warning message is emitted if FTP functionality is called and
  `net-ftp` isn't available; this should only happen in Ruby 3.1 and later.

==== rubygem-nokogiri ====
Version update (1.11.3 -> 1.11.6)
Subpackages: ruby2.7-rubygem-nokogiri ruby3.0-rubygem-nokogiri

- updated to version 1.11.6
  [#]# 1.11.6 / 2021-05-26
  [#]## Fixed
  * [CRuby] `DocumentFragment#path` now does proper error-checking to handle behavior introduced in libxml > 2.9.10. In v1.11.4 and v1.11.5, calling `DocumentFragment#path` could result in a segfault.
  [#]# 1.11.5 / 2021-05-19
  [#]## Fixed
  [Windows CRuby] Work around segfault at process exit on Windows when using libxml2 system DLLs.
  libxml 2.9.12 introduced new behavior to avoid memory leaks when unloading libxml2 shared libraries (see [libxml/!66](https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/66)). Early testing caught this segfault on non-Windows platforms (see [#2059](https://github.com/sparklemotion/nokogiri/issues/2059) and [libxml@956534e](https://gitlab.gnome.org/GNOME/libxml2/-/commit/956534e02ef280795a187c16f6ac...)) but it was incompletely fixed and is still an issue on Windows platforms that are using system DLLs.
  We work around this by configuring libxml2 in this situation to use its default memory management functions. Note that if Nokogiri is not on Windows, or is not using shared system libraries, it will will continue to configure libxml2 to use Ruby's memory management functions. `Nokogiri::VERSION_INFO["libxml"]["memory_management"]` will allow you to verify when the default memory management functions are being used. [[#2241](https://github.com/sparklemotion/nokogiri/issues/2241)]
  [#]## Added
  `Nokogiri::VERSION_INFO["libxml"]` now contains the key `"memory_management"` to declare whether libxml2 is using its `default` memory management functions, or whether it uses the memory management functions from `ruby`. See above for more details.
  [#]# 1.11.4 / 2021-05-14
  [#]## Security
  [CRuby] Vendored libxml2 upgraded to v2.9.12 which addresses:
  - [CVE-2019-20388](https://security.archlinux.org/CVE-2019-20388)
  - [CVE-2020-24977](https://security.archlinux.org/CVE-2020-24977)
  - [CVE-2021-3517](https://security.archlinux.org/CVE-2021-3517)
  - [CVE-2021-3518](https://security.archlinux.org/CVE-2021-3518)
  - [CVE-2021-3537](https://security.archlinux.org/CVE-2021-3537)
  - [CVE-2021-3541](https://security.archlinux.org/CVE-2021-3541)
  Note that two additional CVEs were addressed upstream but are not relevant to this release. [CVE-2021-3516](https://security.archlinux.org/CVE-2021-3516) via `xmllint` is not present in Nokogiri, and [CVE-2020-7595](https://security.archlinux.org/CVE-2020-7595) has been patched in Nokogiri since v1.10.8 (see [#1992](https://github.com/sparklemotion/nokogiri/issues/1992)).
  Please see [nokogiri/GHSA-7rrm-v45f-jp64 ](https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f...) or [#2233](https://github.com/sparklemotion/nokogiri/issues/2233) for a more complete analysis of these CVEs and patches.
  [#]## Dependencies
  * [CRuby] vendored libxml2 is updated from 2.9.10 to 2.9.12. (Note that 2.9.11 was skipped because it was superseded by 2.9.12 a few hours after its release.)

==== skopeo ====
Version update (1.2.1 -> 1.2.3)

- Update to version 1.2.3:
  * Fix for login / logout registry argument
  * Upgrade dsnet/compress to avoid vulnerable xz version
  * Enable 'OptimizeDestinationImageAlreadyExists' feature
  * 020-copy.bats: check that we set the manifest type correctly
  * Set User-Agent to skopeo/$VERSION
  * Rebase against master and improve comment about gpgme-config
  * Fix Makefile to handle PREFIX correctly
- Add bash-completion package

==== suitesparse ====
Subpackages: libamd2 libcamd2 libccolamd2 libcholmod3 libcolamd2 libsuitesparseconfig5 libumfpack5

- Update to version 5.10.1
- Drop disable-Wmisleading-indentation.patch which is no longer
  required due to an upstream fix

==== sushi ====
Version update (3.38.0 -> 3.38.1)
Subpackages: sushi-lang

- Update to version 3.38.1:
  + Account for scaling factor while estimating window size

==== unbound ====
Subpackages: libunbound8 unbound-anchor

- Enable DNS-over-HTTPS support
- Use --disable-explicit-port-randomisation, the linux kernel
  has source port randomization by default if port is 0 since ages.

==== vim ====
Version update (8.2.2850 -> 8.2.2918)
Subpackages: gvim vim-data vim-data-common

- Updated to version 8.2.2918, fixes the following problems
  * Using <Cmd> mapping on the command line triggers CmdlineChanged. (Naohiro
  Ono)
  * Configure can add --as-needed a second time.
  * Window is not updated after using <Cmd> mapping.
  * Custom statusline cannot contain % items.
  * White space after "->" does not give E274.
  * Get readonly error for device that can't be written to.
  * Vim9: exception in ISN_INSTR caught at wrong level.
  * Test fails because of changed error message.
  * Tcl test fails because of changed error message.
  * Adding a text property causes the whole window to be redawn.
  * Vim9: "legacy return" is not recognized as a return statement.
  * Removing a text property causes the whole window to be redawn.
  * Removing a text property does not redraw optimally.
  * Vim9: crash when using inline function.
  * Skipping over function body fails.
  * Vim9: memory leak when using inline function.
  * Build failure.
  * Vim9: When executing a compiled expression the trylevel at start is
  changed but not restored. (closes #8214)
  * Using unified diff is not tested.
  * CmdlineChange event triggered twice for CTRL-R.
  * Unnessary VIM_ISDIGIT() calls, badly indented code.
  * Python tests fail without the channel feature.
  * Not enough tests for writing buffers.
  * Cancelling inputlist() after a digit does not return zero.
  * Configure cannot detect Python 3.10.
  * Insufficient tests for popup menu rightleft.
  * Vim9: for loop list unpack only allows for one "_".
  * File extension .hsig not recognized.
  * Unified diff fails if actually used.
  * Various pieces of code not covered by tests.
  * Vim9: memory leak when lambda has an error.
  * Not enough cscope code is covered by tests.
  * searching for \%'> does not match linewise end of line. (Tim Chase)
  * Various pieces of code not covered by tests.
  * Crash when passing null string to fullcommand().
  * Vim9: "k" command recognized in Vim9 script.
  * Typo and verbose comment in Makefiles.
  * Text property duplicated when data block splits.
  * Cannot build with Perl 5.34.
  * Error message contains random characters.
  * Multi-byte text in popup title shows up wrong.
  * Vim9: random characters appear in some error messages.
  * Spellfile functionality not fully tested.
  * Vim9: can use reserved words at the script level.
  * QuitPre and ExitPre not triggered when GUI window is closed.
  * Appveyor script does not detect nmake failure.
  * QuitPre is triggered before :wq writes the file, which is different from
  other commands.
  * Some operators not fully tested.
  * Spellfile functionality not fully tested.
  * Cursor position wrong on wrapped line with 'signcolumn'.
  * "g$" causes scroll if half a double width char is visible.
  * No error when defaults.vim cannot be loaded.
  * ASAN reports errors for test_startup for unknown reasons.
  * Memory leak when running out of memory.
  * Crash when using a terminal popup window from the cmdline window.
  * Build error with non-Unix system.
  * Test for cmdline window and terminal fails on MS-Windows.
  * Pattern "\%V" does not match all of block selection. (Rick Howe)
  * MS-Windows: most users expect using Unicode.
  * MS-Windows conpty supports using mouse events.
  * Cannot paste a block without adding padding.
  * Operators are not fully tested.
  * Spellfile functionality not fully tested.
  * Builtin function can be shadowed by global variable.

==== wget ====
Subpackages: wget-lang

- When running recursively, wget will verify the length of the whole
  URL when saving the files. This will make it overwrite files with
  truncated names, throwing the "The name is too long, ... trying to
  shorten" messages. The patch moves the length check code to a
  separate function and call it from the append_dir_structure() for each
  path element.
  [ bsc#1181173, 0001-src-main.c-Introduce-truncate_filename-option.patch]
- If wget for an http URL is redirected to a different site (hostname
  parts of URLs differ), then any "Authenticate" and "Cookie" header
  entries are discarded.
  [bsc#1175551, wget-do-not-propagate-credentials.patch]

==== xen ====
Version update (4.14.1_16 -> 4.15.0_01)
Subpackages: xen-libs xen-tools xen-tools-domU

- Add xen.sysconfig-fillup.patch to make sure xencommons is in a
  format as expected by fillup. (bsc#1185682)
  Each comment needs to be followed by an enabled key. Otherwise
  fillup will remove manually enabled key=value pairs, along with
  everything that looks like a stale comment, during next pkg update
- Remove init.xen_loop and /etc/modprobe.d/xen_loop.conf
  The number of loop devices is unlimited since a while
- Refresh xenstore-launch.patch to cover also daemon case
- Now that SOURCE_DATE_EPOCH is defined and Xen Makefile uses it,
  drop reproducible.patch
- Update to Xen 4.15.0 FCS release
  xen-4.15.0-testing-src.tar.bz2
  * Xen can now export Intel Processor Trace (IPT) data from guests to tools in dom0.
  * Xen now supports Viridian enlightenments for guests with more than 64 vcpus.
  * Xenstored and oxenstored both now support LiveUpdate (tech preview).
  * Unified boot images
  * Switched x86 MSR accesses to deny by default policy.
  * Named PCI devices for xl/libxl and improved documentation for xl PCI configuration format.
  * Support for zstd-compressed dom0 (x86) and domU kernels.
  * Reduce ACPI verbosity by default.
  * Add ucode=allow-same option to test late microcode loading path.
  * Library improvements from NetBSD ports upstreamed.
  * x86: Allow domains to use AVX-VNNI instructions.
  * Added XEN_SCRIPT_DIR configuration option to specify location for Xen scripts.
  * xennet: Documented a way for the backend (or toolstack) to specify MTU to the frontend.
  * On detecting a host crash, some debug key handlers can automatically triggered to aid in debugging.
  * Increase the maximum number of guests which can share a single IRQ from 7 to 16, and make this configurable with irq-max-guests.
- Dropped patches contained in new tarball
  5fca3b32-tools-libs-ctrl-fix-dumping-of-ballooned-guest.patch
  5fedf9f4-x86-hpet_setup-fix-retval.patch
  5ff458f2-x86-vPCI-tolerate-disabled-MSI-X-entry.patch
  5ff71655-x86-dpci-EOI-regardless-of-masking.patch
  5ffc58c4-ACPI-reduce-verbosity-by-default.patch
  5ffc58e8-x86-ACPI-dont-overwrite-FADT.patch
  600999ad-x86-dpci-do-not-remove-pirqs-from.patch
  600ab341-x86-vioapic-EOI-check-IRR-before-inject.patch
  6011bbc7-x86-timer-fix-boot-without-PIT.patch
  6013e4bd-memory-bail-from-page-scrub-when-CPU-offline.patch
  6013e546-x86-HVM-reorder-domain-init-error-path.patch
  601d4396-x86-EFI-suppress-ld-2-36-debug-info.patch
  602bd768-page_alloc-only-flush-after-scrubbing.patch
  602cfe3d-IOMMU-check-if-initialized-before-teardown.patch
  602e5a8c-gnttab-never-permit-mapping-transitive-grants.patch
  602e5abb-gnttab-bypass-IOMMU-when-mapping-own-grant.patch
  602ffae9-tools-libs-light-fix-xl-save--c-handling.patch
  6037b02e-x86-EFI-suppress-ld-2-36-base-relocs.patch
  60787714-x86-HPET-avoid-legacy-replacement-mode.patch
  60787714-x86-HPET-factor-legacy-replacement-mode-enabling.patch
  60410127-gcc11-adjust-rijndaelEncrypt.patch
  60422428-x86-shadow-avoid-fast-fault-path.patch
  604b9070-VT-d-disable-QI-IR-before-init.patch
  60535c11-libxl-domain-soft-reset.patch (Replaces xsa368.patch)
  60700077-x86-vpt-avoid-pt_migrate-rwlock.patch
  libxc-bitmap-50a5215f30e964a6f16165ab57925ca39f31a849.patch
  libxc-bitmap-longs.patch
  libxc-sr-3cccdae45242dab27198b8e150be0c85acd5d3c9.patch
  libxl.fix-libacpi-dependency.patch
  stubdom-have-iovec.patch
  xenwatchdogd-options.patch

==== xorgproto ====

- package licenses as %%license
- modernize spec file
- list files in files-section to avoid directory permission
  conflict with filesystem package

==== yast2 ====
Version update (4.4.5 -> 4.4.9)
Subpackages: yast2-logs

- AutoYaST: SectionWithAttributes allows to indicate whether an
  attribute accepts blank values (related to jsc#PM-2620).
- 4.4.9
- revert disable of hibernation based on product and virtual
  machines (bsc#1184470)
- 4.4.8
- Improve Yast2::Equatable mixin making the #hash method to be fine
  tuned easelly (related to bsc#11806082).
- 4.4.7
- Added some names to the list of parameters handled by CFA for the
  login.defs configuration (related to jsc#PM-2620).
- 4.4.6

==== yast2-bootloader ====
Version update (4.4.0 -> 4.4.1)

- arm can boot on uefi (boo#1183795)
- 4.4.1

==== yast2-network ====
Version update (4.4.12 -> 4.4.13)

- bnc#1185524
  - do not crash at the end of installation when storing wifi
    configuration for NetworkManager at the target
- 4.4.13

New Tumbleweed snapshot 20210605 released!

Dominique Leuenberger