Packages changed:
  dbus-1 (1.10.10 -> 1.10.12)
  dbus-1-x11 (1.10.10 -> 1.10.12)
  desktop-translations
  freeipmi (1.5.3 -> 1.5.4)
  frogr (1.0 -> 1.2)
  gcin
  ghostscript (9.19 -> 9.20)
  gnome-keyring
  libical
  libstorage (2.26.9 -> 2.26.10)
  libvirt-python (2.2.0 -> 2.3.0)
  libyui-qt (2.46.26 -> 2.46.27)
  libyui-qt-pkg (2.45.6 -> 2.45.8)
  libzypp (16.2.5 -> 16.3.0)
  nautilus
  perl-Net-SMTP-SSL (1.03 -> 1.04)
  polkit-default-privs
  python-dnspython (1.14.0 -> 1.15.0)
  rubygem-byebug (9.0.5 -> 9.0.6)
  squid (3.5.20 -> 3.5.22)
  yast2-network (3.1.171 -> 3.2.4)
  yast2-packager (3.2.1 -> 3.2.2)
  yast2-slp (3.1.10 -> 3.1.11)
  yast2-vpn (3.1.3 -> 3.1.4)
  zypper (1.13.11 -> 1.13.12)

=== Details ===

==== dbus-1 ====
Version update (1.10.10 -> 1.10.12)
Subpackages: dbus-1-devel libdbus-1-3 libdbus-1-3-32bit

- Update to 1.10.12
  * Security fixes:
    + Do not treat ActivationFailure message received from
    root-owned systemd name as a format string. In principle this
    is a security vulnerability, but we do not believe it is
    exploitable in practice, because only privileged processes can
    own the org.freedesktop.systemd1 bus name, and systemd does
    not appear to send activation failures that contain "%".
    Please note that this probably *was* exploitable in dbus
    versions older than 1.6.30, 1.8.16 and 1.9.10 due to a missing
    check which at the time was only thought to be a denial of
    service vulnerability (CVE-2015-0245). If you are still
    running one of those versions, patch or upgrade immediately.
    (fdo#98157, bsc#1003898, Simon McVittie)
  * Other fixes:
    + Harden dbus-daemon against malicious or incorrect
    ActivationFailure messages by rejecting them if they do not
    come from a privileged process, or if systemd activation is
    not enabled (fdo#98157, Simon McVittie)
    + Avoid undefined behaviour when setting reply serial number
    without going via union DBusBasicValue (fdo#98035, Marc Mutz)
    + autogen.sh: fail cleanly if autoconf fails (Simon McVittie)

==== dbus-1-x11 ====
Version update (1.10.10 -> 1.10.12)
Subpackages: dbus-1

- Update to 1.10.12
  * Security fixes:
    + Do not treat ActivationFailure message received from
    root-owned systemd name as a format string. In principle this
    is a security vulnerability, but we do not believe it is
    exploitable in practice, because only privileged processes can
    own the org.freedesktop.systemd1 bus name, and systemd does
    not appear to send activation failures that contain "%".
    Please note that this probably *was* exploitable in dbus
    versions older than 1.6.30, 1.8.16 and 1.9.10 due to a missing
    check which at the time was only thought to be a denial of
    service vulnerability (CVE-2015-0245). If you are still
    running one of those versions, patch or upgrade immediately.
    (fdo#98157, bsc#1003898, Simon McVittie)
  * Other fixes:
    + Harden dbus-daemon against malicious or incorrect
    ActivationFailure messages by rejecting them if they do not
    come from a privileged process, or if systemd activation is
    not enabled (fdo#98157, Simon McVittie)
    + Avoid undefined behaviour when setting reply serial number
    without going via union DBusBasicValue (fdo#98035, Marc Mutz)
    + autogen.sh: fail cleanly if autoconf fails (Simon McVittie)

==== desktop-translations ====

- Update translations from SVN.

==== freeipmi ====
Version update (1.5.3 -> 1.5.4)

- Update to 1.5.4
  o Various changes/fixes in libipmiconsole
  - If user retrieves file descriptor from ipmiconsole_ctx_fd,
    user is required to close it.  ipmiconsole_ctx_destroy no
    longer closes it.  This is to avoid a potential double close
    which can be a problem for multithreaded applications. This
    is a change in behavior, but we do not believe this will
    affect most applications since most users close the file
    descriptor under most scenarios anyways.
  - ipmiconsole_ctx_destroy() should now be called to free
    resources even if ipmiconsole_engine_teardown() has been
    called.  This has been done to create consistent behavior in
    the API and avoid a former segfault possibility.  This is a
    change in behavior, but we do not believe this will affect
    most applications since ipmiconsole_engine_teardown() is
    only called when an application is being shutdown.
  - The use of IPMICONSOLE_ENGINE_CLOSE_FD has been clarified in
    the header file.  Some of the prior text was unclear.
    Behavior has not been changed.
  o In ipmi-oem, support Intel get-bmc-services and set-bmc-
    services commands.
  o In ipmi-oem, support Gigabyte get-nic-mode and set-nic-mode
    commands.
  o Support Gigabyte MD90-FS0-ZB OEM SEL events.

==== frogr ====
Version update (1.0 -> 1.2)
Subpackages: frogr-lang

- Update to version 1.2:
  + Lowered gettext minimum version down to 0.19.7 to make
    it easier for older distributions to package frogr.
- Changes from version 1.1:
  + Added flatpak support.
  + Improved content inside the AppData file.
  + Fix cancellation of the image upload process.
  + Remove build-dependency on intltool, now relying on gettext
    only.
  + Raised gettext minimum version up to 0.19.8.
  + Updated translations.
- Drop intltool and itstool BuildRequires following upstream
  changes.

==== gcin ====
Subpackages: gcin-gtk2 gcin-gtk3 gcin-qt4 gcin-qt5 libgcin-im-client1

- Amend baselibs.conf to avoid the immodules to require gcin-32bit
  (boo#1002566)

==== ghostscript ====
Version update (9.19 -> 9.20)
Subpackages: ghostscript-devel ghostscript-x11

- Version upgrade to 9.20. Purely a maintenance release.
  For details see the News.htm and History9.htm files.
  Highlights in this release include:
  * The usual round of bug fixes, compatibility changes,
    and incremental improvements.
  Incompatible changes:
  * The planned device API tidy did not happen for this release,
    due to time pressures, but we still intend to undertake the
    following: We plan to somewhat tidy up the device API.
    We intend to remove deprecated device procs
    (methods/function pointers) and change the device API
    so every device proc takes a graphics state parameter (rather
    than the current scheme where only a very few procs take an
    imager state parameter). This should serve as notice to anyone
    maintaining a Ghostscript device outside the canonical source
    tree that you may (probably will) need to  update your
    device(s) when these changes happen. Devices using only
    the non-deprecated procs should be trivial to update.
- Version upgrade to 9.20rc1 (first release candidate for 9.20).
  For details see the News.htm and History9.htm files.
  Regarding installing packages (in particular release candidates)
  from the openSUSE build service development project "Printing"
  see https://build.opensuse.org/project/show/Printing

==== gnome-keyring ====
Subpackages: gnome-keyring-32bit gnome-keyring-pam gnome-keyring-pam-32bit libgck-modules-gnome-keyring

- Update gnome-keyring-bsc932232-use-non-fips-md5.patch to fix
  issue that was reintroduced (bsc#966229, bsc#966225).

==== libical ====
Subpackages: libical-devel libical2

- Add 0001-build-ICU-must-appear-as-Requires-in-pkgconfig.patch
- Fix wrong baselibs provides
- Add pkgconfig(icu-i18n) BuildRequires: Build the new RSCALE
  support.

==== libstorage ====
Version update (2.26.9 -> 2.26.10)
Subpackages: libstorage-ruby libstorage7

- Don't accept 'format' flag if volume is in use (bsc#996007)
- 2.26.10

==== libvirt-python ====
Version update (2.2.0 -> 2.3.0)

- Update to 2.3.0
  - Add all new APIs and constants in libvirt 2.3.0
- spec: drop explicit Requires on libvirt-client package

==== libyui-qt ====
Version update (2.46.26 -> 2.46.27)

- Fix high-contrast support (bsc#76811 and related to bsc#780621)
- 2.46.27

==== libyui-qt-pkg ====
Version update (2.45.6 -> 2.45.8)

- Use the new QY2Styler usingHighContrastStyleSheet instead of
  the old usingVisionImpairedPalette (related to bsc#780621)
- 2.45.8
- Improve message shown when user want to quit without saving
  changes (bsc#849084)
- 2.45.7

==== libzypp ====
Version update (16.2.5 -> 16.3.0)

- RepoInfo: Allow parsing multiple gpgkey= URLs (bsc#1003748)
- version 16.3.0 (0)

==== nautilus ====
Subpackages: gnome-shell-search-provider-nautilus libnautilus-extension1

- Update nautilus-fix-desktop-icon-smash.patch:
  porting upstream's solution to work out the general aspect
  (bsc#979072, bgo#765601).

==== perl-Net-SMTP-SSL ====
Version update (1.03 -> 1.04)

- updated to 1.04
  see /usr/share/doc/packages/perl-Net-SMTP-SSL/Changes
  1.04    2016-10-09
  - mark this library deprecated, suggest newer Net::SMTP instead

==== polkit-default-privs ====

- add flatpak privileges, but currently auth_admin currently (bsc#984817)

==== python-dnspython ====
Version update (1.14.0 -> 1.15.0)

- New upstream release 1.15.0
  * IDNA 2008 support is now available if the "idna" module has been
    installed and IDNA 2008 is requested.  The default IDNA behavior
    is still IDNA 2003.  The new IDNA codec mechanism is currently
    only useful for direct calls to dns.name.from_text() or
    dns.name.from_unicode(), but in future releases it will be
    deployed throughout dnspython, e.g. so that you can read a
    masterfile with an IDNA 2008 codec in force.
  * By default, dns.name.to_unicode() is not strict about which
    version of IDNA the input complies with.  Strictness can be
    requested by using one of the strict IDNA codecs.
  * Add AVC RR support.
  * Some problems with newlines in various output modes have been
    addressed.
  * dns.name.to_text() now returns text and not bytes on Python 3.x
  * More miscellaneous fixes for the Python 2/3 codeline merge.
- Include readme with readme.patch as not included in upstream tarball
- Fix a bug in the tests code with 210.patch with upstream pull request #210

==== rubygem-byebug ====
Version update (9.0.5 -> 9.0.6)

- updated to version 9.0.6
  see installed CHANGELOG.md
  [#]# 9.0.6 - 2016-09-29
  [#]## Fixed
  * Error when using `byebug` with a ruby compiled against libedit (#241).
  * Allow `Byebug.start_server` to yield the block passed to it when the actual
    port is already known (#277, thanks @cben).
  * Use a standard license name so it can be more reliably used by tools (#275).

==== squid ====
Version update (3.5.20 -> 3.5.22)

- Update Squid to 3.5.22
  * HTTP: MUST ignore a [revalidation] response with an older Date
    header.
  * Optimized/simplified buffering: Appending nothing is always
    possible.
  * Avoid segfaults when debugging section 4 at level 9.
  * fix #4302 pt2: IPFilter v5 transparent interception
  * Bug #4471: revalidation doesn't work when expired cached
    object lacks Last-Modified.
  * Bug #2833: Collapse internal revalidation requests
    (SMP-unaware caches)
  * Bug #3819: "fd >= 0" assertion in file_write() during
    reconfiguration
  * Do not leak url_rewrite_extras and store_id_extras on
    reconfigure/shutdown.
  * Fix potential ICAP null pointer dereference after rev.14082
  * Fix logged request size (%http::>st) and other size-related
    %codes.
- Merge changes from SLE12 SP2 so we have identical packages
- Update Squid to 3.5.21
  * fix assertion failure in xcalloc when using many cache_dir
    Squid is documented as supporting up to 64 cache directories,
    but would crash with a memory allocation error if more than
    a few were actually configured.
  * fix authentication credentials IP TTL updated incorrectly
    This bug caused error in max_user_ip ACL accounting to allow
    clients to shift IP address more times than configured.
    Fix may have an effect on IPv6 clients using "proviacy adressing"
    to rotate IPs.
  * fix mal-formed Cache-Control:stale-if-error header
    This bug shows up as incorrect stale-if-error values being
    relayed by Squid breaking the use of this feature in the
    recipients. Squid now relays the header values correctly.
  * fix Proxy-Authenticate problem using ICAP server
    With this change Squid now treats the ICAP REQMOD adaptation
    point as a part of itself with regards to proxy authentication.
    The Proxy-Authentication header received from the client is
    delivered as part of the HTTP request headers in expectation
    that the ICAP service may authenticate and/or
    produce 407 response itself.
  * fix HTTP: MUST always revalidate Cache-Control:no-cache responses
    This bug shows up as Squid not revalidating some responses until
    they became stale according to refresh_pattern heuristic rules
    (specifically the minimum caching age). Squid now revalidates
    these objects on every request.
  * fix HTTP: do not allow Proxy-Connection to override Connection
  * fix SSL CN wildcard must only match a single domain fragment
    This bug shows up as incorrect matching (or non-matching) of the
    ss::server_name ACL against TLS certificate values. Squid now
    treats the certificate CN fields according to X.509 domain
    matching requirements instead of HTTP domain matching
    requirements.
- squid-brokenad.patch
  * propertly capitalize option name
  * make the conditional if() not a riddle

==== yast2-network ====
Version update (3.1.171 -> 3.2.4)

- do not duplicate work of network service at the beginning of
  AutoYaST's second stage - not loading modules and so on.
- 3.2.4
- If an interface is not configured yet then just set the interface
  link, the backend should handle at least the up event.
  (bsc#991694)
- 3.2.3
- Extra space in the remote administration dialog (bsc#988904)
- Use full interface up / down instead of setting just link
  up / down to allow proper update of interface's configuration.
  (bsc#991694)
- 3.2.2
- If WIFI is configured during installation, make sure the packages
  required for WIFI to work are installed in the resulting system
  (bsc#1002700)
- 3.2.1

==== yast2-packager ====
Version update (3.2.1 -> 3.2.2)

- Do not ask for a CD when the add-on check box is unchecked
  (bsc#955186)
- 3.2.2

==== yast2-slp ====
Version update (3.1.10 -> 3.1.11)

- Changed text domain to 'slp' (bsc#1004050)
- 3.1.11

==== yast2-vpn ====
Version update (3.1.3 -> 3.1.4)

- Instead of creating its own firewall custom-rules, put firewall
  commands into user's own custom-rules file.
  Bump version to 3.1.4 for bsc#1002744.
- Fix translation in the connection status dialog (bsc#994349)

==== zypper ====
Version update (1.13.11 -> 1.13.12)
Subpackages: zypper-aptitude zypper-log

- addrepo: show repo priority summary (issue #82)
- Color repo priority values
- version 1.13.12