Packages changed:
  ImageMagick (6.9.6.5 -> 6.9.6.6)
  MozillaThunderbird (45.5.0 -> 45.5.1)
  cheese
  flatpak (0.6.13 -> 0.6.14)
  kernel-source (4.8.11 -> 4.8.12)
  libarchive
  libgit2 (0.24.1 -> 0.24.3)
  libinput (1.5.1 -> 1.5.2)
  mutter
  npth (1.2 -> 1.3)
  ostree (2016.12 -> 2016.14)

=== Details ===

==== ImageMagick ====
Version update (6.9.6.5 -> 6.9.6.6)
Subpackages: ImageMagick-devel ImageMagick-extra libMagick++-6_Q16-6 libMagickCore-6_Q16-2 libMagickWand-6_Q16-2 perl-PerlMagick

- updated to 6.9.6-6
  * If a convenient line break is not found, force it for caption: (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30887).
  * Off by 1 error when computing the standard deviation (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=2&t=30866).
  * Apply Debian patches, (reference
    https://github.com/ImageMagick/ImageMagick/issues/304).
  * Permit EPT images with just a TIFF or EPS image, not both (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30921).
  * The -clone option no longer leak memory.
- turn on make check along perl test

==== MozillaThunderbird ====
Version update (45.5.0 -> 45.5.1)
Subpackages: MozillaThunderbird-translations-common

- Mozilla Thunderbird 45.5.1:
  * CVE-2016-9079: SVG Animation Remote Code Execution
    (MFSA 2016-92, bsc#1012964, bmo#1321066)

==== cheese ====
Subpackages: libcheese-common libcheese-gtk25 libcheese8

- Move to the rpm group "Productivity/Multimedia/Other": This is
  more consistent with the place Cheese is represented in
  structured menus (like on KDE), where it is listed in
  "Multimedia" (extracted as a 'bug'/'annoyance' from a Leap 42.2
  review).

==== flatpak ====
Version update (0.6.13 -> 0.6.14)

- Update to version 0.6.14:
  + Update bundled bubblewrap to 0.1.4 which has some nice
    bugfixes.
  + Requires OSTree 2016.14, which allows us to drop some old
    workarounds.
  + When installing an application system-wide, don't consider
    dependencies that are installed for the user only.
  + Flatpak install --from now tries to re-use existing remotes to
    avoid creating unnecessary origin remotes.
  + Using --filesystem=$dir when $dir is a symlink-to-directory now
    works.
  + Using --filesystem=$file to expose unix sockets to the app is
    now allowed.
  + By default all the directories in ~/.var/app (except the app),
    as well as ~/.local/share/flatpak are hidden in the sandbox.
  + New option --filesystem=$dir:create which will create the
    destination if it did not previously exist.
  + --filesystem= now supports for xdg-[config|cache|data]. This
    allows you access to the host versions of these xdg dirs.
    Additionally if you use these with a subdirectory, like:
  - -filesystem=xdg-config/subdir then that subdirectory on the
    host will be shared with the per-app instance of the xdg-dir.
  + Builder now correctly handles app-ids that have dashes in them.
    Previously this generated invalid ids for the debuginfo and
    locale extensions.
  + The experimental OCI file format support was changed from
    creating an OCI container to creating an OCI image.
  + Fix regression where "flatpak update --appstream remotename"
    broke.

==== kernel-source ====
Version update (4.8.11 -> 4.8.12)
Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms

- Linux 4.8.12 (CVE-2016-7913 bnc#1012628 bsc#1010478
  bsc#1000287).
- Delete
  patches.apparmor/apparmor-fix-change_hat-not-finding-hat-after-policy-replacement.patch.
- Delete patches.fixes/xc2028-Fix-use-after-free-bug-properly.
- commit f8adb5a
- drm/i915: Mark CPU cache as dirty when used for rendering
  (bnc#931300).
- commit 04f28df
- Fix bug reference in
  patches.fixes/Revert-ACPI-Execute-_PTS-before-system-reboot
  (bsc#1012220).
- commit e617052

==== libarchive ====
Subpackages: bsdtar libarchive-devel libarchive13

- fix extracting over symlinks: fix-extract-over-links.patch
  the problem is solved upstream different, but git master
  is too different atm.

==== libgit2 ====
Version update (0.24.1 -> 0.24.3)

- libgit2 0.24.3, fixing the following vulnerabilities:
  * CVE-2016-8568, CVE-2016-8569: invalid memory accesses parsing
    object files (bsc#1003810)
  * various bug fixes from the 0.24.2 release

==== libinput ====
Version update (1.5.1 -> 1.5.2)
Subpackages: libinput-udev libinput10

- Update to new upstream release 1.5.2
  * Tweak the handling of touchpad deltas which leads to much more
    responsive pointer motion.
  * A custom quirk for the HP Zbook Studio G3 was added.

==== mutter ====
Subpackages: libmutter0 mutter-data

- Add mutter-x11-meta.patch: Don't try setting unavailable scroll
  methods; libinput acts really bad on it (bgo#775337, bgo#771744,
  boo#1011356).

==== npth ====
Version update (1.2 -> 1.3)

- update to 1.3:
  * Bypass npth_protect/npth_unprotect iff the library has not yet
    been initialized.
  * Improve detection of clock_gettime
- use reproducible build timestamp

==== ostree ====
Version update (2016.12 -> 2016.14)

- Update to version 2016.14:
  + otutil: Note that ot_log_structured takes a printf format.
  + libglnx: Bump to master (for -fsanitize fixes).
  + Distribute test scripts even if we wouldn't run them.
  + Distribute valgrind suppressions in tarballs.
  + Filter bootloader supplied kernel cmdline options.
  + repo: Don't put remote refs in the summary file.
  + pull: Don't do deltas with --commit-metadata-only.
  + pull: Add per-remote cookie jar.
  + remote: Add command to list cookies.
  + remote: Add commands to add and remove cookies for a remote.
  + OsreeFetcher: Treat 403 as not found.
  + trivial-httpd: Add support for checking cookies.
  + Update documentation for cookie handling commands.
  + deltas: Only keep one file open at a time during compilation.
- Changes from version 2016.13:
  + pull: Add support for `http-headers` option.
  + pull: Redo logic for "scanning".
  + commit: Fix reading xattrs from OstreeRepoFile:s.
  + lib: Define and use cleanup functions for gpgme.
  + lib: Split out helper function to create GPG context.
  + Add "gpgkeypath" option to remotes.
  + lib: Add an API to GPG verify a commit given a remote.
  + pull: Do GPG verify commit objects when using deltas.