Packages changed:
  GraphicsMagick (1.3.27 -> 1.3.28)
  MozillaThunderbird (52.5.2 -> 52.6)
  cryptsetup (1.7.5 -> 2.0.0)
  dracut
  installation-images-Kubic (14.355 -> 14.358)
  kernel-source
  libetpan
  libnss_nis (1.3 -> 3.0)
  llvm4
  nut
  open-iscsi
  python-cairocffi
  python-matplotlib
  yast2-python-bindings (4.0.0 -> 4.0.2)

=== Details ===

==== GraphicsMagick ====
Version update (1.3.27 -> 1.3.28)
Subpackages: GraphicsMagick-devel libGraphicsMagick-Q16-3 libGraphicsMagick3-config libGraphicsMagickWand-Q16-2

- upate to 1.3.28:
  * Security Fixes:
    BMP: Fix non-terminal loop due to unexpected bit-field mask
    value (DOS opportunity).
    PALM: Fix heap buffer underflow in builds with QuantumDepth=8.
    SetNexus() Fix heap overwrite under certain conditions due to
    using a wrong destination buffer. This issue impacts all
    1.3.X releases.
    TIFF: Fix heap buffer read overflow in LocaleNCompare() when
    parsing NEWS profile.
  * Bug fixes:
    DescribeImage(): Eliminate possible use of null pointer.
    GIF: Fix memory leak of global colormap in error path.
    GZ: Writing to gzip files with the extension ".gz" was
    not working with Zlib 1.2.8.
    JNG: Fix buffer read overflow (a tiny fixed overflow of just
    one byte).
    JPEG: Promoting certain libjpeg warnings to errors caused
    much more problems than expected. The promotion of
    warnings to errors is removed. Claimed pixel dimensions
    are validated by file size before allocating memory for
    the pixels.
    IntegralRotateImage(): Assure that reported error in rotate by
    270 case does immediately terminate processing.
    MNG: Fix possible null pointer reference related to DEFI chunk
    parsing. Fix minor heap read overflow (constrained to just
    one byte) due to an ordering issue in a limit check. Fix
    memory leaks in error path.
    WebP: Fix stack buffer overflow in WriteWEBPImage() which
    occurs with libwebp 0.5.0 or newer due to a structure type
    change in the structure passed to the progress monitor
    callback.
    WPG: Memory leaks fixed.
  * API Updates:
    InterpolateViewColor(): This function now returns MagickPassFail
    (an unsigned int) rather than void so that errors can be
    efficiently reported.
    The magick/pixel_cache.h header is updated to add deprecation
    attributes such that code using GetPixels(), GetIndexes(),
    and GetOnePixel() will produce deprecation warnings for
    compilers which support them. These functions will not be
    removed in the 1.3.X release series and when they are
    removed, pre-processor macros will be added so a replacement
    function is used instead. There is a long-term objective to
    eliminate functionally-redundant pixel cache functions to
    only the ones with the best properties since this reduces
    maintenance and may reduce the depth of the call stack
    (improving performance).
  * removed unneded GraphicsMagick-release-date-missing-quote.patch

==== MozillaThunderbird ====
Version update (52.5.2 -> 52.6)
Subpackages: MozillaThunderbird-translations-common

- update to Thunderbird 52.6 (bsc#1077291)
  * Searching message bodies of messages in local folders, including
    filter and quick filter operations, not working reliably: Content
    not found in base64-encode message parts, non-ASCII text not found
    and false positives found.
  * Defective messages (without at least one expected header) not shown
    in IMAP folders but shown on mobile devices
  * Calendar: Unintended task deletion if numlock is enabled
  * Mozilla platform security fixes
  MFSA 2018-04
  * CVE-2018-5095 (bmo#1418447)
    Integer overflow in Skia library during edge builder allocation
  * CVE-2018-5096 (bmo#1418922)
    Use-after-free while editing form elements
  * CVE-2018-5097 (bmo#1387427)
    Use-after-free when source document is manipulated during XSLT
  * CVE-2018-5098 (bmo#1399400)
    Use-after-free while manipulating form input elements
  * CVE-2018-5099 (bmo#1416878)
    Use-after-free with widget listener
  * CVE-2018-5102 (bmo#1419363)
    Use-after-free in HTML media elements
  * CVE-2018-5103 (bmo#1423159)
    Use-after-free during mouse event handling
  * CVE-2018-5104 (bmo#1425000)
    Use-after-free during font face manipulation
  * CVE-2018-5117 (bmo#1395508)
    URL spoofing with right-to-left text aligned left-to-right
  * CVE-2018-5089
    Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
- dropped obsolete mozilla-ucontext.patch

==== cryptsetup ====
Version update (1.7.5 -> 2.0.0)

- Update to version 2.0.0:
  * Add support for new on-disk LUKS2 format
  * Enable to use system libargon2 instead of bundled version
  * Install tmpfiles.d configuration for LUKS2 locking directory
  * New command integritysetup: support for the new dm-integrity kernel target
  * Support for larger sector sizes for crypt devices
  * Miscellaneous fixes and improvements

==== dracut ====

- support validating the IMA policy file signature, needed since Kernel 4.7
  * Adds 0552-98integrity-support-validating-the-IMA-policy-file-s.patch
- IMA: improve support for evm key loading (bsc#1077359, fate#323906)
  * Adds 0553-98integrity-support-loading-x509-into-the-trusted-bu.patch
  * Adds 0554-98integrity-support-X.509-only-EVM-configuration.patch
- FIPS: Adjust dependencies to work for cryptsetup 2.0 (bsc#1077070)
- Added a few more patch annotations
- Fix typo for ima dependency (evmtcl vs evmctl) (bsc#1073466)
- Updated Patch annotation regarding their upstream state
- FIPS: Try to fetch list of fips modules from the kernel's modules dir (bsc#1074984)
  * Adds 0551-fips-use-lib-modules-uname-r-modules.fips.patch
- Annotated patches regarding their upstream state
- dracut-ima requires evmctl and keyutils (bsc#1073466)

==== installation-images-Kubic ====
Version update (14.355 -> 14.358)

- merge gh#openSUSE/installation-images#233
- add missing drivers for ppc (bsc#1077546)
- 14.358
- merge gh#openSUSE/installation-images#232
- add full open-iscsi package to zenworks image (bsc# 1077301)
- 14.357

==== kernel-source ====
Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms

- Revert "module: Add retpoline tag to VERMAGIC" (fix loading
  of KMPs).
- commit 9a6fca5
- Refresh
  patches.suse/netfilter-nfnetlink_cthelper-Add-missing-permission-.patch.
- Refresh
  patches.suse/netfilter-xt_osf-Add-missing-permission-checks.patch.
- Refresh patches.suse/scsi-libfc-fix-ELS-request-handling.patch.
  Update upstream status.
- commit 12e5c10
- x86/ibrs: Add new helper macros to save/restore
  MSR_IA32_SPEC_CTRL fix (bsc#1068032 CVE-2017-5753).
- commit 6f87133

==== libetpan ====

- Rename %soname to %sover to better reflect its use.

==== libnss_nis ====
Version update (1.3 -> 3.0)
Subpackages: libnss_nis2 libnss_nis2-32bit

- Update to version 3.0
  - get ride of GLIBC_PRIVATE symbols

==== llvm4 ====
Subpackages: clang4-checker libLLVM4 libclang4

- Cleanup %ifarch conditions, remove targets unintentionally added
  to s390/s390x. (bnc#1078436)
- Limit the amount of parallel link jobs, but no longer limit
  compile jobs. This should prevent running out of memory during
  linking while not longer slowing down compilation.
- Remove build dependency on procps
- Reduce disk size requirement to 30GB in _constraints. We no
  longer need that much since we stopped building static libraries.

==== nut ====
Subpackages: libupsclient1 nut-cgi

- Fix clash between Group and %define GROUP by renaming the latter
  to NUT_GROUP (and USER to NUT_USER)
- Replace duplicate man files by soft links

==== open-iscsi ====
Subpackages: iscsiuio

- Removed the "rpm/" source directory from both the
  open-iscsi-2.0.876-suse.tar.bz2  and open-iscsi-SUSE-latest.diff.bz2
  files, since they are not needed for building and are not part
  of the upstream sources. They are still available under the
  git repository at github.com/hreinecke/open-iscsi.git. This means
  that changes to the spec file or the changes file will no longer
  require a change to the "*SUSE-latest*" file.
- Update to latest upstream vesion 2.0.876, with very few
  SUSE-specific modifications, namely around things upstream
  does not care about, like SUSE-specific systemd files. Also,
  version number modified to add "-suse", as usual. See
  the Changelog file for more details on changes in this
  upstream version.
  This replaces open-iscsi-2.0.875-suse.tar.bz2 with
  open-iscsi-2.0.876-suse.tar.bz2, and resets
  open-iscsi-SUSE-latest.diff.bz2 to contain only changes
  since the 2.0.876-suse tag.
  These changes added a new libopeniscsiusr.so library, as
  well as include files under a new open-iscsi-dev package,
  if you want to link against this library.
  The SPEC file was also cleaned up using spec-cleaner.

==== python-cairocffi ====

- Add xcffib support
- Spec file cleaned

==== python-matplotlib ====
Subpackages: python3-matplotlib python3-matplotlib-cairo python3-matplotlib-gtk3 python3-matplotlib-tk

- Update versions of required packages.

==== yast2-python-bindings ====
Version update (4.0.0 -> 4.0.2)

- Build both python2 and python3 versions of the bindings;
  (bsc#1074696).
- Convert the bindings into python3; (bsc#1074696).
- Fix some code examples; (bsc#1070212).
- Add example code ported from ruby examples; (bsc#1070212).
- Fixes based on findings from example code