Packages changed:
  MozillaFirefox (57.0.4 -> 58.0.1)
  autoyast2 (4.0.28 -> 4.0.29)
  evolution (3.26.4 -> 3.26.5)
  evolution-data-server (3.26.4 -> 3.26.5)
  evolution-ews (3.26.4 -> 3.26.5)
  gnome-music (3.26.1 -> 3.26.2)
  gnome-photos
  gupnp-igd (0.2.4 -> 0.2.5)
  gvfs (1.34.1 -> 1.34.2)
  hugin (2017.0.0 -> 2018.0.0)
  libgexiv2 (0.10.6 -> 0.10.7)
  libstorage-ng (3.3.145 -> 3.3.149)
  mysql-connector-cpp
  perl-MIME-Types (2.14 -> 2.17)
  texlive
  texlive-specs-m (2017.133.20170101_pl1svn43813 -> 2017.136.20170101_pl1svn43813)
  texlive-specs-n (2017.133.2.004svn28119 -> 2017.136.2.004svn28119)
  tracker (2.0.2 -> 2.0.3)
  tracker-miners (2.0.3 -> 2.0.4)
  vala (0.38.6 -> 0.38.7)
  xdg-desktop-portal-kde (5.11.95 -> 5.12.0)
  yast2-bootloader (4.0.14 -> 4.0.15)
  yast2-firewall (4.0.10 -> 4.0.11)
  yast2-installation (4.0.30 -> 4.0.31)
  yast2-kdump (4.0.0 -> 4.0.1)
  yast2-nis-client (4.0.1 -> 4.0.2)
  yast2-storage-ng (4.0.82 -> 4.0.84)

=== Details ===

==== MozillaFirefox ====
Version update (57.0.4 -> 58.0.1)
Subpackages: MozillaFirefox-translations-common

- Added patch:
  * mozilla-alsa-sandbox.patch: Fix bmo#1430274, ALSA sound (still
    or again?) not working in Firefox 58 due to sandboxing.
- update to Firefox 58.0.1
  MFSA 2018-05
  * Arbitrary code execution through unsanitized browser UI (bmo#1432966)
- use correct language packs
- readd mozilla-enable-csd.patch as it only lands for FF59 upstream
- allow larger number of nested elements (mozilla-bmo256180.patch)
- update to Firefox 58.0 (bsc#1077291)
  * Added Nepali (ne-NP) locale
  * Added support for form autofill for credit card
  * Optimize page load by caching JavaScript internal representation
  MFSA 2018-02
  * CVE-2018-5091 (bmo#1423086)
    Use-after-free with DTMF timers
  * CVE-2018-5092 (bmo#1418074)
    Use-after-free in Web Workers
  * CVE-2018-5093 (bmo#1415291)
    Buffer overflow in WebAssembly during Memory/Table resizing
  * CVE-2018-5094 (bmo#1415883)
    Buffer overflow in WebAssembly with garbage collection on
    uninitialized memory
  * CVE-2018-5095 (bmo#1418447)
    Integer overflow in Skia library during edge builder allocation
  * CVE-2018-5097 (bmo#1387427)
    Use-after-free when source document is manipulated during XSLT
  * CVE-2018-5098 (bmo#1399400)
    Use-after-free while manipulating form input elements
  * CVE-2018-5099 (bmo#1416878)
    Use-after-free with widget listener
  * CVE-2018-5100 (bmo#1417405)
    Use-after-free when IsPotentiallyScrollable arguments are freed
    from memory
  * CVE-2018-5101 (bmo#1417661)
    Use-after-free with floating first-letter style elements
  * CVE-2018-5102 (bmo#1419363)
    Use-after-free in HTML media elements
  * CVE-2018-5103 (bmo#1423159)
    Use-after-free during mouse event handling
  * CVE-2018-5104 (bmo#1425000)
    Use-after-free during font face manipulation
  * CVE-2018-5105 (bmo#1390882)
    WebExtensions can save and execute files on local file system
    without user prompts
  * CVE-2018-5106 (bmo#1408708)
    Developer Tools can expose style editor information cross-origin
    through service worker
  * CVE-2018-5107 (bmo#1379276)
    Printing process will follow symlinks for local file access
  * CVE-2018-5108 (bmo#1421099)
    Manually entered blob URL can be accessed by subsequent private browsing tabs
  * CVE-2018-5109 (bmo#1405599)
    Audio capture prompts and starts with incorrect origin attribution
  * CVE-2018-5110 (bmo#1423275) (affects only OS X)
    Cursor can be made invisible on OS X
  * CVE-2018-5111 (bmo#1321619)
    URL spoofing in addressbar through drag and drop
  * CVE-2018-5112 (bmo#1425224)
    Extension development tools panel can open a non-relative URL in the panel
  * CVE-2018-5113 (bmo#1425267)
    WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow
  * CVE-2018-5114 (bmo#1421324)
    The old value of a cookie changed to HttpOnly remains accessible to scripts
  * CVE-2018-5115 (bmo#1409449)
    Background network requests can open HTTP authentication in unrelated foreground tabs
  * CVE-2018-5116 (bmo#1396399)
    WebExtension ActiveTab permission allows cross-origin frame content access
  * CVE-2018-5117 (bmo#1395508)
    URL spoofing with right-to-left text aligned left-to-right
  * CVE-2018-5118 (bmo#1420049)
    Activity Stream images can attempt to load local content through file:
  * CVE-2018-5119 (bmo#1420507)
    Reader view will load cross-origin content in violation of CORS headers
  * CVE-2018-5121 (bmo#1402368) (affects only OS X)
    OS X Tibetan characters render incompletely in the addressbar
  * CVE-2018-5122 (bmo#1413841)
    Potential integer overflow in DoCrypt
  * CVE-2018-5090
    Memory safety bugs fixed in Firefox 58
  * CVE-2018-5089
    Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
- requires NSS 3.34.1
- requires rust 1.21
- removed obsolete patches:
  mozilla-bindgen-systemlibs.patch
  mozilla-bmo1360278.patch
  mozilla-bmo1399611-csd.patch
  mozilla-rust-1.23.patch
- rebased patches
- updated man-page

==== autoyast2 ====
Version update (4.0.28 -> 4.0.29)
Subpackages: autoyast2-installation

- fate#323460
  - support for disabling edit action per module. Currently used
    mainly by the new firewall module
- 4.0.29

==== evolution ====
Version update (3.26.4 -> 3.26.5)
Subpackages: evolution-lang evolution-plugin-bogofilter evolution-plugin-pst-import evolution-plugin-spamassassin

- Update to version 3.26.5:
  + Crash under message-list.c:free_message_info_data().
  + Indentation in plain text adds unwanted spaces around links.
  + Composer-autosave: Use-after-free during snapshot save to file.
  + Bugs fixed: bgo#339675, bgo#792343, bgo#792385, bgo#792480,
    bgo#792781, bgo#792736, bgo#792909, bgo#788589, bgo#788823,
    bgo#720387.
  + Updated translations.

==== evolution-data-server ====
Version update (3.26.4 -> 3.26.5)
Subpackages: evolution-data-server-lang libcamel-1_2-60 libebackend-1_2-10 libebook-1_2-19 libebook-contacts-1_2-2 libecal-1_2-19 libedata-book-1_2-25 libedata-cal-1_2-28 libedataserver-1_2-22 libedataserverui-1_2-1

- Update to version 3.26.5:
  + Prevent early free of an ESource when it has pending
    operations.
  + IMAPx:
  - Select destination mailbox only when permanentflags not known
    yet.
  - Sort array of UIDs before syncing changes to the server.
  + Prevent passing NULL ldap handle into LDAP functions ][.
  + Bugs fixed: bgo#792513, bgo#789522.

==== evolution-ews ====
Version update (3.26.4 -> 3.26.5)
Subpackages: evolution-ews-lang

- Update to version 3.26.5:
  + Bugs fixed: bgo#793037.

==== gnome-music ====
Version update (3.26.1 -> 3.26.2)
Subpackages: gnome-music-lang

- Update to version 3.26.2:
  + Bugs fixed:
  - Block spotify plugin (glgo#gnome-music#132).
  - DiscListBoxWidget: Update favorites playlist (bgo#784998).
  - Albumartcache: Fix order in method call.
  - Flatpak: Update music repository URL (glgo#gnome-music#138).
  - Misc flatpak fixes.
  + Updated translations.

==== gnome-photos ====
Subpackages: gnome-photos-lang gnome-shell-search-provider-gnome-photos

- Add gnome-photos-Dont-leak-thumbnailer-path-string.patch:
  thumbnail-factory: Don't leak the thumbnailer path string.
- Add gnome-photos-application-fixes.patch: application: Avoid
  CRITICALs.
- Add gnome-photos-Check-RDF-type-before-using-it.patch: utils:
  Check the RDF type before using it, not the MIME type.

==== gupnp-igd ====
Version update (0.2.4 -> 0.2.5)

- Update to version 0.2.5:
  + Update gtk-doc to newer version to fix build failures.
- Update Url to https://wiki.gnome.org/Projects/GUPnP: current
  GUPnP's web page.

==== gvfs ====
Version update (1.34.1 -> 1.34.2)
Subpackages: gvfs-backend-afc gvfs-backend-samba gvfs-backends gvfs-fuse gvfs-lang

- Update to version 1.34.2:
  + Recent: Prevent crash when recent file changed.
  + Trash: Fix trash::orig-path for relative paths.
  + Mtp:
  - Handle read-past-EOF ourselves to prevent hangs.
  - Fix volume removal with current udev behavior.
  + Gphoto2: Fix volume removal with current udev behavior.
  + Updated translations.
- Drop gvfs-fix-mtp-volume-removal.patch and
  gvfs-mtp-handle-read-past-eof.patch: Fixed upstream.

==== hugin ====
Version update (2017.0.0 -> 2018.0.0)

- update to version 2018.0.0
  The version 2018.0 is mainly a bug fix release and introduce some minor new features.
  Several improvements for optimizer tabs:
  * mark deselected images
  * allow changing optimizer variables for all selected images at once
  * option to ignore line cp
  * hugin_stacker: New tool to stack overlapping images with several
    averaging modes (e.g. mean, median).
  * Hugin: Added option to disable auto-rotation of images in control
    point and mask editor.
  * Nona, verdandi and hugin_stacker can now write BigTIFF images
  * Added expression parser to GUI: This allows to manipulate several
    image variables at once. (This is the same as running pto_var
  - -set from the command line.) This can be used e.g. to prealigns
    the images in a given setup and then run cpfind --prealigned to
    search control points only in overlapping images.
  * Add user-defined assistant and expose it in the GUI. It allows
    to set up different assistant strategies without the need to
    recompiling. Provide also some examples (scanned images,
    multi-row panoramas with orphaned images, single-shot panorama
    cameras).
- drop python dependencies

==== libgexiv2 ====
Version update (0.10.6 -> 0.10.7)

- Update to version 0.10.7:
  + Add meson build support.
  + Use glib-mkenums for enum types.
  + Fix make check when running out of tree.
  + Use version script to clean up exported functions.
  + Fix --disable-vala.
  + Bugs fixed: bgo#784045, bgo#787455.

==== libstorage-ng ====
Version update (3.3.145 -> 3.3.149)
Subpackages: libstorage-ng-ruby libstorage-ng1

- merge gh#openSUSE/libstorage-ng#450
- Ensure not to write malformed /etc/fstab entries (bsc#1066763)
- 3.3.149
- merge gh#openSUSE/libstorage-ng#451
- work on error handling
- 3.3.148
- merge gh#openSUSE/libstorage-ng#449
- fixed default value
- 3.3.147
- merge gh#openSUSE/libstorage-ng#448
- Add GraphvizFlags::DISPLAYNAME to Devicegraph
- merge gh#openSUSE/libstorage-ng#447
- allow finer control of flags in write_graphviz
- merge gh#openSUSE/libstorage-ng#446
- use sid as vertex id
- Translated using Weblate (Hungarian)
- Translated using Weblate (Hungarian)
- Translated using Weblate (Afrikaans)
- merge gh#openSUSE/libstorage-ng#444
- added Mountable::remove_mount_point()
- merge gh#openSUSE/libstorage-ng#443
- added PRETTY_CLASSNAME to GraphvizFlags
- Translated using Weblate (Chinese (Taiwan))
- merge gh#openSUSE/libstorage-ng#442
- renamed integration tests
- added integration tests
- Translated using Weblate (Chinese (Taiwan))
- merge gh#openSUSE/libstorage-ng#441
- added integration test
- added udevadm settle call
- Translated using Weblate (Korean)
- Translated using Weblate (Korean)

==== mysql-connector-cpp ====

- add mysql-connector-cpp-mariadb.patch
  to fix compatibility with MariaDB, not supported options removed

==== perl-MIME-Types ====
Version update (2.14 -> 2.17)

- updated to 2.17
  see /usr/share/doc/packages/perl-MIME-Types/ChangeLog

==== texlive ====

- drop freetype-devel buildrequires, we use freetype2 here.

==== texlive-specs-m ====
Version update (2017.133.20170101_pl1svn43813 -> 2017.136.20170101_pl1svn43813)

- Avoid broken scripts due former env correction, only repair
  those scripts where the shebang exists
- Switch over to python 3 (boo#1077170)
- Avoid nasty warning about missing batchmode in ENVironment

==== texlive-specs-n ====
Version update (2017.133.2.004svn28119 -> 2017.136.2.004svn28119)

- Avoid broken scripts due former env correction, only repair
  those scripts where the shebang exists
- Switch over to python 3 (boo#1077170)
- Avoid nasty warning about missing batchmode in ENVironment

==== tracker ====
Version update (2.0.2 -> 2.0.3)
Subpackages: libtracker-common-2_0 libtracker-control-2_0-0 libtracker-miner-2_0-0 libtracker-sparql-2_0-0 tracker-lang typelib-1_0-Tracker-2_0 typelib-1_0-TrackerControl-2_0

- Update to version 2.0.3:
  + build:
  - Improvements in meson support.
  - Remove stale dependencies after Tracker miners split.
  + tests:
  - Many fixes to functional tests.
  - Remove old checks for maemo-specific features.
  + libtracker-miner: Small code improvements.
  + libtracker-sparql: use gint32 to unpack 'i' GVariant format.
  + Updated translations.
- Drop tracker-nb-translations.patch: Fixed upstream.
- Minor spec-clean, use autosetup and make_build macros.

==== tracker-miners ====
Version update (2.0.3 -> 2.0.4)
Subpackages: tracker-miner-files tracker-miners-lang

- Update to version 2.0.4:
  + build: Allow building tracker repo as a meson subproject.
  + libtracker-common: Rename to libtracker-miners-common.
  + libtracker-miners-common: Whitelist arm_fadvise64_64, getegid
    and getegid32 syscalls.
  + tracker-extract:
  - Add GExiv2-based extractor module for RAW files.
  - Blacklist gstreamer modules via plugin instead of via
    feature.
  - Blacklist video4linux2 gstreamer plugin.
  - Use enumerations for EXIF values.
  - Fix image pixel density conversions.
  + tracker-miner-fs: Avoid setting rdf:types on empty files.
  + meson: dependency check fixes.
  + Updated translations.
- Drop tracker-miners-nb-translations.patch: Fixed upstream.

==== vala ====
Version update (0.38.6 -> 0.38.7)
Subpackages: libvala-0_38-0

- Update to version 0.38.7:
  + Regression fix: codegen: Don't try to infer error argument on
    async begin methods (bgo#793158). This was a regression
    introduced by (bgo#614294).

==== xdg-desktop-portal-kde ====
Version update (5.11.95 -> 5.12.0)
Subpackages: xdg-desktop-portal-kde-lang

- Add patch to fix build with latest Qt dev version where
  QCUPSSupport::cupsOptionsList was removed from the private API
  (kde#389825):
  * 0001-Fix-build-with-Qt-dev-branch-where-QCUPSSupport-cups.patch
- Update to 5.12.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.12.0.php
- Changes since 5.11.95:
  * None

==== yast2-bootloader ====
Version update (4.0.14 -> 4.0.15)

- Fix activating partition by UUID or label (bsc#1077427,
  bsc#1076424)
- 4.0.15

==== yast2-firewall ====
Version update (4.0.10 -> 4.0.11)

- AutoYaST: When a profile using the SuSEFirewall2 schema is used,
  the user is reported with an error if some property is not
  supported or with a warning in other case. (fate#323460)
- 4.0.11

==== yast2-installation ====
Version update (4.0.30 -> 4.0.31)

- Added requirement iproute2 to spec file. This is needed by
  the VNC AutoYaST installation in the second stage.
  (Follow up of bnc#1077236)
- 4.0.31

==== yast2-kdump ====
Version update (4.0.0 -> 4.0.1)

- added supplements for yast2 and kdump (bsc#1070423)
- 4.0.1

==== yast2-nis-client ====
Version update (4.0.1 -> 4.0.2)

- Replace SuSEFirewall2 by firewalld (fate#323460)
- 4.0.2

==== yast2-storage-ng ====
Version update (4.0.82 -> 4.0.84)

- Partitioner: fixed 'Device Graph' section (part of fate#318196).
- 4.0.84
- Added a new 'disk' client, alias for 'partitioner' (bsc#1078900).
- 4.0.83