Packages changed:
  audacity (2.2.1 -> 2.2.2)
  autoyast2 (4.0.31 -> 4.0.32)
  filesystem
  git
  hostname (3.16 -> 3.20)
  kernel-source (4.15.4 -> 4.15.5)
  libcap-ng (0.7.8 -> 0.7.9)
  libguestfs
  libnss_nis
  libreoffice
  libstorage-ng (3.3.164 -> 3.3.173)
  libunwind
  libyui-qt-pkg (2.45.14 -> 2.45.15)
  linphone
  mozilla-nspr (4.17 -> 4.18)
  mozilla-nss (3.34.1 -> 3.35)
  open-iscsi
  perl-Image-ExifTool (10.55 -> 10.80)
  pesign-obs-integration
  qemu (2.11.0 -> 2.11.1)
  qemu-linux-user (2.11.0 -> 2.11.1)
  rpm
  shadow
  unar
  util-linux
  util-linux-systemd
  valgrind
  xdg-desktop-portal-kde (5.12.1 -> 5.12.2)
  yast2 (4.0.53 -> 4.0.54)
  yast2-bootloader (4.0.18 -> 4.0.19)
  yast2-control-center (4.0.0 -> 4.0.1)
  yast2-firewall (4.0.14 -> 4.0.16)
  yast2-network (4.0.14 -> 4.0.16)
  yast2-nfs-client (4.0.1 -> 4.0.2)
  yast2-ntp-client (4.0.7 -> 4.0.8)
  yast2-packager (4.0.39 -> 4.0.41)
  yast2-storage-ng (4.0.97 -> 4.0.110)
  ypbind
  ypserv

=== Details ===

==== audacity ====
Version update (2.2.1 -> 2.2.2)
Subpackages: audacity-lang

- Update to release version 2.2.2.
- Rebase audacity-no_buildstamp.patch.
- Removed incorporated audacity-fix-nonsense.patch.
- Added audacity-misc-errors.patch to fix various errors picked
  up by rpmlint.
- Added to audacity-no_return_in_nonvoid.patch.
- Upstream changes:
  * Easier zooming in and out with mousewheel, new Zoom Toggle
  command, and context menu for vertical rulers.
  * Easy access to change keyboard bindings of menu commands
  by holding Shift key.
  * Detection of dropout errors while recording with
  overburdened CPU.
  * Improved contrasts in Light and Dark themes
  * Half-wave display option
  * Several bugs/annoyances in 2.2.1 are now fixed

==== autoyast2 ====
Version update (4.0.31 -> 4.0.32)
Subpackages: autoyast2-installation

- Remove calls to the old yast2-storage layer (bsc#1071978)
- Fix AutoYaST UI to to show partitions properly
- 4.0.32

==== filesystem ====

- Use lib64 filelist on riscv64

==== git ====
Subpackages: git-core git-cvs git-daemon git-email git-gui git-svn git-web gitk

- Create subpackage for libsecret credential helper.

==== hostname ====
Version update (3.16 -> 3.20)

- Update to 3.20
  * debian-specific change only
- includes 3.19
  * Fix lintian warnings.
- includes 3.18
  * Make sure memory is initialized to zero before attempting to
    read hostname.
- includes 3.17
  * Use _GNU_SOURCE feature test macro, instead of glibc internal
    __USE_GNU.
  * Use getdomainname instead of yp_get_default_domain because it
    is more widely available and avoids the -lnsl dependency.
  * localnisdomain is kept, even though it should be the same as
    localdomain, so the behaviour is not changed in case of an error.
  * Replace 'dh-clean -k' with 'dh-prep'
- cleanup with spec-cleaner

==== kernel-source ====
Version update (4.15.4 -> 4.15.5)
Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms

- powerpc/pseries: Add empty update_numa_cpu_lookup_table()
  for NUMA=n (git-fixes).
- commit 4a82466
- Linux 4.15.5 (bnc#1012628).
- scsi: smartpqi: allow static build ("built-in") (bnc#1012628).
- IB/umad: Fix use of unprotected device pointer (bnc#1012628).
- IB/qib: Fix comparison error with qperf compare/swap test
  (bnc#1012628).
- IB/mlx4: Fix incorrectly releasing steerable UD QPs when have
  only ETH ports (bnc#1012628).
- IB/core: Fix two kernel warnings triggered by rxe registration
  (bnc#1012628).
- IB/core: Fix ib_wc structure size to remain in 64 bytes boundary
  (bnc#1012628).
- IB/core: Avoid a potential OOPs for an unused optional parameter
  (bnc#1012628).
- selftests: seccomp: fix compile error seccomp_bpf (bnc#1012628).
- kselftest: fix OOM in memory compaction test (bnc#1012628).
- RDMA/rxe: Fix a race condition related to the QP error state
  (bnc#1012628).
- RDMA/rxe: Fix a race condition in rxe_requester() (bnc#1012628).
- RDMA/rxe: Fix rxe_qp_cleanup() (bnc#1012628).
- cpufreq: powernv: Dont assume distinct pstate values for
  nominal and pmin (bnc#1012628).
- swiotlb: suppress warning when __GFP_NOWARN is set
  (bnc#1012628).
- PM / devfreq: Propagate error from devfreq_add_device()
  (bnc#1012628).
- mwifiex: resolve reset vs. remove()/shutdown() deadlocks
  (bnc#1012628).
- ocfs2: try a blocking lock before return AOP_TRUNCATED_PAGE
  (bnc#1012628).
- trace_uprobe: Display correct offset in uprobe_events
  (bnc#1012628).
- powerpc/radix: Remove trace_tlbie call from radix__flush_tlb_all
  (bnc#1012628).
- powerpc/kernel: Block interrupts when updating TIDR
  (bnc#1012628).
- powerpc/vas: Don't set uses_vas for kernel windows
  (bnc#1012628).
- powerpc/numa: Invalidate numa_cpu_lookup_table on cpu remove
  (bnc#1012628).
- powerpc/mm: Flush radix process translations when setting MMU
  type (bnc#1012628).
- powerpc/xive: Use hw CPU ids when configuring the CPU queues
  (bnc#1012628).
- dma-buf: fix reservation_object_wait_timeout_rcu once more v2
  (bnc#1012628).
- s390: fix handling of -1 in set{,fs}[gu]id16 syscalls
  (bnc#1012628).
- arm64: dts: msm8916: Correct ipc references for smsm
  (bnc#1012628).
- ARM: lpc3250: fix uda1380 gpio numbers (bnc#1012628).
- ARM: dts: STi: Add gpio polarity for "hdmi,hpd-gpio" property
  (bnc#1012628).
- ARM: dts: nomadik: add interrupt-parent for clcd (bnc#1012628).
- arm: dts: mt7623: fix card detection issue on bananapi-r2
  (bnc#1012628).
- arm: spear600: Add missing interrupt-parent of rtc
  (bnc#1012628).
- arm: spear13xx: Fix dmas cells (bnc#1012628).
- arm: spear13xx: Fix spics gpio controller's warning
  (bnc#1012628).
- x86/gpu: add CFL to early quirks (bnc#1012628).
- x86/kexec: Make kexec (mostly) work in 5-level paging mode
  (bnc#1012628).
- x86/xen: init %gs very early to avoid page faults with stack
  protector (bnc#1012628).
- x86: PM: Make APM idle driver initialize polling state
  (bnc#1012628).
- mm, memory_hotplug: fix memmap initialization (bnc#1012628).
- x86/entry/64: Clear extra registers beyond syscall arguments,
  to reduce speculation attack surface (bnc#1012628).
- x86/entry/64/compat: Clear registers for compat syscalls,
  to reduce speculation attack surface (bnc#1012628).
- compiler-gcc.h: Introduce __optimize function attribute
  (bnc#1012628).
- compiler-gcc.h: __nostackprotector needs gcc-4.4 and up
  (bnc#1012628).
- crypto: sun4i_ss_prng - fix return value of
  sun4i_ss_prng_generate (bnc#1012628).
- crypto: sun4i_ss_prng - convert lock to _bh in
  sun4i_ss_prng_generate (bnc#1012628).
- powerpc/mm/radix: Split linear mapping on hot-unplug
  (bnc#1012628).
- x86/mm/pti: Fix PTI comment in entry_SYSCALL_64() (bnc#1012628).
- x86/speculation: Update Speculation Control microcode blacklist
  (bnc#1012628).
- x86/speculation: Correct Speculation Control microcode blacklist
  again (bnc#1012628).
- Revert "x86/speculation: Simplify
  indirect_branch_prediction_barrier()" (bnc#1012628).
- KVM/x86: Reduce retpoline performance impact in
  slot_handle_level_range(), by always inlining iterator helper
  methods (bnc#1012628).
- X86/nVMX: Properly set spec_ctrl and pred_cmd before merging
  MSRs (bnc#1012628).
- KVM/nVMX: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid
  L02 MSR bitmap (bnc#1012628).
- x86/speculation: Clean up various Spectre related details
  (bnc#1012628).
- PM / runtime: Update links_count also if !CONFIG_SRCU
  (bnc#1012628).
- PM: cpuidle: Fix cpuidle_poll_state_init() prototype
  (bnc#1012628).
- platform/x86: wmi: fix off-by-one write in wmi_dev_probe()
  (bnc#1012628).
- x86/entry/64: Clear registers for exceptions/interrupts,
  to reduce speculation attack surface (bnc#1012628).
- x86/entry/64: Merge SAVE_C_REGS and SAVE_EXTRA_REGS, remove
  unused extensions (bnc#1012628).
- x86/entry/64: Merge the POP_C_REGS and POP_EXTRA_REGS macros
  into a single POP_REGS macro (bnc#1012628).
- x86/entry/64: Interleave XOR register clearing with PUSH
  instructions (bnc#1012628).
- x86/entry/64: Introduce the PUSH_AND_CLEAN_REGS macro
  (bnc#1012628).
- x86/entry/64: Use PUSH_AND_CLEAN_REGS in more cases
  (bnc#1012628).
- x86/entry/64: Get rid of the ALLOC_PT_GPREGS_ON_STACK and
  SAVE_AND_CLEAR_REGS macros (bnc#1012628).
- x86/entry/64: Indent PUSH_AND_CLEAR_REGS and POP_REGS properly
  (bnc#1012628).
- x86/entry/64: Fix paranoid_entry() frame pointer warning
  (bnc#1012628).
- x86/entry/64: Remove the unused 'icebp' macro (bnc#1012628).
- selftests/x86: Fix vDSO selftest segfault for vsyscall=none
  (bnc#1012628).
- selftests/x86: Clean up and document sscanf() usage
  (bnc#1012628).
- selftests/x86/pkeys: Remove unused functions (bnc#1012628).
- selftests/x86: Fix build bug caused by the 5lvl test which
  has been moved to the VM directory (bnc#1012628).
- selftests/x86: Do not rely on "int $0x80" in test_mremap_vdso.c
  (bnc#1012628).
- gfs2: Fixes to "Implement iomap for block_map" (bnc#1012628).
- selftests/x86: Do not rely on "int $0x80" in
  single_step_syscall.c (bnc#1012628).
- selftests/x86: Disable tests requiring 32-bit support on pure
  64-bit systems (bnc#1012628).
- objtool: Fix segfault in ignore_unreachable_insn()
  (bnc#1012628).
- x86/debug, objtool: Annotate WARN()-related UD2 as reachable
  (bnc#1012628).
- x86/debug: Use UD2 for WARN() (bnc#1012628).
- x86/speculation: Fix up array_index_nospec_mask() asm constraint
  (bnc#1012628).
- nospec: Move array_index_nospec() parameter checking into
  separate macro (bnc#1012628).
- x86/speculation: Add <asm/msr-index.h> dependency (bnc#1012628).
- x86/mm: Rename flush_tlb_single() and flush_tlb_one() to
  __flush_tlb_one_[user|kernel]() (bnc#1012628).
- selftests/x86/mpx: Fix incorrect bounds with old _sigfault
  (bnc#1012628).
- x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping
  (bnc#1012628).
- x86/spectre: Fix an error message (bnc#1012628).
- x86/cpu: Change type of x86_cache_size variable to unsigned int
  (bnc#1012628).
- x86/entry/64: Fix CR3 restore in paranoid_exit() (bnc#1012628).
- drm/ttm: Don't add swapped BOs to swap-LRU list (bnc#1012628).
- drm/ttm: Fix 'buf' pointer update in ttm_bo_vm_access_kmap()
  (v2) (bnc#1012628).
- drm/qxl: unref cursor bo when finished with it (bnc#1012628).
- drm/qxl: reapply cursor after resetting primary (bnc#1012628).
- drm/amd/powerplay: Fix smu_table_entry.handle type
  (bnc#1012628).
- drm/ast: Load lut in crtc_commit (bnc#1012628).
- drm: Check for lessee in DROP_MASTER ioctl (bnc#1012628).
- arm64: Add missing Falkor part number for branch predictor
  hardening (bnc#1012628).
- drm/radeon: Add dpm quirk for Jet PRO (v2) (bnc#1012628).
- drm/radeon: adjust tested variable (bnc#1012628).
- x86/smpboot: Fix uncore_pci_remove() indexing bug when
  hot-removing a physical CPU (bnc#1012628).
- rtc-opal: Fix handling of firmware error codes, prevent busy
  loops (bnc#1012628).
- mbcache: initialize entry->e_referenced in
  mb_cache_entry_create() (bnc#1012628).
- mmc: sdhci: Implement an SDHCI-specific bounce buffer
  (bnc#1012628).
- mmc: bcm2835: Don't overwrite max frequency unconditionally
  (bnc#1012628).
- Revert "mmc: meson-gx: include tx phase in the tuning process"
  (bnc#1012628).
- mlx5: fix mlx5_get_vector_affinity to start from completion
  vector 0 (bnc#1012628).
- Revert "apple-gmux: lock iGP IO to protect from vgaarb changes"
  (bnc#1012628).
- jbd2: fix sphinx kernel-doc build warnings (bnc#1012628).
- ext4: fix a race in the ext4 shutdown path (bnc#1012628).
- ext4: save error to disk in __ext4_grp_locked_error()
  (bnc#1012628).
- ext4: correct documentation for grpid mount option
  (bnc#1012628).
- mm: hide a #warning for COMPILE_TEST (bnc#1012628).
- mm: Fix memory size alignment in devm_memremap_pages_release()
  (bnc#1012628).
- MIPS: Fix typo BIG_ENDIAN to CPU_BIG_ENDIAN (bnc#1012628).
- MIPS: CPS: Fix MIPS_ISA_LEVEL_RAW fallout (bnc#1012628).
- MIPS: Fix incorrect mem=X@Y handling (bnc#1012628).
- PCI: Disable MSI for HiSilicon Hip06/Hip07 only in Root Port
  mode (bnc#1012628).
- PCI: iproc: Fix NULL pointer dereference for BCMA (bnc#1012628).
- PCI: pciehp: Assume NoCompl+ for Thunderbolt ports
  (bnc#1012628).
- PCI: keystone: Fix interrupt-controller-node lookup
  (bnc#1012628).
- video: fbdev: atmel_lcdfb: fix display-timings lookup
  (bnc#1012628).
- console/dummy: leave .con_font_get set to NULL (bnc#1012628).
- rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (bnc#1012628).
- xen: Fix {set,clear}_foreign_p2m_mapping on autotranslating
  guests (bnc#1012628).
- xenbus: track caller request id (bnc#1012628).
- seq_file: fix incomplete reset on read from zero offset
  (bnc#1012628).
- tracing: Fix parsing of globs with a wildcard at the beginning
  (bnc#1012628).
- mpls, nospec: Sanitize array index in mpls_label_ok()
  (bnc#1012628).
- rtlwifi: rtl8821ae: Fix connection lost problem correctly
  (bnc#1012628).
- arm64: proc: Set PTE_NG for table entries to avoid traversing
  them twice (bnc#1012628).
- xprtrdma: Fix calculation of ri_max_send_sges (bnc#1012628).
- xprtrdma: Fix BUG after a device removal (bnc#1012628).
- blk-wbt: account flush requests correctly (bnc#1012628).
- target/iscsi: avoid NULL dereference in CHAP auth error path
  (bnc#1012628).
- iscsi-target: make sure to wake up sleeping login worker
  (bnc#1012628).
- dm: correctly handle chained bios in dec_pending()
  (bnc#1012628).
- Btrfs: fix deadlock in run_delalloc_nocow (bnc#1012628).
- Btrfs: fix crash due to not cleaning up tree log block's dirty
  bits (bnc#1012628).
- Btrfs: fix extent state leak from tree log (bnc#1012628).
- Btrfs: fix use-after-free on root->orphan_block_rsv
  (bnc#1012628).
- Btrfs: fix unexpected -EEXIST when creating new inode
  (bnc#1012628).
- 9p/trans_virtio: discard zero-length reply (bnc#1012628).
- mtd: nand: vf610: set correct ooblayout (bnc#1012628).
- ALSA: hda - Fix headset mic detection problem for two Dell
  machines (bnc#1012628).
- ALSA: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute
  (bnc#1012628).
- ALSA: hda/realtek - Add headset mode support for Dell laptop
  (bnc#1012628).
- ALSA: hda/realtek - Enable Thinkpad Dock device for ALC298
  platform (bnc#1012628).
- ALSA: hda/realtek: PCI quirk for Fujitsu U7x7 (bnc#1012628).
- ALSA: usb-audio: add implicit fb quirk for Behringer UFX1204
  (bnc#1012628).
- ALSA: usb: add more device quirks for USB DSD devices
  (bnc#1012628).
- ALSA: seq: Fix racy pool initializations (bnc#1012628).
- mvpp2: fix multicast address filter (bnc#1012628).
- usb: Move USB_UHCI_BIG_ENDIAN_* out of USB_SUPPORT
  (bnc#1012628).
- x86/mm, mm/hwpoison: Don't unconditionally unmap kernel 1:1
  pages (bnc#1012628).
- ARM: dts: exynos: fix RTC interrupt for exynos5410
  (bnc#1012628).
- ARM: pxa/tosa-bt: add MODULE_LICENSE tag (bnc#1012628).
- arm64: dts: msm8916: Add missing #phy-cells (bnc#1012628).
- ARM: dts: s5pv210: add interrupt-parent for ohci (bnc#1012628).
- arm: dts: mt7623: Update ethsys binding (bnc#1012628).
- arm: dts: mt2701: Add reset-cells (bnc#1012628).
- ARM: dts: Delete bogus reference to the charlcd (bnc#1012628).
- media: r820t: fix r820t_write_reg for KASAN (bnc#1012628).
- mmc: sdhci-of-esdhc: fix eMMC couldn't work after kexec
  (bnc#1012628).
- mmc: sdhci-of-esdhc: fix the mmc error after sleep on ls1046ardb
  (bnc#1012628).
- Refresh
  patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
- Refresh
  patches.suse/0002-x86-speculation-Add-inlines-to-control-Indirect-Bran.patch.
- Refresh
  patches.suse/0005-x86-enter-Use-IBRS-on-syscall-and-interrupts.patch.
- commit 078aac5
- config: enable IMA and EVM
- commit 8c97198
- config: arm64: Enable MAX77620 for Nvidia Jetson TX1 (boo#1081473)
- commit 5cbffaf

==== libcap-ng ====
Version update (0.7.8 -> 0.7.9)
Subpackages: libcap-ng-devel libcap-ng0

- Move %doc to %license for licenses
- Remove ineffective --with-pic. Fix SRPM group. Redo descriptions.
- Rename %soname to %sover to better reflect its use.
- Update to version 0.7.9:
  * Detect and output a couple errors in filecap
  * Use pthread_atfork to optionally reset the pid and related info
    on fork
- cleanup with spec-cleaner
- use https urls

==== libguestfs ====
Subpackages: guestfs-data libguestfs0 python3-libguestfs

- Remove dependency on wodim for openSUSE:Factory and use cdrtools
  (bnc#1081739)

==== libnss_nis ====
Subpackages: libnss_nis2 libnss_nis2-32bit

- Use %license [bsc#1082318]

==== libreoffice ====
Subpackages: libreoffice-base libreoffice-base-drivers-mysql libreoffice-branding-upstream libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-kde4 libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-writer libreofficekit

- Add patch to build properly with orcus-0.13.3:
  * orcus-0.13.3.patch
- boost_string_fixes.patch: Boost in Leap 42.3 and SLE-12 is lacking
  some functionality found in newer versions. Workaround the problem.

==== libstorage-ng ====
Version update (3.3.164 -> 3.3.173)
Subpackages: libstorage-ng-ruby libstorage-ng1

- merge gh#openSUSE/libstorage-ng#476
- improved integration tests
- added documentation
- 3.3.173
- Translated using Weblate (Ukrainian)
- Translated using Weblate (Finnish)
- 3.3.172
- merge gh#openSUSE/libstorage-ng#475
- allow SystemCmd to verify program exit code
- added base class for callbacks
- added callbacks for probing (bsc#1070459 and many others)
- use callbacks base class
- use new verify feature of SystemCmd
- improved error handling
- work on handling errors during probe
- updated pot file
- use callbacks base class
- coding style
- extended documentation
- 3.3.171
- merge gh#openSUSE/libstorage-ng#474
- fixed device existence check (bsc#1082143)
- 3.3.170
- merge gh#openSUSE/libstorage-ng#473
- Default to GPT for creating partition tables (fate#323457)
- 3.3.169
- merge gh#openSUSE/libstorage-ng#472
- insert mount and unmount actions for resize
- added unit tests
- 3.3.168
- merge gh#openSUSE/libstorage-ng#471
- fixed parsing /proc/mounts for ntfs
- fixed error handling when ntfsresize fails
- 3.3.167
- merge gh#openSUSE/libstorage-ng#470
- consistent names
- remove duplicate actions
- added helper functions
- fixed integration test
- adjust existing unit test to so far supported setup
- coding style
- renamed function to reflect recent changes
- 3.3.166
- merge gh#openSUSE/libstorage-ng#469
- added possible_mount_bys()
- 3.3.165

==== libunwind ====
Subpackages: libunwind-devel

- Add patch `fix_versioning_libunwind_1.2.1.patch`.
  * This patch fixes the upstream bug gh#libunwind/libunwind#30.
    This bug was causing the julia build process to fail.
    NOTE: This patch shall be removed in the next version of
    libunwind.

==== libyui-qt-pkg ====
Version update (2.45.14 -> 2.45.15)

- Contribution by LelCP: Add support for icon themes (boo#1081517)
- 2.45.15

==== linphone ====
Subpackages: liblinphone++9 liblinphone-data liblinphone-devel liblinphone-lang liblinphone9

- Add linphone-build-readline.patch: Add the ability to compile
  with readline to the build system.
- Build with the readline support.

==== mozilla-nspr ====
Version update (4.17 -> 4.18)

- update to version 4.18
  * removed HP-UX DCE threads support
  * improvements for the Windows implementation of PR_SetCurrentThreadName
  * fixes for the Windows implementation of TCP Fast Open

==== mozilla-nss ====
Version update (3.34.1 -> 3.35)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-tools

- update to NSS 3.35
  New functionality
  * TLS 1.3 support has been updated to draft -23. This includes a
    large number of changes since 3.34, which supported only draft
  - 18. See below for details.
  New Types
  * SSLHandshakeType - The type of a TLS handshake message.
  * For the SSLSignatureScheme enum, the enumerated values
    ssl_sig_rsa_pss_sha* are deprecated in response to a change in
    TLS 1.3.  Please use the equivalent ssl_sig_rsa_pss_rsae_sha*
    for rsaEncryption keys, or ssl_sig_rsa_pss_pss_sha* for PSS keys.
    Note that this release does not include support for the latter.
  Notable Changes
  * Previously, NSS used the DBM file format by default. Starting
    with version 3.35, NSS uses the SQL file format by default.
    Additional information can be found on this Fedora Linux project
    page: https://fedoraproject.org/wiki/Changes/NSSDefaultFileFormatSql
  * Added formally verified implementations of non-vectorized Chacha20
    and non-vectorized Poly1305 64-bit.
  * For stronger security, when creating encrypted PKCS#7 or PKCS#12 data,
    the iteration count for the password based encryption algorithm
    has been increased to one million iterations. Note that debug builds
    will use a lower count, for better performance in test environments.
  * NSS 3.30 had introduced a regression, preventing NSS from reading
    some AES encrypted data, produced by older versions of NSS.
    NSS 3.35 fixes this regression and restores the ability to read
    affected data.
  * The following CA certificates were Removed:
    OU = Security Communication EV RootCA1
    CN = CA Disig Root R1
    CN = DST ACES CA X6
    Subject CN = VeriSign Class 3 Secure Server CA - G2
  * The Websites (TLS/SSL) trust bit was turned off for the following
    CA certificates:
    CN = Chambers of Commerce Root
    CN = Global Chambersign Root
  * TLS servers are able to handle a ClientHello statelessly, if the
    client supports TLS 1.3.  If the server sends a HelloRetryRequest,
    it is possible to discard the server socket, and make a new socket
    to handle any subsequent ClientHello. This better enables stateless
    server operation. (This feature is added in support of QUIC, but it
    also has utility for DTLS 1.3 servers.)
  * The tstclnt utility now supports DTLS, using the -P option.  Note that
    a DTLS server is also provided in tstclnt.
  * TLS compression is no longer possible with NSS. The option can be
    enabled, but NSS will no longer negotiate compression.
  * The signatures of functions SSL_OptionSet, SSL_OptionGet,
    SSL_OptionSetDefault and SSL_OptionGetDefault have been modified,
    to take a PRIntn argument rather than PRBool. This makes it clearer,
    that options can have values other than 0 or 1.  Note this does
    not affect ABI compatibility, because PRBool is a typedef for PRIntn.

==== open-iscsi ====
Subpackages: iscsiuio

- Ensure correct dependencies: main package must depend
  on (new) libopeniscsiusr package, and devel package
  must depend on main package (updating spec file)
- Fix ARP booting issue with different subnets
  (bsc#1058463), updating:
  * open-iscsi-SUSE-latest.diff.bz2
- Trim filler wording from description.
  Update old commands/RPM variables to macros.
- Implement shared library packaging guideline.
- Do not let fdupes run across partitions.

==== perl-Image-ExifTool ====
Version update (10.55 -> 10.80)
Subpackages: exiftool perl-File-RandomAccess

- Update to version 10.80 (changes since 10.55):
  * See /usr/share/doc/packages/perl-Image-ExifTool/Changes

==== pesign-obs-integration ====

- Provide password file for 'certutil -A' due to the change in
  mozilla-nss 3.35 (boo#1082235)

==== qemu ====
Version update (2.11.0 -> 2.11.1)
Subpackages: qemu-arm qemu-block-curl qemu-block-dmg qemu-block-gluster qemu-block-iscsi qemu-block-rbd qemu-block-ssh qemu-extra qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-ppc qemu-s390 qemu-seabios qemu-sgabios qemu-tools qemu-vgabios qemu-x86

- Update to v2.11.1, a stable, (mostly) bug-fix-only release
  In addition to bug fixes, of necessity fixes are needed to
  address the Spectre v2 vulnerability by passing along to the
  guest new hardware features introduced by host microcode updates.
  A January 2018 release of qemu initially addressed this issue
  by exposing the feature for all x86 vcpu types, which was the
  quick and dirty approach, but not the proper solution. We remove
  that initial patch and now rely on the upstream solution. This
  update instead defines spec_ctrl and ibpb cpu feature flags as
  well as new cpu models which are clones of existing models with
  either -IBRS or -IBPB added to the end of the model name. These
  new vcpu models explicitly include the new feature(s), whereas
  the feature flags can be added to the cpu parameter as with other
  features.  In short, for continued Spectre v2 protection, ensure
  that either the appropriate cpu feature flag is added to the QEMU
  command-line, or one of the new cpu models is used. Although
  migration from older versions is supported, the new cpu features
  won't be properly exposed to the guest until it is restarted with
  the cpu features explicitly added. A reboot is insufficient.
  A warning patch is added which attempts to detect a migration
  from a qemu version which had the quick and dirty fix (it only
  detects certain cases, but hopefully is helpful.)
  s390x guest vulnerability to Spectre v2 is also addressed in this
  update by including support for bpb and ppa/stfle.81 features.
  (CVE-2017-5715 bsc#1068032)
  For additional information on Spectre v2 as it relates to QEMU,
  see: https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/
- Unfortunately, it was found that our current KVM isn't correctly
  indicating support for the spec-ctrl feature, so I've added a patch
  to still detect that support within QEMU. This is of course a
  temporary kludge until KVM gets fixed. (bsc#1082276)
- The SEV support patches are updated to the v9 series.
- Fix incompatibility with recent glibc (boo#1081154)
- Add Supplements tags for the guest agent package in an attempt to
  auto-install for QEMU and Xen SUSE Linux guests (fate#323570)
  * Patches dropped (subsumed by stable update, or reworked in v9):
  0033-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch
  0050-target-i386-add-memory-encryption-f.patch
  0054-accel-add-Secure-Encrypted-Virtuliz.patch
  0072-sev-Fix-build-for-non-x86-hosts.patch
  * Patches added:
  0033-memfd-fix-configure-test.patch
  0053-target-i386-add-Secure-Encrypted-Vi.patch
  0056-qmp-populate-SevInfo-fields-with-SE.patch
  0072-tests-qmp-test-blacklist-query-sev-.patch
  0073-sev-i386-add-migration-blocker.patch
  0074-cpu-i386-populate-CPUID-0x8000_001F.patch
  0075-migration-warn-about-inconsistent-s.patch
  0076-i386-Compensate-for-KVM-SPEC_CTRL-f.patch
  * Patches renamed (plus some minor code changes):
  0051-machine-add-memory-encryption-prope.patch
  - > 0050-machine-add-memory-encryption-prope.patch
  0052-kvm-update-kvm.h-to-include-memory-.patch
  - > 0051-kvm-update-kvm.h-to-include-memory-.patch
  0053-docs-add-AMD-Secure-Encrypted-Virtu.patch
  - > 0052-docs-add-AMD-Secure-Encrypted-Virtu.patch
  0055-sev-add-command-to-initialize-the-m.patch
  - > 0055-sev-i386-add-command-to-initialize-.patch
  0056-sev-register-the-guest-memory-range.patch
  - > 0057-sev-i386-register-the-guest-memory-.patch
  0057-kvm-introduce-memory-encryption-API.patch
  - > 0058-kvm-introduce-memory-encryption-API.patch
  0058-qmp-add-query-sev-command.patch
  - > 0054-qmp-add-query-sev-command.patch
  0060-sev-add-command-to-create-launch-me.patch
  - > 0060-sev-i386-add-command-to-create-laun.patch
  0061-sev-add-command-to-encrypt-guest-me.patch
  - > 0061-sev-i386-add-command-to-encrypt-gue.patch
  0063-sev-add-support-to-LAUNCH_MEASURE-c.patch
  - > 0063-sev-i386-add-support-to-LAUNCH_MEAS.patch
  0064-sev-Finalize-the-SEV-guest-launch-f.patch
  - > 0064-sev-i386-finalize-the-SEV-guest-lau.patch
  0066-sev-add-debug-encrypt-and-decrypt-c.patch
  - > 0066-sev-i386-add-debug-encrypt-and-decr.patch
  0069-sev-add-support-to-query-PLATFORM_S.patch
  - > 0069-sev-i386-add-support-to-query-PLATF.patch
  0070-sev-add-support-to-KVM_SEV_GUEST_ST.patch
  - > 0070-sev-i386-add-support-to-KVM_SEV_GUE.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11

==== qemu-linux-user ====
Version update (2.11.0 -> 2.11.1)

- Update to v2.11.1, a stable, (mostly) bug-fix-only release
  * Patches dropped:
  0033-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch
  0050-target-i386-add-memory-encryption-f.patch
  0054-accel-add-Secure-Encrypted-Virtuliz.patch
  0072-sev-Fix-build-for-non-x86-hosts.patch
  * Patches added:
  0033-memfd-fix-configure-test.patch
  0053-target-i386-add-Secure-Encrypted-Vi.patch
  0056-qmp-populate-SevInfo-fields-with-SE.patch
  0072-tests-qmp-test-blacklist-query-sev-.patch
  0073-sev-i386-add-migration-blocker.patch
  0074-cpu-i386-populate-CPUID-0x8000_001F.patch
  0075-migration-warn-about-inconsistent-s.patch
  0076-i386-Compensate-for-KVM-SPEC_CTRL-f.patch
  * Patches renamed (plus some minor code changes):
  0051-machine-add-memory-encryption-prope.patch
  - > 0050-machine-add-memory-encryption-prope.patch
  0052-kvm-update-kvm.h-to-include-memory-.patch
  - > 0051-kvm-update-kvm.h-to-include-memory-.patch
  0053-docs-add-AMD-Secure-Encrypted-Virtu.patch
  - > 0052-docs-add-AMD-Secure-Encrypted-Virtu.patch
  0055-sev-add-command-to-initialize-the-m.patch
  - > 0055-sev-i386-add-command-to-initialize-.patch
  0056-sev-register-the-guest-memory-range.patch
  - > 0057-sev-i386-register-the-guest-memory-.patch
  0057-kvm-introduce-memory-encryption-API.patch
  - > 0058-kvm-introduce-memory-encryption-API.patch
  0058-qmp-add-query-sev-command.patch
  - > 0054-qmp-add-query-sev-command.patch
  0060-sev-add-command-to-create-launch-me.patch
  - > 0060-sev-i386-add-command-to-create-laun.patch
  0061-sev-add-command-to-encrypt-guest-me.patch
  - > 0061-sev-i386-add-command-to-encrypt-gue.patch
  0063-sev-add-support-to-LAUNCH_MEASURE-c.patch
  - > 0063-sev-i386-add-support-to-LAUNCH_MEAS.patch
  0064-sev-Finalize-the-SEV-guest-launch-f.patch
  - > 0064-sev-i386-finalize-the-SEV-guest-lau.patch
  0066-sev-add-debug-encrypt-and-decrypt-c.patch
  - > 0066-sev-i386-add-debug-encrypt-and-decr.patch
  0069-sev-add-support-to-query-PLATFORM_S.patch
  - > 0069-sev-i386-add-support-to-query-PLATF.patch
  0070-sev-add-support-to-KVM_SEV_GUEST_ST.patch
  - > 0070-sev-i386-add-support-to-KVM_SEV_GUE.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11

==== rpm ====
Subpackages: rpm-build rpm-devel

- split riscv64 part from auto-config-update-aarch64-ppc64le.diff
  to make the change rust-proof.
  new patch: auto-config-update-riscv64.diff
- auto-config-update-aarch64-ppc64le.diff: Update for riscv64 and enable
  it there
- change disk usage handling to take hardlinks into account
  [bnc#720150]
  new patch: hardlinks.diff

==== shadow ====

- Added CVE-2018-7169.patch: Fixed an privilege escalation in newgidmap,
  which allowed an unprivileged user to be placed in a user namespace where
  setgroups(2) is allowed. (CVE-2018-7169 bsc#1081294)

==== unar ====

- add unrar_wrapper.py (https://github.com/openSUSE/unrar_wrapper)
  that provides the basic backwards compatibility with unrar
  [fate#323896]
- unar now obsoletes non-free unrar
- run spec-cleaner

==== util-linux ====
Subpackages: libblkid-devel libblkid1 libblkid1-32bit libfdisk1 libmount1 libmount1-32bit libsmartcols1 libuuid-devel libuuid1 libuuid1-32bit util-linux-lang

- Fix lsblk on NVMe
  (bsc#1078662, util-linux-sysfs-nvme-devno.patch).

==== util-linux-systemd ====

- Fix lsblk on NVMe
  (bsc#1078662, util-linux-sysfs-nvme-devno.patch).

==== valgrind ====

- add valgrind.xen.patch to handle Xen 4.10 (fate#321394, fate#322686)

==== xdg-desktop-portal-kde ====
Version update (5.12.1 -> 5.12.2)
Subpackages: xdg-desktop-portal-kde-lang

- Update to 5.12.2
  * New bugfix release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.12.2.php
- Changes since 5.12.1:
  * Fix build with Qt dev branch, where QCUPSSupport::cupsOptionsList was removed
- Dropped patches, now upstream:
  * 0001-Fix-build-with-Qt-dev-branch-where-QCUPSSupport-cups.patch

==== yast2 ====
Version update (4.0.53 -> 4.0.54)

- Added missing textdomain to firewalld zone class for translations
  (bsc#1082246).
- 4.0.54

==== yast2-bootloader ====
Version update (4.0.18 -> 4.0.19)

- Remove calls to the old yast2-storage layer (bsc#1071978)
- 4.0.19

==== yast2-control-center ====
Version update (4.0.0 -> 4.0.1)
Subpackages: yast2-control-center-qt

- Fixes to way icons are displayed (boo#1081517)
- 4.0.1

==== yast2-firewall ====
Version update (4.0.14 -> 4.0.16)

- Added textdomain for translation (bnc#1081458)
- 4.0.16
- Fixed "default_zone" in rnc file. (bnc#1013047)
- 4.0.15

==== yast2-network ====
Version update (4.0.14 -> 4.0.16)

- Really translate firewalld zones (bsc#1082246)
- 4.0.16
- Virtualization Bridge Proposal: Do not propose network interfaces
  without link as bridgeable (bsc#1062596, bsc#1072951).
- 4.0.15

==== yast2-nfs-client ====
Version update (4.0.1 -> 4.0.2)

- During installation do not check whether the portmapper package
  is installed, fixed error handling when scanning the NFS exports
  fails (bsc#1079624)
- 4.0.2

==== yast2-ntp-client ====
Version update (4.0.7 -> 4.0.8)

- Inform user when client cannot sync with NTP server after the
  user clik on "sync time now" (bsc#1081000)
- 4.0.8

==== yast2-packager ====
Version update (4.0.39 -> 4.0.41)

- Added textdomain in order to activate translation (bnc#1081365).
- 4.0.41
- Added product renames for the SDK and the Toolchain module
  (bsc#1080913)
- 4.0.40

==== yast2-storage-ng ====
Version update (4.0.97 -> 4.0.110)

- Partitioner: prevent to modify devices used in LVM or MD RAID
  (bsc#1079827).
- 4.0.110
- Better handling of errors during hardware probing (bsc#1070459,
  bsc#1079228, bsc#1079817, bsc#1063059, bsc#1080554, bsc#1076776,
  bsc#1070459 and some others).
- 4.0.109
- Avoid to write files in tests (SCR.Write) (fate#323457).
- adapted to callback improvements in libstorage-ng (bsc#1070459
  and many others)
- 4.0.108
- Added missing textdomain calls (bsc#1081454)
- 4.0.107
- AutoYaST: fix support to create multiple volume groups
  (bsc#1081633).
- 4.0.106
- Added missing ptable type conversion (fate#323457)
- 4.0.105
- Changed default partition table from MSDOS to GPT (fate#323457)
- 4.0.104
- ensure partition name changes during the proposal process are taken
  properly into account (bsc#1078691)
- 4.0.103
- Use sysconfig storage file to read the default value for mount_by
  (bsc#1081198).
- Partitioner: allow to configure default value for mount_by.
- 4.0.102
- Do not take into account unformatted DASDs as a possible target
  for installation (bsc#1071798).
- Partitioner: do not show unformatted DASDs, since they cannot
  be partitioned or used in any other way.
- AutoYaST: guess which filesystem type should be used for a given
  partition/logical volume when it is not specified in the profile
  (bsc#1075203).
- Special handling for mount options for / and /boot/*
  in the partitioner (bsc#1080731)
- 4.0.101
- Partitioner: bring back traditional list of mount points for both
  installation and installed system (bsc#1076167 and bsc#1081200).
- Partitioner: bring back traditional behavior of the "Operating
  System" and "Data" roles during installation (bsc#1078975 and
  bsc#1073854).
- 4.0.100
- Special handling for mount options for / and /boot/*
  (bsc#1080731, bsc#1061867, bsc#1077859)
- 4.0.99
- Ensure that there is always selected item in table, if it is not
  empty (bsc#1076318)
- 4.0.98

==== ypbind ====

- Use %license instead of %doc [bsc#1082318]

==== ypserv ====

- Use %license instead of %doc [bsc#1082318]