Packages changed:
  MozillaThunderbird (52.9.1 -> 60.0)
  autoyast2 (4.0.60 -> 4.0.61)
  babl (0.1.52 -> 0.1.56)
  claws-mail (3.16.0 -> 3.17.1)
  cups-filters (1.20.4 -> 1.21.1)
  curl (7.61.0 -> 7.61.1)
  epiphany (3.28.3.1 -> 3.28.4)
  gegl (0.4.4 -> 0.4.8)
  gimp (2.10.4 -> 2.10.6)
  kernel-source (4.18.5 -> 4.18.6)
  libstorage-ng (4.1.22 -> 4.1.24)
  mercurial (4.7 -> 4.7.1)
  miniupnpc
  nano (2.9.8 -> 3.0)
  obs-service-download_files (0.6.1.git.1529965817.d9a3ff4 -> 0.6.2)
  osinfo-db (20180720 -> 20180903)
  perl-File-Path (2.150000 -> 2.160000)
  polkit-default-privs
  poppler (0.66.0 -> 0.68.0)
  poppler-qt5 (0.66.0 -> 0.68.0)
  python-pycryptodome (3.6.3 -> 3.6.6)
  python-pyparsing
  rubygem-autoprefixer-rails (9.1.3 -> 9.1.4)
  rubygem-rubyzip (1.2.1 -> 1.2.2)
  rubygem-yard (0.9.14 -> 0.9.16)
  webkit2gtk3 (2.20.5 -> 2.22.0)
  yast2-services-manager (4.1.5 -> 4.1.7)
  yast2-support (4.0.0 -> 4.0.1)
  zsh (5.5.1 -> 5.6)

=== Details ===

==== MozillaThunderbird ====
Version update (52.9.1 -> 60.0)
Subpackages: MozillaThunderbird-translations-common

- remove non-free untar licenced code from distributed tarball
- Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
  conditional --disable-gconf to configure: no longer pull in
  obsolete gconf2 for Tumbleweed.
- update to Thunderbird 60.0:
  https://www.thunderbird.net/en-US/thunderbird/60.0/releasenotes/
  * Improved message handling and composing
  * Improved handling of message templates
  * Support for OAuth2 and FIDO U2F
  * Various Calendar improvements
  * Various fixes and changes to e-mail workflow
  * Various IMAP fixes
  * Native desktop notifications
- Security fixes which can not, in general, be exploited through
  email, but are potential risks in browser or browser-like contexts:
  MFSA 2018-19 (bsc#1098998)
  * CVE-2018-12359 (bmo#1459162)
    Buffer overflow using computed size of canvas element
  * CVE-2018-12360 (bmo#1459693)
    Use-after-free when using focus()
  * CVE-2018-12361 (bmo#1463244)
    Integer overflow in SwizzleData
  * CVE-2018-12362 (bmo#1452375)
    Integer overflow in SSSE3 scaler
  * CVE-2018-5156 (bmo#1453127)
    Media recorder segmentation fault when track type is changed
    during capture
  * CVE-2018-12363 (bmo#1464784)
    Use-after-free when appending DOM nodes
  * CVE-2018-12364 (bmo#1436241)
    CSRF attacks through 307 redirects and NPAPI plugins
  * CVE-2018-12365 (bmo#1459206)
    Compromised IPC child process can list local filenames
  * CVE-2018-12371 (bmo#1465686)
    Integer overflow in Skia library during edge builder allocation
  * CVE-2018-12366 (bmo#1464039)
    Invalid data handling during QCMS transformations
  * CVE-2018-12367 (bmo#1462891)
    Timing attack mitigation of PerformanceNavigationTiming
  * CVE-2018-5187 (bmo#1461324,bmo#1414829,bmo#1395246,bmo#1467938,
    bmo#1461619,bmo#1425930,bmo#1438556,bmo#1454285,bmo#1459568,
    bmo#1463884)
    Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and
    Thunderbird 60
  * CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739,
    bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576,
    bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829,
    bmo#1464079,bmo#1463494,bmo#1458048)
    Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, Firefox
    ESR 52.9, and Thunderbird 60
- requires NSPR 4.19 and NSS 3.36.4
- source archives are now signed directly
  (removed checksum signature check)
- imported patches from Firefox 60
  * mozilla-bmo1375074.patch
  * mozilla-bmo1464766.patch
  * mozilla-i586-DecoderDoctorLogger.patch
  * mozilla-i586-domPrefs.patch
- removed obsolete patches
  * mozilla-language.patch
  * tb-ssldap.patch
  * mozilla-develdirs.patch
- removed -devel subpackage as old-style extensions are mainly gone
- storing of remote content settings fixed (boo#1084603)

==== autoyast2 ====
Version update (4.0.60 -> 4.0.61)
Subpackages: autoyast2-installation

- AutoInstallRules: Fixed crash while merging profiles.
  (bsc#1105711)
- 4.0.61

==== babl ====
Version update (0.1.52 -> 0.1.56)

- Update license to LGPL-3.0-or-later AND GPL-3.0-or-later per the
  feedback from legal.
- Update to version 0.1.56:
  + Improvements to the caching of profiled conversion chains
    between invocations by ignoring unknown bits in cache file and
    remember which conversions yielded reference fishes.
- Changes from version 0.1.54:
  + Export babl_space_get_icc, babl_space_get,
    babl_model_with_space, babl_space_with_trc,
    babl_format_get_encoding, babl_model_is, SSE2 versions of YA
    float and Y float to CIE L float.

==== claws-mail ====
Version update (3.16.0 -> 3.17.1)
Subpackages: claws-mail-lang

- Update to 3.17.1:
  bug fixes:
    o bug 4072, 'Crash when clicking 'reply' or 'reply with quote''
    o Account signature: Warn and fail rather than crashing when
    format string is faulty.
- Add texlive-* dependencies for creation of manual
- bsc#1105222: Remove Do-not-use-msginfo_list-for-compose.patch
  Faulty behaviour
- Update to 3.17.0:
  * SOCKS proxy support has been added.
  * Accounts can now have their own auto-check intervals, or follow the
    global interval.
  * in the options for 'default selection when entering a folder',
    'first [...]' has been renamed to 'oldest [...]', and
    'newest [...]' items have been added.
  * Message List: when changing sort key by clicking column header,
    the sort direction is now preserved
  * Message View: keypress handling for scrolling, (PgUp/Down, Space,
    Backspace), has been improved.
  * the Network Log now displays output from LDAP operations.
  * "Go to last error" has been added to the Log Window context menu.
  * Filtering/Processing: "mark_as_spam" is no longer a final action,
    since it does not move the marked message.
  * Filtering/Processing: Resent-From and Resent-To have been added in
    Any/All header(s) (in Address Book) matcher rules.
  * when a Return-Receipt request is received by an unknown address,
    the user is now required to choose which Account to send it from.
  * Colour Labels: confirmation is asked for when clearing or
    overriding existing colour labels.
  * Address Book: basic contact merging has been added.
  * NetworkManager support: ported from libnm-util/libnm-glib to libnm.
  * Dillo plugin: this HTML rendering plugin is now once again
    available.
  * RSSyl plugin: the modified time is no longer considered when
    matching deleted items.
  * RSSyl plugin: Handle 404 and other fetch failures better.
  * Attachment Remover plugin: the user is now notified about what has
    been done when processing multiple selections.
  * SpamAssassin plugin: added support for compression (the server must
    have compression enabled, and the local spamc too).
  * SpamAssassin plugin: disabled SSLv3.
  * when using the hidden preference, hide_timezone, the time in the
    Date header is converted to UTC.
  * various other UI improvements.
  * many behind-the-scenes improvements.
  * bug fixes:
  o bug 3754, 'interactive auth dialogs pops endlessly'
  o bug 3919, 'manual filtering does not move spam'
  o bug 3936, 'LDAP StartTLS does not work for addressbooks'
  o bug 3947, 'Build break with --disable-libsm
  - -enable-crash-dialog'
  o bug 3957, 'Claws-Mail 64bit crashes when saving a draft'
  o bug 3960, 'Sends unencrypted emails when encryption fails'
  o bug 3971, 'Deleted rss feed item reappears as unread on
  feed refreshing'
  o bug 3973, ''select all' in summaryview does not
  automatically focus the summaryview'
  o bug 3978, '"From" column displays both name and email
  address for Outbox'
  o bug 3984, 'Copy-paste in find/filter field works
  incorrectly'
  o bug 3985, 'an empty progress bar remains after POP mail
  check completes'
  o bug 3986, 'IMAP quick search using non-ASCII characters
  creates an infinite loop'
  o bug 3993, 'Claws Mail connects to IMAP server when it
  should not'
  o bug 4014, '"Work offline" doesn't seem to affect RSS'
  o bug 4022, 'Closing "Account Preferences" window opens "Edit
  Accounts" window if "Edit Accounts" window has
  been opened before at least once'
  o bug 4023, 'Fix some small issues'
  o bug 4033, 'Claws Mail crashes [malloc(): memory corruption]
  while trying to save account password greater
  than 136 chars'
  o bug 4056, 'Impossible to disable overriding of offline
  mode'
  o bug 4058, '# in extended search description window should
  not be translated'
  o bug 4068, 'Claws Mail hangs when getting news from a
  certain feed'
  o actionsrc was not updated after mailbox name change
  o two crashes caused by bad GtkListStore management in
  editaddress.c
  o wrong malloc of clamd_socket struct, (CID 1220477)
  o vCalendar: possible access to uninitilized folder pointer
  (CID 1402515)
  o vCalendar: mismatch and unneeded display of unavailable
  folder class in warning (CID 1434197)
  o vCalendar: Skip whitespace chars at the beginning of ics
  stream
  o buffer overrun, always writing at buffer size + 1. (CID
  1434188)
  o wrong use of pointer-to-array as an array CID 1434191)
  o sensitivity of few preferences widgets of the SA plug-in
  o compilation using --enable-generic-umpc
  o crash in quicksearch keypress handling
  o quoting in reply to format=flowed message
  o HTML  header handling
  o 'sort_type' is lost when changing 'sort_key' from
  /View/sort the bug was apparent with a descending sort
  o Return-Receipts: MDN mail-accountname leak
  o auth retry in Managesieve - wrong state variable was being
  set
  o memory leaks

==== cups-filters ====
Version update (1.20.4 -> 1.21.1)

- Do not diferentiate for service location, it is in sbindir
  on all systems we support now
- Use license for license install
- Version update to 1.21.1:
  - foomatic-rip: Fixed segmentation fault caused by wrong
    Coverity Scan issue fix (Issue #57, Debian bug #907026).
  - Build system: Require QPDF 8.1.0 or later as it is needed by
    bannertopdf (Issue #56).
  - libcupsfilters, cups-browsed, driverless, foomatic-rip,
    parallel: Silenced warnings from newest gcc.
  - libcupsfilters: When generating a PPD for driverless
    printing on a remote IPP printer, make pdftopdf not being
    run by the local queue if the remote queue is a CUPS queue
    to avoid running pdftopdf twice (CUPS Issue #5361).
  - libcupsfilters, cups-browsed, driverless, bannertopdf,
    foomatic-rip, pdftops, pdftoraster, rastertops,
    rastertoescpx, sys5ippprinter, beh: Fixed Coverity Scan
    issues. Thanks to Zdenek Dohnal (zdohnal at redhat dot com)
    for the tests and the patches.
  - bannertopdf: Switched over from using Poppler to using QPDF
    for generating the PDF pages. With Poppler unstable APIs
    were used which were subject to change. Thanks to Sahil
    Arora for this project in the Google Summer of Code 2018
    (Pull request #25).
  - cups-browsed: Manually defined clusters ("Cluster" directive
    in cups-browsed.conf) caused cups-browsed to crash.

==== curl ====
Version update (7.61.0 -> 7.61.1)
Subpackages: libcurl4

- Update to version 7.61.1
  Bugfixes:
  * CVE-2018-14618: NTLM password overflow via integer overflow (bsc#1106019)
  * CURLINFO_SIZE_UPLOAD: fix missing counter update
  * CURLOPT_ACCEPT_ENCODING.3: list them comma-separated
  * CURLOPT_SSL_CTX_FUNCTION.3: might cause accidental connection reuse
  * Curl_getoff_all_pipelines: improved for multiplexed
  * DEPRECATE: remove release date from 7.62.0
  * HTTP: Don't attempt to needlessly decompress redirect body
  * INTERNALS: require GnuTLS >= 2.11.3
  * README.md: add LGTM.com code quality grade for C/C++
  * SSLCERTS: improve the openssl command line
  * Silence GCC 8 cast-function-type warnings
  * ares: check for NULL in completed-callback
  * asyn-thread: Remove unused macro
  * auth: only pick CURLAUTH_BEARER if we *have* a Bearer token
  * auth: pick Bearer authentication whenever a token is available
  * cmake: CMake config files are defining CURL_STATICLIB for static builds
  * cmake: Respect BUILD_SHARED_LIBS
  * cmake: Update scripts to use consistent style
  * cmake: bumped minimum version to 3.4
  * cmake: link curl to the OpenSSL targets instead of lib absolute paths
  * configure: conditionally enable pedantic-errors
  * configure: fix for -lpthread detection with OpenSSL and pkg-config
  * conn: remove the boolean 'inuse' field
  * content_encoding: accept up to 4 unknown trailer bytes after raw deflate data
  * cookie tests: treat files as text
  * cookies: support creation-time attribute for cookies
  * curl: Fix segfault when -H @headerfile is empty
  * curl: add http code 408 to transient list for --retry
  * curl: fix time-of-check, time-of-use race in dir creation
  * curl: use Content-Disposition before the "URL end" for -OJ
  * curl: warn the user if a given file name looks like an option
  * curl_threads: silence bad-function-cast warning
  * darwinssl: add support for ALPN negotiation
  * docs/CURLOPT_URL: fix indentation
  * docs/CURLOPT_WRITEFUNCTION: size is always 1
  * docs/SECURITY-PROCESS: mention bounty, drop pre-notify
  * docs/examples: add hiperfifo example using linux epoll/timerfd
  * docs: add disallow-username-in-url.d and haproxy-protocol.d to dist
  * docs: clarify NO_PROXY env variable functionality
  * docs: improved the manual pages of some callbacks
  * docs: mention NULL is fine input to several functions
  * formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT
  * gopher: Do not translate `?' to `%09'
  * header output: switch off all styles, not just unbold
  * hostip: fix unused variable warning
  * http2: Use correct format identifier for stream_id
  * http2: abort the send_callback if not setup yet
  * http2: avoid set_stream_user_data() before stream is assigned
  * http2: check nghttp2_session_set_stream_user_data return code
  * http2: clear the drain counter in Curl_http2_done
  * http2: make sure to send after RST_STREAM
  * http2: separate easy handle from connections better
  * http: fix for tiny "HTTP/0.9" response
  * http_proxy: Remove unused macro SELECT_TIMEOUT
  * lib/Makefile: only do symbol hiding if told to
  * lib1502: fix memory leak in torture test
  * lib1522: fix curl_easy_setopt argument type
  * libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation
  * mime: check Curl_rand_hex's return code
  * multi: always do the COMPLETED procedure/state
  * openssl: assume engine support in 1.0.0 or later
  * openssl: fix debug messages
  * projects: Improve Windows perl detection in batch scripts
  * retry: return error if rewind was necessary but didn't happen
  * reuse_conn(): memory leak - free old_conn->options
  * schannel: client certificate store opening fix
  * schannel: enable CALG_TLS1PRF for w32api >= 5.1
  * schannel: fix MinGW compile break
  * sftp: don't send post-qoute sequence when retrying a connection
  * smb: fix memory leak on early failure
  * smb: fix memory-leak in URL parse error path
  * smb_getsock: always wait for write socket too
  * ssh-libssh: fix infinite connect loop on invalid private key
  * ssh-libssh: reduce excessive verbose output about pubkey auth
  * ssh-libssh: use FALLTHROUGH to silence gcc8
  * ssl: set engine implicitly when a PKCS#11 URI is provided
  * sws: handle EINTR when calling select()
  * system_win32: fix version checking
  * telnet: Remove unused macros TELOPTS and TELCMDS
  * test1143: disable MSYS2's POSIX path conversion
  * test1148: disable if decimal separator is not point
  * test1307: (fnmatch testing) disabled
  * test1422: add required file feature
  * test1531: Add timeout
  * test1540: Remove unused macro TEST_HANG_TIMEOUT
  * test214: disable MSYS2's POSIX path conversion for URL
  * test320: treat curl320.out file as binary
  * tests/http_pipe.py: Use /usr/bin/env to find python
  * tests: Don't use Windows path %PWD for SSH tests
  * tests: fixes for Windows line endlings
  * tool_operate: Fix setting proxy TLS 1.3 ciphers
  * travis: build darwinssl on macos 10.12 to fix linker errors
  * travis: execute "set -eo pipefail" for coverage build
  * travis: run a 'make checksrc' too
  * travis: update to GCC-8
  * travis: verify that man pages can be regenerated
  * upload: allocate upload buffer on-demand
  * upload: change default UPLOAD_BUFSIZE to 64KB
  * urldata: remove unused pipe_broke struct field
  * vtls: reinstantiate engine on duplicated handles
  * windows: implement send buffer tuning
  * wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random
- Remove patch included upstream:
  * curl-switch-off-all-styles.patch

==== epiphany ====
Version update (3.28.3.1 -> 3.28.4)
Subpackages: epiphany-lang gnome-shell-search-provider-epiphany

- Update to version 3.28.4:
  + Improve performance of adblocker.
  + Ensure correct address is displayed in security popover when
    starting loads.
  + Fix crash on homedepot.com.
  + Improve use of Safe Browsing threat lists.
  + Fix miscellaneous memory leaks.
- Drop upstream fixed patches:
  + epiphany-uri-tester-fixes.patch.
  + epip-revert-gsb-storage-dont-hardcode-Linux-threat-lists.patch.
  + epiphany-leak-fixes.patch.

==== gegl ====
Version update (0.4.4 -> 0.4.8)
Subpackages: gegl-0_4 gegl-0_4-lang libgegl-0_4-0

- Update to version 0.4.8:
  + Core/GeglBuffer: Fixes to races during buffer/tile storage
    destruction, improve swap usage for stored empty tiles.
  + Operations
  - motion-blur-circular - improve/clarify property ui
  - median-blur          - added abyss-policy property
  - long-shadow          - new operation
  - little-planet        - adapt reference composition
- Changes from version 0.4.6:
  + Up until now GEGL has been using a color space corresponding to
    scRGB as an unbounded device independent/possibly
    scene-referred HDR color space - with a similar approach to to
    how ACEScg works but with a worse set of RGB primaries. babl
    formats, represented by a pointer and a corresponding
    encoding/format string have been used to specify the specific
    encoding of pixel values. The encoding including component
    order, data type and TRC encoding. Where "RGBA float" means
    32bit float data and "R'G'B' u8" the ' indicates non-linear,
    and thus this is sRGB. "RaGaBaA half" gives premultiplied
    linear half data. Other encodings and conversions are also
    provided through these formats including "CIE Lab float" and
    "HSV float".
  + As a color management workflow for scene-referred imaging the
    above could be sufficient, but GIMP needs data in the 0.0-1.0
    range for some display referred blending modes to work
    properly. As a consequence of this recognized short-coming GIMP
    has been passing the pixels of for instance ProPhoto "R'G'B'A
    float" off as "R'G'B'A float" and linear ProPhoto "RGBA float"
    as "RGBA float" this works for single operations, but falls
    apart when the colors are converted to CIE Lab. This is the
    good enough state where the other benefits of having a stable
    release powered by GEGL outweighed not being entirely correct.
  + Since babl 0.1.32 of october 2017, all babl formats have an
    associated unchangable space associated with them, and since
    then GeglBuffer has worked correctly with it - since
    GeglBuffers use of babl API did not change. GIMP is already
    using these parts of babl for ICC matrix based conversions
    since using babl for ICC profile transforms is an order of
    magnitude faster than using the lcms2 library. It took time to
    come up with the above scheme of integrating arbitrary
    primaries and curves for spaces with babl in a maintainable
    manner, and it has taken until the last month to come up with a
    full plan for the rest of GEGL to be aware of and handling
    arbirary parametric ICC v2/v4 based color spaces for
    operations; without limiting the ability to extend and use the
    code for a wide range of scenarios.
  + A space can be constructed from a preferenced
    name/specification, loaded/saved from ICC matrix profiles or
    constructed and serialized to whitepoint + rgb chromaticities /
    xyz matrix. More recently an additional trc mark has been added
    '~', giving this vocabulary for RGB formats, in addition to
    variants with alpha and pre-multiplied alpha variants of the
    same:
  - "RGB"     linear      primaries from space, linear data
  - "R'G'B'"  non-linear  primaries from space, TRCs from space
  - "R~G~B~"  perceptual  primaries from space, sRGB TRC
  + When creating device independent CIE based spaces they also get
    passed a space, this means that we can convert CIE Lab to RGB
    float, keeping track of which space / ICC profile the data
    correspond to.
  + GEGL operations now construct their desired encodings of
    formats by taking the space of buffers on input pads into
    account. By default, for composers "input" wins over "aux" to
    determine ops space. If an operation is not ported, data will
    be converted to sRGB on input and sRGB will come out of the
    node.
  + Buffer loaders PNG, JPG, TIFF and EXR generate custom spaces
    based on ICC profiles/primaries. The corresponding savers saves
    color space information. A new save handler for the .icc
    extension, acts like an image storer but only saves the ICC
    profile of the buffer it gets on input.
  + With no additional operations inserted, this now means that
    GEGL graphs operate on linear / non-linear variants of the
    color space used in the input images without conversion. The
    new operations gegl:cast-space and gegl:convert-space provide
    means of overriding this behavior, see the new section about
    color management in the gegl-chain syntax documentation at
    http://gegl.org/gegl-chain.html
  + Initial work has started on making GIMP also use of and
    propagate color space information along with encoding in babl
    formats, changes which also will be integrated in the 2.10
    branch.
  + Other changes to operations: vignette: fixes to gamma property
  + New operations:
  - cast-space: assign/override color space
  - convert-space: convert to a different color space
  - litte-planet: stereographic-mapping split out of the
    panorama-projection
  + New operation in workshop: acrs-rrt: ACES RRT based HDR to SDR
    proof/preview point-filter tonemapping op.

==== gimp ====
Version update (2.10.4 -> 2.10.6)
Subpackages: gimp-lang gimp-plugin-aa gimp-plugins-python libgimp-2_0-0 libgimpui-2_0-0

- Update to version 2.10.6:
  + Core:
  - Render drawable previews asynchronously.
  - Merge the file view filter and file format lists in
    GimpFileDialog. The presence of 2 lists was very confusing.
  - DLL search priority is now updated before running a plug-in
    on Windows, depending on the executable bitness. This gets
    rid of one of the last remnant of DLL hell in GIMP, which was
    when running 32-bit plug-ins from a 64-bit build of GIMP.
  + Filters:
  - New "Little Planet" (gegl:stereographic-projection) filter.
  - New "Long Shadow" (gegl:long-shadow) filter.
  + Tools:
  - Halt the Measure tool after straightening.
  - Add an "orientation" option to the measure tool,
    corresponding to the "orientation" property of
    GimpToolCompass (i.e., it controls the orientation against
    which the angle is measured, when not in 3-point mode.) The
    orientation is "auto" by default, so that the angle is always
    <= 45 deg.  Note that the "orientation" option affects the
    tool's "straighten" function, so that the layer is rotated
    toward the current orientation.
  - Text layers can now represent vertical texts, with 4
    variants: left-to-right and right-to-left lines, and forcing
    all characters to be upright or following Unicode's vertical
    orientation property. See also:
    https://www.unicode.org/reports/tr50/
    http://www.unicode.org/Public/UCD/latest/ucd/VerticalOrientation.txt
  + User Interface:
  - The Dashboard dockable dialog now has an "async" field to the
    dashboard's "misc" group, showing the number of async
    operations currently in the "running" state.
  - New Preferences option to enable/disable layer-group
    previews, since these can get quite time-expensive.
  + Updated translations.

==== kernel-source ====
Version update (4.18.5 -> 4.18.6)
Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms

- Linux 4.18.6 (bnc#1012628).
- PATCH scripts/kernel-doc (bnc#1012628).
- scripts/kernel-doc: Escape all literal braces in regexes
  (bnc#1012628).
- scsi: libsas: dynamically allocate and free ata host
  (bnc#1012628).
- xprtrdma: Fix disconnect regression (bnc#1012628).
- mei: don't update offset in write (bnc#1012628).
- cifs: add missing support for ACLs in SMB 3.11 (bnc#1012628).
- CIFS: fix uninitialized ptr deref in smb2 signing (bnc#1012628).
- cifs: add missing debug entries for kconfig options
  (bnc#1012628).
- cifs: use a refcount to protect open/closing the cached file
  handle (bnc#1012628).
- cifs: check kmalloc before use (bnc#1012628).
- smb3: enumerating snapshots was leaving part of the data off
  end (bnc#1012628).
- smb3: Do not send SMB3 SET_INFO if nothing changed
  (bnc#1012628).
- smb3: don't request leases in symlink creation and query
  (bnc#1012628).
- smb3: fill in statfs fsid and correct namelen (bnc#1012628).
- btrfs: use correct compare function of dirty_metadata_bytes
  (bnc#1012628).
- btrfs: don't leak ret from do_chunk_alloc (bnc#1012628).
- Btrfs: fix mount failure after fsync due to hard link recreation
  (bnc#1012628).
- Btrfs: fix btrfs_write_inode vs delayed iput deadlock
  (bnc#1012628).
- Btrfs: fix send failure when root has deleted files still open
  (bnc#1012628).
- Btrfs: send, fix incorrect file layout after hole punching
  beyond eof (bnc#1012628).
- hwmon: (k10temp) 27C Offset needed for Threadripper2
  (bnc#1012628).
- bpf, arm32: fix stack var offset in jit (bnc#1012628).
- regulator: arizona-ldo1: Use correct device to get enable GPIO
  (bnc#1012628).
- iommu/arm-smmu: Error out only if not enough context interrupts
  (bnc#1012628).
- printk: Split the code for storing a message into the log buffer
  (bnc#1012628).
- printk: Create helper function to queue deferred console
  handling (bnc#1012628).
- printk/nmi: Prevent deadlock when accessing the main log buffer
  in NMI (bnc#1012628).
- kprobes/arm64: Fix %p uses in error messages (bnc#1012628).
- arm64: Fix mismatched cache line size detection (bnc#1012628).
- arm64: Handle mismatched cache type (bnc#1012628).
- arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid()
  (bnc#1012628).
- arm64: dts: rockchip: corrected uart1 clock-names for rk3328
  (bnc#1012628).
- KVM: arm/arm64: Fix potential loss of ptimer interrupts
  (bnc#1012628).
- KVM: arm/arm64: Fix lost IRQs from emulated physcial timer
  when blocked (bnc#1012628).
- KVM: arm/arm64: Skip updating PMD entry if no change
  (bnc#1012628).
- KVM: arm/arm64: Skip updating PTE entry if no change
  (bnc#1012628).
- s390/kvm: fix deadlock when killed by oom (bnc#1012628).
- perf kvm: Fix subcommands on s390 (bnc#1012628).
- stop_machine: Reflow cpu_stop_queue_two_works() (bnc#1012628).
- stop_machine: Atomically queue and wake stopper threads
  (bnc#1012628).
- ext4: check for NUL characters in extended attribute's name
  (bnc#1012628).
- ext4: use ext4_warning() for sb_getblk failure (bnc#1012628).
- ext4: sysfs: print ext4_super_block fields as little-endian
  (bnc#1012628).
- ext4: reset error code in ext4_find_entry in fallback
  (bnc#1012628).
- ext4: fix race when setting the bitmap corrupted flag
  (bnc#1012628).
- nvme-pci: add a memory barrier to
  nvme_dbbuf_update_and_check_event (bnc#1012628).
- x86/gpu: reserve ICL's graphics stolen memory (bnc#1012628).
- platform/x86: wmi: Do not mix pages and kmalloc (bnc#1012628).
- mm: move tlb_table_flush to tlb_flush_mmu_free (bnc#1012628).
- mm/tlb, x86/mm: Support invalidating TLB caches for
  RCU_TABLE_FREE (bnc#1012628).
- x86/vdso: Fix vDSO build if a retpoline is emitted
  (bnc#1012628).
- x86/process: Re-export start_thread() (bnc#1012628).
- KVM: x86: ensure all MSRs can always be KVM_GET/SET_MSR'd
  (bnc#1012628).
- KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with
  interrupts disabled (bnc#1012628).
- fuse: Don't access pipe->buffers without pipe_lock()
  (bnc#1012628).
- fuse: fix initial parallel dirops (bnc#1012628).
- fuse: fix double request_end() (bnc#1012628).
- fuse: fix unlocked access to processing queue (bnc#1012628).
- fuse: umount should wait for all requests (bnc#1012628).
- fuse: Fix oops at process_init_reply() (bnc#1012628).
- fuse: Add missed unlock_page() to fuse_readpages_fill()
  (bnc#1012628).
- lib/vsprintf: Do not handle %pO[^F] as %px (bnc#1012628).
- udl-kms: change down_interruptible to down (bnc#1012628).
- udl-kms: handle allocation failure (bnc#1012628).
- udl-kms: fix crash due to uninitialized memory (bnc#1012628).
- udl-kms: avoid division (bnc#1012628).
- b43legacy/leds: Ensure NUL-termination of LED name string
  (bnc#1012628).
- b43/leds: Ensure NUL-termination of LED name string
  (bnc#1012628).
- ASoC: dpcm: don't merge format from invalid codec dai
  (bnc#1012628).
- ASoC: zte: Fix incorrect PCM format bit usages (bnc#1012628).
- ASoC: sirf: Fix potential NULL pointer dereference
  (bnc#1012628).
- ASoC: wm_adsp: Correct DSP pointer for preloader control
  (bnc#1012628).
- soc: qcom: rmtfs-mem: fix memleak in probe error paths
  (bnc#1012628).
- pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show()
  (bnc#1012628).
- scsi: qla2xxx: Fix stalled relogin (bnc#1012628).
- x86/vdso: Fix lsl operand order (bnc#1012628).
- x86/nmi: Fix NMI uaccess race against CR3 switching
  (bnc#1012628).
- x86/irqflags: Mark native_restore_fl extern inline
  (bnc#1012628).
- x86/spectre: Add missing family 6 check to microcode check
  (bnc#1012628).
- x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
  (bnc#1012628).
- hwmon: (nct6775) Fix potential Spectre v1 (bnc#1012628).
- x86/entry/64: Wipe KASAN stack shadow before
  rewind_stack_do_exit() (bnc#1012628).
- x86: Allow generating user-space headers without a compiler
  (bnc#1012628).
- s390/mm: fix addressing exception after suspend/resume
  (bnc#1012628).
- s390/lib: use expoline for all bcr instructions (bnc#1012628).
- s390: fix br_r1_trampoline for machines without exrl
  (bnc#1012628).
- s390/qdio: reset old sbal_state flags (bnc#1012628).
- s390/numa: move initial setup of node_to_cpumask_map
  (bnc#1012628).
- s390/pci: fix out of bounds access during irq setup
  (bnc#1012628).
- s390/purgatory: Fix crash with expoline enabled (bnc#1012628).
- s390/purgatory: Add missing FORCE to Makefile targets
  (bnc#1012628).
- kprobes: Show blacklist addresses as same as kallsyms does
  (bnc#1012628).
- kprobes: Replace %p with other pointer types (bnc#1012628).
- kprobes/arm: Fix %p uses in error messages (bnc#1012628).
- kprobes: Make list and blacklist root user read only
  (bnc#1012628).
- MIPS: Correct the 64-bit DSP accumulator register size
  (bnc#1012628).
- MIPS: memset.S: Fix byte_fixup for MIPSr6 (bnc#1012628).
- MIPS: Always use -march=<arch>, not -<arch> shortcuts
  (bnc#1012628).
- MIPS: Change definition of cpu_relax() for Loongson-3
  (bnc#1012628).
- MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7
  (bnc#1012628).
- tpm: Return the actual size when receiving an unsupported
  command (bnc#1012628).
- tpm: separate cmd_ready/go_idle from runtime_pm (bnc#1012628).
- scsi: mpt3sas: Fix calltrace observed while running IO & reset
  (bnc#1012628).
- scsi: mpt3sas: Fix _transport_smp_handler() error path
  (bnc#1012628).
- scsi: sysfs: Introduce sysfs_{un,}break_active_protection()
  (bnc#1012628).
- scsi: core: Avoid that SCSI device removal through sysfs
  triggers a deadlock (bnc#1012628).
- iscsi target: fix session creation failure handling
  (bnc#1012628).
- mtd: rawnand: hynix: Use ->exec_op() in
  hynix_nand_reg_write_op() (bnc#1012628).
- mtd: rawnand: fsmc: Stop using chip->read_buf() (bnc#1012628).
- mtd: rawnand: marvell: add suspend and resume hooks
  (bnc#1012628).
- mtd: rawnand: qcom: wait for desc completion in all BAM channels
  (bnc#1012628).
- clk: rockchip: fix clk_i2sout parent selection bits on rk3399
  (bnc#1012628).
- clk: npcm7xx: fix memory allocation (bnc#1012628).
- PM / clk: signedness bug in of_pm_clk_add_clks() (bnc#1012628).
- power: generic-adc-battery: fix out-of-bounds write when
  copying channel properties (bnc#1012628).
- power: generic-adc-battery: check for duplicate properties
  copied from iio channels (bnc#1012628).
- watchdog: Mark watchdog touch functions as notrace
  (bnc#1012628).
- cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status
  (bnc#1012628).
- x86/dumpstack: Don't dump kernel memory based on usermode RIP
  (bnc#1012628).
- Refresh
  patches.suse/0006-x86-stacktrace-Enable-HAVE_RELIABLE_STACKTRACE-for-t.patch.
- Update config files.
- commit 70ab8ae
- arm64: KVM: Only force FPEXC32_EL2.EN if trapping FPSIMD
  (bsc#1106841).
- commit dd0155c
- config: arm64: Increase SERIAL_8250_RUNTIME_UARTS to 32 (boo#1073193)
- commit 0dbc49b
- config: Enable SERIAL_SC16IS7XX_SPI on arm and x86 (bsc#1105672, fate#326668)
- commit cdc9ece
- config: Consistently increase SERIAL_8250_NR_UARTS to 32 (boo#1073193)
- commit acb36ab
- config: armv7hl: Update to 4.18.5 (bsc#1012628)
- commit fa0ebc5
- config: armv6hl: Update to 4.18.5 (bsc#1012628)
- commit e907106

==== libstorage-ng ====
Version update (4.1.22 -> 4.1.24)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1

- merge gh#openSUSE/libstorage-ng#568
- avoid setenv after fork (bsc#1107403)
- added unit test
- 4.1.24
- merge gh#openSUSE/libstorage-ng#567
- added luks label to blkid parser
- added unit test
- 4.1.23

==== mercurial ====
Version update (4.7 -> 4.7.1)
Subpackages: mercurial-lang

- Mercurial 4.7.1
  This is a regularly-scheduled bugfix release containing following fixes:
  * commands
    + merge: do not delete untracked files silently (issue5962)
  * core
    + revlog: fix descendant deprecated method
  * hgweb
    + hgweb: load revcount + 1 entries to fill nextentry in log page (issue5972)
  * performance
    + remotephase: avoid full changelog iteration (issue5964)
    + remotephase: fast path newheads computation in simple case (issue5964)
    + scmutil: avoid quadratic membership testing (issue5969)
    + sparse-revlog: fix delta validity computation

==== miniupnpc ====

- Version 2.1 solved:
  * CVE-2017-1000494: https://github.com/miniupnp/miniupnp/issues/268 https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a
  * bnc#1075137 - (CVE-2017-1000494) VUL-1: CVE-2017-1000494 miniupnpc: Multiple vulnerabilities can allow a remote attacker to cause a denial of service or potentially execute code

==== nano ====
Version update (2.9.8 -> 3.0)
Subpackages: nano-lang

- GNU nano 3.0:
  * speed improvements
  * changes, updates and renames to commands and bindings
  * external spell check can now be undone

==== obs-service-download_files ====
Version update (0.6.1.git.1529965817.d9a3ff4 -> 0.6.2)

- Update to version 0.6.2:
  * support appimage.yml parsing

==== osinfo-db ====
Version update (20180720 -> 20180903)

- Update database to version 20180903
  osinfo-db-20180903.tar.xz

==== perl-File-Path ====
Version update (2.150000 -> 2.160000)

- updated to 2.16
  see /usr/share/doc/packages/perl-File-Path/Changes
  2.16 2018-08-31
  - Correct inadequate method of generating names for dummy users
    and groups during testing (RTC 121967).  No change in
    functionality from 2.15.

==== polkit-default-privs ====

- polkit-default-privs: add renamed libvirt rules (bsc#1106813)

==== poppler ====
Version update (0.66.0 -> 0.68.0)
Subpackages: libpoppler-glib8 poppler-tools

- Update to version 0.68.0:
  + core:
  - Add Reason and Location to SignatureInfo (fdo#107299).
  - Fix memory misuse on signature handling
  - Fix security issues found by oss-fuzz
  - Don't give a warning when Marked value is false (fdo#107430).
  + qt5: Add Reason and Location to SignatureInfo (fdo#107299).
  + cpp:
  - Add rotation() to text_box (fdo#106562).
  - Fix build with MSVC
  + utils:
  - pdftoppm: Add -jpegopt optimize option support
  - pdftocairo: Add -jpegopt optimize option support
  - pdftohtml:
    . Add option to not round coordinates
    . Fix possible crash (fdo#107316).
  + build system:
  - Use OpenJpeg cmake config file instead of pkgconfig
  - Remove wchar_t- on MSVC
- Changes from version 0.67.0:
  + core:
  - Fix lots of security/leak issues found by oss-fuzz
  - Splash:
    . Optimize some files, making them 20% faster
    . Correctly manipulate spot colors if SPOT_NCOMPS != 4
  - Fix compilation with some strict compilers.
- Bump poppler_sover following upstream changes.
- Add openjpeg2 BuildRequires: New dependency.

==== poppler-qt5 ====
Version update (0.66.0 -> 0.68.0)

- Update to version 0.68.0:
  + core:
  - Add Reason and Location to SignatureInfo (fdo#107299).
  - Fix memory misuse on signature handling
  - Fix security issues found by oss-fuzz
  - Don't give a warning when Marked value is false (fdo#107430).
  + qt5: Add Reason and Location to SignatureInfo (fdo#107299).
  + cpp:
  - Add rotation() to text_box (fdo#106562).
  - Fix build with MSVC
  + utils:
  - pdftoppm: Add -jpegopt optimize option support
  - pdftocairo: Add -jpegopt optimize option support
  - pdftohtml:
    . Add option to not round coordinates
    . Fix possible crash (fdo#107316).
  + build system:
  - Use OpenJpeg cmake config file instead of pkgconfig
  - Remove wchar_t- on MSVC
- Changes from version 0.67.0:
  + core:
  - Fix lots of security/leak issues found by oss-fuzz
  - Splash:
    . Optimize some files, making them 20% faster
    . Correctly manipulate spot colors if SPOT_NCOMPS != 4
  - Fix compilation with some strict compilers.
- Bump poppler_sover following upstream changes.
- Add openjpeg2 BuildRequires: New dependency.

==== python-pycryptodome ====
Version update (3.6.3 -> 3.6.6)

- Update to 3.6.6
  - Resolved issues:
  * Fix vulnerability on AESNI ECB with payloads smaller than
    16 bytes.
- Update to 3.5.5
  - Resolved issues
  * Fixed incorrect AES encryption/decryption with AES
    acceleration on x86 due to gcc?s optimization and strict
    aliasing rules.
  * More prime number candidates than necessary where discarded
    as composite due to the limited way D values were searched
    in the Lucas test.
  * Fixed ResouceWarnings and DeprecationWarnings.
- Update to 3.5.4
  - New features:
  * Build Python 3.7 wheels on Linux, Windows and Mac.
  - Resolved issues:
  * More meaningful exceptions in case of mismatch in IV length
    (CBC/OFB/CFB modes).

==== python-pyparsing ====
Subpackages: python2-pyparsing python3-pyparsing

- Clean up SPEC file.

==== rubygem-autoprefixer-rails ====
Version update (9.1.3 -> 9.1.4)

- updated to version 9.1.4
  see installed CHANGELOG.md
  [#]# 9.1.4
  * Fix `ExecJS` runtime test (by Patrice Chalin).

==== rubygem-rubyzip ====
Version update (1.2.1 -> 1.2.2)

- updated to version 1.2.2
  no changelog found

==== rubygem-yard ====
Version update (0.9.14 -> 0.9.16)

- updated to version 0.9.16
  see installed CHANGELOG.md
  [#] master
  [#] [0.9.16] - August 11th, 2018
  [0.9.16]: https://github.com/lsegal/yard/compare/v0.9.15...v0.9.16
  - Documentation fixes (#1175, #1178).
  - Fixed stack overflow issue when parsing extremely large lists (#1176).
  [#] [0.9.15] - July 17th, 2018
  [0.9.15]: https://github.com/lsegal/yard/compare/v0.9.14...v0.9.15
  - Fixed security issue in parsing of Ruby code that could allow for arbitrary
    execution. Credit to Nelson Elhage <nelhage@nelhage.com> for discovering this
    issue.
- updated to version 0.9.14
  see installed CHANGELOG.md

==== webkit2gtk3 ====
Version update (2.20.5 -> 2.22.0)
Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 libwebkit2gtk3-lang typelib-1_0-JavaScriptCore-4_0 typelib-1_0-WebKit2-4_0 webkit2gtk-4_0-injected-bundles

- Update to version 2.22.0:
  + New JavaScriptCore GLib API.
  + Switched to use complex text code path unconditionally.
  + Added playbin3 support to GStreamer media backend.
  + Support for WebDriver advance user insteraction commands.
  + Default option menu implementation now uses a GtkTreeView.
- Update to version 2.21.92:
  + Add new API to inject/register user content in isolated worlds.
  + Add more API to JSCException to handle column number, convert
    exception to string, get the exception backtrace, create
    exceptions with a custom error name and report exception
    message with full details.
  + Fix excessive CPU usage when getting the process memory
    footprint.
  + Fix several crashes and rendering issues.
  + Updated translations.
- Update to version 2.21.91:
  + Add enable-media-capabilities setting.
  + Stop pushing buffers when seeking status changes in media
    player.
  + Fix rendering of theme styled buttons.
  + Fix several crashes and rendering issues.
  + Updated translations.
- Add explict pkgconfig(gstreamer-app-1.0),
  pkgconfig(gstreamer-audio-1.0),
  pkgconfig(gstreamer-codecparsers-1.0),
  pkgconfig(gstreamer-fft-1.0), pkgconfig(gstreamer-mpegts-1.0),
  pkgconfig(gstreamer-pbutils-1.0), pkgconfig(gstreamer-tag-1.0)
  and pkgconfig(gstreamer-video-1.0) BuildRequires: align with what
  configure checks for.
- Disable webkit2gtk3-python3.patch via bcond_with: Patch currently
  breaks the build.

==== yast2-services-manager ====
Version update (4.1.5 -> 4.1.7)

- Bring back the ServicesManagerTargetClass#modified= method
  (bsc#1107240).
- 4.1.7
- Add help for buttons in the dialog (related to bsc#1089999 and
  fate#319428).
- 4.1.6

==== yast2-support ====
Version update (4.0.0 -> 4.0.1)

- In ncurses the "Next" button to submit the gathered information
  was not visible (bsc#1093358)
- Made the Contact Information screen fit in a 80x24 terminal
- 4.0.1

==== zsh ====
Version update (5.5.1 -> 5.6)

- Update to version 5.6
  * Fixes CVE-2018-0502 (bsc#1107296) and
    CVE-2018-13259 (bsc#1107294)
  * Switch to -fstack-protector-strong
  * See included NEWS file for complete changes.
- No longer manually install help files, make install handles it.
- Workaround a regression upstream with help file generation by
  removing Doc/help.txt before build.