Packages changed:
  MozillaFirefox (62.0.3 -> 63.0.3)
  adwaita-icon-theme (3.30.0 -> 3.30.1)
  autogen (5.18.14 -> 5.18.16)
  edict (20180305 -> 20181125)
  elilo
  git (2.19.1 -> 2.19.2)
  grub2
  kde-l10n
  libpipeline (1.4.1 -> 1.5.0)
  libpt2
  lirc
  mariadb (10.2.18 -> 10.2.19)
  metis
  mokutil
  nut
  open-iscsi
  openldap2
  openssh (7.8p1 -> 7.9p1)
  plymouth (0.9.4+git20181111.118c5ca -> 0.9.4+git20181122.aaa140b)
  postfix (3.3.1 -> 3.3.2)
  python-requests (2.20.0 -> 2.20.1)
  rubygem-parallel_tests (2.22.1 -> 2.27.0)
  rubygem-yast-rake (0.2.28 -> 0.2.29)
  tmux
  valgrind (3.13.0 -> 3.14.0)
  virt-manager
  wayland
  yast2-apparmor (4.1.0 -> 4.1.1)
  yast2-network (4.1.17 -> 4.1.18)
  yast2-nfs-server (4.0.1 -> 4.0.2)

=== Details ===

==== MozillaFirefox ====
Version update (62.0.3 -> 63.0.3)
Subpackages: MozillaFirefox-translations-common

- Clean-up %arm build
- update to Firefox 63.0.3
  * Games using WebGL (created in Unity) get stuck after very short
    time of gameplay (bmo#1502748)
  * Slow page loading for some users with specific proxy configurations
    (bmo#1495024)
  * Disable HTTP response throttling by default for causing bugs with
    videos in background tabs (bmo#1503354)
  * Opening magnet links no longer works (bmo#1498934)
  * Crash fixes (bmo#1498510, bmo#1503424)
- removed mozilla-newer-cbindgen.patch; no longer needed
- update to Firefox 63.0.1
  * Snippets are not loaded due to missing element (bmo#1503047)
  * Print preview always shows 30& scale when it is actually
    Shrink To Fit (bmo#1501952)
  * Dialog displayed when closing multiple windows shows unreplaced
    %1$S placeholder in Japanese and potentially other locales
    (bmo#1500823)
- update to Firefox 63.0
  * WebExtensions now run in their own process on Linux
  * The Ctrl+Tab shortcut now displays thumbnail previews of your
    tabs and cycles through tabs in recently used order. This new
    default behavior is activated only in new profiles and can be
    changed in preferences.
  * Added support for Web Components custom elements and shadow DOM
  MFSA 2018-26 (bsc#1112852)
  * CVE-2018-12391 (bmo#1478843) (Android-only)
    HTTP Live Stream audio data is accessible cross-origin
  * CVE-2018-12392 (bmo#1492823)
    Crash with nested event loops
  * CVE-2018-12393 (bmo#1495011) (only affects non-64-bit archs)
    Integer overflow during Unicode conversion while loading JavaScript
  * CVE-2018-12395 (bmo#1467523)
    WebExtension bypass of domain restrictions through header rewriting
  * CVE-2018-12396 (bmo#1483602)
    WebExtension content scripts can execute in disallowed contexts
  * CVE-2018-12397 (bmo#1487478)
    Missing warning prompt when WebExtension requests local file access
  * CVE-2018-12398 (bmo#1460538, bmo#1488061)
    CSP bypass through stylesheet injection in resource URIs
  * CVE-2018-12399 (bmo#1490276)
    Spoofing of protocol registration notification bar
  * CVE-2018-12400 (bmo#1448305) (Android only)
    Favicons are cached in private browsing mode on Firefox for Android
  * CVE-2018-12401 (bmo#1422456)
    DOS attack through special resource URI parsing
  * CVE-2018-12402 (bmo#1469916)
    SameSite cookies leak when pages are explicitly saved
  * CVE-2018-12403 (bmo#1484753)
    Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP
  * CVE-2018-12388 (bmo#1472639, bmo#1485698, bmo#1301547, bmo#1471427,
    bmo#1379411, bmo#1482122, bmo#1486314, bmo#1487167)
    Memory safety bugs fixed in Firefox 63
  * CVE-2018-12390 (bmo#1487098, bmo#1487660, bmo#1490234, bmo#1496159,
    bmo#1443748, bmo#1496340, bmo#1483905, bmo#1493347, bmo#1488803,
    bmo#1498701, bmo#1498482, bmo#1442010, bmo#1495245, bmo#1483699,
    bmo#1469486, bmo#1484905, bmo#1490561, bmo#1492524, bmo#1481844)
    Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
- requires NSPR 4.20, NSS 3.39 and Rust 1.28
- latest rust does not provide rust-std so stop requiring it
- requires rust-cbindgen >= 0.6.2 to build
- requires nodejs >= 8.11 to build
- added mozilla-bmo1491289.patch to fix system NSS build (bmo#1491289)
- added mozilla-cubeb-noreturn.patch to fix non-return function
- added mozilla-newer-cbindgen.patch to fix build with cbindgen 0.6.7
- disable elfhack for TW and newer due to build errors
- removed obsolete patches
  * mozilla-no-return.patch
  * mozilla-no-stdcxx-check.patch
- Update _constraints for armv6/7
- Add patch to fix build on armv7:
  * mozilla-bmo1463035.patch

==== adwaita-icon-theme ====
Version update (3.30.0 -> 3.30.1)

- Update to version 3.30.1:
  + Fix nasty misrendering of inode-directory-symbolic.

==== autogen ====
Version update (5.18.14 -> 5.18.16)
Subpackages: libopts25

- Remove invalid signature file and keyring
- BuildRequire guile-devel to make transistion to Guile 2.2 smooth
- Update to version 5.8.16
  - Enable compiling with Guile 2.2
- autogen-guile-2.2.patch: removed
- installable-programs.patch: don't make programs uninstallable
- Rediff remaining patches

==== edict ====
Version update (20180305 -> 20181125)

- Update to snapshot 20181125
  * No changelog recorded.
- Split package into: edict, edict2, jmdict. This way, one need not
  install the rather large XML variant (jmdict) if not needed.
- Added JIS X 0213-2012 Kanji dictionary ("kanjd213").
- Remove the computer terminology dictionary "compdic", as it is
  already included in the word dictionary.

==== elilo ====

- elilo.efi
  * Try to properly allocate high_base_mem.  (bsc#1000769)
    (elilo-high_base_mem.diff)
- elilo.spec
  * Work around glitches introduced by gnu-efi.
  * Add '-mno-red-zone' to work around Microsoft/SystemV AMD64 ABI
    discrepancies.  (bsc#953502)
- elilo.pl
  * Support 'ucode=' for XEN.  (bsc#1102567)
  * SecureBoot: Support detached configuration template.
  * Add support for 'UUID='/'LABEL=' to specify EFI system partition
    and fix bug introduced by NVMe device handling.  (bsc#917195)
  * Handle NVMe device names.  (fate#317591)
  * Don't abort, when "skip" is announced.  (bsc#917130)
- elilo.efi
  * Remove special handling for '?' in textmenu-mode.  (bsc#928546)
    (elilo-textmenu-disable-print-devices.diff)

==== git ====
Version update (2.19.1 -> 2.19.2)
Subpackages: git-core git-cvs git-daemon git-email git-gui git-svn git-web gitk

- git 2.19.2:
  * various bug fixes for multiple subcommands and operations

==== grub2 ====
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen

- Change default tsc calibration method to pmtimer on EFI (bsc#1114754)
  * 0001-tsc-Change-default-tsc-calibration-method-to-pmtimer.patch
- ieee1275: Fix double free in CAS reboot (bsc#1111955)
  * grub2-ppc64-cas-fix-double-free.patch

==== kde-l10n ====
Subpackages: kde-l10n-cs kde-l10n-da kde-l10n-da-data kde-l10n-da-doc kde-l10n-de kde-l10n-de-data kde-l10n-de-doc kde-l10n-el kde-l10n-en_GB kde-l10n-en_GB-data kde-l10n-en_GB-doc kde-l10n-es kde-l10n-es-data kde-l10n-es-doc kde-l10n-fr kde-l10n-fr-data kde-l10n-hu kde-l10n-it kde-l10n-it-data kde-l10n-it-doc kde-l10n-ja kde-l10n-pl kde-l10n-pl-data kde-l10n-pt kde-l10n-pt_BR kde-l10n-pt_BR-data kde-l10n-ru kde-l10n-ru-data kde-l10n-zh_CN kde-l10n-zh_TW

- Fix "Summary: summary"

==== libpipeline ====
Version update (1.4.1 -> 1.5.0)

- Update to version 1.5.0
  * Add `pipecmd_pre_exec' to install a pre-exec handler for a single command.
  * Fix EOF detection in get_line.

==== libpt2 ====

- Add reproducible.patch to not store build system kernel
  version (boo#1101107)

==== lirc ====

- Add reproducible.patch to drop build date, kernel version,
  sort python glob to make build reproducible (boo#1047218, boo#1101107)

==== mariadb ====
Version update (10.2.18 -> 10.2.19)
Subpackages: libmysqld19 mariadb-client mariadb-errormessages

- update to 10.2.19 GA [bsc#1116686]
  * notable changes:
  * innodb_safe_truncate system variable for a backup-safe
    TRUNCATE TABLE implementation that is based on RENAME,
    CREATE, DROP (MDEV-14717, MDEV-14585, MDEV-13564). Default
    value for this variable is ON. If you absolutely must use
    XtraBackup instead of Mariabackup, you can set it to OFF and
    restart the server
  * MDEV-17289: Multi-pass recovery fails to apply some redo
    log records
  * MDEV-17073: INSERT?ON DUPLICATE KEY UPDATE became more
    deadlock-prone
  * MDEV-17491: micro optimize page_id_t
  * MDEV-13671: InnoDB should use case-insensitive column name
    comparisons like the rest of the server
  * Fixes for indexed virtual columns: MDEV-17215, MDEV-16980
  * MDEV-17433: Allow InnoDB start up with empty ib_logfile0
    from mariabackup --prepare
  * MDEV-12547: InnoDB FULLTEXT index has too strict
    innodb_ft_result_cache_limit max limit
  * MDEV-17541: KILL QUERY during lock wait in FOREIGN KEY
    check causes hang
  * MDEV-17531: Crash in RENAME TABLE with FOREIGN KEY and
    FULLTEXT INDEX
  * MDEV-17532: Performance_schema reports wrong directory for
    the temporary files of ALTER TABLE?ALGORITHM=INPLACE
  * MDEV-17545: Predicate lock for SPATIAL INDEX should lock
    non-matching record
  * MDEV-17546: SPATIAL INDEX should not be allowed for
    FOREIGN KEY
  * MDEV-17548: Incorrect access to off-page column for
    indexed virtual column
  * MDEV-12023: Assertion failure sym_node->table != NULL
    on startup
  * MDEV-17230: encryption_key_id from alter is ignored by
    encryption threads
  * fixes for the following security vulnerabilities:
    CVE-2018-3282 [bsc#1112432], CVE-2016-9843 [bsc#1013882],
    CVE-2018-3174 [bsc#1112368], CVE-2018-3143 [bsc#1112421],
    CVE-2018-3156 [bsc#1112417], CVE-2018-3251 [bsc#1112397],
    CVE-2018-3185 [bsc#1112384], CVE-2018-3277 [bsc#1112391],
    CVE-2018-3162 [bsc#1112415], CVE-2018-3173 [bsc#1112386],
    CVE-2018-3200 [bsc#1112404], CVE-2018-3284 [bsc#1112377]
  * release notes and changelog:
    https://mariadb.com/kb/en/library/mariadb-10219-release-notes
    https://mariadb.com/kb/en/library/mariadb-10219-changelog
- do not pack libmariadb.pc (packed in mariadb-connector-c)
- add "Requires: libmariadb_plugins" to the mariadb-test subpackage
  in order to be able to test client plugins successfuly
  [bsc#1111859]
- don't remove debug_key_management.so anymore [bsc#1111858]

==== metis ====

- Edit description to put time-sensitive wording into context.
- General spec file clean up.
- Touch-up to the HPC build.
- Implemented suse-hpc packaging
- Added metis-makefile-c-directives.patch
  - Provides cflags option to help provide metis native build process

==== mokutil ====

- Enable AArch64 build (fate#326541)

==== nut ====
Subpackages: libupsclient1 nut-cgi

- Give up on packaging the tex docu as it fails to build with
  latest texlive
- Add missing tex dependencies so we can generate the pdf with
  newer releases of texlive
- Drop patch docs-destination-dir.patch which is quite pointless
- Remove invalid option 'destination-dir' when generating PDF
  files (docs-destination-dir.patch)

==== open-iscsi ====
Subpackages: iscsiuio libopeniscsiusr0_2_0

- Updated to latest upstream, with fixes:
  * Use pkg-config in Makefiles for newer libraries.
  * Merge pull request #145 from gonzoleeman/fix-i586-build-warnings
  * Fix i586 build issues with string length overflow.
  * iscsistart is not installed
  * iscsiuio: Do not flush tx queue on each uio interrupt.
  updating:
  * open-iscsi-SUSE-latest.diff.bz2
  Also, update the SPEC file: no more need to specify libkmod
  or libsystemd, since upstream handles that now.

==== openldap2 ====
Subpackages: libldap-2_4-2 libldap-2_4-2-32bit libldap-data openldap2-client openldap2-devel

- Replace old $RPM_* shell vars
- Fix CVE-2017-17740: when both the nops module and the memberof
  overlay are enabled, attempts to free a buffer that was allocated
  on the stack
  * patch: 0017-Fix-segfault-in-nops.patch
  (bsc#1073313)

==== openssh ====
Version update (7.8p1 -> 7.9p1)
Subpackages: openssh-helpers

- Fix build with openssl < 1.1.0
  * add openssh-openssl-1_0_0-compatibility.patch
- openssh-7.7p1-audit.patch: fix sshd fatal error in
  mm_answer_keyverify: buffer error: incomplete message [bnc#1114008]
- Version update to 7.9p1
  * ssh(1), sshd(8): the setting of the new CASignatureAlgorithms
    option (see below) bans the use of DSA keys as certificate
    authorities.
  * sshd(8): the authentication success/failure log message has
    changed format slightly. It now includes the certificate
    fingerprint (previously it included only key ID and CA key
    fingerprint).
  * ssh(1), sshd(8): allow most port numbers to be specified using
    service names from getservbyname(3) (typically /etc/services).
  * sshd(8): support signalling sessions via the SSH protocol.
    A limited subset of signals is supported and only for login or
    command sessions (i.e. not subsystems) that were not subject to
    a forced command via authorized_keys or sshd_config. bz#1424
  * ssh(1): support "ssh -Q sig" to list supported signature options.
    Also "ssh -Q help" to show the full set of supported queries.
  * ssh(1), sshd(8): add a CASignatureAlgorithms option for the
    client and server configs to allow control over which signature
    formats are allowed for CAs to sign certificates. For example,
    this allows banning CAs that sign certificates using the RSA-SHA1
    signature algorithm.
  * sshd(8), ssh-keygen(1): allow key revocation lists (KRLs) to
    revoke keys specified by SHA256 hash.
  * ssh-keygen(1): allow creation of key revocation lists directly
    from base64-encoded SHA256 fingerprints. This supports revoking
    keys using only the information contained in sshd(8)
    authentication log messages.
- Removed obsolete configuration option --with-tcp-wrappers, and
  - -with-opensc for s390 and s390x.
- Removed patch merged upstream
  * openssh-7.7p1-openssl_1.1.0.patch
- Refreshed patches
  * openssh-7.7p1-audit.patch
  * openssh-7.7p1-disable_short_DH_parameters.patch
  * openssh-7.7p1-fips.patch
  * openssh-7.7p1-gssapi_key_exchange.patch
  * openssh-7.7p1-seccomp_ipc_flock.patch
  * openssh-7.7p1-cavstest-ctr.patch
  * openssh-7.7p1-ldap.patch
- Mention upstream bugs on multiple local patches
- Adjust service to not spam restart and reload only on fails
- Update openssh-7.7p1-sftp_force_permissions.patch from the
  upstream bug, and mention the bug in the spec
- Drop patch openssh-7.7p1-allow_root_password_login.patch
  * There is no reason to set less secure default value, if
    users need the behaviour they can still set it up themselves
- Drop patch openssh-7.7p1-blocksigalrm.patch
  * We had a bug way in past about this but it was never reproduced
    or even confirmed in the ticket, thus rather drop the patch

==== plymouth ====
Version update (0.9.4+git20181111.118c5ca -> 0.9.4+git20181122.aaa140b)
Subpackages: libply-boot-client4 libply-splash-core4 libply-splash-graphics4 libply4 plymouth-dracut plymouth-plugin-label plymouth-plugin-label-ft plymouth-plugin-script plymouth-plugin-two-step plymouth-scripts

- Update to version 0.9.4+git20181122.aaa140b:
  Add a separator between different boot logs
  Fix race causing undesired creation of non-gfx devs
  Fix animation not starting on later added heads

==== postfix ====
Version update (3.3.1 -> 3.3.2)
Subpackages: postfix-doc

- Update to 3.3.2
  * Support for OpenSSL 1.1.1 and TLSv1.3.
  * Bugfixes:
  - smtpd_discard_ehlo_keywords could not disable "SMTPUTF8", because
    some lookup table was using "EHLO_MASK_SMTPUTF8" instead.
  - minor memory leak in DANE support when minting issuer certs.
  - The Postfix build did not abort if the m4 command was not installed,
    resulting in a broken postconf command.
- add POSTFIX_RELAY_DOMAINS
  * more flexibility to add to relay_domains without breaking
    config.postfix
  * rework restriction examples in sysconf.postfix
    based on postfix-buch.com (2. edtion by Hildebrandt, Koetter)
- disable weak cipher: RC4
  after check with https://ssl-tools.net/mailservers

==== python-requests ====
Version update (2.20.0 -> 2.20.1)
Subpackages: python2-requests python3-requests

- update to version 2.20.1:
  * Bugfixes
    + Fixed bug with unintended Authorization header stripping for
    redirects using default ports (http/80, https/443).

==== rubygem-parallel_tests ====
Version update (2.22.1 -> 2.27.0)

- updated to version 2.27.0
  no changelog found

==== rubygem-yast-rake ====
Version update (0.2.28 -> 0.2.29)

- Fix base dir for icons (boo#1109378)
- 0.2.29

==== tmux ====

- add fix-cve201819387.patch  fixes CVE-2018-19387 boo#1116887

==== valgrind ====
Version update (3.13.0 -> 3.14.0)

- update valgrind.xen.patch to branch bug390553-20181125-ddfc274b2
- build against Toolchain module for SLE12
- add 0001-Bug-397187-s390x-Add-vector-register-support-for-vgd.patch
  0001-Bug-400490-s390x-Fix-register-allocation-for-VRs-vs-.patch,
  0001-Bug-400491-s390x-Sign-extend-immediate-operand-of-LO.patch,
  0001-s390x-more-fixes.patch,
  Implement-emulated-system-registers.-Fixes-392146.patch (FATE#326355)
- enable check (poo#36751)
- update to 3.14.0 (bsc#1114575, FATE#326355):
  see http://www.valgrind.org/docs/manual/dist.news.html
  * The new option --keep-debuginfo=no|yes (default no) can be used to retain
    debug info for unloaded code.  This allows saved stack traces (e.g. for
    memory leaks) to include file/line info for code that has been dlclose'd (or
    similar).  See the user manual for more information and known limitations.
  * Ability to specify suppressions based on source file name and line number.
  * Majorly overhauled register allocator.  No end-user changes, but the JIT
    generates code a bit more quickly now.
  * Preliminary support for macOS 10.13 has been added.
  * mips: support for MIPS32/MIPS64 Revision 6 has been added.
  * mips: support for MIPS SIMD architecture (MSA) has been added.
  * mips: support for MIPS N32 ABI has been added.
  * s390: partial support for vector instructions (integer and string) has been
    added.
  * Helgrind: Addition of a flag
  - -delta-stacktrace=no|yes [yes on linux amd64/x86]
    which specifies how full history stack traces should be computed.
    Setting this to =yes can speed up Helgrind by 25% when using
  - -history-level=full.
  * Memcheck: reduced false positive rate for optimised code created by Clang 6
    / LLVM 6 on x86, amd64 and arm64.  In particular, Memcheck analyses code
    blocks more carefully to determine where it can avoid expensive definedness
    checks without loss of precision.  This is controlled by the flag
  - -expensive-definedness-checks=no|auto|yes [auto].
  * Valgrind is now buildable with link-time optimisation (LTO).  A new
    configure option --enable-lto=yes allows building Valgrind with LTO.  If the
    toolchain supports it, this produces a smaller/faster Valgrind (up to 10%).
    Note that if you are doing Valgrind development, --enable-lto=yes massively
    slows down the build process.
- remove epoll-wait-fix.patch,
  Fix-access-to-time-base-register-to-return-64-bits.patch,
  0001-Accept-read-only-PT_LOAD-segments-and-.rodata.patch (upstream),

==== virt-manager ====
Subpackages: virt-install virt-manager-common

- bsc#1116990 - [virt-install] internal error: libxenlight failed
  to create new domain 'sles-11-sp4-64-pv-def-net'. Fix reversed
  logic when testing for i386.
  virtinst-use-xenpae-kernel-for-32bit.patch

==== wayland ====
Subpackages: libwayland-client0 libwayland-cursor0 libwayland-egl1 libwayland-server0

- Downgrades do not work in SLES service packs, because the SP0
  repo remains enabled for SP1. (This is unlike Leap, where a 15.1
  system will have no 15.0 directories.) As such, to force the
  upgrade from Mesa:libwayland-egl1 to wayland:libwayland-egl1,
  the number in wayland is bumped to >18 for those distros.

==== yast2-apparmor ====
Version update (4.1.0 -> 4.1.1)

- Provide icon with module (boo#1109310)
- Added license file to spec.

==== yast2-network ====
Version update (4.1.17 -> 4.1.18)

- bnc#709176
  - keep original hostnames untouched in /etc/hosts when only IP
    changed
- 4.1.18
- bnc#1107470
  - this bug is fixed since 4.0.14 (3.2.47)

==== yast2-nfs-server ====
Version update (4.0.1 -> 4.0.2)
Subpackages: yast2-nfs-common

- Use the real name for nfs-server service instead an alias
  (bsc#1116779).
- 4.0.2
- Added license file to spec.
- Switched license in spec file from SPDX2 to SPDX3 format.