Packages changed:
  harfbuzz (2.3.1 -> 2.5.3)
  kdevelop5
  libpng12 (1.2.57 -> 1.2.59)
  spec-cleaner (1.1.3 -> 1.1.4)
  squid (4.7 -> 4.8)
  tracker
  udisks2
  virt-manager (2.1.0 -> 2.2.1)
  xclock (1.0.8 -> 1.0.9)

=== Details ===

==== harfbuzz ====
Version update (2.3.1 -> 2.5.3)
Subpackages: libharfbuzz-icu0 libharfbuzz0 libharfbuzz0-32bit

- Update to version 2.5.3:
  + Fix UCD script data for Unicode 10+ scripts. This was broken
    since 2.5.0.
  + More optimizations for HB_TINY.
- Changes from version 2.5.2:
  + More hb-config.hh facilities to shrink library size, namely
    when built as HB_TINY.
  + New documentation of custom configurations in CONFIG.md.
  + Fix build on gcc 4.8. That's supported again.
  + Universal Shaping Engine improvements.
  + API Changes: Undeprecate some horizontal-kerning API and
    re-enable in hb-ft, such that Type1 fonts will continue
    kerning.
- Changes from version 2.5.1:
  + Fix build with various versions of Visual Studio.
  + Improved documentation.
  + Bugfix in subsetting glyf table.
  + Improved scripts for cross-compiling for Windows using mingw.
  + Rename HB_MATH_GLYPH_PART_FLAG_EXTENDER to
    HB_OT_MATH_GLYPH_PART_FLAG_EXTENDER. A deprecated macro is
    added for backwards-compatibility.
- Changes from version 2.5.0:
  + This release does not include much functional changes, but
    includes major internal code-base changes. We now require
    C++11. Support for gcc 4.8 and earlier has been dropped.
  + New hb-config.hh facility for compiling smaller library for
    embedded and web usecases.
  + New Unicode Character Databse implementation that is half the
    size of previously-used UCDN.
  + Subsetter improvements.
  + Improved documentation.
  + isc shaping fixes.
- Changes from version 2.4.0:
  + Unicode 12.
  + Misc fixes.
  + Subsetter improvements.
  + New API: HB_BUFFER_FLAG_DO_NOT_INSERT_DOTTED_CIRCLE and
    hb_directwrite_face_create().

==== kdevelop5 ====
Subpackages: kdevelop5-lang kdevplatform kdevplatform-lang libkdevplatform53

- Add fix-crash-on-undocking-toolviews.patch to fix crash when
  undocking toolviews with Qt 5.13 (kde#409790)

==== libpng12 ====
Version update (1.2.57 -> 1.2.59)

- version update to 1.2.59
  Added png_check_chunk_length() function, and check all chunks except
    IDAT against the default 8MB limit; check IDAT against the maximum
    size computed from IHDR parameters (Fixes CVE-2017-12652).
  Initialize memory allocated by png_inflate to zero, using memset, to
    stop an oss-fuzz "use of uninitialized value" detection in png_set_text_2()
    due to truncated iTXt or zTXt chunk.

==== spec-cleaner ====
Version update (1.1.3 -> 1.1.4)

- Update to 1.1.4 bsc#1099674:
  * Exclude stuff from openstack macros
  * Replace 'http' with 'https' in URL
  * Replace legacy packageand() with 'and' expression
  * Replace pwdutils with shadow in Requires
  * Add openstack_cleanup_prep to bracketing excludes
  * Do not curlify yast_metainfo and yast_check
  * Fixup the eating of Source lines with whitespace
  * Document '#nospeccleaner' tag
  * Add docstrings to the functions and classes.
  * Use type hints for the most important functions
  * Update README and licences
  * Various small fixes
- add a temporary patch spec-cleaner-1.1.4_test_https.patch
  that fixes a test that fails if there is no internet connection

==== squid ====
Version update (4.7 -> 4.8)

- Update to squid 4.8:
  + Ignore ECONNABORTED in accept(2)
  + RFC 7230 forbids generation of userinfo subcomponent of https URL
  + cachemgr.cgi: unallocated memory access resulting in a potential
    denial of service. (bsc#1141442, CVE-2019-12854)
  + terminating c-strings beyond BASE64_DECODE_LENGTH
  + Replace uudecode with libnettle base64 decoder fixing a denial
    of service vulnerability (bsc#1141329, CVE-2019-12529)
  + fix to_localhost does not include ::
  + Fix GCC-9 build issues
  + Fix Digest auth parameter parsing preventing a potential
    denial of service (bsc#1141332, CVE-2019-12525)
  + Update HttpHeader::getAuth to SBuf which prevents a potential
    heap overflowing allowing a possible remote code execution
    attack when processing HTTP Authentication credentials
    (bsc#1141330, CVE-2019-12527)
  + Add the NO_TLSv1_3 option to available tls-options values
  + Fix handling of tiny invalid responses
  + Fix Memory leak when http_reply_access uses external_acl
  + Fix Multiple XSS issues in cachemgr.cgi
    (bsc#1140738, CVE-2019-13345)
- use unbundled version of libnettle
- disable LTO as a workaround to tests failing

==== tracker ====
Subpackages: libtracker-common-2_0 libtracker-control-2_0-0 libtracker-miner-2_0-0 libtracker-sparql-2_0-0 tracker-lang typelib-1_0-Tracker-2_0 typelib-1_0-TrackerControl-2_0

- Add fix-tracker-miner-fs-lto-crash.patch and enable
  again LTO (boo#1141201).

==== udisks2 ====
Subpackages: libudisks2-0 libudisks2-0_btrfs udisks2-lang

- don't call systemd uninstall macro for clean-mount-point@.service
  template (boo#1139996)

==== virt-manager ====
Version update (2.1.0 -> 2.2.1)
Subpackages: virt-install virt-manager-common

- Upstream bug fix (bsc#1027942)
  3c6e8537-guest-fix-warning-message-when-machine-type-is-changed-for-secure-boot.patch
- Update to virt-manager 2.2.1 (fate#326786)
  virt-manager-2.2.1.tar.bz2
  * CVE-2019-10183: Replace ?unattended user-password and admin-password with user-password-file and admin-password-file (Fabiano FidĂȘncio)
  * Consistent ?memballoon default across non-x86 (Andrea Bolognani)
  * virt-install: add ?numatune memnode.* (Athina Plaskasoviti)
  * Drop hard dep on gtksourceview4, gtksourceview3 is fine as well
- Drop patches no longer needed
  033e9702-xmleditor-Handle-gtksourceview3-as-well-as-gtksourceview4.patch
  51d28f04-unattended-Dont-log-user-admin-passwords.patch
  5312a961-virt-install-Revive-wait-0-as-alias-for-noautoconsole.patch
  58c68764-unattended-Read-the-passwords-from-a-file.patch
- bsc#1140211 - VUL-1: CVE-2019-10183: virt-manager: unattended
  option leaks password via command line argument
  58c68764-unattended-Read-the-passwords-from-a-file.patch
  51d28f04-unattended-Dont-log-user-admin-passwords.patch
- Upstream bug fix (bsc#1027942)
  5312a961-virt-install-Revive-wait-0-as-alias-for-noautoconsole.patch
- Update to virt-manager 2.2.0 (fate#326786)
  virt-manager-2.2.0.tar.bz2
  * libvirt XML viewing and editing UI for new and existing domain, pools, volumes, networks
  * virt-install: libosinfo ?unattended support (Fabiano FidĂȘncio, Cole Robinson)
  * Improve CPU model security defaults (Pavel Hrdina)
  * virt-install: new ?install option. Ex: virt-install ?install fedora29
  * virt-install: new ?install kernel=,initrd=
  * virt-install: ?disk, ?memory, ?name defaults from libosinfo (Fabiano FidĂȘncio, Cole Robinson)
  * virt-install: add device suboption aliases which consistently match libvirt XML naming
  * virt-xml: new ?start, ?no-define options (Marc Hartmayer)
  * virt-install: Add driver_queues argument to ?controller (Vasudeva Kamath)
  * RISC-V support (Andrea Bolognani)
  * Device default improvements for non-x86 KVM (Andrea Bolognani)
  * Redesigned ?New Network? wizard
  * libguestfs inspection improvements (Pino Toscano)
  * virt-install: Add support for xenbus controller (Jim Fehlig)
  * cli: Add ?disk wwn=,rawio= (Athina Plaskasoviti)
  * cli: Add ?memballoon autodeflate=,stats.period= (Athina Plaskasoviti)
  * cli: Add ?iothreads (Athina Plaskasoviti)
  * cli: Add ?numatune memory.placement (Athina Plaskasoviti)
  * cli: Add ?launchSecurity option (Erik Skultety)
  * cli: Fill in ?memorybacking options
  * cli: ?smartcard: support database= and certificate[0-9]*=
  * cli: ?sysinfo: Add chasis suboptions
  * cli: ?metadata: add genid= and genid_enable=
  * cli: ?vcpus: add vcpus.vcpu[0-9]* config
  * cli: fill in all common char source options for ?serial, ?parellel, ?console, ?channel, ?smartcard, ?rng, ?redirdev
  033e9702-xmleditor-Handle-gtksourceview3-as-well-as-gtksourceview4.patch
  virtman-dont-specify-gtksource-version.patch
- Drop patches no longer needed
  f7508d02-addhardware-Fix-setting-optimal-default-net-model.patch
  1018ab44-inspection-handle-failures-in-application-listing.patch
  ae8a4f3d-engine-Fix-first-run-startup-error.patch
  57db4185-virt-clone-fix-force-copy-of-empty-cdrom-or-floppy-disk.patch
  26a433fc-virtManager-clone-check-which-storage-pools-supports-volume-cloning.patch
  4f66c423-cloner-Handle-nonsparse-for-qcow2-images.patch
  a02fc0d0-virtManager-clone-build-default-clone-path-if-we-know-how.patch
  1856c1fa-support-Fix-minimum-version-check.patch
  001-adf30349-cli-refactor-get_prop.patch
  002-60c7e778-xmlapi-add-set_prop.patch
  003-5bad22e8-tests-Use-get-set_prop.patch
  004-ee5f3eab-support-Add-SUPPORT_CONN_DEVICE_BOOT_ORDER.patch
  005-7768eb17-cli-Add-check-if-device-boot-order-is-supported.patch
  006-ecc0861c-tests-xmlparse-refactor-method-for-generating-out-file-path.patch
  007-c9d070da-guest-Add-reorder_boot_order-method.patch
  008-1b535940-tests-Add-test-case-for-reorder_boot_order-method.patch
  009-b83a0a61-cli-Use-reorder_boot_order-for-setting-the-boot-order.patch
  010-c896d19d-tests-cli-Add-boot.order-tests.patch
  011-29f9f2ac-virt-xml-Add-no-define-argument.patch
  012-c2bff509-tests-cli-Add-test-case-for-no-define-argument.patch
  013-90b1a3ab-virt-xml-Add-support-for-starting-the-domain.patch
  014-908b8e8d-tests-virt-xml-Add-test-cases-for-start-option.patch
  5bc847eb-virt-install-Do-not-warn-about-consoles-on-s390x.patch
  74bbc3db-urldetect-Check-also-for-treeinfo.patch
  708af01c-osdict-Add-supports_virtioinput.patch
  f23b01be-guest-Add-VirtIO-input-devices-to-s390x-guests-with-graphics.patch
  7afbb90b-virt-xml-Handle-VM-names-that-look-like-id-uuid.patch
  8d9743d6-virt-install-Add-support-for-xenbus-controller.patch
  a0ca387a-cli-Fix-pool-default-when-path-belongs-to-another-pool.patch
  578451fe-urldetect-Dont-run-regex-against-None-SUSE-product-name.patch
  virtman-default-guest-from-host-os.patch
  virtman-prevent-double-click-starting-vm-twice.patch

==== xclock ====
Version update (1.0.8 -> 1.0.9)

- Update to version 1.0.9
  * Use _CONST_X_STRING to make libXt declare String as const char *
  * Clear -Wsign-compare warning from gcc 7.3
  * Consistently use X_GETTIMEOFDAY
  * Fix logic sourrouning && and ||
  * Use fabsf when dealing with floating point numbers