Packages changed:
  aaa_base (84.87+git20190109.b66cf03 -> 84.87+git20190404.8684de3)
  bash
  bash-completion
  btrfsprogs
  cri-o (1.13.3 -> 1.14.0)
  cri-tools (1.13.0 -> 1.14.0)
  e2fsprogs (1.44.5 -> 1.45.0)
  glibc
  gpgme (1.12.0 -> 1.13.0)
  iptables
  kernel-default-base (5.0.3 -> 5.0.6)
  kernel-source (5.0.5 -> 5.0.6)
  kubernetes (1.13.4 -> 1.14.0)
  libcontainers-common (20190219 -> 20190401)
  libsolv (0.7.3 -> 0.7.4)
  libyajl
  libzypp (17.11.3 -> 17.11.4)
  podman (1.1.2 -> 1.2.0)
  python-rpm-macros (20190315.d3034bf -> 20190402.c88be49)
  update-alternatives
  wicked (0.6.53 -> 0.6.54)
  xen (4.12.0_07 -> 4.12.0_08)

=== Details ===

==== aaa_base ====
Version update (84.87+git20190109.b66cf03 -> 84.87+git20190404.8684de3)

- Update to version 84.87+git20190404.8684de3:
  * Add two Scheme/LISP based shells to /etc/shells
  * /etc/profile does not work in AppArmor-confined containers (bsc#1096191)
- Update to version 84.87+git20190307.00d332a:
  * update logic for JRE_HOME env variable (bsc#1128246)

==== bash ====

- Add temporary fix from upstream for boo#1128936
- Add patch assignment-preceding-builtin.patch from upstream
  mailing list. Note that this break backward behaviour with
  bash-4.4 but implies that POSIX mode is more correct
- Replace the temporary patch with official bash50-003

==== bash-completion ====

- Removed bts completions (upcoming devscript package contains a
  more recent one).

==== btrfsprogs ====
Subpackages: btrfsprogs-udev-rules libbtrfs0

- Use correct path for dracut-fsck-help.txt in module-setup.sh (bsc#1122539)
  * Remove module-setup.sh
  * Add module-setup.sh.in

==== cri-o ====
Version update (1.13.3 -> 1.14.0)
Subpackages: cri-o-kubeadm-criconfig

- Introduce new runtime dependency conntrack-tools: the conntrack
  package is required to avoid failures in network connection cleanup.
- Update cri-o to v1.14.0
  * Fix possible out of bounds access during log parsing
- Update default configuration file: crio.network.plugin_dir is now
  a list instead of being a string

==== cri-tools ====
Version update (1.13.0 -> 1.14.0)

- Update cri-tools to v1.14.0:
  * CRI CLI (crictl)
  * Adds imagefsinfo subcommand for CRI ImageFSInfo() method.
  * Adds support to filter containers by image.
  * Fixes a bug when removing multiple containers.
  * Reduces the default connection timeout value.
  * Fixes the exit code for crictl exec.
  * Updated the instructions fro godep.
  * Adds support of -q for crictl info.
  * Adds support of zsh completion.
  * Upgrades kubernetes version to 1.14.
  * CRI validation testing (critest)
  * Adds a benchmark testcase for measuring the time of creating pod and a
    container.
  * Changes streaming tests to omit newlines on echo
  * Adds support of critest for Windows container runtime.
  * Updates test environment to xenial and fixes docker installation.
  * Updates Go version to 1.12.

==== e2fsprogs ====
Version update (1.44.5 -> 1.45.0)
Subpackages: libcom_err2 libext2fs2

- configure-Fix-autoheader-failure.patch: Fix autoheader failure
- Update to 1.45.0
  * Add support to force check at the next fsck run to tune2fs
  * Add e2scrub script to run e2fsck on LVM backed filesystem
  * Mke2fs will attempt to use ZERO_RANGE before PUNCH_HOLE so that we don't
  lose allocated blocks in preallocated files
  * Initial support for setting character set encoding
  * Add support for setting inode checksum to debugfs
  * Add support for specifying superblock location to e2image
  * Fix e4defrag to handle situation when files are created while it is running
  * Fix e2fsck to handle dirs > 2 GiB when largedir feature is enabled
  * Fix mke2fs huge file creation
  * Fix libext2fs to be more robust against invalid group descriptors
  * Fix mke2fs and debugfs to correctly copy files > 2 GiB
  * Fix memory leaks in debugfs, mke2fs, and e2freefrag

==== glibc ====
Subpackages: glibc-locale glibc-locale-base

- japanese-era-name-may-2019.patch: ja_JP locale: Add entry for the new
  Japanese era (BZ #22964)
- Replace glibc_post_upgrade with lua script

==== gpgme ====
Version update (1.12.0 -> 1.13.0)

- gpgme 1.13.0:
  * Support GPGME_AUDITLOG_DIAG for gpgsm
  * New context flag "trust-model".
  * Aligned the gpgrt-config code with our other libaries
  * Auto-check for all installed Python versions
  * Fixed generating card key in the C++ bindings
  * Fixed a segv due to bad parameters in genkey
  * Fixed crash if the plaintext is ignored in a CMS verify
  * Fixed test suite problems related to dtags
  * Fixed bunch of python bugs
  * Several fixes to the Common Lisp bindings
  * Fixed minor bugs in gpgme-json
  * Require trace level 8 to dump all I/O data
  * The compiler must now support variadic macros
- drop gpgme-key-expirity.patch, included upstream

==== iptables ====
Subpackages: libiptc0 libxtables12 xtables-plugins

- Add iptables-1.8.2-dont_read_garbage.patch that fixes a situation
  where 'iptables -L' reads garbage from the struct as the kernel
  never filled it in the bugged case. This can lead to issues like
  mapping a few TiB of memory [bsc#1106751].

==== kernel-default-base ====
Version update (5.0.3 -> 5.0.6)

- Add dw_mmc-bluefield driver (bsc#1118752)
- Add back bpfilter, got lost during split (boo#1106751)

==== kernel-source ====
Version update (5.0.5 -> 5.0.6)
Subpackages: kernel-debug kernel-default

- Linux 5.0.6 (bnc#1012628).
- mt76x02u: use usb_bulk_msg to upload firmware (bnc#1012628).
- bpf: do not restore dst_reg when cur_state is freed
  (bnc#1012628).
- KVM: x86: update %rip after emulating IO (bnc#1012628).
- KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts
  (bnc#1012628).
- KVM: Reject device ioctls from processes other than the VM's
  creator (bnc#1012628).
- x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y (bnc#1012628).
- cpu/hotplug: Prevent crash when CPU bringup fails on
  CONFIG_HOTPLUG_CPU=n (bnc#1012628).
- watchdog: Respect watchdog cpumask on CPU hotplug (bnc#1012628).
- powerpc/pseries/mce: Fix misleading print for TLB mutlihit
  (bnc#1012628).
- powerpc/64: Fix memcmp reading past the end of src/dest
  (bnc#1012628).
- powerpc/pseries/energy: Use OF accessor functions to read
  ibm,drc-indexes (bnc#1012628).
- objtool: Query pkg-config for libelf location (bnc#1012628).
- perf intel-pt: Fix TSC slip (bnc#1012628).
- perf pmu: Fix parser error for uncore event alias (bnc#1012628).
- mm/migrate.c: add missing flush_dcache_page for non-mapped
  page migrate (bnc#1012628).
- mm/page_isolation.c: fix a wrong flag in
  set_migratetype_isolate() (bnc#1012628).
- mm/memory_hotplug.c: fix notification in offline error path
  (bnc#1012628).
- mm/debug.c: fix __dump_page when mapping->host is not set
  (bnc#1012628).
- mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT
  is specified (bnc#1012628).
- iommu/io-pgtable-arm-v7s: request DMA32 memory, and improve
  debugging (bnc#1012628).
- mm: add support for kmem caches in DMA32 zone (bnc#1012628).
- mm/hotplug: fix offline undo_isolate_page_range() (bnc#1012628).
- usb: typec: Fix unchecked return value (bnc#1012628).
- usb: typec: tcpm: Try PD-2.0 if sink does not respond to 3.0
  source-caps (bnc#1012628).
- usb: cdc-acm: fix race during wakeup blocking TX traffic
  (bnc#1012628).
- xhci: Don't let USB3 ports stuck in polling state prevent
  suspend (bnc#1012628).
- usb: xhci: dbc: Don't free all memory with spinlock held
  (bnc#1012628).
- xhci: Fix port resume done detection for SS ports with LPM
  enabled (bnc#1012628).
- usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk
  (bnc#1012628).
- mm/memory.c: fix modifying of page protection by insert_pfn()
  (bnc#1012628).
- usb: common: Consider only available nodes for dr_mode
  (bnc#1012628).
- USB: gadget: f_hid: fix deadlock in f_hidg_write()
  (bnc#1012628).
- usb: mtu3: fix EXTCON dependency (bnc#1012628).
- phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs
  (bnc#1012628).
- gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input
  (bnc#1012628).
- gpio: exar: add a check for the return value of ida_simple_get
  fails (bnc#1012628).
- drm/i915/icl: Fix the TRANS_DDI_FUNC_CTL2 bitfield macro
  (bnc#1012628).
- drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check
  (bnc#1012628).
- drm/i915: Mark AML 0x87CA as ULX (bnc#1012628).
- drm/vkms: fix use-after-free when drm_gem_handle_create()
  fails (bnc#1012628).
- drm/vgem: fix use-after-free when drm_gem_handle_create()
  fails (bnc#1012628).
- cpufreq: scpi: Fix use after free (bnc#1012628).
- cpufreq: intel_pstate: Also use CPPC nominal_perf for
  base_frequency (bnc#1012628).
- blk-mq: fix sbitmap ws_active for shared tags (bnc#1012628).
- drivers/block/zram/zram_drv.c: fix idle/writeback string compare
  (bnc#1012628).
- fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
  (bnc#1012628).
- Disable kgdboc failed by echo space to
  /sys/module/kgdboc/parameters/kgdboc (bnc#1012628).
- ACPI / CPPC: Fix guaranteed performance handling (bnc#1012628).
- USB: serial: option: add Olicard 600 (bnc#1012628).
- USB: serial: option: add support for Quectel EM12 (bnc#1012628).
- USB: serial: option: set driver_info for SIM5218 and compatibles
  (bnc#1012628).
- USB: serial: mos7720: fix mos_parport refcount imbalance on
  error path (bnc#1012628).
- USB: serial: ftdi_sio: add additional NovaTech products
  (bnc#1012628).
- USB: serial: cp210x: add new device id (bnc#1012628).
- serial: sh-sci: Fix setting SCSCR_TIE while transferring data
  (bnc#1012628).
- serial: mvebu-uart: Fix to avoid a potential NULL pointer
  dereference (bnc#1012628).
- serial: max310x: Fix to avoid potential NULL pointer dereference
  (bnc#1012628).
- staging: erofs: keep corrupted fs from crashing kernel in
  erofs_readdir() (bnc#1012628).
- staging: erofs: fix error handling when failed to read
  compresssed data (bnc#1012628).
- staging: erofs: fix to handle error path of erofs_vmap()
  (bnc#1012628).
- staging: vt6655: Fix interrupt race condition on device start up
  (bnc#1012628).
- staging: vt6655: Remove vif check from vnt_interrupt
  (bnc#1012628).
- staging: speakup_soft: Fix alternate speech with other synths
  (bnc#1012628).
- staging: olpc_dcon_xo_1: add missing 'const' qualifier
  (bnc#1012628).
- staging: comedi: ni_mio_common: Fix divide-by-zero for DIO
  cmdtest (bnc#1012628).
- tty: serial: qcom_geni_serial: Initialize baud in
  qcom_geni_console_setup (bnc#1012628).
- tty: atmel_serial: fix a potential NULL pointer dereference
  (bnc#1012628).
- tty: mxs-auart: fix a potential NULL pointer dereference
  (bnc#1012628).
- tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped
  (bnc#1012628).
- tty/serial: atmel: Add is_half_duplex helper (bnc#1012628).
- drm/rockchip: vop: reset scale mode when win is disabled
  (bnc#1012628).
- scsi: zfcp: fix scsi_eh host reset with port_forced ERP for
  non-NPIV FCP devices (bnc#1012628).
- scsi: zfcp: fix rport unblock if deleted SCSI devices on
  Scsi_Host (bnc#1012628).
- scsi: sd: Quiesce warning if device does not report optimal
  I/O size (bnc#1012628).
- scsi: sd: Fix a race between closing an sd device and sd I/O
  (bnc#1012628).
- ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock
  (bnc#1012628).
- fs/open.c: allow opening only regular files during execve()
  (bnc#1012628).
- kbuild: modversions: Fix relative CRC byte order interpretation
  (bnc#1012628).
- ALSA: hda/realtek - Fix speakers on Acer Predator Helios 500
  Ryzen laptops (bnc#1012628).
- ALSA: hda/realtek: Enable headset MIC of ASUS X430UN and X512DK
  with ALC256 (bnc#1012628).
- ALSA: hda/realtek: Enable headset mic of ASUS P5440FF with
  ALC256 (bnc#1012628).
- ALSA: hda/realtek: Enable ASUS X441MB and X705FD headset MIC
  with ALC256 (bnc#1012628).
- ALSA: hda/realtek - Add support for Acer Aspire E5-523G/ES1-432
  headset mic (bnc#1012628).
- ALSA: hda/realtek: Enable headset MIC of Acer Aspire Z24-890
  with ALC286 (bnc#1012628).
- ALSA: hda/realtek: Enable headset MIC of Acer AIO with ALC286
  (bnc#1012628).
- ALSA: hda/realtek - Add support headset mode for New DELL WYSE
  NB (bnc#1012628).
- ALSA: hda/realtek - Add support headset mode for DELL WYSE AIO
  (bnc#1012628).
- ALSA: hda/realtek: merge alc_fixup_headset_jack to
  alc295_fixup_chromebook (bnc#1012628).
- ALSA: hda/realtek - Fixed Headset Mic JD not stable
  (bnc#1012628).
- ALSA: pcm: Don't suspend stream in unrecoverable PCM state
  (bnc#1012628).
- ALSA: pcm: Fix possible OOB access in PCM oss plugins
  (bnc#1012628).
- ALSA: seq: oss: Fix Spectre v1 vulnerability (bnc#1012628).
- ALSA: rawmidi: Fix potential Spectre v1 vulnerability
  (bnc#1012628).
- net: dsa: qca8k: remove leftover phy accessors (bnc#1012628).
- NFSv4.1 don't free interrupted slot on open (bnc#1012628).
- NFS: fix mount/umount race in nlmclnt (bnc#1012628).
- NFS: Fix nfs4_lock_state refcounting in
  nfs4_alloc_{lock,unlock}data() (bnc#1012628).
- vfio: ccw: only free cp on final interrupt (bnc#1012628).
- powerpc: bpf: Fix generation of load/store DW instructions
  (bnc#1012628).
- ARM: imx6q: cpuidle: fix bug that CPU might not wake up at
  expected time (bnc#1012628).
- tracing: initialize variable in create_dyn_event()
  (bnc#1012628).
- locks: wake any locks blocked on request before deadlock check
  (bnc#1012628).
- Btrfs: fix assertion failure on fsync with NO_HOLES enabled
  (bnc#1012628).
- btrfs: Avoid possible qgroup_rsv_size overflow in
  btrfs_calculate_inode_block_rsv_size (bnc#1012628).
- btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks
  (bnc#1012628).
- btrfs: raid56: properly unmap parity page in
  finish_parity_scrub() (bnc#1012628).
- btrfs: don't report readahead errors and don't update statistics
  (bnc#1012628).
- btrfs: remove WARN_ON in log_dir_items (bnc#1012628).
- Btrfs: fix incorrect file size after shrinking truncate and
  fsync (bnc#1012628).
- powerpc/fsl: Fix the flush of branch predictor (bnc#1012628).
- tun: add a missing rcu_read_unlock() in error path
  (bnc#1012628).
- ila: Fix rhashtable walker list corruption (bnc#1012628).
- r8169: fix cable re-plugging issue (bnc#1012628).
- net: phy: don't clear BMCR in genphy_soft_reset (bnc#1012628).
- net: mii: Fix PAUSE cap advertisement from
  linkmode_adv_to_lcl_adv_t() helper (bnc#1012628).
- net: dsa: mv88e6xxx: fix few issues in mv88e6390x_port_set_cmode
  (bnc#1012628).
- thunderx: eliminate extra calls to put_page() for pages held
  for recycling (bnc#1012628).
- thunderx: enable page recycling for non-XDP case (bnc#1012628).
- vxlan: Don't call gro_cells_destroy() before device is
  unregistered (bnc#1012628).
- vrf: prevent adding upper devices (bnc#1012628).
- tun: properly test for IFF_UP (bnc#1012628).
- tipc: fix cancellation of topology subscriptions (bnc#1012628).
- tipc: change to check tipc_own_id to return in tipc_net_stop
  (bnc#1012628).
- tipc: allow service ranges to be connect()'ed on RDM/DGRAM
  (bnc#1012628).
- tcp: do not use ipv6 header for ipv4 flow (bnc#1012628).
- sctp: use memdup_user instead of vmemdup_user (bnc#1012628).
- sctp: get sctphdr by offset in sctp_compute_cksum (bnc#1012628).
- rhashtable: Still do rehash when we get EEXIST (bnc#1012628).
- packets: Always register packet sk in the same order
  (bnc#1012628).
- net: usb: aqc111: Extend HWID table by QNAP device
  (bnc#1012628).
- net-sysfs: call dev_hold if kobject_init_and_add success
  (bnc#1012628).
- net: stmmac: fix memory corruption with large MTUs
  (bnc#1012628).
- net: rose: fix a possible stack overflow (bnc#1012628).
- net: phy: meson-gxl: fix interrupt support (bnc#1012628).
- net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
  (bnc#1012628).
- net: datagram: fix unbounded loop in __skb_try_recv_datagram()
  (bnc#1012628).
- net: aquantia: fix rx checksum offload for UDP/TCP over IPv6
  (bnc#1012628).
- mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S
  (bnc#1012628).
- mac8390: Fix mmio access size probe (bnc#1012628).
- ipv6: make ip6_create_rt_rcu return ip6_null_entry instead of
  NULL (bnc#1012628).
- gtp: change NET_UDP_TUNNEL dependency to select (bnc#1012628).
- genetlink: Fix a memory leak on error path (bnc#1012628).
- dccp: do not use ipv6 header for ipv4 flow (bnc#1012628).
- netfilter: nf_tables: fix set double-free in abort path
  (bnc#1012628).
- Bluetooth: Verify that l2cap_get_conf_opt provides large enough
  buffer (bnc#1012628).
- Bluetooth: Check L2CAP option sizes returned from
  l2cap_get_conf_opt (bnc#1012628).
- commit dff56e4
- efifb: Omit memory map check on legacy boot (bsc#1127339).
- commit 0b95959
- Revert "drm/i915/fbdev: Actually configure untiled displays"
  (bsc#1129027, bsc#1131048).
- commit 591a6df
- config: arm64: enable CPPC support
- commit 1a52e49

==== kubernetes ====
Version update (1.13.4 -> 1.14.0)
Subpackages: kubernetes-client kubernetes-common kubernetes-kubeadm kubernetes-kubelet

- Update to version 1.14.0:
  * Full Changelog: https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.14.md
  * kubeadm now auto detects which CRI runtimes are available
  * bump required minimum go version to 1.12.1 (strings package compatibility)
  * Restore machine readability to the print-join-command output
- Remove obsolete patch kubeadm-Support-Kernel-5.0-gh74355.patch
- Remove obsolete patch make-e2e_node-run-over-distro-bins.patch

==== libcontainers-common ====
Version update (20190219 -> 20190401)

- Update to libpod v1.2.0
  * Rootless Podman can now be used with a single UID and GID, without requiring a full 65536 UIDs/GIDs to be allocated in /etc/subuid and /etc/subgid
  * Move pkg/util default storage functions from libpod to containers/storage
- Update to image v1.5
  * Minor behind the scene bugfixes, no user facing changes
- Update to storage v1.12.1
  * Move pkg/util default storage functions from libpod to containers/storage
  * containers/storage no longer depends on containers/image
- Version 20190401

==== libsolv ====
Version update (0.7.3 -> 0.7.4)

- repo_add_rpmdb: do not copy bad solvables from the old solv file
- fix cleandeps updates not updating all packages
- experimental DISTTYPE_CONDA and REL_CONDA support
- bump version to 0.7.4

==== libyajl ====

- Install pkgconfig into libdir instead of datadir with libyajl-pkgconfig.patch
- Use autosetup and cmake_build macro
- Rename macro soname to sover

==== libzypp ====
Version update (17.11.3 -> 17.11.4)

- Enhance scanning /sys for modaliases (bsc#1130161)
- version 17.11.4 (9)
- Prevent SEGV if the application sets an empty TextLocale (bsc#1127026)
- Fix build with CMake >= 3.14.0:
  Starting with CMake 3.14, EXCLUDE_FROM_ALL now spreads from
  directories to targets. 'make -C someSubdir' when 'someSubdir'
  uses the 'EXCLUDE_FROM_ALL' keyword does nothing. (gh/libzypp#libzypp#165)

==== podman ====
Version update (1.1.2 -> 1.2.0)
Subpackages: podman-cni-config

- Update to podman 1.2.0
  * Podman now supports image healthchecks! The podman healthcheck run command was added to manually run healthchecks, and the status of a running healthcheck can be viewed via podman inspect
  * The podman events command was added to show a stream of significant events
  * The podman ps command now supports a --watch flag that will refresh its output on a given interval
  * The podman image tree command was added to show a tree representation of an image's layers
  * The podman logs command can now display logs for multiple containers at the same time
  * The podman exec command can now pass file descriptors to the process being executed in the container via the --preserve-fds option
  * The podman images command can now filter images by reference
  * The podman system df command was added to show disk usage by Podman
  * The --add-host option can now be used by containers sharing a network namespace
  * The podman cp command now has an --extract option to extract the contents of a Tar archive and copy them into the container, instead of copying the archive itself
  * Podman now allows manually specifying the path of the slirp4netns binary for rootless networking via the --network-cmd-path flag
  * Rootless Podman can now be used with a single UID and GID, without requiring a full 65536 UIDs/GIDs to be allocated in /etc/subuid and /etc/subgid
  * The podman runlabel command now supports the --replace option to replace containers using the name requested
  * Infrastructure containers for Podman pods will now attempt to use the image's CMD and ENTRYPOINT instead of a fixed command
  * The podman play kube command now supports the HostPath and VolumeMounts YAML fields
  * Added support to disable creation of resolv.conf or /etc/hosts in containers by specifying --dns=none and --no-hosts, respectively, to podman run and podman create
  * The podman version command now supports the {{ json . }} template (which outputs JSON)
  * Podman can now forward ports using the SCTP protocol
- Update conmon to cri-o 1.14.0
- Stop building for i586 (not supported by upstream, does not build)

==== python-rpm-macros ====
Version update (20190315.d3034bf -> 20190402.c88be49)

- Update to version 20190402.c88be49:
  * Add missing $ expansion on the pytest call

==== update-alternatives ====

- Remove useless uses of rpm.expand
- Fix use of file:close

==== wicked ====
Version update (0.6.53 -> 0.6.54)
Subpackages: libwicked-0-6 wicked-service

- version 0.6.54
- switch to use systemd notify and prevent event backlog at start
  by calling udevadm settle before starting wickedd (bsc#1118206)
- dhcp6: don't discard confirm reply without status (bsc#1127340)
- ethtool: set lro legacy flag and not txvlan (bsc#1123555)
- init memory before use in ioctl
- fsm: fix find pending worker loop segfault (boo#1106809)

==== xen ====
Version update (4.12.0_07 -> 4.12.0_08)

- Update to Xen 4.12.0 FCS release (fate#325107, fate#323901)
  xen-4.12.0-testing-src.tar.bz2
  * HVM/PVH and PV only Hypervisor: The Xen 4.12 release separates
    the HVM/PVH and PV code paths in Xen and provides KCONFIG
    options to build a PV only or HVM/PVH only hypervisor.
  * QEMU Deprivilege (DM_RESTRICT): In Xen 4.12, this feature has
    been vastly improved.
  * Argo - Hypervisor-Mediated data eXchange: Argo is a new inter-
    domain communication mechanism.
  * Improvements to Virtual Machine Introspection: The VMI subsystem
    which allows detection of 0-day vulnerabilities has seen many
    functional and performance improvements.
  * Credit 2 Scheduler: The Credit2 scheduler is now the Xen Project
    default scheduler.
  * PVH Support: Grub2 boot support has been added to Xen and Grub2.
  * PVH Dom0: PVH Dom0 support has now been upgraded from experimental
    to tech preview.
  * The Xen 4.12 upgrade also includes improved IOMMU mapping code,
    which is designed to significantly improve the startup times of
    AMD EPYC based systems.
  * The upgrade also features Automatic Dom0 Sizing which allows the
    setting of Dom0 memory size as a percentage of host memory (e.g.
    10%) or with an offset (e.g. 1G+10%).