Packages changed:
  ca-certificates-mozilla (2.30 -> 2.34)
  gcc9 (9.1.1+r273734 -> 9.1.1+r274111)
  krb5
  kubernetes
  open-iscsi
  patterns-base
  patterns-microos
  python-pytz (2019.1 -> 2019.2)
  sysconfig (0.85.2 -> 0.85.3)
  system-users
  yast2 (4.2.17 -> 4.2.18)

=== Details ===

==== ca-certificates-mozilla ====
Version update (2.30 -> 2.34)

- update to 2.34 state of the Mozilla NSS Certificate store (bsc#1144169)
- Removed CAs:
  - Certinomis - Root CA
- includes added root CAs from the 2.32 version:
  - emSign ECC Root CA - C3 (email and server auth)
  - emSign ECC Root CA - G3 (email and server auth)
  - emSign Root CA - C1 (email and server auth)
  - emSign Root CA - G1 (email and server auth)
  - Hongkong Post Root CA 3 (server auth)

==== gcc9 ====
Version update (9.1.1+r273734 -> 9.1.1+r274111)
Subpackages: libgcc_s1 libstdc++6

- Enable cross compilers on riscv64
- Update to gcc-9-branch head (r274111).
  * GCC 9.2 RC1.
- Remove bogus fixed include bits/statx.h from glibc 2.30.  [gcc#91085]
- Update to gcc-9-branch head (r273795):
  * Includes fix for LTO linker plugin heap overflow.
    (bsc#1142649, CVE-2019-14250)
- Add systemtap-headers BuildRequires.  [bsc#1142654]

==== krb5 ====

- Integrate pam_keyinit pam module, ksu-pam.d; (bsc#1081947);
  (bsc#1144047);

==== kubernetes ====
Subpackages: kubernetes-client kubernetes-kubeadm kubernetes-kubelet

- Relax kubeadm requirements. Kubeadm accepts working with a previous
  version of kubelet and this is important for performing upgrades.
  See https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-1-15/
- Previous update to version 1.15.2 fixed:
  * bsc#1144507: CVE-2019-11249 (incomplete fixes for CVE-2019-1002101 and CVE-2019-11246)
  * bsc#1142423: CVE-2019-11247: kubernetes: mistaken allowing access to cluster resources

==== open-iscsi ====
Subpackages: iscsiuio libopeniscsiusr0_2_0

- Disable LTO (Link Time Optimization) on aarch64 since it seems
  to fail -- iscsiadm core dumps almost immediately (bsc#1143192),
  updating the SPEC file.

==== patterns-base ====
Subpackages: patterns-base-apparmor patterns-base-minimal_base

- use journal by default (boo#1143144)
- Add openSUSE Welcome to be included in the x11_enhanced pattern.
- Drop google-roboto-fonts recommends: nothing really depends on
  it and roboto is not used as default font in any openSUSE setup
  (boo#1144135).

==== patterns-microos ====
Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-basesystem patterns-microos-cloud patterns-microos-defaults patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap

- MicroOS base: remove update-checker, the only on openSUSE usefull
  functionality (orphaned packages) does not work due a zypper bug.
- Add zypper-needs-restarting to MicroOS base pattern

==== python-pytz ====
Version update (2019.1 -> 2019.2)

- update to 2019.2
  * IANA 2019b
  * Defer generating case-insensitive lookups

==== sysconfig ====
Version update (0.85.2 -> 0.85.3)
Subpackages: sysconfig-netconfig

- version 0.85.3
- boo#1123699: Use systemd's tmpfile mechanism to create the
  symlink infrastructure for resolv.conf and yp.conf early during
  boot.

==== system-users ====
Subpackages: system-group-hardware system-group-wheel system-user-bin system-user-daemon system-user-nobody

- Remove s390 groups again. The s390-tools maintainer wants to add groups in
  s390-tools manually.
- Add system-user-tftp subpackage with tftp user and group and
  /srv/tftpboot as home directory [bsc#1143454].

==== yast2 ====
Version update (4.2.17 -> 4.2.18)

- Remove the obsolete XVersion API (bsc#1144627).
- Detect missing textdomain during testing (bsc#1130822)
- 4.2.18