Packages changed:
  ceph (14.2.2.354+g8878cf2360 -> 14.2.4.352+g2060e25d1c)
  expat (2.2.7 -> 2.2.8)
  gcc9 (9.2.1+r274709 -> 9.2.1+r275327)
  grub2
  installation-images-MicroOS (14.434 -> 14.435)
  lvm2 (2.02.180 -> 2.03.05)
  lvm2-device-mapper (1.02.149 -> 1.02.163)
  patterns-base
  python-jsonpatch (1.23 -> 1.24)
  python-oauthlib (3.0.2 -> 3.1.0)
  python-psutil (5.6.1 -> 5.6.3)
  python-pyasn1 (0.4.5 -> 0.4.7)
  python-pycryptodome (3.8.2 -> 3.9.0)
  python-pytz
  python-setuptools
  python-urllib3
  timezone (2019b -> 2019c)
  transactional-update (2.15 -> 2.16)
  yast2 (4.2.19 -> 4.2.23)

=== Details ===

==== ceph ====
Version update (14.2.2.354+g8878cf2360 -> 14.2.4.352+g2060e25d1c)
Subpackages: ceph-common libcephfs2 librados2 libradosstriper1 librbd1 librgw2 python3-ceph-argparse python3-cephfs python3-rados python3-rbd python3-rgw

- Update to 14.2.4-352-g2060e25d1c:
  + rebase on top of upstream Nautilus v14.2.4 release, SHA1 75f4de193b3ea58512f204623e6c5a16e6c1e1ba
    for details, see https://ceph.io/releases/v14-2-4-nautilus-released/
- Update to 14.2.3-349-g7b1552ea82:
  + rebase on top of upstream Nautilus v14.2.3 release, SHA1 0f776cf838a1ae3130b2b73dc26be9c95c6ccc39
    for details, see https://ceph.io/releases/v14-2-3-nautilus-released/
  * ceph-volume: prints errors to stdout with --format json (bsc#1132767)
  * mgr/dashboard: Changing rgw-api-host does not get effective without
    disable/enable dashboard mgr module (bsc#1137503)
  * mgr/dashboard: Silence Alertmanager alerts (bsc#1141174)
  * mgr/dashboard: Fix e2e failures caused by webdriver version (bsc#1145759)
  + librbd: always try to acquire exclusive lock when removing image (bsc#1149093)

==== expat ====
Version update (2.2.7 -> 2.2.8)

- Version update to 2.2.8
  * Security fixes: (CVE-2019-15903, bsc#1149429)
  - CVE-2019-15903 -- Fix heap overflow triggered by XML_GetCurrentLineNumber
    (or XML_GetCurrentColumnNumber), and deny internal entities closing the doctype;
  * Bug fixes:
  - Fix cases where XML_StopParser did not have any effect
    when called from inside of an end element handler
  - xmlwf: Fix exit code for operation without "-d DIRECTORY";
    previously, only "-d DIRECTORY" would give you a proper exit code:
    Now both cases return exit code 2.
  * Other changes:
  - examples: Improve elements.c
  - Autotools: Add argument --enable-xml-attr-info
  - Autotools: Add arguments --with-getrandom --without-getrandom --with-sys-getrandom --without-sys-getrandom
  - Autotools: Fix linking issues with "./configure LD=clang"
  - Autotools: Fix "make run-xmltest" for out-of-source builds
  - CMake: Pull all options from Expat <=2.2.7 into namespace
  - CMake: Add argument -DEXPAT_ATTR_INFO=(ON|OFF), default OFF
  - CMake: Add argument -DEXPAT_LARGE_SIZE=(ON|OFF), default OFF
  - CMake: Add argument -DEXPAT_MIN_SIZE=(ON|OFF), default OFF
  - CMake: Add arguments -DEXPAT_WITH_GETRANDOM=(ON|OFF|AUTO), default AUTO
  - CMake: Add arguments -DEXPAT_WITH_SYS_GETRANDOM=(ON|OFF|AUTO), default AUTO
  - CMake: Install expat_config.h to include directory
  - CMake: Generate and install configuration files for future find_package(expat [..] CONFIG [..])
  - CMake: Now produces a summary of applied configuration
  - CMake: Require C++ compiler only when tests are enabled
  - CMake: Fix compilation for 16bit character types, i.e. ex -DXML_UNICODE=ON (and ex -DXML_UNICODE_WCHAR_T=ON)
  - CMake: Port "make run-xmltest" from GNU Autotools to CMake
  - CMake: Integrate OSS-Fuzz fuzzers, option -DEXPAT_BUILD_FUZZERS=(ON|OFF), default OFF
- Removed patches fixed in the update:
  * expat-CVE-2019-15903.patch
  * expat-CVE-2019-15903-tests.patch
- Security fix (CVE-2019-15903, bsc#1149429)
  * Crafted XML input results in heap-based buffer over-read by fooling
    the parser into changing from DTD parsing to document parsing
  * Added patches:
  - expat-CVE-2019-15903.patch
  - expat-CVE-2019-15903-tests.patch

==== gcc9 ====
Version update (9.2.1+r274709 -> 9.2.1+r275327)
Subpackages: libgcc_s1 libstdc++6

- Add gcc9-pr91772.patch and gcc9-pr91763.patch to fix fallout
  of gcc9-autodetect-g-at-lto-link.patch.
- Add gcc9-autodetect-g-at-lto-link.patch.  [bsc#1149995]
- Reorder things in cross.spec.in so the Version define comes before
  the first use of %version.
- Revert removal of defattr, it breaks building on SLES12.
- Update to gcc-9-branch head (r275327).
  * Pulls fix for POWER9 DARN miscompilation.
    (bsc#1149145, CVE-2019-15847)
- Rework shared spec file parts to allow custom Summary and
  Description for cross compilers.  Clarify their Summary
  and Description.  [bsc#1148517]
- Replace old $RPM_* shell vars by macros (where possible).
- Drop defattr and BuildRoot.

==== grub2 ====
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi

- Fix fallback embed doesn't work when no post mbr gap at all (boo#1142229)
  * Refresh grub2-setup-try-fs-embed-if-mbr-gap-too-small.patch

==== installation-images-MicroOS ====
Version update (14.434 -> 14.435)

- fix sshd location so that it works with fips enabled (bsc#1140169)
- 14.435

==== lvm2 ====
Version update (2.02.180 -> 2.03.05)

- Update lvm2.spec: make baselibs.conf to a common source.
- Avoid creation of mixed-blocksize PV on LVM volume groups (bsc#1149408)
  + bug-1149408_Fix-rounding-writes-up-to-sector-size.patch
  + bug-1149408_vgcreate-vgextend-restrict-PVs-with-mixed-block-size.patch
- Update lvm.conf files
  - add devices/allow_mixed_block_sizes item
- Update to LVM2.2.03.05
  - To drop lvm2-clvm and lvm2-cmirrord rpms (jsc#PM-1324)
  - Fix Out of date package (bsc#1111734)
  - Fix occasional slow shutdowns with kernel 5.0.0 and up (bsc#1137648)
  - Remove clvmd
  - Remove lvmlib (api)
  - Remove lvmetad
- Drop patches that have been merged into upstream
  - bug-1114113_metadata-prevent-writing-beyond-metadata-area.patch
  - bug-1137296_pvremove-vgextend-fix-using-device-aliases-with-lvmetad.patch
  - bug-1135984_cache-support-no_discard_passdown.patch
- Drop patches that have been nonexist/unsupport in upstream
  - bsc1080299-detect-clvm-properly.patch
  - bug-998893_make_pvscan_service_after_multipathd.patch
  - bug-978055_clvmd-try-to-refresh-device-cache-on-the-first-failu.patch
  - bug-950089_test-fix-lvm2-testsuite-build-error.patch
  - bug-1072624_test-lvmetad_dump-always-timed-out-when-using-nc.patch
  - tests-specify-python3-as-the-script-interpreter.patch
- Update spec files
  - merge device-mapper, lvm2-lockd, lvm2 into one spec file
  - clvmd/lvmlib (api)/lvmetad had been removed, so delete related context in spec file
- Update lvm.conf files
  - remove all lvmetad lines/keywords
  - add event_activation
  - remove fallback_to_lvm1 & related items
  - remove locking_type/fallback_to_clustered_locking/fallback_to_local_locking items
  - remove locking_library item
  - remove all special filter rules

==== lvm2-device-mapper ====
Version update (1.02.149 -> 1.02.163)
Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03

- Update lvm2.spec: make baselibs.conf to a common source.
- Avoid creation of mixed-blocksize PV on LVM volume groups (bsc#1149408)
  + bug-1149408_Fix-rounding-writes-up-to-sector-size.patch
  + bug-1149408_vgcreate-vgextend-restrict-PVs-with-mixed-block-size.patch
- Update lvm.conf files
  - add devices/allow_mixed_block_sizes item
- Update to LVM2.2.03.05
  - To drop lvm2-clvm and lvm2-cmirrord rpms (jsc#PM-1324)
  - Fix Out of date package (bsc#1111734)
  - Fix occasional slow shutdowns with kernel 5.0.0 and up (bsc#1137648)
  - Remove clvmd
  - Remove lvmlib (api)
  - Remove lvmetad
- Drop patches that have been merged into upstream
  - bug-1114113_metadata-prevent-writing-beyond-metadata-area.patch
  - bug-1137296_pvremove-vgextend-fix-using-device-aliases-with-lvmetad.patch
  - bug-1135984_cache-support-no_discard_passdown.patch
- Drop patches that have been nonexist/unsupport in upstream
  - bsc1080299-detect-clvm-properly.patch
  - bug-998893_make_pvscan_service_after_multipathd.patch
  - bug-978055_clvmd-try-to-refresh-device-cache-on-the-first-failu.patch
  - bug-950089_test-fix-lvm2-testsuite-build-error.patch
  - bug-1072624_test-lvmetad_dump-always-timed-out-when-using-nc.patch
  - tests-specify-python3-as-the-script-interpreter.patch
- Update spec files
  - merge device-mapper, lvm2-lockd, lvm2 into one spec file
  - clvmd/lvmlib (api)/lvmetad had been removed, so delete related context in spec file
- Update lvm.conf files
  - remove all lvmetad lines/keywords
  - add event_activation
  - remove fallback_to_lvm1 & related items
  - remove locking_type/fallback_to_clustered_locking/fallback_to_local_locking items
  - remove locking_library item
  - remove all special filter rules

==== patterns-base ====
Subpackages: patterns-base-apparmor patterns-base-minimal_base

- Added snapper back to base pattern as recommended package, the
  workaround for boo#1151148

==== python-jsonpatch ====
Version update (1.23 -> 1.24)

- Update to 1.24:
  * test with python 3.8

==== python-oauthlib ====
Version update (3.0.2 -> 3.1.0)

- Update to 3.1.0:
  * OAuth2.0 Provider - Features * #660: OIDC add support of nonce, c_hash, at_hash fields
  * #677: OIDC add UserInfo endpoint - New RequestValidator.get_userinfo_claims method
  * #666: Disabling query parameters for POST requests

==== python-psutil ====
Version update (5.6.1 -> 5.6.3)

- Add patch to skip more tests that won't work in OBS:
  * skip-obs.patch
- Update to 5.6.3:
  * 1494: [AIX] added support for Process.environ(). (patch by Arnon Yaari)
  * 1276: [AIX] can't get whole cmdline(). (patch by Arnon Yaari)
  * 1501_: [Windows] Process cmdline() and exe() raise unhandled "WinError 1168 element not found" exceptions for "Registry" and "Memory Compression" psuedo processes on Windows 10.
  * 1526_: [NetBSD] process cmdline() could raise MemoryError. (patch by Kamil Rytarowski)
- Update to 5.6.2:
  * 1404: [Linux] cpu_count(logical=False) uses a second method (read from /sys/devices/system/cpu/cpu[0-9]/topology/core_id) in order to determine the number of physical CPUs in case /proc/cpuinfo does not provide this info.
  * 1458: provide coloured test output. Also show failures on KeyboardInterrupt.
  * 1464: various docfixes (always point to python3 doc, fix links, etc.).
  * 1478: add make command to re-run tests failed on last run.
  * 1456: [Linux] cpu_freq() returns None instead of 0.0 when min/max not available (patch by Alex Manuskin)
  * 1462: [Linux] (tests) make tests invariant to LANG setting (patch by Benjamin Drung)
  * 1463: cpu_distribution.py script was broken.
  * 1470: [Linux] disk_partitions(): fix corner case when /etc/mtab doesn't exist. (patch by Cedric Lamoriniere)
  * 1472: [Linux] cpu_freq() does not return all CPUs on Rasbperry-pi 3.
  * 1493: [Linux] cpu_freq(): handle the case where /sys/devices/system/cpu/cpufreq/ exists but is empty.

==== python-pyasn1 ====
Version update (0.4.5 -> 0.4.7)

- Update to 0.4.7:
  * Many bugfixes all around, see CHANGES.rst

==== python-pycryptodome ====
Version update (3.8.2 -> 3.9.0)

- Update to 3.9.0:
  * Add support for loading PEM files encrypted with AES256-CBC.
  * Add support for XChaCha20 and XChaCha20-Poly1305 ciphers.
  * Add support for bcrypt key derivation function (Crypto.Protocol.KDF.bcrypt).
  * Add support for left multiplication of an EC point by a scalar.
  * Add support for importing ECC and RSA keys in the new OpenSSH format.

==== python-pytz ====

- Add versioned dependency on timezone database to ensure the
  correct data is installed
- Remove system_zoneinfo.patch, and instead add a symlink to the
  system timezone database
- Replace unnecessary pytest, adding a missing __init__.py in the
  tests to allow the test suite to work on Python 2.7 without pytest

==== python-setuptools ====

- Define LANG in %check to fix openSUSE/SLE 15 testsuite

==== python-urllib3 ====

- Use have/skip_python2/3 macros to allow building only one flavour

==== timezone ====
Version update (2019b -> 2019c)

- timezone update 2019c (bsc#1150451)
  * Fiji observes DST from 2019-11-10 to 2020-01-12.
  * Norfolk Island starts observing Australian-style DST.

==== transactional-update ====
Version update (2.15 -> 2.16)
Subpackages: transactional-update-zypp-config

- Update to version 2.16
  - Use default command if options, but no command was given [boo#1146116]
  - Make sure only one process appears in `ps` output [boo#1111897]
  - Move update check: If a new repository is added (and
    ZYPPER_AUTO_IMPORT_KEYS is set) adding the new repository key won't fail
    any more
  - Avoid unnecessary snapshots / reboots by detecting zypper operations
    without changes more reliably (e.g. when installing an already installed
    package)
  - Update the manpage accordingly
  - Bugfixes:
  - Ignore commented lines in fstab when checking for shadowed files
  - Avoid warning when copying network config
- Remove Perl dependency
- Building documentation requires Python 3 now

==== yast2 ====
Version update (4.2.19 -> 4.2.23)

- Use "display_name" tag for the product label, "label" marks a
  translatable text (jsc#SLE-7214)
- 4.2.23
- Added support for reading products from control.xml file
  (jsc#SLE-7104)
- 4.2.22
- support reading licenses from tar archive (jsc#SLE-7214)
- 4.2.21
- Fix a problem when long warnings reports in command line
  (bsc#1149776).
- 4.2.20