Packages changed:
  boost-base
  ca-certificates-mozilla
  dracut (049+git115.c2d8d6fb -> 049+git116.e9995c78)
  fuse3 (3.8.0 -> 3.9.0)
  gcc9 (9.2.1+r275327 -> 9.2.1+r279103)
  gpg2 (2.2.18 -> 2.2.19)
  grub2
  haproxy (2.0.10+git14.7caf150a -> 2.1.1+git0.4ae521379)
  iptables (1.8.3 -> 1.8.4)
  kdump
  ldb
  less
  libsolv (0.7.9 -> 0.7.10)
  libssh (0.9.2 -> 0.9.3)
  libxml2
  libzypp (17.17.0 -> 17.20.0)
  lvm2
  lvm2-device-mapper
  mokutil
  openssl-1_1
  p11-kit
  patterns-base
  policycoreutils
  python-requests
  reg (0.16.0 -> 0.16.1)
  salt
  slirp4netns (0.4.2 -> 0.4.3)
  sssd
  xen (4.13.0_03 -> 4.13.0_04)

=== Details ===

==== boost-base ====
Subpackages: boost-license1_71_0 libboost_thread1_71_0

- Remove hardcoded abiflags (%py3_abiflags is not available for 3
  years), use python3-config instead. Fixes build with Python 3.8.

==== ca-certificates-mozilla ====

- make sure p11-kit with patches is installed on SLE (boo#1154871)

==== dracut ====
Version update (049+git115.c2d8d6fb -> 049+git116.e9995c78)
Subpackages: dracut-ima

- Update to version 049+git116.e9995c78:
  * dracut.spec: add convertfs module correctly (boo#1158777)

==== fuse3 ====
Version update (3.8.0 -> 3.9.0)

- Update to version 3.9.0
  * Added support for FUSE_EXPLICIT_INVAL_DATA to enable onl
    invalidate cached pages on explicit request.

==== gcc9 ====
Version update (9.2.1+r275327 -> 9.2.1+r279103)
Subpackages: libgcc_s1 libstdc++6

- Update to gcc-9-branch head (r279103).
  * Includes gcc9-pr91772.patch
- Refresh gcc48-remove-mpfr-2.4.0-requirement.patch to apply
  again.
- Use new license and header also in gcc.spec.in to reduce churn
  with format_spec_file.
- Use BuildRoot tag again for old distros (SLE-11).
- Make cross-arm-gcc a gcc_icecream cross.  Remove the disabling
  of debuginfo stripping.  [bsc#1152590]

==== gpg2 ====
Version update (2.2.18 -> 2.2.19)

- update to 2.2.19:
  * gpg: Fix double free when decrypting for hidden recipients
  * gpg: Use auto-key-locate for encryption even for mail addressed
    given with angle brackets
  * gpgsm: Add special case for certain expired intermediate
    certificates

==== grub2 ====
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi

- Correct awk pattern in 20_linux_xen (bsc#900418, bsc#1157912)
- Correct linux and initrd handling in 20_linux_xen (bsc#1157912)
  M grub2-efi-xen-cfg-unquote.patch
  M grub2-efi-xen-chainload.patch
  M grub2-efi-xen-cmdline.patch
  M grub2-efi-xen-removable.patch

==== haproxy ====
Version update (2.0.10+git14.7caf150a -> 2.1.1+git0.4ae521379)

- Update to version 2.1.1+git0.4ae521379:
  * [RELEASE] Released version 2.1.1
  * BUILD/MINOR: unix sockets: silence an absurd gcc warning about strncpy()
  * BUG/MINOR: listener: fix off-by-one in state name check
  * BUG/MINOR: server: make "agent-addr" work on default-server line
  * BUG/MINOR: listener: do not immediately resume on transient error
  * BUG/MINOR: mworker: properly pass SIGTTOU/SIGTTIN to workers
  * BUG/MINOR: log: fix minor resource leaks on logformat error path
  * DOC: remove references to the outdated architecture.txt
  * DOC: proxies: HAProxy only supports 3 connection modes
  * BUG/MINOR: tasks: only requeue a task if it was already in the queue
  * DOC: listeners: add a few missing transitions
- Update to version 2.1.0+git33.8e4a62508:
  * BUG/MEDIUM: proto_udp/threads: recv() and send() must not be exclusive.
  * BUG/MAJOR: dns: add minimalist error processing on the Rx path
  * BUG/MEDIUM: kqueue: Make sure we report read events even when no data.
  * DOC: document the listener state transitions
  * BUG/MEDIUM: listener/threads: fix a remaining race in the listener's accept()
  * BUG/MINOR: listener: also clear the error flag on a paused listener
  * BUG/MINOR: listener/threads: always use atomic ops to clear the FD events
  * BUG/MINOR: proxy: make soft_stop() also close FDs in LI_PAUSED state
  * BUG/MEDIUM: mux-fcgi: Handle cases where the HTX EOM block cannot be inserted
  * BUG/MINOR: mux-h1: Be sure to set CS_FL_WANT_ROOM when EOM can't be added
- Update to version 2.1.0+git23.e77b108cd:
  * BUG/MEDIUM: checks: Make sure we set the task affinity just before connecting.
  * BUG/MEDIUM: tasks: Make sure we switch wait queues in task_set_affinity().

==== iptables ====
Version update (1.8.3 -> 1.8.4)
Subpackages: libip4tc2 libip6tc2 libxtables12 xtables-plugins

- Update to release 1.8.4
  * Fix for wrong counter format in `ebtables-nft-save -c` output.
  * Print typical iptables-save comments in arptables- and
    ebtables-save, too.
  * xt_owner: add --suppl-groups option
  * Remove support for /etc/xtables.conf
  * Restore support for "-4" and "-6" options in rule lines.

==== kdump ====

- kdump-calibrate-Update-values.patch: calibrate: Update values
  (bsc#1130529).
- kdump-prefer-by-path-and-device-mapper.patch: Prefer by-path and
  device-mapper aliases over kernel device names (bsc#1101149,
  LTC#168532).
- kdump-powerpc-no-reload-on-CPU-removal.patch: powerpc: Do not
  reload on CPU hot removal (bsc#1133407, LTC#176111).
- kdump-Add-force-option-to-KDUMP_NETCONFIG.patch: Add ":force"
  option to KDUMP_NETCONFIG (bsc#1108919).
- kdump-Add-fence_kdump_send-when-fence-agents-installed.patch: Add
  fence_kdump_send when fence-agents installed (bsc#1108919).
- kdump-FENCE_KDUMP_SEND-variable.patch: Use var for path of
  fence_kdump_send and remove the unnecessary PRESCRIPT check
  (bsc#1108919).
- kdump-Document-fence_kdump_send.patch: Document kdump behaviour
  for fence_kdump_send (bsc#1108919).
- kdump-nss-modules.patch: Improve the handling of NSS
  (bsc#1021846).
- kdump-skip-mounts-if-no-proc-vmcore.patch: Skip kdump-related
  mounts if there is no /proc/vmcore (bsc#1102252, bsc#1125011).
- kdump-clean-up-kdump-mount-points.patch: Make sure that kdump
  mount points are cleaned up (bsc#1102252, bsc#1125011).
- kdump-Clean-up-the-use-of-current-vs-boot-network-iface.patch:
  Clean up the use of current vs. boot network interface names
  (bsc#1094444, bsc#1116463, bsc#1141064).
- kdump-Use-a-custom-namespace-for-physical-NICs.patch: Use a
  custom namespace for physical NICs (bsc#1094444, bsc#1116463,
  bsc#1141064).
- kdump-preserve-white-space.patch: Preserve white space when
  removing kernel command line options (bsc#1117652).

==== ldb ====

- Add obsolete ldb1 directive to baselibs.conf

==== less ====

- Move lesskey* from /etc to /usr/etc

==== libsolv ====
Version update (0.7.9 -> 0.7.10)

- fix solv_zchunk decoding error if large chunks are used
  [bnc#1159314]
- build with -DENABLE_RPMDB_LIBRPM=1 on SUSE to support
  multiple rpm database backends
- added two new function to make libzypp independent of the rpm
  database format
- bump version to 0.7.10

==== libssh ====
Version update (0.9.2 -> 0.9.3)
Subpackages: libssh-config libssh4

- Update to version 0.9.3
  * Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution
  * SSH-01-003 Client: Missing NULL check leads to crash in erroneous state
  * SSH-01-006 General: Various unchecked Null-derefs cause DOS
  * SSH-01-007 PKI Gcrypt: Potential UAF/double free with RSA pubkeys
  * SSH-01-010 SSH: Deprecated hash function in fingerprinting
  * SSH-01-013 Conf-Parsing: Recursive wildcards in hostnames lead to DOS
  * SSH-01-014 Conf-Parsing: Integer underflow leads to OOB array access
  * SSH-01-001 State Machine: Initial machine states should be set explicitly
  * SSH-01-002 Kex: Differently bound macros used to iterate same array
  * SSH-01-005 Code-Quality: Integer sign confusion during assignments
  * SSH-01-008 SCP: Protocol Injection via unescaped File Names
  * SSH-01-009 SSH: Update documentation which RFCs are implemented
  * SSH-01-012 PKI: Information leak via uninitialized stack buffer
- Rename suffix define to pkg_suffix: rpm 4.15 has suffix reserved
  for internal use.

==== libxml2 ====
Subpackages: libxml2-2 libxml2-tools

- Build python2 and python3 bindings in separate flavors. As
  python3-libxml2 is a dependency of e.g. itstools and thus many
  other packages these packages no longer have a build dependency
  on python2. Breaks a build loop for python2.

==== libzypp ====
Version update (17.17.0 -> 17.20.0)

- BuildRequires:  libsolv-devel >= 0.7.10.
- RpmDb: Become rpmdb backend independent (jsc#SLE-7272)
- RpmDb: Close API offering a custom rpmdb path
  It's actually not needed and for this to work also libsolv needs
  to support it. You can sill use a librpmDb::db_const_iterator to
  access a database at a custom location (ro).
- Remove legacy rpmV3database conversion code.
- version 17.20.0 (20)
- MediaCurl: assert cookie file has mode 0600 (bsc#1158763, CVE-2019-18900)
- version 17.19.0 (12)
- dup: fix removing orphaned packages dropped by to-be-installed
  products (bsc#1155819)
- version 17.18.1 (12)
- Resolver: add solution actions for SOLVER_SOLUTION_BLACK
  (retracted/PTF)
- Solvable: add isRetracted and isPtf attributes.
- version 17.18.0 (12)

==== lvm2 ====
Subpackages: liblvm2cmd2_03

- backport patches for lvm2 to avoid software abnormal work (bsc#1158861)
  + bug-1158861_01-config-remove-filter-typo.patch
  + bug-1158861_02-config-Fix-default-option-which-makes-no-sense.patch
  + bug-1158861_03-vgchange-don-t-fail-monitor-command-if-vg-is-exporte.patch
  + bug-1158861_04-fix-duplicate-pv-size-check.patch
  + bug-1158861_05-hints-fix-copy-of-filter.patch
  + bug-1158861_06-fix-segfault-for-invalid-characters-in-vg-name.patch
  + bug-1158861_07-vgck-let-updatemetadata-repair-mismatched-metadata.patch
  + bug-1158861_08-hints-fix-mem-leaking-buffers.patch
  + bug-1158861_09-pvcreate-pvremove-fix-reacquiring-global-lock-after.patch
- backport upstream patches for passing lvm2 testsuite (bsc#1158628)
  + bug-1158628_01-tests-replaces-grep-q-usage.patch
  + bug-1158628_02-tests-fix-ra-checking.patch
  + bug-1158628_03-tests-simplify-some-var-settings.patch
  + bug-1158628-04-pvmove-correcting-read_ahead-setting.patch
  + bug-1158628_05-activation-add-synchronization-point.patch
  + bug-1158628_06-pvmove-add-missing-synchronization.patch
  + bug-1158628_07-activation-extend-handling-of-pending_delete.patch
  + bug-1158628_08-lv_manip-add-synchronizations.patch
  + bug-1158628_09-lvconvert-improve-validation-thin-and-cache-pool-con.patch
  + bug-1158628_10-thin-activate-layer-pool-aas-read-only-LV.patch
  + bug-1158628_11-tests-mdadm-stop-in-test-cleanup.patch
  + bug-1158628_12-test-increase-size-of-raid10-LV-allowing-tests-to-su.patch
  + bug-1158628_13-lvconvert-fix-return-value-when-zeroing-fails.patch
  + bug-1158628_14-tests-add-extra-settle.patch
  + bug-1158628_15-test-Fix-handling-leftovers-from-previous-tests.patch
  - bug-1043040_test-fix-read-ahead-issues-in-test-scripts.patch

==== lvm2-device-mapper ====
Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03

- backport patches for lvm2 to avoid software abnormal work (bsc#1158861)
  + bug-1158861_01-config-remove-filter-typo.patch
  + bug-1158861_02-config-Fix-default-option-which-makes-no-sense.patch
  + bug-1158861_03-vgchange-don-t-fail-monitor-command-if-vg-is-exporte.patch
  + bug-1158861_04-fix-duplicate-pv-size-check.patch
  + bug-1158861_05-hints-fix-copy-of-filter.patch
  + bug-1158861_06-fix-segfault-for-invalid-characters-in-vg-name.patch
  + bug-1158861_07-vgck-let-updatemetadata-repair-mismatched-metadata.patch
  + bug-1158861_08-hints-fix-mem-leaking-buffers.patch
  + bug-1158861_09-pvcreate-pvremove-fix-reacquiring-global-lock-after.patch
- backport upstream patches for passing lvm2 testsuite (bsc#1158628)
  + bug-1158628_01-tests-replaces-grep-q-usage.patch
  + bug-1158628_02-tests-fix-ra-checking.patch
  + bug-1158628_03-tests-simplify-some-var-settings.patch
  + bug-1158628-04-pvmove-correcting-read_ahead-setting.patch
  + bug-1158628_05-activation-add-synchronization-point.patch
  + bug-1158628_06-pvmove-add-missing-synchronization.patch
  + bug-1158628_07-activation-extend-handling-of-pending_delete.patch
  + bug-1158628_08-lv_manip-add-synchronizations.patch
  + bug-1158628_09-lvconvert-improve-validation-thin-and-cache-pool-con.patch
  + bug-1158628_10-thin-activate-layer-pool-aas-read-only-LV.patch
  + bug-1158628_11-tests-mdadm-stop-in-test-cleanup.patch
  + bug-1158628_12-test-increase-size-of-raid10-LV-allowing-tests-to-su.patch
  + bug-1158628_13-lvconvert-fix-return-value-when-zeroing-fails.patch
  + bug-1158628_14-tests-add-extra-settle.patch
  + bug-1158628_15-test-Fix-handling-leftovers-from-previous-tests.patch
  - bug-1043040_test-fix-read-ahead-issues-in-test-scripts.patch

==== mokutil ====

- Add build for ppc64/ppc64le

==== openssl-1_1 ====
Subpackages: libopenssl1_1

- Security fix: [bsc#1158809, CVE-2019-1551]
  * Overflow bug in the x64_64 Montgomery squaring procedure used
    in exponentiation with 512-bit moduli
- Add openssl-1_1-CVE-2019-1551.patch

==== p11-kit ====
Subpackages: libp11-kit0 p11-kit-tools

- Also build documentation (boo#1013125)

==== patterns-base ====
Subpackages: patterns-base-apparmor patterns-base-minimal_base

- Disable purge-kernels-service dependency for now: dracut has not
  yet been updated to no longer ship the service file.
- Support multiversion(kernel) with purge-kernels.service separated from dracut
  (jsc#SLE-10162, jsc#SLE-10465).

==== policycoreutils ====
Subpackages: python3-policycoreutils

- Added chcat_join.patch to prevent joining non-existing categories
  (bsc#1159262)

==== python-requests ====

- Remove python-urllib3, python-certifi and ca-certificates from
  main package BuildRequires, not required for building.
- Do not require full python, (implicit) python-base is sufficient.

==== reg ====
Version update (0.16.0 -> 0.16.1)

- Update to version 0.16.1
  - Update vendor
  - Adds support for passing a context with all http requests

==== salt ====
Subpackages: python3-salt salt-master salt-minion salt-standalone-formulas-configuration

- Add missing bugzilla references:
  Properly handle colons in inline dicts with yamlloader (bsc#1095651)
  Fix corrupt public key with m2crypto python3 (bsc#1099323)
  Add missing dateutils import (bsc#1099945)
  Fix UnicodeDecodeError using is_binary check (bsc#1100225)
  Prevent payload crash on decoding binary data (bsc#1100697)
  Fix file.blockreplace to avoid throwing IndexError (bsc#1101812)
  Add API log rotation on SUSE package (bsc#1102218)
  Fix wrong recurse behavior on for linux_acl.present (bsc#1106164)
  Handle anycast IPv6 addresses on network.routes (bsc#1114474)
  Crontab module fix: file attributes option missing (bsc#1114824)
  Add metadata to accepted keyword arguments (bsc#1122680)
  Bugfix: properly refresh pillars (bsc#1125015)
- xfs: do not fail if type is not present (bsc#1153611)
- Added:
  * xfs-do-not-fails-if-type-is-not-present.patch
- Don't use __python indirection macros on spec file
  %__python is no longer defined in RPM 4.15 (python2 is going EOL in Jan 2020);
  additionally, python/python3 are just binaries in the path.
- Fix errors when running virt.get_hypervisor function
- Added:
  * fix-virt.get_hypervisor-188.patch
- Align virt.full_info fixes with upstream Salt
- Let salt-ssh use platform-python on RHEL8 (bsc#1158441)
- Added:
  * align-virt-full-info-fixes-with-upstream-192.patch
  * let-salt-ssh-use-platform-python-binary-in-rhel8-191.patch
- Fix StreamClosedError issue (bsc#1157479)
- Added:
  * fix-batch_async-obsolete-test.patch
  * fixing-streamclosed-issue.patch

==== slirp4netns ====
Version update (0.4.2 -> 0.4.3)

- Update to 0.4.3
  * api: raise an error if the socket path is too long
  * libslirp: update to v4.1.0: Including the fix for libslirp
    sends RST to app in response to arriving FIN when containerized
    socket is shutdown() with SHUT_WR
  * Fix create_sandbox error

==== sssd ====
Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap

- Install infopipe dbus service (bsc#1106598)
- Add systemd service unit files to manage socket or bus activated responders.
- All responders except infopipe are also managed by a socket unit file.
- Add missing post and postun hooks for libsss_certmap0 package.

==== xen ====
Version update (4.13.0_03 -> 4.13.0_04)

- bsc#1159320 - Xen logrotate file needs updated
  logrotate.conf
- Update to Xen 4.13.0 FCS release
  xen-4.13.0-testing-src.tar.bz2
  * Core Scheduling (contributed by SUSE)
  * Branch hardening to mitigate against Spectre v1 (contributed by Citrix)
  * Late uCode loading (contributed by Intel)
  * Improved live-patching build tools (contributed by AWS)
  * OP-TEE support (contributed by EPAM)
  * Renesas R-CAR IPMMU-VMSA driver (contributed by EPAM)
  * Dom0-less passthrough and ImageBuilder (contributed by XILINX)
  * Support for new Hardware
- Update to Xen 4.13.0 RC4 release
  xen-4.13.0-testing-src.tar.bz2
- Rebase libxl.pvscsi.patch