Packages changed:
  ding-libs
  e2fsprogs (1.45.1 -> 1.45.2)
  elfutils
  file (5.36 -> 5.37)
  gettext-runtime
  iptables (1.8.2 -> 1.8.3)
  kexec-tools
  libidn2 (2.1.1 -> 2.2.0)
  libnftnl (1.1.2 -> 1.1.3)
  libselinux
  libssh
  numactl
  podman (1.3.1 -> 1.4.0)
  shadow
  sqlite3 (3.27.2 -> 3.28.0)
  tar (1.31 -> 1.32)
  thin-provisioning-tools (0.7.6 -> 0.8.3)
  xz

=== Details ===

==== ding-libs ====
Subpackages: libbasicobjects0 libcollection4 libdhash1 libini_config5 libpath_utils1 libref_array1

- Update to 0.6.1:
  * No upstream changelog
- Update URL
  * Remove the git link info as it 404 atm
- Add patches from upstream to fix ini behaviour:
  * INI-Fix-detection-of-error-messages.patch
  * INI-Silence-ini_augment-match-failures.patch
  * TEST-validators_ut_check-Fix-fail-with-new-glibc.patch

==== e2fsprogs ====
Version update (1.45.1 -> 1.45.2)
Subpackages: libcom_err2 libext2fs2

- Package e2scrub unit files and separate scrubbing bits into a separate
  subpackage e2fsprogs-scrub
- Update to 1.45.2
  * Fixed e2scrub_all issues running from cron
  * When mke2fs asks to proceed, fall back on English Y/y
  * Fix spurious complaint of blocks beyond i_size
  * Fixed 'make install' failure when the cron.d dir doesn't exist

==== elfutils ====
Subpackages: libasm1 libdw1 libebl-plugins libelf1

- Update License tag to GPL-3.0-or-later, as requested by legal
  review.
- Add fix-bsc-1110929.diff [bsc#1110929]

==== file ====
Version update (5.36 -> 5.37)
Subpackages: file-magic libmagic1

- Update to file version 5.37
  * Make sure that continuation separators are printed
    with -k within softmagic
  * Change SIGPIPE saving and restoring during compression to use
    sigaction(2) instead of signal(3) and cache it. (Denys Vlasenko)
  * Cache stat(2) calls more to reduce number of calls (Denys Vlasenko)
  * PR/77: Handle --mime-type and -k correctly.
  * Switch decompression code to use vfork() because
    tools like rpmdiff and rpmbuild call libmagic
    with large process footprints (Denys Vlasenko)
  * PR/75: --enable-zlib, did not work.
  * Improve regex efficiency (Michael Schroeder) by:
    1. Prefixing regex searches with regular search
    for keywords where possible
    2. Using memmem(3) where available
- Modify the patches
  * file-5.12-zip.dif
  * file-5.16-ocloexec.patch
  * file-5.17-option.dif
  * file-5.19-biorad.dif
  * file-5.19-zip2.0.dif
  * file-5.22-elf.dif
  * file-5.24-nitpick.dif
  * file-5.28-btrfs-image.dif
  * file-secure_getenv.patch
- Modify and rename patch file-5.36.dif which becomes file-5.37.dif

==== gettext-runtime ====

- reproducible.patch: generate timestamp in .pot files from SOURCE_DATE_EPOCH
  for reproducible builds

==== iptables ====
Version update (1.8.2 -> 1.8.3)
Subpackages: libxtables12 xtables-plugins

- Update to new upstream release 1.8.3
  * ebtables: Fix rule listing with counters
  * ebtables-nft: Support user-defined chain policies
- Remove 0001-include-extend-the-headers-conflict-workaround-to-in.patch
  0001-include-fix-build-with-kernel-headers-before-4.2.patch
  (upstreamed)
- Add 0001-include-fix-build-with-kernel-headers-before-4.2.patch,
  0001-include-extend-the-headers-conflict-workaround-to-in.patch
  to fix build with older linux-glibc-devel. [boo#1132821]

==== kexec-tools ====

- Use %license instead of %doc [bsc#1082318]

==== libidn2 ====
Version update (2.1.1 -> 2.2.0)

- Update to version 2.2.0:
  * Perform A-Label roundtrip for lookup functions by default
  * Stricter check of input to punycode decoder
  * Fix punycode decoding with no ASCII chars but given delimiter
  * Fix 'idn2 --no-tr64' (was a no-op)
  * Allow _ as a basic code point in domain labels
  * Fail building documentation if 'ronn' isn't installed
  * git tag changed to reflect https://semver.org/

==== libnftnl ====
Version update (1.1.2 -> 1.1.3)

- Update to new upstream release 1.1.3
  * expr: osf: add version option support
  * udata: add NFTNL_UDATA_* definitions
  * chain: support per chain rules listing

==== libselinux ====
Subpackages: libselinux1 selinux-tools

- In selinux-ready
  * Removed check for selinux-policy package as we don't ship one
    (bsc#1136845)
  * Add check that restorecond is installed and enabled

==== libssh ====

- Fix the typo in Obsoletes for -devel-doc subpackage
- Actually remove the description for -devel-doc subpackage

==== numactl ====

- For obs regression checker, this version includes following SLE
  fixes:
  - enable build for aarch64 (fate#319973) (bsc#976199)
    factory has an extra patch to disable ARM 32 bit archs which
    looks a bit misleading as %arm macro only covers 32 bit ARM.
  - Bug 955334 - numactl/libnuma: add patch for Dynamic Reconfiguration
    bsc#955334

==== podman ====
Version update (1.3.1 -> 1.4.0)
Subpackages: podman-cni-config

- Update podman to v1.4.0:
  - The podman checkpoint and podman restore commands can now be
    used to migrate containers between Podman installations on
    different systems
  - The podman cp command now supports a pause flag to pause
    containers while copying into them
  - The remote client now supports a configuration file for
    pre-configuring connections to remote Podman installations
  - Fixed CVE-2019-10152 - The podman cp command improperly
    dereferenced symlinks in host context
  - Fixed a bug where podman commit could improperly set
    environment variables that contained = characters
  - Fixed a bug where rootless Podman would sometimes fail to start
    containers with forwarded ports
  - Fixed a bug where podman version on the remote client could
    segfault
  - Fixed a bug where podman container runlabel would use
    /proc/self/exe instead of the path of the Podman command when
    printing the command being executed
  - Fixed a bug where filtering images by label did not work
  - Fixed a bug where specifying a bing mount or tmpfs mount over
    an image volume would cause a container to be unable to start
  - Fixed a bug where podman generate kube did not work with
    containers with named volumes
  - Fixed a bug where rootless Podman would receive permission
    denied errors accessing conmon.pid
  - Fixed a bug where podman cp with a folder specified as target
    would replace the folder, as opposed to copying into it
  - Fixed a bug where rootless Podman commands could double-unlock
    a lock, causing a crash
  - Fixed a bug where Podman incorrectly set tmpcopyup on /dev/
    mounts, causing errors when using the Kata containers runtime
  - Fixed a bug where podman exec would fail on older kernels
  - The podman commit command is now usable with the Podman remote
    client
  - The --signature-policy flag (used with several image-related
    commands) has been deprecated
  - The podman unshare command now defines two environment
    variables in the spawned shell: CONTAINERS_RUNROOT and
    CONTAINERS_GRAPHROOT, pointing to temporary and permanent
    storage for rootless containers
  - Updated vendored containers/storage and containers/image
    libraries with numerous bugfixes
  - Updated vendored Buildah to v1.8.3
  - Podman now requires Conmon v0.2.0
  - The podman cp command is now aliased as podman container cp
  - Rootless Podman will now default init_path using root Podman's
    configuration files (/etc/containers/libpod.conf and
    /usr/share/containers/libpod.conf) if not overridden in the
    rootless configuration
- Add fuse-overlayfs dependency to support overlay based rootless image
  manipulations
- Update podman to v1.3.2:
  - Fixed a bug where podman would fail to run if a volume was
    mounted over an image volume

==== shadow ====

- Make building more verbose
- Use spec-cleaner
- don't specify MOTD_FILE in login.defs but fall back to built in
  defaults of login (boo#1133929)

==== sqlite3 ====
Version update (3.27.2 -> 3.28.0)

- Upgrade to 3.28.0:
  * CVE-2019-9936, bsc#1130326: running fts5 prefix queries inside
    a transaction could trigger a heap-based buffer over-read.
  * CVE-2019-9937, bsc#1130325: interleaving reads and writes in a
    single transaction with an fts5 virtual table will lead to a
    NULL Pointer Dereference.
  * Enhanced window functions
  * Enhanced VACUUM INTO so that it works for read-only databases.
  * New query optimizations.
  * Added the sqlite3_value_frombind() API for determining if the
    argument to an SQL function is from a bound parameter.
  * Security and compatibilities enhancements to fts3_tokenizer().
  * Improved robustness against corrupt database files.

==== tar ====
Version update (1.31 -> 1.32)

- update to version 1.32
  * Fix the use of --checkpoint without explicit --checkpoint-action
  * Fix extraction with the -U option
  * Fix iconv usage on BSD-based systems
  * Fix possible NULL dereference (savannah bug #55369)
    [bsc#1130496] [CVE-2019-9923]
  * Improve the testsuite
- remove tar-1.31-tests_dirrem.patch and
  tar-1.31-racy_compress_tests.patch that are no longer needed
  (applied usptream)

==== thin-provisioning-tools ====
Version update (0.7.6 -> 0.8.3)

- Update to version 0.8.3:
  * Mostly internal changes

==== xz ====
Subpackages: liblzma5

- add SUSE-Public-Domain licence as some parts of xz utils (liblzma,
  xz, xzdec, lzmadec, documentation, translated messages, tests,
  debug, extra directory) are in public domain licence [bsc#1135709]