Packages changed:
  libgcrypt
  patterns-containers
  podman (1.4.0 -> 1.4.2)

=== Details ===

==== libgcrypt ====

- Fixed redundant fips tests in some situations causing sudo to stop
  working when pam-kwallet is installed. bsc#1133808
  * Added libgcrypt-1.8.4-fips_ctor_skip_integrity_check.patch
  * Removed libgcrypt-fips_run_selftest_at_constructor.patch
    because it was obsoleted by libgcrypt-1.8.3-fips-ctor.patch
  * Removed libgcrypt-fips_ignore_FIPS_MODULE_PATH.patch
    because it was obsoleted by libgcrypt-1.8.4-fips_ctor_skip_integrity_check.patch
- Fixed env-script-interpreter in cavs_driver.pl
- Security fix: [bsc#1138939, CVE-2019-12904]
  * The C implementation of AES is vulnerable to a flush-and-reload
    side-channel attack because physical addresses are available to
    other processes. (The C implementation is used on platforms where
    an assembly-language implementation is unavailable.)
  * Added patches:
  - libgcrypt-CVE-2019-12904-GCM-Prefetch.patch
  - libgcrypt-CVE-2019-12904-GCM.patch
  - libgcrypt-CVE-2019-12904-AES.patch

==== patterns-containers ====

- Add new pattern for kubernetes utilities

==== podman ====
Version update (1.4.0 -> 1.4.2)
Subpackages: podman-cni-config

- Update podman to v1.4.2
  - Fixed a bug where Podman could not run containers using an older version of
    Systemd as init
  - Updated vendored Buildah to v1.9.0 to resolve a critical bug with
    Dockerfile RUN instructions
  - The error message for running podman kill on containers that are not
    running has been improved
  - Podman remote client can now log to a file if syslog is not available
  - The podman exec command now sets its error code differently based on
    whether the container does not exist, and the command in the container does
    not exist
  - The podman inspect command on containers now outputs Mounts JSON that matches
    that of docker inspect, only including user-specified volumes and
    differentiating bind mounts and named volumes
  - The podman inspect command now reports the path to a container's OCI spec
    with the OCIConfigPath key (only included when the container is initialized
    or running)
  - The podman run --mount command now supports the bind-nonrecursive option for
    bind mounts
  - Fixed a bug where podman play kube would fail to create containers due to an
    unspecified log driver
  - Fixed a bug where Podman would fail to build with musl libc
  - Fixed a bug where rootless Podman using slirp4netns networking in an
    environment with no nameservers on the host other than localhost would
    result in nonfunctional networking
  - Fixed a bug where podman import would not properly set environment
    variables, discarding their values and retaining only keys
  - Fixed a bug where Podman would fail to run when built with Apparmor support
    but run on systems without the Apparmor kernel module loaded
  - Remote Podman will now default the username it uses to log in to remote
    systems to the username of the current user
  - Podman now uses JSON logging with OCI runtimes that support it, allowing for
    better error reporting
  - Updated vendored containers/image to v2.0
- Update conmon to v0.3.0
  - Support OOM Monitor under cgroup V2
  - Add config binary and make target for configuring conmon with a go library
    for importing values
- update dependency for slirp4netns to 0.3.0 or newer