Packages changed:
  aaa_base (84.87+git20191120.98f1524 -> 84.87+git20191206.1cb88e3)
  btrfsprogs (5.3.1 -> 5.4)
  dbus-1 (1.12.12 -> 1.12.16)
  expat (2.2.8 -> 2.2.9)
  gnutls (3.6.10 -> 3.6.11.1)
  iproute2 (5.3 -> 5.4)
  libxcrypt (4.4.3 -> 4.4.10)
  rebootmgr
  restorecond
  systemd

=== Details ===

==== aaa_base ====
Version update (84.87+git20191120.98f1524 -> 84.87+git20191206.1cb88e3)

- Update to version 84.87+git20191206.1cb88e3:
  * Add support for lesskey.bin in /usr/etc
  * Do last change also for tcsh
  * Not all XTerm based emulators do have an terminfo entry

==== btrfsprogs ====
Version update (5.3.1 -> 5.4)
Subpackages: btrfsprogs-udev-rules libbtrfs0

- Update to 5.4
  * support new hash algorithms (kernel 5.5):
  * mkfs.btrfs and btrfs-convert with --csum, crc32c, xxhash, sha256, blake2
  * mkfs: support new raid1c3 and raid1c4 block group profiles (kernel 5.5)
  * check:
  * --repair delays start with a warning, can be skipped using --force
  * enhanced detetion of inode types from partial data, more options for
    repair
  * receive: fix quiet option
  * image: speed up chunk loading
  * fi usage:
  * sort devices by id
  * print ratio of used/total per block group type
  * rescue zero-log: reset the log pointers directly, avoid reading some other
    potentially damaged structures
  * new make target install-static to install only static binaries/libraries
  * other
  * docs updates
  * new tests
  * cleanups and refactoring

==== dbus-1 ====
Version update (1.12.12 -> 1.12.16)
Subpackages: libdbus-1-3

- Verify signatures
  * dbus-1.keyring - Key for Simon McVittie (smcv) from the Debian
  developer keyring.
- Drop dbus_at_console.ck not needed
- Clean up sources
  * Source2 dbus-1.desktop now Source4
  * baselib.conf now source 3
- Update to 1.12.16
  * CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
    authentication for identities that differ from the user running the
    DBusServer. Previously, a local attacker could manipulate symbolic
    links in their own home directory to bypass authentication and connect
    to a DBusServer with elevated privileges. The standard system and
    session dbus-daemons in their default configuration were immune to this
    attack because they did not allow DBUS_COOKIE_SHA1, but third-party
    users of DBusServer such as Upstart could be vulnerable.
    Thanks to Joe Vennix of Apple Information Security.
    (bsc#1137832, dbus#269, Simon McVittie)
- From 1.12.14
  * Raise soft fd limit to match hard limit, even if unprivileged.
    This makes session buses with many clients, or with clients that make
    heavy use of fd-passing, less likely to suffer from fd exhaustion.
    (dbus!103, Simon McVittie)
  * If a privileged dbus-daemon has a hard fd limit greater than 64K, don't
    reduce it to 64K, ensuring that we can put back the original fd limits
    when carrying out traditional (non-systemd) activation. This fixes a
    regression with systemd >= 240 in which system services inherited
    dbus-daemon's hard and soft limit of 64K fds, instead of the intended
    soft limit of 1K and hard limit of 512K or 1M.
    (dbus!103, Debian#928877; Simon McVittie)
  * Fix build failures caused by an AX_CODE_COVERAGE API change in newer
    autoconf-archive versions (dbus#249, dbus!88; Simon McVittie)
  * Fix build failures with newer autoconf-archive versions that include
    AX_-prefixed shell variable names (dbus#249, dbus!86; Simon McVittie)
  * Parse section/group names in .service files according to the syntax
    from the Desktop Entry Specification, rejecting control characters
    and non-ASCII in section/group names (dbus#208, David King)
  * Fix various -Wlogical-op issues that cause build failure with newer
    gcc versions (dbus#225, dbus!109; David King)
  * Don't assume we can set permissions on a directory, for the benefit of
    MSYS and Cygwin builds (dbus#216, dbus!110; Simon McVittie)
  * Don't overwrite PKG_CONFIG_PATH and related environment variables when
    the pkg-config-based version of DBus1Config is used in a CMake project
    (dbus#267, dbus!96; Clemens Lang)
- Drop now upstream Patches
  * dbus-no-ax-check.patch
  * dbus-new-autoconf-archive.patch

==== expat ====
Version update (2.2.8 -> 2.2.9)

- Version update to 2.2.9
  * Other changes:
  - examples: Drop executable bits from elements.c
    [#349]  Windows: Change the name of the Windows DLLs from expat*.dll
    to libexpat*.dll once more (regression from 2.2.8, first
    fixed in 1.95.3, issue #61 on SourceForge today,
    was issue #432456 back then); needs a fix due
    case-insensitive file systems on Windows and the fact that
    Perl's XML::Parser::Expat compiles into Expat.dll.
    [#347]  Windows: Only define _CRT_RAND_S if not defined
    Version info bumped from 7:10:6 to 7:11:6

==== gnutls ====
Version update (3.6.10 -> 3.6.11.1)

- gnutls 3.6.11.1:
  * libgnutls: Corrected issue with TLS 1.2 session ticket
    handling as client during resumption
  * libgnutls: gnutls_base64_decode2() succeeds decoding the empty
    string to the empty string. This is a behavioral change of the
    API but it conforms to the RFC4648 expectations
  * libgnutls: Fixed AES-CFB8 implementation, when input is shorter
    than the block size. Fix backported from nettle.
  * certtool: CRL distribution points will be set in CA
    certificates even when non self-signed
  * gnutls-cli/serv: added raw public-key handling capabilities
    (RFC7250). Key material can be set via the --rawpkkeyfile and
  - -rawpkfile flags.

==== iproute2 ====
Version update (5.3 -> 5.4)

- Update to new upstream release 5.4
  * devlink: increase number of supported options (32 -> 64)
  * devlink: add trap set and show commands
  * devlink: add trap group set and show commands
  * devlink: add reset_dev_on_drv_probe param
  * devlink: support unknown value for fw_load_policy
  * devlink: support flash status monitoring
  * devlink: add reload failed indication
  * ip: netns: support dump of nsid conversion table
  * ip: nexthop: support filtering by protocol for flush and list
  * rdma: driver QP type string
  * tc: introduce ct action
  * tc: support 64-bit rate and peakrate
  * tc: etf: support skip_sock_check
  * tc: flower: add matching on conntrack info
  * tc: taprio: support setting flags
  * tc: taprio: support setting txtime_delay
  * documentation improvements
  * json output improvements
  * drop outdated example scripts and README files
- drop (patched script dropped)
  examples-fix-bashisms-in-example-script.patch
- ss-fix-end-of-line-printing-in-misc-ss.c.patch:
  fix missing end of line at the end of ss output

==== libxcrypt ====
Version update (4.4.3 -> 4.4.10)

- Update to version 4.4.10
  * Fix alignment problem for GOST 34.11 (Streebog) in gost-yestcrypt.
  * The crypt_* functions will now all fail and set errno to ERANGE if
    their 'phrase' argument is longer than CRYPT_MAX_PASSPHRASE_SIZE
    characters (this is currently 512)
  * The NT hashing method no longer truncates passphrases at 128
    characters; Windows does not do this.
- format-overflow.patch: remove

==== rebootmgr ====

- Fix %posttrans script returning an error code

==== restorecond ====

- Use %make_build and respect %optflags.

==== systemd ====
Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev

- Import commit dbb1d4734daffa62e0eddecfa4f784c84a9d8e76
  1439d72a72 udevd: don't use monitor after manager_exit()
  99288dd778 Revert "udevd: fix crash when workers time out after exit is signal caught"
  152577d6d0 udevd: fix crash when workers time out after exit is signal caught
  f854991504 udevd: wait for workers to finish when exiting (bsc#1106383)
  Changes from the v243-stable (84 commits):
  e51d9bf9e5 man: add entry about SpeedMeter=
  aa1fc791c7 udev: silence warning about PROGRAM+= or IMPORT+= rules
  b9a619bb67 udevadm: ignore EROFS and return earlier
  1ec5b9f80c basic: add vmware hypervisor detection from device-tree
  7fa7080248 umount: be happy if /proc/swaps doesn't exist
  [...]
  47d0e23d26 udev: fix memleak caused by wrong cleanup function
  a6fb0542c5 parse_hwdb: fix compatibility with pyparsing 2.4.*
  cb1d892f17 parse_hwdb: process files in order