Packages changed:
  boost-base
  ca-certificates-mozilla
  dracut (049+git115.c2d8d6fb -> 049+git116.e9995c78)
  fuse3 (3.8.0 -> 3.9.0)
  gcc9 (9.2.1+r275327 -> 9.2.1+r279103)
  gpg2 (2.2.18 -> 2.2.19)
  grub2
  iptables (1.8.3 -> 1.8.4)
  kdump
  ldb
  less
  libsolv (0.7.9 -> 0.7.10)
  libssh (0.9.2 -> 0.9.3)
  libxml2
  libzypp (17.17.0 -> 17.20.0)
  lvm2-device-mapper
  mokutil
  openssl-1_1
  p11-kit
  policycoreutils
  python-requests
  slirp4netns (0.4.2 -> 0.4.3)
  sssd
  xen (4.13.0_03 -> 4.13.0_04)

=== Details ===

==== boost-base ====
Subpackages: boost-license1_71_0 libboost_thread1_71_0

- Remove hardcoded abiflags (%py3_abiflags is not available for 3
  years), use python3-config instead. Fixes build with Python 3.8.

==== ca-certificates-mozilla ====

- make sure p11-kit with patches is installed on SLE (boo#1154871)

==== dracut ====
Version update (049+git115.c2d8d6fb -> 049+git116.e9995c78)
Subpackages: dracut-ima

- Update to version 049+git116.e9995c78:
  * dracut.spec: add convertfs module correctly (boo#1158777)

==== fuse3 ====
Version update (3.8.0 -> 3.9.0)

- Update to version 3.9.0
  * Added support for FUSE_EXPLICIT_INVAL_DATA to enable onl
    invalidate cached pages on explicit request.

==== gcc9 ====
Version update (9.2.1+r275327 -> 9.2.1+r279103)
Subpackages: libgcc_s1 libstdc++6

- Update to gcc-9-branch head (r279103).
  * Includes gcc9-pr91772.patch
- Refresh gcc48-remove-mpfr-2.4.0-requirement.patch to apply
  again.
- Use new license and header also in gcc.spec.in to reduce churn
  with format_spec_file.
- Use BuildRoot tag again for old distros (SLE-11).
- Make cross-arm-gcc a gcc_icecream cross.  Remove the disabling
  of debuginfo stripping.  [bsc#1152590]

==== gpg2 ====
Version update (2.2.18 -> 2.2.19)

- update to 2.2.19:
  * gpg: Fix double free when decrypting for hidden recipients
  * gpg: Use auto-key-locate for encryption even for mail addressed
    given with angle brackets
  * gpgsm: Add special case for certain expired intermediate
    certificates

==== grub2 ====
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi

- Correct awk pattern in 20_linux_xen (bsc#900418, bsc#1157912)
- Correct linux and initrd handling in 20_linux_xen (bsc#1157912)
  M grub2-efi-xen-cfg-unquote.patch
  M grub2-efi-xen-chainload.patch
  M grub2-efi-xen-cmdline.patch
  M grub2-efi-xen-removable.patch

==== iptables ====
Version update (1.8.3 -> 1.8.4)
Subpackages: libip4tc2 libip6tc2 libxtables12 xtables-plugins

- Update to release 1.8.4
  * Fix for wrong counter format in `ebtables-nft-save -c` output.
  * Print typical iptables-save comments in arptables- and
    ebtables-save, too.
  * xt_owner: add --suppl-groups option
  * Remove support for /etc/xtables.conf
  * Restore support for "-4" and "-6" options in rule lines.

==== kdump ====

- kdump-calibrate-Update-values.patch: calibrate: Update values
  (bsc#1130529).
- kdump-prefer-by-path-and-device-mapper.patch: Prefer by-path and
  device-mapper aliases over kernel device names (bsc#1101149,
  LTC#168532).
- kdump-powerpc-no-reload-on-CPU-removal.patch: powerpc: Do not
  reload on CPU hot removal (bsc#1133407, LTC#176111).
- kdump-Add-force-option-to-KDUMP_NETCONFIG.patch: Add ":force"
  option to KDUMP_NETCONFIG (bsc#1108919).
- kdump-Add-fence_kdump_send-when-fence-agents-installed.patch: Add
  fence_kdump_send when fence-agents installed (bsc#1108919).
- kdump-FENCE_KDUMP_SEND-variable.patch: Use var for path of
  fence_kdump_send and remove the unnecessary PRESCRIPT check
  (bsc#1108919).
- kdump-Document-fence_kdump_send.patch: Document kdump behaviour
  for fence_kdump_send (bsc#1108919).
- kdump-nss-modules.patch: Improve the handling of NSS
  (bsc#1021846).
- kdump-skip-mounts-if-no-proc-vmcore.patch: Skip kdump-related
  mounts if there is no /proc/vmcore (bsc#1102252, bsc#1125011).
- kdump-clean-up-kdump-mount-points.patch: Make sure that kdump
  mount points are cleaned up (bsc#1102252, bsc#1125011).
- kdump-Clean-up-the-use-of-current-vs-boot-network-iface.patch:
  Clean up the use of current vs. boot network interface names
  (bsc#1094444, bsc#1116463, bsc#1141064).
- kdump-Use-a-custom-namespace-for-physical-NICs.patch: Use a
  custom namespace for physical NICs (bsc#1094444, bsc#1116463,
  bsc#1141064).
- kdump-preserve-white-space.patch: Preserve white space when
  removing kernel command line options (bsc#1117652).

==== ldb ====

- Add obsolete ldb1 directive to baselibs.conf

==== less ====

- Move lesskey* from /etc to /usr/etc

==== libsolv ====
Version update (0.7.9 -> 0.7.10)

- fix solv_zchunk decoding error if large chunks are used
  [bnc#1159314]
- build with -DENABLE_RPMDB_LIBRPM=1 on SUSE to support
  multiple rpm database backends
- added two new function to make libzypp independent of the rpm
  database format
- bump version to 0.7.10

==== libssh ====
Version update (0.9.2 -> 0.9.3)
Subpackages: libssh-config libssh4

- Update to version 0.9.3
  * Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution
  * SSH-01-003 Client: Missing NULL check leads to crash in erroneous state
  * SSH-01-006 General: Various unchecked Null-derefs cause DOS
  * SSH-01-007 PKI Gcrypt: Potential UAF/double free with RSA pubkeys
  * SSH-01-010 SSH: Deprecated hash function in fingerprinting
  * SSH-01-013 Conf-Parsing: Recursive wildcards in hostnames lead to DOS
  * SSH-01-014 Conf-Parsing: Integer underflow leads to OOB array access
  * SSH-01-001 State Machine: Initial machine states should be set explicitly
  * SSH-01-002 Kex: Differently bound macros used to iterate same array
  * SSH-01-005 Code-Quality: Integer sign confusion during assignments
  * SSH-01-008 SCP: Protocol Injection via unescaped File Names
  * SSH-01-009 SSH: Update documentation which RFCs are implemented
  * SSH-01-012 PKI: Information leak via uninitialized stack buffer
- Rename suffix define to pkg_suffix: rpm 4.15 has suffix reserved
  for internal use.

==== libxml2 ====
Subpackages: libxml2-2 libxml2-tools

- Build python2 and python3 bindings in separate flavors. As
  python3-libxml2 is a dependency of e.g. itstools and thus many
  other packages these packages no longer have a build dependency
  on python2. Breaks a build loop for python2.

==== libzypp ====
Version update (17.17.0 -> 17.20.0)

- BuildRequires:  libsolv-devel >= 0.7.10.
- RpmDb: Become rpmdb backend independent (jsc#SLE-7272)
- RpmDb: Close API offering a custom rpmdb path
  It's actually not needed and for this to work also libsolv needs
  to support it. You can sill use a librpmDb::db_const_iterator to
  access a database at a custom location (ro).
- Remove legacy rpmV3database conversion code.
- version 17.20.0 (20)
- MediaCurl: assert cookie file has mode 0600 (bsc#1158763, CVE-2019-18900)
- version 17.19.0 (12)
- dup: fix removing orphaned packages dropped by to-be-installed
  products (bsc#1155819)
- version 17.18.1 (12)
- Resolver: add solution actions for SOLVER_SOLUTION_BLACK
  (retracted/PTF)
- Solvable: add isRetracted and isPtf attributes.
- version 17.18.0 (12)

==== lvm2-device-mapper ====
Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03

- backport patches for lvm2 to avoid software abnormal work (bsc#1158861)
  + bug-1158861_01-config-remove-filter-typo.patch
  + bug-1158861_02-config-Fix-default-option-which-makes-no-sense.patch
  + bug-1158861_03-vgchange-don-t-fail-monitor-command-if-vg-is-exporte.patch
  + bug-1158861_04-fix-duplicate-pv-size-check.patch
  + bug-1158861_05-hints-fix-copy-of-filter.patch
  + bug-1158861_06-fix-segfault-for-invalid-characters-in-vg-name.patch
  + bug-1158861_07-vgck-let-updatemetadata-repair-mismatched-metadata.patch
  + bug-1158861_08-hints-fix-mem-leaking-buffers.patch
  + bug-1158861_09-pvcreate-pvremove-fix-reacquiring-global-lock-after.patch
- backport upstream patches for passing lvm2 testsuite (bsc#1158628)
  + bug-1158628_01-tests-replaces-grep-q-usage.patch
  + bug-1158628_02-tests-fix-ra-checking.patch
  + bug-1158628_03-tests-simplify-some-var-settings.patch
  + bug-1158628-04-pvmove-correcting-read_ahead-setting.patch
  + bug-1158628_05-activation-add-synchronization-point.patch
  + bug-1158628_06-pvmove-add-missing-synchronization.patch
  + bug-1158628_07-activation-extend-handling-of-pending_delete.patch
  + bug-1158628_08-lv_manip-add-synchronizations.patch
  + bug-1158628_09-lvconvert-improve-validation-thin-and-cache-pool-con.patch
  + bug-1158628_10-thin-activate-layer-pool-aas-read-only-LV.patch
  + bug-1158628_11-tests-mdadm-stop-in-test-cleanup.patch
  + bug-1158628_12-test-increase-size-of-raid10-LV-allowing-tests-to-su.patch
  + bug-1158628_13-lvconvert-fix-return-value-when-zeroing-fails.patch
  + bug-1158628_14-tests-add-extra-settle.patch
  + bug-1158628_15-test-Fix-handling-leftovers-from-previous-tests.patch
  - bug-1043040_test-fix-read-ahead-issues-in-test-scripts.patch

==== mokutil ====

- Add build for ppc64/ppc64le

==== openssl-1_1 ====
Subpackages: libopenssl1_1

- Security fix: [bsc#1158809, CVE-2019-1551]
  * Overflow bug in the x64_64 Montgomery squaring procedure used
    in exponentiation with 512-bit moduli
- Add openssl-1_1-CVE-2019-1551.patch

==== p11-kit ====
Subpackages: libp11-kit0 p11-kit-tools

- Also build documentation (boo#1013125)

==== policycoreutils ====
Subpackages: python3-policycoreutils

- Added chcat_join.patch to prevent joining non-existing categories
  (bsc#1159262)

==== python-requests ====

- Remove python-urllib3, python-certifi and ca-certificates from
  main package BuildRequires, not required for building.
- Do not require full python, (implicit) python-base is sufficient.

==== slirp4netns ====
Version update (0.4.2 -> 0.4.3)

- Update to 0.4.3
  * api: raise an error if the socket path is too long
  * libslirp: update to v4.1.0: Including the fix for libslirp
    sends RST to app in response to arriving FIN when containerized
    socket is shutdown() with SHUT_WR
  * Fix create_sandbox error

==== sssd ====
Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap

- Install infopipe dbus service (bsc#1106598)
- Add systemd service unit files to manage socket or bus activated responders.
- All responders except infopipe are also managed by a socket unit file.
- Add missing post and postun hooks for libsss_certmap0 package.

==== xen ====
Version update (4.13.0_03 -> 4.13.0_04)

- bsc#1159320 - Xen logrotate file needs updated
  logrotate.conf
- Update to Xen 4.13.0 FCS release
  xen-4.13.0-testing-src.tar.bz2
  * Core Scheduling (contributed by SUSE)
  * Branch hardening to mitigate against Spectre v1 (contributed by Citrix)
  * Late uCode loading (contributed by Intel)
  * Improved live-patching build tools (contributed by AWS)
  * OP-TEE support (contributed by EPAM)
  * Renesas R-CAR IPMMU-VMSA driver (contributed by EPAM)
  * Dom0-less passthrough and ImageBuilder (contributed by XILINX)
  * Support for new Hardware
- Update to Xen 4.13.0 RC4 release
  xen-4.13.0-testing-src.tar.bz2
- Rebase libxl.pvscsi.patch