Packages changed:
  apparmor (3.0.1 -> 3.0.3)
  c-ares (1.17.1 -> 1.17.2)
  cloud-init
  container-selinux (2.160.1 -> 2.164.2)
  cri-tools (1.21.0 -> 1.22.0)
  dhcp
  dracut (055+suse.110.gbe35f166 -> 055+suse.115.gf65e559b)
  etcd
  glib2
  ipset (7.14 -> 7.15)
  irqbalance (1.8.0.8.gbd5aaf5 -> 1.8.0.14.ga7f8148)
  libapparmor (3.0.1 -> 3.0.3)
  libesmtp
  lvm2
  lvm2-device-mapper
  mozjs78 (78.11.0 -> 78.13.0)
  nfs-utils
  patterns-microos
  python-distro (1.5.0 -> 1.6.0)
  python-networkx (2.5.1 -> 2.6.1)
  python-pyzmq (22.1.0 -> 22.2.1)
  qemu
  rpcbind
  vim (8.2.3204 -> 8.2.3318)

=== Details ===

==== apparmor ====
Version update (3.0.1 -> 3.0.3)
Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor

- add profiles-python-3.10-mr783.diff: update abstractions/python and
  profiles for python 3.10
- update to AppArmor 3.0.3
  - fix a failure in the parser tests
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.3
    for the detailed upstream changelog
- update to AppArmor 3.0.2
  - add missing permissions to several profiles and abstractions
    (including boo#1188296)
  - bugfixes in utils and parser (including boo#1180766 and boo#1184779)
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.2
    for the detailed upstream changelog
- remove upstreamed patches:
  - apparmor-dovecot-stats-metrics.diff
  - abstractions-php8.diff
  - crypto-policies-mr720.diff

==== c-ares ====
Version update (1.17.1 -> 1.17.2)

- update to 1.17.2:
  Security:
  * When building c-ares with CMake, the RANDOM_FILE would not be set
    and therefore downgrade to the less secure random number generator
  * If ares_getaddrinfo() was terminated by an ares_destroy(),
    it would cause a crash
  * Crash in sortaddrinfo() if the list size equals 0 due to
    an unexpected DNS response
  * Expand number of escaped characters in DNS replies as per
    RFC1035 5.1 to prevent spoofing follow-up
    (bsc#1188881, CVE-2021-3672)
  * Perform validation on hostnames to prevent possible XSS
    due to applications not performing valiation themselves
  Changes:
  * ares_malloc(0) is now defined behavior (returns NULL) rather than system-specific to catch edge cases
  Bug fixes:
  * Building tests should not force building of static libraries except on Windows
  * Relative headers must use double quotes to prevent pulling in a system library
  for details see,
  https://c-ares.haxx.se/changelog.html#1_17_2

==== cloud-init ====

- Add cloud-init-update-test-characters-in-substitution-unit-test.patch
  to fix unit test fail in TestGetPackageMirrorInfo::test_substitution.

==== container-selinux ====
Version update (2.160.1 -> 2.164.2)

- Update to version 2.164.2
  * Don't setup users for writing to pid_sockets
  * Allow container engines to be started from the staff user.
  * Allow spc_t domains to set bpf rules on any domain
  * Add support for k3s

==== cri-tools ====
Version update (1.21.0 -> 1.22.0)

- Update to version 1.22.0:
  * Bump Kubernetes to v1.22.0
  * Bump k8s.io/api from 0.21.3 to 0.22.0
  * Bump k8s.io/cri-api from 0.21.3 to 0.22.0
  * Bump k8s.io/kubectl from 0.21.3 to 0.22.0
  * Bump k8s.io/apimachinery from 0.21.3 to 0.22.0
  * Bump github.com/docker/docker
  * Bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3
- Update to version 1.21.0:
  * Bump README versions to v1.21.0
  * Update dependencies
  * Add dependabot config file
  * Simplify test image build process for user images
  * Move from gcr.io/cri-tools to gcr.io/k8s-staging-cri-tools
  * Fix UID/GID and username values for test images
  * Bump gcb-docker-gcloud image to v20210331-c732583
  * Fix CRI-O master installation in GitHub actions

==== dhcp ====
Subpackages: dhcp-client

- bsc#1186249: Remove remaining references to /etc/init.d from
  dhclient-script and if-up.d.dhcpd-restart-hook .
- Use , instead of - or / as a separator in sed when dealing with
  path names.

==== dracut ====
Version update (055+suse.110.gbe35f166 -> 055+suse.115.gf65e559b)
Subpackages: dracut-ima dracut-mkinitrd-deprecated

- Update to version 055+suse.115.gf65e559b:
  * fix(suse-initrd): find links of usrmerged kernels (boo#1184804)
  * fix(tpm2-tss): typo in depends()
  * fix(suse-initrd): inform on usage of obsolete -f parameter (bsc#1187470)
- use manual mode in _service file

==== etcd ====

- Don't require systemd (works without, too)
- Change to sysuser-tools to create system user

==== glib2 ====
Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0

- Add 63e7864.patch: Fix build with glibc 2.34: use 3 parameters
  for close_range (boo#1189088).
- Drop patches fixed upstream on SLE and Leap 15.4:
  + glib2-add-support-for-slim-timezone-format.patch
  + glib2-fix-6-days-until-the-end-of-the-month.patch
  + glib2-CVE-2021-27218.patch
  + glib2-CVE-2021-27219-add-g_memdup2.patch

==== ipset ====
Version update (7.14 -> 7.15)
Subpackages: libipset13

- Update to release 7.15
  * netfilter: ipset: Fix maximal range check in
    hash_ipportnet4_uadt()

==== irqbalance ====
Version update (1.8.0.8.gbd5aaf5 -> 1.8.0.14.ga7f8148)

- Update to version 1.8.0.14.ga7f8148:
  * irqbalance: Check validity of numa_node
  * configure.ac: use pkg-config to find numa
  * Disable the communication socket when UI is disabled
- Use %{?systemd_ordering} instead of %{?systemd_requires}

==== libapparmor ====
Version update (3.0.1 -> 3.0.3)

- add profiles-python-3.10-mr783.diff: update abstractions/python and
  profiles for python 3.10
- update to AppArmor 3.0.3
  - fix a failure in the parser tests
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.3
    for the detailed upstream changelog
- update to AppArmor 3.0.2
  - add missing permissions to several profiles and abstractions
    (including boo#1188296)
  - bugfixes in utils and parser (including boo#1180766 and boo#1184779)
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.2
    for the detailed upstream changelog
- remove upstreamed patches:
  - apparmor-dovecot-stats-metrics.diff
  - abstractions-php8.diff
  - crypto-policies-mr720.diff

==== libesmtp ====

- Add libesmtp-fix-cve-2019-19977.patch: Fix stack-based buffer
  over-read in ntlm/ntlmstruct.c (bsc#1160462 bsc#1189097).

==== lvm2 ====
Subpackages: liblvm2cmd2_03

- Add lvm2-rpmlintrc where we skip all rpmlint issue for lvm2-testsuite package
  (bsc#1179047).

==== lvm2-device-mapper ====
Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03

- Add lvm2-rpmlintrc where we skip all rpmlint issue for lvm2-testsuite package
  (bsc#1179047).

==== mozjs78 ====
Version update (78.11.0 -> 78.13.0)

- Update to version 78.13.0esr.
  MFSA 2021-34 (bsc#1188891)
  * CVE-2021-29984 (bmo#1720031)
    Incorrect instruction reordering during JIT optimization

==== nfs-utils ====
Subpackages: libnfsidmap1 nfs-client

- Remove dependency on fedfs-utils-devel.
  fedfs-utils was only ever a "technology preview" and is now
  considered "end of life".
  nfs-utils is not even built to use it as --enable-junction
  isn't being passed to confgure
  and fedfs-utils doesn't build wth glibc 2.34.
  So remove the unnecessary dependency on fedfs-utils.
  (bsc#1189085)
- Update to version 2.5.4
  https://mirrors.edge.kernel.org/pub/linux/utils/nfs-utils/2.5.4/2.5.4-Changelog
  Notable changes:
  * Handle failures in gssd better
  * handle 'sloppy' option to mount better
  * minor documentation improvements
- Drop 2.5.4-rc4 patches: nfs-utils-2-5-4-rc1.patch, nfs-utils-2-5-4-rc2.patch,
  nfs-utils-2-5-4-rc3.patch, nfs-utils-2-5-4-rc4.patch.

==== patterns-microos ====
Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap

- Switch from PulseAudio to PipeWire

==== python-distro ====
Version update (1.5.0 -> 1.6.0)

- Update to version 1.6.0
  * Deprecated the distro.linux_distribution() function. Use distro.id(), distro.version() and distro.name() instead [#296]
  * Deprecated Python 2.7, 3.4 and 3.5 support. Further releases will only support Python 3.6+
  * Added type hints to distro module [#269]
  * Added __version__ for checking distro version [#292]
  * Added support for arbitrary rootfs via the root_dir parameter [#247]
  * Added the --root-dir option to CLI [#161]
  * Added fallback to /usr/lib/os-release when /etc/os-release isn't available [#262]
  * Fixed subprocess.CalledProcessError when running lsb_release [#261]
  * Ignore /etc/iredmail-release file while parsing distribution [#268]
  * Use a binary file for /dev/null to avoid TextIOWrapper overhead [#271]

==== python-networkx ====
Version update (2.5.1 -> 2.6.1)

- require pandas
- update to 2.6.2:
  * This release is the result of 11 months of work with over 363 pull requests by
    91 contributors. Highlights include:
  * Dropped support for Python 3.6.
  * NumPy, SciPy, Matplotlib, and pandas are now default requirements.
  * NetworkX no longer depends on the library "decorator".
  * Improved example gallery
  * Removed code for supporting Jython/IronPython
  * The __str__ method for graph objects is more informative and concise.
  * Improved import time
  * Improved test coverage
  * New documentation theme
  * Add functionality for drawing self-loop edges
  * Add approximation algorithms for Traveling Salesman Problem
- drop 0001-Replace-hash-function-for-test-of-weighted-astar.patch,
  yaml-loader.patch (merged upstream)

==== python-pyzmq ====
Version update (22.1.0 -> 22.2.1)

- Update to 22.2.1
  * Nicer reprs of contexts and sockets
  * Memory allocated by recv(copy=False) is no longer read-only
  * asyncio: Always reference current loop instead of attaching to
    the current loop at instantiation time. This fixes e.g. contexts
    and/or sockets instantiated prior to a call to asyncio.run.

==== qemu ====

- usb: unbounded stack allocation in usbredir
  (bsc#1186012, CVE-2021-3527)
  hw-usb-Do-not-build-USB-subsystem-if-not.patch
  hw-usb-host-stub-Remove-unused-header.patch
  usb-hid-avoid-dynamic-stack-allocation.patch
  usb-limit-combined-packets-to-1-MiB-CVE-.patch
  usb-mtp-avoid-dynamic-stack-allocation.patch
- usbredir: free call on invalid pointer in bufp_alloc
  (bsc#1189145, CVE-2021-3682)
  usbredir-fix-free-call.patch
- Add stable patches from upstream:
  block-nvme-Fix-VFIO_MAP_DMA-failed-No-sp.patch
  hw-net-can-sja1000-fix-buff2frame_bas-an.patch
  hw-pci-host-q35-Ignore-write-of-reserved.patch

==== rpcbind ====

- Add now working CONFIG parameter to sysusers generator
- UsrMerge changes

==== vim ====
Version update (8.2.3204 -> 8.2.3318)
Subpackages: vim-data-common vim-small

- Update apparmor.vim (taken from AppArmor 3.0.3)
  * Add syntax highlighting for abi rules
- Updated to version 8.2.3318, fixes the following problems
  * Vim9: exists() does not handle much at compile time.
  * Lua: can only execute one Vim command at a time.  Not easy to get the
  Vim version.
  * Memory allocation functions don't have their own place.
  * Some structures could be smaller.
  * Popup window title with wide characters is truncated.
  * Vim9: :finally in skipped block not handled correctly.
  * Unexpected "No matching autocommands".
  * Vim9: :echoconsole cannot access local variables.
  * Vim9: no runtime check for argument type if a function only has varargs.
  * Vim9: divide by zero causes a crash.
  * Vim9: unpack assignment does not mention source of type error.
  * Vim9: check for DO_NOT_FREE_CNT is very slow.
  * Vim9: after "if false" line breaks in expression not skipped.
  * Unused code in win_exchange() and frame_remove().
  * Behavior of exists() in a :def function is unpredictable.
  * Cannot use single quote in a float number for readability.
  * Float test fails.
  * Vim9: No error for missing white space before return type.
  * Vim9: cannot ignore quotes in number at the command line.
- Updated to version 8.2.3299, fixes the following problems
  * Vim9: TODO items in tests can be taken care of.
  * Vim9: error about using -complete without -nargs is confusing.
  * Julia filetype is not recognized
  * No error for insert() or remove() changing a locked blob.
  * Scdoc filetype is not recognized.
  * win_enter_ext() has too many boolean arguments.
  * Channel events not handled in BufEnter autocommand.
  * Cannot easily access namespace dictionaries from Lua.
  * Compiler warning for unused variable with small features.
  * Vim9: compiling dict may use pointer after free and leak memory on failure.
  * Coverity warns for not checking return value.
  * Underscore in very magic pattern causes a hang.  Pattern with \V are
  case sensitive. (Yutao Yuan)
  * Finding completions may cause an endless loop.
  * Lua: memory leak when adding dict item fails.
  * 'cursorline' should not apply to 'breakindent'.
  * Vim9: cannot add a number to a float.
  * Cannot use all commands inside a {} block after :command and :autocmd.
  * Build failure with small features.
  * Vim9: exists() does not handle much at compile time.
- Updated to version 8.2.3281, fixes the following problems
  * Display garbled when 'cursorline' is set and lines wrap. (Gabriel Dupras)
  * Coverity reports a null pointer dereference.
  * Vim9: argument types are not checked at compile time.
  * Vim9: crash when compiling string fails. (Yegappan Lakshmanan)
  * Dynamic library load error does not mention why it failed.
  * Vim9: lambda doesn't find block-local variable.
  * Vim9: searchpair() sixth argument is compiled. (Yegappan Lakshmanan)
  * Vim9: argument types are not checked at compile time.
  * Vim9: execution speed can be improved.
  * NOCOMPOUNDSUGS entry in spell file not tested.
  * Vim9: argument types are not checked at compile time.
  * Vim9: crash when using variable in a loop at script level.
  * When using xchaha20 crypt undo file is not removed.
  * :find searches non-existing directories.
  * Test_term_setansicolors() fails in some configurations.
  * Vim9: argument types are not checked at compile time.
  * Vim9: cannot used loop variable later as lambda argument.
  * Vim: using {} block in autoloade omnifunc fails.
  * Cannot call script-local function after :vim9cmd. (Christian J. Robinson)
  * Incsearch highlighting is attempted halfway a mapping.
  * New digraph functions use old naming scheme.
  * 'virtualedit' can only be set globally.
  * Cannot use a simple block for the :command argument. (Maarten Tournoij)
  * Vim9: runtime and compile time type checks are not the same.
  * Vim9: type error when function return type is not known yet.
  * Build failure with small features.
  * system() does not work without a second argument.
  * prop_list() and prop_find() do not indicate the buffer for the used type.
  * Crash when printing long string with Lua.
  * Cannot use lambda in {} block in user command. (Martin Tournoij)
  * mode() does not indicate using CTRL-O in Select mode.
  * When a builtin function gives an error processing continues.
  * Vim9: error message does not indicate the location.
  * Vim9: no error using heredoc for a number variable.
  * Lua print() does not work properly.
  * Vim9: memory leak when function reports an error.
  * Vim9: valgrind reports leaks in builtin function test.
  * Lua 5.3 print() with a long string crashes.
  * The crypt key may appear in a swap partition.
  * Memory use after free.
  * Using uninitialized memory when checking for crypt method.
  * Vim9: error message for wrong input uses wrong line number.
  * Vim9: error for re-imported function with default argument.
  * Listing builtin_gui as an available terminal is confusing.
  * Duplicated code for adding buffer lines.
  * Channel test fails randomly.
  * win_gettype() does not recognize a quickfix window.
  * ci" finds following string but ci< and others don't.
  * Executable test may fail on new Ubuntu system.
  * Calling prop_find() with -1 for ID gives errornous error. (Naohiro Ono)
  * Error messages have the wrong text.
  * When 'indentexpr' causes an error the did_throw flag may remain set.
  * Build failure with small features.
  * Vim9: when compiling repeat(123, N) return type is number.
  * Build failure when ABORT_ON_INTERNAL_ERROR is defined.
  * Vim9: "..=" does not accept same types as the ".." operator.
  * Vim9: assign test fails.
  * Smartcase does not work correctly in very magic pattern.
  * Vim9: assignment with two indexes may check next line.
  * Vim9: crash when disassembling a function that uses a deleted script
  variable.
  * Cannot use a block with :autocmd like with :command.
  * Vim9: wrong argument check for partial. (Naohiro Ono)
  * prop_find() finds property with ID -2.
  * Vim9: cannot use :command or :au with a block in a :def function.
  * Cannot use id zero with prop_find(). (Naohiro Ono)
  * Autocmd test fails.
  * Macro for printf format check can be simplified.
  * Optimizer can use hints about ga_grow() normally succeeding.
  * Vim9: exists() can only be evaluated at runtime.
  * Vim9: compiled has() does not work properly.
  * Vim9: error when adding 1 to float.
  * Vim9: cannot use block in cmdline window.
  * 'virtualedit' local to buffer is not the best solution.
  * Vim9: TODO items in tests can be taken care of.