Packages changed:
  Imath (3.1.2 -> 3.1.3)
  colord
  gnome-shell (41.1 -> 41.2)
  gnome-shell-extensions (41.0 -> 41.1)
  gstreamer-plugins-bad
  hplip
  hwinfo (21.78 -> 21.80)
  installation-images-MicroOS (17.28 -> 17.30)
  iputils (20210722 -> 20211215)
  kernel-source (5.15.7 -> 5.15.8)
  libgcrypt
  libostree (2020.8 -> 2021.6)
  mutter (41.1 -> 41.2)
  ncurses (6.3.20211120 -> 6.3.20211127)
  neon (0.31.2 -> 0.32.1)
  openssl-1_1
  openvpn
  p11-kit
  pam
  pango (1.48.10 -> 1.50.1)
  pangomm1_4 (2.46.1 -> 2.46.2)
  patterns-base
  pipewire (0.3.40 -> 0.3.42)
  polkit-default-privs (1550+20211209.8ce206c -> 1550+20211214.daf2765)
  python-SQLAlchemy (1.4.26 -> 1.4.27)
  qemu
  rav1e (0.5.0+0 -> 0.5.1+0)
  runc (1.0.3 -> 1.1.0~rc1)
  sensors
  shadow
  upower
  util-linux
  util-linux-systemd
  webkit2gtk3
  webkit2gtk3-soup2
  wireless-regdb (20210828 -> 20211209)
  wireplumber
  xen
  xfsprogs (5.14.0 -> 5.14.2)
  xorg-x11-server (21.1.1 -> 21.1.2)
  xxhash (0.8.0 -> 0.8.1)
  yast2 (4.4.27 -> 4.4.30)
  zxing-cpp

=== Details ===

==== Imath ====
Version update (3.1.2 -> 3.1.3)

- version update to 3.1.3
  * Patch release with miscellaneous fixes
  * Fix undefined access of a vector when empty
  * Require sphinx 4.0.3
  * Build sphinx/doxygen docs with CMake
  * Use PYIMATH_OVERRIDE_PYTHON_INSTALL_DIR to specify destination python modules
  * Guard `__has_attribute` for compilers that don't support it
  * Cuda safety fixes
  * Replace stray Imath:: with IMATH_INTERNAL_NAMESPACE::

==== colord ====
Subpackages: colord-color-profiles libcolord2 libcolorhug2

- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
  * harden_colord.service.patch

==== gnome-shell ====
Version update (41.1 -> 41.2)
Subpackages: gnome-shell-calendar

- Update to version 41.2:
  + Fix wrongly rejected D-Bus calls after gnome-shell restarts.
  + magnifier: Avoid offscreen rendering if possible.
  + Improve handling of all-day/zero-length events in calendar.
  + Keep keyboard focus in notification list after deleting
    message.
  + Misc. bug fixes and cleanups.
  + Updated translations.
- Switch to git checkout of released tag via source service.

==== gnome-shell-extensions ====
Version update (41.0 -> 41.1)
Subpackages: gnome-shell-classic gnome-shell-extensions-common

- Update to version 41.1:
  + native-window-placement: Fix distorted layout in app grid.
  + window-list: Fix on-screen keyboard.
  + Misc. bug fixes.
  + Updated translations.

==== gstreamer-plugins-bad ====
Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsturidownloader-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0

- Add 2564.patch: Allow to build against Neon 0.32.x.

==== hplip ====

- Replace keys.openpgp.org with pgp.surf.nl (bsc#1193656)
  * gpg refuses to load the key from keys.openpgp.org.
- Add build dependency on python-rpm-macros (bsc#1193718)
- Replace pool.sks-keyservers.net by keys.openpgp.org (bsc#1193656)

==== hwinfo ====
Version update (21.78 -> 21.80)

- merge gh#openSUSE/hwinfo#109
- fix logic around cdrom detection
- 21.80
- merge gh#openSUSE/hwinfo#108
- Donot close the open tray after read_cdrom_info.
- Donot close the open tray after read.
- 21.79

==== installation-images-MicroOS ====
Version update (17.28 -> 17.30)

- merge gh#openSUSE/installation-images#555
- don't add Y2* install boot options to target system (jsc#SLE-21308)
- 17.30
- merge gh#openSUSE/installation-images#552
- etc: update module.config to match 5.16
- etc/module.config: sort the network modules
- kernel 5.16 update
- 17.29

==== iputils ====
Version update (20210722 -> 20211215)

- Update to version 20211215
  https://github.com/iputils/iputils/releases/tag/20211215
- rarpd and rdisc are going to be removed in next release
  (https://github.com/iputils/iputils/issues/363)
  therefore don't pack it since this release
- Drop harden_rdisc.service.patch, which was 1) merged upstream
  4bb0ace ("systemd: Add ProtectHostname, ProtectKernelLogs")
  for all services
  2) we don't build rdisc since this release

==== kernel-source ====
Version update (5.15.7 -> 5.15.8)

- Revert "- rpm/*build: use buildroot macro instead of env variable"
  buildroot macro is not being expanded inside a shell script. go
  back to the environment variable usage. This reverts parts of
  commit e2f60269b9330d7225b2547e057ef0859ccec155.
- commit fe85f96
- kernel-obs-build: include the preferred kernel parameters
  Currently the Open Build Service hardcodes the kernel boot parameters
  globally. Recently functionality was added to control the parameters
  by the kernel-obs-build package, so make use of that. parameters here
  will overwrite what is used by OBS otherwise.
- commit a631240
- Linux 5.15.8 (bsc#1012628).
- bpf: Add selftests to cover packet access corner cases
  (bsc#1012628).
- clocksource/drivers/dw_apb_timer_of: Fix probe failure
  (bsc#1012628).
- misc: fastrpc: fix improper packet size calculation
  (bsc#1012628).
- irqchip: nvic: Fix offset for Interrupt Priority Offsets
  (bsc#1012628).
- irqchip/irq-gic-v3-its.c: Force synchronisation when issuing
  INVALL (bsc#1012628).
- aio: Fix incorrect usage of eventfd_signal_allowed()
  (bsc#1012628).
- irqchip/armada-370-xp: Fix support for Multi-MSI interrupts
  (bsc#1012628).
- irqchip/armada-370-xp: Fix return value of
  armada_370_xp_msi_alloc() (bsc#1012628).
- irqchip/aspeed-scu: Replace update_bits with write_bits
  (bsc#1012628).
- csky: fix typo of fpu config macro (bsc#1012628).
- bus: mhi: core: Add support for forced PM resume (bsc#1012628).
- bus: mhi: pci_generic: Fix device recovery failed issue
  (bsc#1012628).
- nvmem: eeprom: at25: fix FRAM byte_len (bsc#1012628).
- misc: rtsx: Avoid mangling IRQ during runtime PM (bsc#1012628).
- iio: accel: kxcjk-1013: Fix possible memory leak in probe and
  remove (bsc#1012628).
- iio: ad7768-1: Call iio_trigger_notify_done() on error
  (bsc#1012628).
- iio: adc: axp20x_adc: fix charging current reporting on AXP22x
  (bsc#1012628).
- iio: adc: stm32: fix a current leak by resetting pcsel before
  disabling vdda (bsc#1012628).
- iio: at91-sama5d2: Fix incorrect sign extension (bsc#1012628).
- iio: dln2: Check return value of devm_iio_trigger_register()
  (bsc#1012628).
- iio: dln2-adc: Fix lockdep complaint (bsc#1012628).
- iio: itg3200: Call iio_trigger_notify_done() on error
  (bsc#1012628).
- iio: kxsd9: Don't return error code in trigger handler
  (bsc#1012628).
- iio: ltr501: Don't return error code in trigger handler
  (bsc#1012628).
- iio: mma8452: Fix trigger reference couting (bsc#1012628).
- iio: stk3310: Don't return error code in interrupt handler
  (bsc#1012628).
- iio: trigger: stm32-timer: fix MODULE_ALIAS (bsc#1012628).
- iio: trigger: Fix reference counting (bsc#1012628).
- iio: gyro: adxrs290: fix data signedness (bsc#1012628).
- xhci: avoid race between disable slot command and host runtime
  suspend (bsc#1012628).
- usb: core: config: using bit mask instead of individual bits
  (bsc#1012628).
- xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from
  runtime suspending (bsc#1012628).
- usb: core: config: fix validation of wMaxPacketValue entries
  (bsc#1012628).
- Revert "usb: dwc3: dwc3-qcom: Enable tx-fifo-resize property
  by default" (bsc#1012628).
- USB: gadget: zero allocate endpoint 0 buffers (bsc#1012628).
- USB: gadget: detect too-big endpoint 0 requests (bsc#1012628).
- selftests/fib_tests: Rework fib_rp_filter_test() (bsc#1012628).
- net/qla3xxx: fix an error code in ql_adapter_up() (bsc#1012628).
- net, neigh: clear whole pneigh_entry at alloc time
  (bsc#1012628).
- net: fec: only clear interrupt of handling queue in
  fec_enet_rx_queue() (bsc#1012628).
- net: altera: set a couple error code in probe() (bsc#1012628).
- net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero
  (bsc#1012628).
- tools build: Remove needless libpython-version feature check
  that breaks test-all fast path (bsc#1012628).
- dt-bindings: net: Reintroduce PHY no lane swap binding
  (bsc#1012628).
- Documentation/locking/locktypes: Update migrate_disable() bits
  (bsc#1012628).
- perf tools: Fix SMT detection fast read path (bsc#1012628).
- drm/amd/display: Fix DPIA outbox timeout after S3/S4/reset
  (bsc#1012628).
- Revert "PCI: aardvark: Fix support for PCI_ROM_ADDRESS1 on
  emulated bridge" (bsc#1012628).
- i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc
  (bsc#1012628).
- bpf, sockmap: Re-evaluate proto ops when psock is removed from
  sockmap (bsc#1012628).
- mtd: rawnand: fsmc: Fix timing computation (bsc#1012628).
- mtd: rawnand: fsmc: Take instruction delay into account
  (bsc#1012628).
- i40e: Fix pre-set max number of queues for VF (bsc#1012628).
- i40e: Fix failed opcode appearing if handling messages from VF
  (bsc#1012628).
- clk: qcom: clk-alpha-pll: Don't reconfigure running Trion
  (bsc#1012628).
- clk: imx: use module_platform_driver (bsc#1012628).
- hwmon: (dell-smm) Fix warning on /proc/i8k creation error
  (bsc#1012628).
- RDMA/hns: Do not destroy QP resources in the hw resetting phase
  (bsc#1012628).
- RDMA/hns: Do not halt commands during reset until later
  (bsc#1012628).
- ASoC: codecs: wcd934x: return correct value from mixer put
  (bsc#1012628).
- ASoC: codecs: wcd934x: handle channel mappping list correctly
  (bsc#1012628).
- ASoC: codecs: wsa881x: fix return values from kcontrol put
  (bsc#1012628).
- ASoC: qdsp6: q6routing: Fix return value from
  msm_routing_put_audio_mixer (bsc#1012628).
- ASoC: rt5682: Fix crash due to out of scope stack vars
  (bsc#1012628).
- PM: runtime: Fix pm_runtime_active() kerneldoc comment
  (bsc#1012628).
- qede: validate non LSO skb length (bsc#1012628).
- ALSA: usb-audio: Reorder snd_djm_devices[] entries
  (bsc#1012628).
- scsi: scsi_debug: Fix buffer size of REPORT ZONES command
  (bsc#1012628).
- scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc()
  (bsc#1012628).
- block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2)
  (bsc#1012628).
- i2c: mpc: Use atomic read and fix break condition (bsc#1012628).
- tracefs: Set all files to the same group ownership as the
  mount option (bsc#1012628).
- aio: fix use-after-free due to missing POLLFREE handling
  (bsc#1012628).
- aio: keep poll requests on waitqueue until completed
  (bsc#1012628).
- signalfd: use wake_up_pollfree() (bsc#1012628).
- binder: use wake_up_pollfree() (bsc#1012628).
- wait: add wake_up_pollfree() (bsc#1012628).
- io_uring: ensure task_work gets run as part of cancelations
  (bsc#1012628).
- libata: add horkage for ASMedia 1092 (bsc#1012628).
- drm/syncobj: Deal with signalled fences in
  drm_syncobj_find_fence (bsc#1012628).
- thermal: int340x: Fix VCoRefLow MMIO bit offset for TGL
  (bsc#1012628).
- clk: qcom: regmap-mux: fix parent clock lookup (bsc#1012628).
- mmc: renesas_sdhi: initialize variable properly when tuning
  (bsc#1012628).
- hwmon: (pwm-fan) Ensure the fan going on in .probe()
  (bsc#1012628).
- selftests: KVM: avoid failures due to reserved HyperTransport
  region (bsc#1012628).
- tracefs: Have new files inherit the ownership of their parent
  (bsc#1012628).
- nfsd: Fix nsfd startup race (again) (bsc#1012628).
- nfsd: fix use-after-free due to delegation race (bsc#1012628).
- md: fix update super 1.0 on rdev size change (bsc#1012628).
- perf intel-pt: Fix error timestamp setting on the decoder
  error path (bsc#1012628).
- perf intel-pt: Fix missing 'instruction' events with 'q' option
  (bsc#1012628).
- perf intel-pt: Fix next 'err' value, walking trace
  (bsc#1012628).
- perf intel-pt: Fix state setting when receiving overflow (OVF)
  packet (bsc#1012628).
- perf intel-pt: Fix intel_pt_fup_event() assumptions about
  setting state type (bsc#1012628).
- perf intel-pt: Fix sync state when a PSB (synchronization)
  packet is found (bsc#1012628).
- perf intel-pt: Fix some PGE (packet generation enable/control
  flow packets) usage (bsc#1012628).
- btrfs: free exchange changeset on failures (bsc#1012628).
- btrfs: replace the BUG_ON in btrfs_del_root_ref with proper
  error handling (bsc#1012628).
- btrfs: fix re-dirty process of tree-log nodes (bsc#1012628).
- btrfs: clear extent buffer uptodate when we fail to write it
  (bsc#1012628).
- scsi: qla2xxx: Format log strings only if needed (bsc#1012628).
- cifs: Fix crash on unload of cifs_arc4.ko (bsc#1012628).
- ALSA: pcm: oss: Handle missing errors in
  snd_pcm_oss_change_params*() (bsc#1012628).
- ALSA: pcm: oss: Limit the period size to 16MB (bsc#1012628).
- ALSA: pcm: oss: Fix negative period/buffer sizes (bsc#1012628).
- ALSA: hda/realtek: Fix quirk for TongFang PHxTxX1 (bsc#1012628).
- ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897
  platform (bsc#1012628).
- ALSA: ctl: Fix copy of updated id with element read/write
  (bsc#1012628).
- mm: bdi: initialize bdi_min_ratio when bdi is unregistered
  (bsc#1012628).
- mm/slub: fix endianness bug for alloc/free_traces attributes
  (bsc#1012628).
- mm/damon/core: fix fake load reports due to uninterruptible
  sleeps (bsc#1012628).
- timers: implement usleep_idle_range() (bsc#1012628).
- KVM: x86: Wait for IPIs to be delivered when handling Hyper-V
  TLB flush hypercall (bsc#1012628).
- KVM: x86: Ignore sparse banks size for an "all CPUs", non-sparse
  IPI req (bsc#1012628).
- KVM: x86: Don't WARN if userspace mucks with RCX during string
  I/O exit (bsc#1012628).
- net: mvpp2: fix XDP rx queues registering (bsc#1012628).
- net/sched: fq_pie: prevent dismantle issue (bsc#1012628).
- net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering
  (bsc#1012628).
- net: dsa: mv88e6xxx: error handling for serdes_power functions
  (bsc#1012628).
- net: bcm4908: Handle dma_set_coherent_mask error codes
  (bsc#1012628).
- devlink: fix netns refcount leak in devlink_nl_cmd_reload()
  (bsc#1012628).
- IB/hfi1: Correct guard on eager buffer deallocation
  (bsc#1012628).
- iavf: Fix reporting when setting descriptor count (bsc#1012628).
- iavf: restore MSI state on reset (bsc#1012628).
- netfilter: conntrack: annotate data-races around ct->timeout
  (bsc#1012628).
- netfilter: nft_exthdr: break evaluation if setting TCP option
  fails (bsc#1012628).
- udp: using datalen to cap max gso segments (bsc#1012628).
- seg6: fix the iif in the IPv6 socket control block
  (bsc#1012628).
- nfp: Fix memory leak in nfp_cpp_area_cache_add() (bsc#1012628).
- bonding: make tx_rebalance_counter an atomic (bsc#1012628).
- ethtool: do not perform operations on net devices being
  unregistered (bsc#1012628).
- ice: ignore dropped packets during init (bsc#1012628).
- bpf: Fix the off-by-two error in range markings (bsc#1012628).
- bpf: Make sure bpf_disable_instrumentation() is safe vs
  preemption (bsc#1012628).
- bpf, sockmap: Attach map progs to psock early for feature probes
  (bsc#1012628).
- bpf, x86: Fix "no previous prototype" warning (bsc#1012628).
- vrf: don't run conntrack on vrf with !dflt qdisc (bsc#1012628).
- selftests: netfilter: add a vrf+conntrack testcase
  (bsc#1012628).
- nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done
  (bsc#1012628).
- platform/x86: amd-pmc: Fix s2idle failures on certain AMD
  laptops (bsc#1012628).
- x86/sme: Explicitly map new EFI memmap table as encrypted
  (bsc#1012628).
- net: dsa: mv88e6xxx: allow use of PHYs on CPU and DSA ports
  (bsc#1012628).
- net: dsa: mv88e6xxx: fix "don't use PHY_DETECT on internal
  PHY's" (bsc#1012628).
- can: m_can: Disable and ignore ELO interrupt (bsc#1012628).
- can: m_can: pci: fix iomap_read_fifo() and iomap_write_fifo()
  (bsc#1012628).
- can: m_can: pci: fix incorrect reference clock rate
  (bsc#1012628).
- can: m_can: m_can_read_fifo: fix memory leak in error branch
  (bsc#1012628).
- can: pch_can: pch_can_rx_normal: fix use after free
  (bsc#1012628).
- can: sja1000: fix use after free in ems_pcmcia_add_card()
  (bsc#1012628).
- can: kvaser_pciefd: kvaser_pciefd_rx_error_frame(): increase
  correct stats->{rx,tx}_errors counter (bsc#1012628).
- can: kvaser_usb: get CAN clock frequency from device
  (bsc#1012628).
- IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (bsc#1012628).
- IB/hfi1: Fix early init panic (bsc#1012628).
- IB/hfi1: Insure use of smp_processor_id() is preempt disabled
  (bsc#1012628).
- nft_set_pipapo: Fix bucket load in AVX2 lookup routine for
  six 8-bit groups (bsc#1012628).
- platform/x86/intel: hid: add quirk to support Surface Go 3
  (bsc#1012628).
- HID: Ignore battery for Elan touchscreen on Asus UX550VE
  (bsc#1012628).
- HID: sony: fix error path in probe (bsc#1012628).
- mmc: spi: Add device-tree SPI IDs (bsc#1012628).
- mtd: dataflash: Add device-tree SPI IDs (bsc#1012628).
- HID: check for valid USB device for many HID drivers
  (bsc#1012628).
- HID: wacom: fix problems when device is not a valid USB device
  (bsc#1012628).
- HID: bigbenff: prevent null pointer dereference (bsc#1012628).
- HID: add USB_HID dependancy on some USB HID drivers
  (bsc#1012628).
- HID: add USB_HID dependancy to hid-chicony (bsc#1012628).
- HID: add USB_HID dependancy to hid-prodikeys (bsc#1012628).
- HID: add hid_is_usb() function to make it simpler for USB
  detection (bsc#1012628).
- HID: intel-ish-hid: ipc: only enable IRQ wakeup when requested
  (bsc#1012628).
- HID: google: add eel USB id (bsc#1012628).
- HID: quirks: Add quirk for the Microsoft Surface 3 type-cover
  (bsc#1012628).
- usb: gadget: uvc: fix multiple opens (bsc#1012628).
- commit 3f92609
- kernel-obs-build: inform build service about virtio-serial
  Inform the build worker code that this kernel supports virtio-serial,
  which improves performance and relability of logging.
- commit 301a3a7
- rpm/*.spec.in: use buildroot macro instead of env variable
  The RPM_BUILD_ROOT variable is considered deprecated over
  a buildroot macro. future proof the spec files.
- commit e2f6026
- Update BT fix patch for regression with 8087:0026 device (bsc#1193124)
  Also corrected the references and patch description
- commit 634695b

==== libgcrypt ====

- FIPS: Fix gcry_mpi_sub_ui subtraction [bsc#1193480]
  * gcry_mpi_sub_ui: fix subtracting from negative value
  * Add libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch

==== libostree ====
Version update (2020.8 -> 2021.6)
Subpackages: libostree-1-1

- Update to version 2021.6:
  + Most of the fixes are related to warnings highlighted by gcc
  - fanalyzer static source analysis.
  + Performance of pruning logic has been improved, avoiding
    unnecessary trips through redundant serialization.
  + A regression has been fixed so that ostree is properly behaving
    again when used from the initramfs, at a point where /sysroot
    may not be mounted yet.
  + A race condition related to sysroot.readonly has been addressed
    by directly setting up sysroot readonly in initramfs.
- Changes from version 2020.8 to 2021.5 please see upstreams list
  https://github.com/ostreedev/ostree/releases
- Switch to obs_scm from tar_scm, and use obscpio instead of
  generated tarball. Also stop autogeneration of .changes, upstream
  now have proper release notes that should be used.
- Use ldconfig_scriptlets macro for post(un) handling for shared
  library, modernize spec.

==== mutter ====
Version update (41.1 -> 41.2)

- Update to version 41.2:
  + Fix blank screen when unplugging docking station.
  + Prefer GBM over EGLStream where possible.
  + Fix unredirected Xwayland windows not getting updated.
  + Improve anti-aliasing of background corners.
  + Copy damage rectangles to secondary GPU
  + Improve Wacom tablet mapping.
  + Fixed crashes.
  + Misc. bug fixes and cleanups.
  + Updated translations.
- Switch to git checkout of released tag via source service.

==== ncurses ====
Version update (6.3.20211120 -> 6.3.20211127)
Subpackages: libncurses6 ncurses-utils terminfo-base

- Add ncurses patch 20211127
  + fix errata in description fields (report by Eric Lindblad) -TD
  + add x10term+sl, aixterm+sl, ncr260vp+sl, ncr260vp+vt, wyse+sl -TD
- Correct offsets of patch ncurses-6.3.dif

==== neon ====
Version update (0.31.2 -> 0.32.1)

- update to 0.32.1:
  * Fix configure CFLAGS handling in Kerberos detection.
- includes changes from 0.32.0:
  * NE_AUTH_DIGEST now only enables RFC 2617/7616 auth by default;
    to enable weaker RFC 2069 Digest, use NE_AUTH_LEGACY_DIGEST
    (treated as a security enhancement, not an API/ABI break)
  * Interface additions and bug fixes
- drop patches:
  * neon-0.31.2-sha1-tests.patch
  * neon-0.31.2-CA-tests.patch

==== openssl-1_1 ====
Subpackages: libopenssl1_1

- Added openssl-1_1-use-include-directive.patch so that the default
  /etc/ssl/openssl.cnf file will include any configuration files that
  other packages might place into /etc/ssl/engines.d/ and
  /etc/ssl/engdef.d/ This is a fix for bsc#1004463 where scripting was
  being used to modify the openssl.cnf file. The scripting would fail
  if either the default openssl.cnf file, or the sample openssl-ibmca
  configuration file would be changed by upstream.
- Updated spec file to create the two new necessary directores for
  the above patch.

==== openvpn ====

- Drop 0001-preform-deferred-authentication-in-the-background.patch
  Upstream has meanwhile solved this differently and the two
  implementations interfere (boo#1193017).
- Obsoleted SLE patches up to this point:
  * openvpn-CVE-2020-15078.patch
  * openvpn-CVE-2020-11810.patch
  * openvpn-CVE-2018-7544.patch
  * openvpn-CVE-2018-9336.patch

==== p11-kit ====
Subpackages: libp11-kit0 p11-kit-tools

- Enable systemd support

==== pam ====
Subpackages: pam_unix

- Drop pam_umask-usergroups-login_defs.patch, does more harm
  than helps. If not explizit specified as module option, we
  use UMASK from login.defs unmodified.

==== pango ====
Version update (1.48.10 -> 1.50.1)
Subpackages: libpango-1_0-0 typelib-1_0-Pango-1_0

- Update to version 1.50.1:
  + Fix a crash in tab handling.
  + Fix tab positioning without line wrapping.
  + Fix an assertion failure found by fuzzing.
  + Make underlines work again for broken fonts.
- Update to version 1.50.0:
  + Fix glyph placement in gravity east
  + Fix line heights in improper gravities
  + Only shown selected ignorables with nicks
  + Support tab alignments other than left
  + Support custom decimal points on decimal tabs
  + Fix a pango-view crash
  + Optimize handling of many tabs
  + Drop json-glib dependency
- Drop pkgconfig(json-glib-1.0) BuildRequires, no longer needed.
- Update to version 1.49.4:
  + Require fontconfig 2.13
  + Require harfbuzz 2.6
  + Many fixes to line breaking accuracy
  + coretext: Correctly clamp text weights at min/max values
  + Add serialization api for PangoLayout, PangoFont and
    PangoAttrList
  + Require json-glib
  + tests:
  - Use serialized layouts for test cases
  - Include fonts in git
  + pango-view: Accept serialized layouts
  + Fix a rounding problem with font metrics
  + Fix visible space display using ?
- Changes from version 1.49.3:
  + Fix hinting of glyph metrics
  + Fix logical glyph extents in vertical gravities
  + Visualize more default-ignorable glyphs
  + Fix advance widths in transformed contexts
  + Implement Small Caps and other casing variations
- Changes from version 1.49.2:
  + Update Unicode data to Unicode 14
  + Fix underlining of spaces
  + Round font metrics when appropriate
  + Fix some corner cases of cursor positioning
  + Handle Catalan middle-dot in text segmentation
- Changes from version 1.49.1:
  + Only recompute log attrs when needed
  + Validate log attrs
  + Fix conformance issues in Thai and Indic linebreaking
  + Add pango_attr_break to support customizing line and word
    breaks
  + Add font-dependent baseline shifts and sizing for super- and
    subscripts
  + Improve hyphenation support
  + pango-view:
  - Visualize caret positions and slopes
  - Show glyph rects
  - Make --annotate easier to use
  + Add pango_layout_get_caret_pos to support sloped carets
  + Improve caret positioning for ligatures
  + Better under- and overline placement
  + layout:
  - Allocate a bit less
  - Fix cluster extents with rise
  + Add pango_layout_iter_get_run_baseline
  + Add pango_glyph_string_index_to_x_full
  + coretext: Set size on font descriptions
  + Add color information to PangoGlyphVisAttr
- Changes from version 1.49.0:
  + Require fribidi 1.0.6
  + Fix threadsafety issues with Thai
  + Fix a rounding problem on i386
  + Fix font choice for ellipsis
  + New api:
  - pango_font_get_languages
  - Introspection helpers for attributes
  + Ignore width in horizontal context when itemizing
  + markup:
  - Allow specifying size and rise in points
  - Allow specifying size as percentage
  + Rewrite pango_layout_move_cursor_visually
  + Add a line-height attribute and make logical line extents
    respect it
  + Add pango_justify_last_line
  + Add pango_shape_item
  + Add a text-transform attribute and implement it
  + Clean up fribidi api usage
  + Fix a bug in the gravity data table
  + pango-view: Improve the --annotate option
  + Fix a possible crash in rendering strikethroughs
- Add pkgconfig(json-glib-1.0) BuildRequires, new dependency.

==== pangomm1_4 ====
Version update (2.46.1 -> 2.46.2)

- Switch back to released tarballs: Stop passing
  maintainer-mode=true to meson and remove m4, mm-common and
  perl(XML::Parser) BuildRequires, as this was all only needed to
  build a git-checkout.
- Update to version 2.46.2:
  * Move to stable released tag, no code changes.
- Update to version 2.46.1+7:
  * NMake Makefiles: Fix header installation
  * NMake Makefiles: Correct VS2019 toolset number
  * build: Support Visual Studio 2022 builds
  * docs/reference/Doxyfile.in: Remove obsolete entry
  * Don't include individual pango headers, part 2
  * Don't include individual pango headers
  * Use pango from the main branch
  * 2.46.1
  * Documentation: Let links point to pangomm-1.4 versions
  * Add dependencies to Doxygen tag files in subprojects
- Switch to using a gitcheckout via source service. Pass
  maintainer-mode=true to meson and add m4, mm-common and
  perl(XML::Parser) BuildRequires, as this is needed with a
  git-checkout.

==== patterns-base ====
Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11

- Drop low-memory-monitor: It's not enabled by default, not used by
  any of the default applications and would conflict with other
  installed OOM handling daemons like earlyoom or oomd
- Run pre_checkin.sh
- base: favour psmisc over busybox-psmisc or other equivalents
- enhanced_base: Recommend low-memory-monitor an early boot daemon
  to monitor memory pressure and react to low memory.
- Run pre_checkin.sh to sync 32-bit patterns.

==== pipewire ====
Version update (0.3.40 -> 0.3.42)
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools

- Revert the merge of spa-plugins and modules into the library
  package.
- Move some of the files between packages where they make more
  sense.
- Rename the modules subpackage to modules-%{apiver_str} so
  it can be versioned more easily (there still are some unversioned
  files in the package, but it's a step in the right direction)
- Remove unneccesary Conflicts with packages that are Obsoleted
- Update to version 0.3.42:
  * Highlights
  - Fixes a bug in pulse-server underrun handling that broke qemu
    and orca.
  - A fix was added to pulse-server to handle quantum changes
    gracefully.
  - Fix module-echo-cancel again.
  - Fix a bug where the bluetooth headset capture was producing
    noise.
- Remove the dependency on wireplumber-audio which was pulling in
  pulseaudio. We'll require wireplumber-audio directly from
  wireplumber.
- Remove pipewire-rpmlintrc since the filters don't apply anymore
- Merge the pipewire-spa-plugins-0_2 and pipewire-modules
  packages into the libpipewire package just as the fedora packages
  do and simplify the filelist a bit by using some recursive
  listing instead of explicitly listing all files.
- Use the gcc9-c++ compiler in SLE/Leap so it builds successfully.
- Update to version 0.3.41:
  * Highlights
  - Improved compatibility for flatpaks. Flatpaks with newer
    PipeWire version can connect to an older server in all cases.
  - A new RAOP module was added to stream to Apple Airplay
    devices.
  - OBS can now capture from the monitor devices again when using
    WirePlumber.
  - Improved JACK compatibility. Improved stability in Carla and
    Ardour when changing buffer size. Improved latency
    calculations and playback latency in Ardour.
  - Improved pulse-server handling of underruns and buffer size
    changes.
  - Many bugfixes and improvements.
  * PipeWire
  - The systemd service files now have better names.
  - client.access permission checks are improved.
  - Fix some memory leaks in error paths.
  - Objects now have a global serial number that is unique for
    the lifetime of the server.
  - Make clock.rate, clock.allowed-rates and clock.quantum
    runtime tunable parameters with the settings metadata.
  - Add some additional memory checks in client-node to avoid
    sending invalid memory to clients. (#1859)
  - Improve buffer memory allocation. If one of the nodes is a
    remote node, ensure we only use memory that can be shared.
  - Version checks when binding to objects is removed. This means
    that newer clients can now bind to older servers, which is a
    typical case for a flatpak.
  - A bug in the latency calculations was fixed where it would in
    some cases report the wrong minumum latency.
  * modules
  - module-echo-cancel has voice-detection enabled now.
  - module-raop-sink and module-raop-discover to stream audio to
    an Apple Airplay device.
  - module-filter-chain now has preliminary support for LV2
    plugins.
  * SPA
  - The audio resampler now has improved buffer size
    calculations. In some cases it was too small and would cause
    distortions.
  - More checks are done when doing volume changes so that the
    channelmap is correct.
  - Audioadapter now exposes most config options with params so
    that they can be adjusted at runtime.
  - The resampler can now calculate the expected input buffer
    size before receiving the first buffer, which avoids some
    confusion when starting streams.
  - Support was added for some 10bit video formats.
  - MONO channel handling was improved.
  - Most plugins now set a clock name and this is configurable
    where it makes sense. The clock.system.monotonic clock name
    is used for most plugins that use the system clock for
    timing.
  * pulse-server
  - implement module-raop-discover
  - Use STREAM_CAPTURE_SINK property when capturing from a
    monitor source to better inform the session manager. This
    fixes some issues where OBS would capture from the
    microphone instead of the output monitor.
  - Limit the amount of cache messages to 16MB and don't add
    large memory blocks to the cache. This should fix some
    excessive memory usage that people reported.
  - Fix a potential memory leak when cleaning up a client.
  - Do some additional checks to avoid buffer overruns.
  - Improve recovery from underruns better. (#1857) This improves
    seeking in gnome-music.
  - Improve recovery when the quantum is forced larger that the
    stream configured latency.
  - The prebuf state is now handled correctly.
  * JACK
  - A per type object cache is now implemented. This ensures that
    port objects remain valid for a longer time because many JACK
    applications inspect objects after they are destroyed. This
    improves catia/carla compatibility.
  - Recompute the latencies when the buffer-size changes. Fix
    some cases where we would end up with negative latencies.
  - Handle regcomp errors to avoid some crashes later.
  - Latency calculations are improved a lot.
  - More care is taken to not call a process callback while a
    buffer size change is pending. This fixes some crashes in
    Carla, which expect that all clients are paused when one
    handles the buffersize callback.
  - Loopback links to a client are now handled correctly and
    without latency. This fixes playback latency in ardour6
    (#1839)
  * ALSA
  - ALSA devices now keep track of the samplerate of the card
    and ensure that all PCM use the same rate. This is a
    workaround for a kernel bug that is fixed in 5.16.
  - Refactor the ALSA plugin a little.
  - The ALSA plugin now reports correct delay for a capture PCM.
    (#1697)
  - The ALSA nodes now expose all config options with params
    that can be changed at runtime.
  - The ALSA node has a configurable clock name. Adaptive
    resampling to match clock rates is avoided when the driver
    has the same clock name as the ALSA node. This can be used
    to link alsa devices together with a word clock.

==== polkit-default-privs ====
Version update (1550+20211209.8ce206c -> 1550+20211214.daf2765)

- Update to version 1550+20211214.daf2765:
  * fwupd: tighten the downgrade rules (bsc#1193310)

==== python-SQLAlchemy ====
Version update (1.4.26 -> 1.4.27)

- update to 1.4.27:
  Bugfixes
  * see https://docs.sqlalchemy.org/en/14/changelog/changelog_14.html#change-1.4.27

==== qemu ====

- Reinstate Lin Ma's fixes for bsc#1192147 as they were
  submitted only to IBS.
  * Patches added:
  hw-acpi-ich9-Add-compat-prop-to-keep-HPC.patch
  hw-i386-acpi-build-Deny-control-on-PCIe-.patch
  pcie-rename-native-hotplug-to-x-native-h.patch
- Rename the Guest Agent service qemu-guest-agent, like in other
  distros (and upstream). bsc#1185543
- disable QOM cast debug outside the testsuite as the corresponding
  asserts show up occassionally as top #1 in perf(1) traces under
  heavy virtio load
- enable LTO when we'd like to use LTO

==== rav1e ====
Version update (0.5.0+0 -> 0.5.1+0)

- Update to version 0.5.1+0:
  * Fix the dispatcher calling `avx2` code when the sub-architecture does not
    support it.

==== runc ====
Version update (1.0.3 -> 1.1.0~rc1)

- Update to runc v1.1.0~rc1. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1.
  + Add support for RDMA cgroup added in Linux 4.11.
  * runc exec now produces exit code of 255 when the exec failed.
    This may help in distinguishing between runc exec failures
    (such as invalid options, non-running container or non-existent
    binary etc.) and failures of the command being executed.
  + runc run: new --keep option to skip removal exited containers artefacts.
    This might be useful to check the state (e.g. of cgroup controllers) after
    the container has?exited.
  + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD
    (the latter is just an alias for SCMP_ACT_KILL).
  + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows
    users to create sophisticated seccomp filters where syscalls can be
    efficiently emulated by privileged processes on the host.
  + checkpoint/restore: add an option (--lsm-mount-context) to set
    a different LSM mount context on restore.
  + intelrdt: support ClosID parameter.
  + runc exec --cgroup: an option to specify a (non-top) in-container cgroup
    to use for the process being executed.
  + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1
    machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc
    run/exec now adds the container to the appropriate cgroup under it).
  + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s
    behaviour.
  + mounts: add support for bind-mounts which are inaccessible after switching
    the user namespace. Note that this does not permit the container any
    additional access to the host filesystem, it simply allows containers to
    have bind-mounts configured for paths the user can access but have
    restrictive access control settings for other users.
  + Add support for recursive mount attributes using mount_setattr(2). These
    have the same names as the proposed mount(8) options -- just prepend r
    to the option name (such as rro).
  + Add runc features subcommand to allow runc users to detect what features
    runc has been built with. This includes critical information such as
    supported mount flags, hook names, and so on. Note that the output of this
    command is subject to change and will not be considered stable until runc
    1.2 at the earliest. The runtime-spec specification for this feature is
    being developed in opencontainers/runtime-spec#1130.
  * system: improve performance of /proc/$pid/stat parsing.
  * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change
    the ownership of certain cgroup control files (as per
    /sys/kernel/cgroup/delegate) to allow for proper deferral to the container
    process.
  * runc checkpoint/restore: fixed for containers with an external bind mount
    which destination is a symlink.
  * cgroup: improve openat2 handling for cgroup directory handle hardening.
    runc delete -f now succeeds (rather than timing out) on a paused
    container.
  * runc run/start/exec now refuses a frozen cgroup (paused container in case of
    exec). Users can disable this using --ignore-paused.
- Update version data embedded in binary to correctly include the git commit of
  the release.
- Drop runc-rpmlintrc because we don't have runc-test anymore.

==== sensors ====

- Also remove ProtectKernelTunables from harden_fancontrol.service.patch,
  breaks service (boo#1193149)

==== shadow ====
Subpackages: login_defs

- Really enable USERGROUPS_ENAB [bsc#1189139].
  Did go lost during merges.

==== upower ====
Subpackages: libupower-glib3 typelib-1_0-UpowerGlib-1_0

- Use libplist 2 starting from SLE15SP4 on.

==== util-linux ====
Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1

- The legacy code does not support /etc/login.defs.d used by YaST.
  Enable libeconf to read it (bsc#1192954) on released products.

==== util-linux-systemd ====

- The legacy code does not support /etc/login.defs.d used by YaST.
  Enable libeconf to read it (bsc#1192954) on released products.

==== webkit2gtk3 ====
Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 webkit2gtk-4_1-injected-bundles

- Typo fix for %define usegcc10.
- Introduce usegcc10 %define in order to have the condition
  (0%{?sle_version} && 0%{?sle_version} <= 150400) only at one
  point.
- Correct a very old "Obsoletes: webkit2gtk3-plugin-process-gtk2"
  to be a versioned obsoletes.
- Make the earlier Obsoletes: libwebkit2gtk3-lang compliant with:
  https://en.opensuse.org/openSUSE:Upgrade_dependencies_explanation#Renaming_a_package

==== webkit2gtk3-soup2 ====
Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles

- Typo fix for %define usegcc10.
- Introduce usegcc10 %define in order to have the condition
  (0%{?sle_version} && 0%{?sle_version} <= 150400) only at one
  point.
- Correct a very old "Obsoletes: webkit2gtk3-plugin-process-gtk2"
  to be a versioned obsoletes.
- Make the earlier Obsoletes: libwebkit2gtk3-lang compliant with:
  https://en.opensuse.org/openSUSE:Upgrade_dependencies_explanation#Renaming_a_package

==== wireless-regdb ====
Version update (20210828 -> 20211209)

- Update to version 20211209:
  * wireless-regdb: Raise DFS TX power limit to 250 mW (24 dBm) for the US

==== wireplumber ====
Subpackages: libwireplumber-0_4-0 wireplumber-audio

- Remove many build dependencies which aren't really needed
- Use %autosetup, apply patches unconditionally
- Hard depend on wireplumber-audio if pipewire-pulseaudio is installed

==== xen ====

- bsc#1193307 - pci backend does not exist when attach a vf to a pv
  guest
  libxl-PCI-defer-backend-wait.patch

==== xfsprogs ====
Version update (5.14.0 -> 5.14.2)

- update to 5.14.2:
  - libxfs: move rogue fallthrough macro out of linux.h
  - libxfs: fix atomic64_t for 32-bit architectures
  - libfrog: fix crc32c self test code on cross builds

==== xorg-x11-server ====
Version update (21.1.1 -> 21.1.2)
Subpackages: xorg-x11-server-Xvfb

- Update to version 21.1.1
  * This release fixes 4 recently reported security vulnerabilities and
    several regressions.
  * In particular, the real physical dimensions are no longer reported
    by the X server anymore as it was deemed to be a too disruptive
    change. X server will continue to report DPI as 96.
- supersedes U_hw-xfree86-Propagate-physical-dimensions-from-DRM-co.patch
- supersedes U_rendercompositeglyphs.patch
- supersedes U_xfixes-Fix-out-of-bounds-access-in-ProcXFixesCreateP.patch
- supersedes U_Xext-Fix-out-of-bounds-access-in-SProcScreenSaverSus.patch
- supersedes U_record-Fix-out-of-bounds-access-in-SwapCreateRegiste.patch
- U_xfixes-Fix-out-of-bounds-access-in-ProcXFixesCreateP.patch
  * CVE-2021-4009/ZDI-CAN-14950 (bsc#1190487)
    The handler for the CreatePointerBarrier request of the XFixes
    extension does not properly validate the request length leading
    to out of bounds memory write.
- U_Xext-Fix-out-of-bounds-access-in-SProcScreenSaverSus.patch
  * CVE-2021-4010/ZDI-CAN-14951 (bsc#1190488)
    The handler for the Suspend request of the Screen Saver extension
    does not properly validate the request length leading to out of
    bounds memory write.
- U_record-Fix-out-of-bounds-access-in-SwapCreateRegiste.patch
  * CVE-2021-4011/ZDI-CAN-14952 (bsc#1190489)
    The handlers for the RecordCreateContext and RecordRegisterClients
    requests of the Record extension do not properly validate the request
    length leading to out of bounds memory write.
- U_rendercompositeglyphs.patch
  * X.Org Server SProcRenderCompositeGlyphs Out-Of-Bounds Access
    Privilege Escalation Vulnerability [CVE-2021-4008, ZDI-CAN-14192]
    (boo#1193030)
- u_Support-configuration-files-under-run-X11-xorg.conf..patch
- u_Add-udev-scripts-for-configuration-of-platform-devic.patch
- u_Add-udev-rule-for-HyperV-devices.patch
  * Remove udev-based configuration
- u_Revert-xf86-Accept-devices-with-the-simpledrm-driver.patch
  * Restore simpledrm workaround
- u_xf86-Accept-devices-with-the-hyperv_drm-driver.patch
  * Add workaround to support hyperv_drm

==== xxhash ====
Version update (0.8.0 -> 0.8.1)

- update to 0.8.1:
  * perf : much improved performance for XXH3 streaming variants, notably on
    gcc and msvc
  * perf : improved XXH64 speed and latency on small inputs
  * perf : small XXH32 speed and latency improvement on small inputs of random
    size
  * perf : minor stack usage improvement for XXH32 and XXH64
  * api  : new experimental variants XXH3_*_withSecretandSeed()
  * api  : update XXH3_generateSecret(), can no generate secret of any size (>=
    XXH3_SECRET_SIZE_MIN)
  * cli  : xxhsum can now generate and check XXH3 checksums, using command `-H3`
  * build: can build xxhash without XXH3, with new build macro XXH_NO_XXH3
  * build: fix xxh_x86dispatch build with MSVC, by @apankrat
  * build: XXH_INLINE_ALL can always be used safely, even after XXH_NAMESPACE
    or a previous XXH_INLINE_ALL
  * build: improved PPC64LE vector support
  * install: fix pkgconfig
  * install: compatibility with Haiku
  * doc  : code comments made compatible with doxygen
  * misc : XXH_ACCEPT_NULL_INPUT_POINTER is no longer necessary, all functions
    can accept NULL input pointers, as long as size == 0
  * misc : complete refactor of CI tests on Github Actions, offering much
    larger coverage
  * misc : xxhsum code base split into multiple specialized units, within
    directory cli/
- add 836f4e735cf368542f14005e41d2f84ec29dfd60.patch (fix manpage installation)

==== yast2 ====
Version update (4.4.27 -> 4.4.30)

- Fixed RelURL to work properly with the FTP URLs (related to
  jsc#SLE-22669)
- 4.4.30
- Fixed RelURL unit test randomly crashing (related to
  jsc#SLE-22669)
- 4.4.29
- Added RelURL class for working with relative URLs ("relurl://")
  (jsc#SLE-22669)
- 4.4.28

==== zxing-cpp ====

- Update stb_image/stb_image_write to include the fixes for
  the following CVEs:
  CVE-2021-28021, bsc#1191743
  CVE-2021-42715, bsc#1191942
  CVE-2021-42716, bsc#1191944
  * 269.patch