Packages changed:
  autofs (5.1.5 -> 5.1.6)
  ceph (15.0.0.7456+ge089cead79 -> 15.1.0.1521+gcdf35413a0)
  curl (7.68.0 -> 7.69.0)
  dracut (049.1+git124.70941b30 -> 049.1+git125.e2b2c9ef)
  ed (1.15 -> 1.16)
  elementary-xfce-icon-theme (0.14+git21.6b81725d -> 0.14+git23.0db3af45)
  ffmpeg-4
  gd
  gstreamer-plugins-bad
  hwdata (0.332 -> 0.333)
  libmfx (19.2.1 -> 19.4.0)
  libva (2.5.0 -> 2.6.1)
  libva-gl (2.5.0 -> 2.6.1)
  libvirt
  libxcrypt (4.4.12 -> 4.4.15)
  open-iscsi
  osinfo-db (20191125 -> 20200214)
  perl-Date-Manip (6.79 -> 6.81)
  perl-DateTime (1.51 -> 1.52)
  perl-DateTime-Format-Strptime (1.76 -> 1.77)
  permissions (1550_20200213 -> 1550_20200228)
  rubygem-nokogiri (1.10.8 -> 1.10.9)
  samba (4.11.5+git.114.5685848b8fc -> 4.11.6+git.120.e474a78db08)
  skopeo (0.1.39 -> 0.1.41)
  systemd
  vim (8.2.0314 -> 8.2.0348)
  wicked (0.6.62 -> 0.6.63)
  wireguard
  xscreensaver (5.40 -> 5.43)

=== Details ===

==== autofs ====
Version update (5.1.5 -> 5.1.6)

- Upgrade to 5.1.6
  - support strictexpire mount option.
  - fix hesiod string check in master_parse().
  - add NULL check for get_addr_string() return.
  - use malloc(3) in spawn.c.
  - add mount_verbose configuration option.
  - optionally log mount requestor process info.
  - log mount call arguments if mount_verbose is set.
  - Fix NFS mount from IPv6 addresses.
  - make expire remaining log level debug.
  - allow period following macro in selector value.
  - fix macro expansion in selector values.
  - fix typing errors.
  - Explain /etc/auto.master.d usage.
  - plus map includes are only allowed in file sources.
  - Update README.
  - fix additional typing errors.
  - update autofs(8) offset map entry update description.
  - increase group buffer size geometrically.
  - also use strictexpire for offsets.
  - remove unused function has_fstab_option().
  - remove unused function reverse_mnt_list().
  - remove a couple of old debug messages.
  - fix amd entry memory leak.
  - fix unlink_mount_tree() not umounting mounts.
  - use ignore option for offset mounts as well.
  - add config option for "ignore" mount option
  - use bit flags for autofs mount types in mnt_list.
  - use mp instead of path in mnt_list entries.
  - always use PROC_MOUNTS to make mount lists.
  - add glibc getmntent_r().
  - use local getmntent_r in table_is_mounted().
  - refactor unlink_active_mounts() in direct.c.
  - don't use tree_is_mounted() for mounted checks.
  - use single unlink_umount_tree() for both direct and indirect mounts.
  - move unlink_mount_tree() to lib/mounts.c.
  - use local_getmntent_r() for unlink_mount_tree().
  - use local getmntent_r() in get_mnt_list().
  - use local getmntent_r() in tree_make_mnt_list().
  - fix missing initialization of autofs_point flags.
- NetworkManager-autofs: reload rather than restart autofs.service
  * If complex network setups are being brought up, autofs.service
    may be restarted too quickly, causing systemd to consider the
    service failed. "reload" avoids that, and works just fine.
- Fix autofs restart when Networkmanager connection is brought up
  * NetworkManager-autofs: /bin/systemctl has been removed in
    systemd-244

==== ceph ====
Version update (15.0.0.7456+ge089cead79 -> 15.1.0.1521+gcdf35413a0)
Subpackages: librados2 librbd1

- Update to 15.1.0-1521-gcdf35413a0:
  + rebase on tip of upstream master, SHA1 28c08615e5c27e5a0986e3191ca4427cdc32f538
- significant changes since the last Factory SR:
  + ceph-rpmlintrc: silence RPMLINT warnings and document ones that are in
    the process of being fixed ("WIP")
  + fix s390x build failure
  + fix GCC 10 build failure (boo#1161086)
  + spec:
  * drop Python 2 support
  * make Python 3 build work on CentOS 8
  * globally change %_python_buildid macro to %_python3_pkgversion
  * Use pkgconfig() style BuildRequires for udev/libudev-devel
  * add cmake_verbose_logging bcond
  * rename ceph-daemon subpackage to cephadm
  * add scriptlets to cephadm subpackage
  * rename ceph-mgr-ssh subpackage to ceph-mgr-cephadm
  * stop calling MGR modules "plugins"
  * move "always-on" MGR modules into their own subpackage, ceph-mgr-modules-core
  * make ceph-mgr-cephadm explicitly require openssh on SUSE
- Update to 15.1.0-1207-g89308cc4c6:
  + rebase on tip of upstream master, SHA1 0ffbe4a5ef73036309a3c6488be4dbb1b667a4c7
  + drop temporary fix "cephadm: Don't call prepare-host from bootstrap"
- Update to 15.1.0-951-g36f83482b6c:
  + cephadm: Don't call prepare-host from bootstrap
    (temporary fix to keep cephadm running on SUSE after upstream merged
    932ac9342483141f10dbf99d1806d81a4d70a26a)
- Update to 15.1.0-950-g0ba22d2e46:
  + rebase on tip of upstream master, SHA1 e79e42467970c1be210d674e90dab21ce73e2872
  * mgr/orch: resurrect ServiceDescription, 'orch ls'
- Update to 15.1.0-818-g5f8ed0e957:
  + rebase on tip of upstream master, SHA1 eb72aebb92f1bfce00aedaebf140789871eb943f
  * includes "mgr/orch: new cli, phase 2" patches (PR#33244) needed
    by latest ceph-bootstrap
- Update to 15.1.0-636-g2280954009:
  + rebase on tip of upstream master, SHA1 e36d47a8c3f4181d68a4cd680bdde72064dee910
- Update to 15.1.0-168-gfda88e35c8:
  + rebase on tip of upstream master, SHA1 80487f4a604da94778e65f666e1177a3ed84543e
  + spec: Use pkgconfig() style BuildRequires for udev/libudev-devel
- Update to 15.0.0-10092-gb5fd1b8250:
  + rebase on tip of upstream master, SHA1 3913835a8f0b9b34ceffd4dc02e1e8203227be02
- Update to 15.0.0-9544-gefdea72067:
  + cmake: Improve test for 16-byte atomic support on IBM Z (bsc#1161688)
- Update to 15.0.0-9543-g1c7fc80ba1:
  + rebase on tip of upstream master, SHA1 089e97c27013612672099281fad76746f19290e3
- Update to 15.0.0-9494-g22cdfe7b96:
  + rebase on tip of upstream master, SHA1 26c66630bd98dfce113f66ab4e081e5a7b0216c0
- Update to 15.0.0-9092-gd050bc3f0a:
  + rebase on tip of upstream master, SHA1 dfd90da59c0b2eda9ca61fed1d508ddc2ab32a2b
- Update to 15.0.0-8683-gb78b3635a5:
  + rebase on tip of upstream master, SHA1 3e1e6a6694bb133c57e2b05a6316dcebae390815
  + drop libxio Provides/Obsoletes (they are no longer necessary because libxio
    is long gone)
  + drop runtime dependency on gptfdisk (it was needed for ceph-disk,
    which has since been removed)
  + spec: drop "_python_buildid" macro (it was needed to support py2 builds,
    which upstream is finally moving away from)
- Update to 15.0.0-8588-g58b5b29433:
  + spec, debian: cephadm requires lvm2 (bsc#1159466)
- ceph-rpmlintrc: fix syntax error introduced by change mentioned
  in previous changelog entry
- Update to 15.0.0-8587-gf0521c1db5:
  + rebase on tip of upstream master, SHA1 068aafb2ea3c71b5adda79467847ee03b77bb35e
  * cephadm: do ceph-volume activate+deactivate as part of systemd unit
- Update to 15.0.0-8442-g094a533242:
  + spec:
  * fix cephadm user/group creation
  * cephadm subpackage: start summary with a capital letter
  + ceph-rpmlintrc: silence some RPMLINT warnings
- Update to 15.0.0-8370-gec9b27b5e0
  + ceph-daemon is renamed to cephadm
  + mgr/ssh is renamed to mgr/cephadm
- increase disk space needs in _constraints for some architectures
- Update to 15.0.0-7866-g639502405f:
  + rebase on tip of upstream master, SHA1 95dd54889a9c113f77dd6c2c7e77166335a59794
- Update to 15.0.0-7686-g54042e1a06:
  + rebase on tip of upstream master, SHA1 2c06beb5ec38c8b9f7bd84152da3f5708de8d0c0
  * Revert "Merge pull request #16715 from adamemerson/wip-I-Object!" (bsc#1157443)
  * spec: add explicit openssh dependency to ceph-mgr-ssh (bsc#1157527)

==== curl ====
Version update (7.68.0 -> 7.69.0)
Subpackages: libcurl4

- Update to 7.69.0
  * Changes:
  - polarssl: removed
  - smtp: add CURLOPT_MAIL_RCPT_ALLLOWFAILS and --mail-rcpt-allowfails
  - wolfSSH: new SSH backend
  * Bugfixes:
  - altsvc: improved header parser
  - altsvc: keep a copy of the file name to survive handle reset
  - altsvc: make saving the cache an atomic operation
  - altsvc: use h3-27
  - azure: disable brotli on the macos debug-builds
  - build: remove all HAVE_OPENSSL_ENGINE_H defines
  - cleanup: fix several comment typos
  - cleanup: fix typos and wording in docs and comments
  - cmake: add support for CMAKE_LTO option
  - cmake: clean up and improve build procedures
  - cmake: Show HTTPS-proxy in the features output
  - cmake: use check_symbol_exists also for inet_pton
  - configure.ac: fix comments about --with-quiche
  - configure: disable metalink if mbedTLS is specified
  - configure: disable metalink support for incompatible SSL/TLS
  - conn: do not reuse connection if SOCKS proxy credentials differ
  - conncache: removed unused Curl_conncache_bundle_size()
  - connect: remove some spurious infof() calls
  - connection reuse: respect the max_concurrent_streams limits
  - cookie: check __Secure- and __Host- case sensitively
  - cookies: make saving atomic with a rename
  - create-dirs.d: mention the mode
  - curl: avoid using strlen for testing if a string is empty
  - curl: error on --alt-svc use w/o support
  - curl: let -D merge headers in one file again
  - curl: make #0 not output the full URL
  - curl: make the -# spaceship bar not wrap the line
  - curl: remove 'config' field from OutStruct
  - curl:progressbarinit: ignore column width from terminals < 20
  - curl_escape.3: add a link to curl_free
  - curl_getenv.3: fix the memory handling description
  - curl_global_init: assume the EINTR bit by default
  - curl_global_init: move the IPv6 works status bool to multi handle
  - CURLINFO_COOKIELIST.3: Fix example
  - CURLOPT_ALTSVC_CTRL.3: fix the DEFAULT wording
  - CURLOPT_PROXY_SSL_OPTIONS.3: Sync with CURLOPT_SSL_OPTIONS.3
  - CURLOPT_REDIR_PROTOCOLS.3: update the DEFAULT section
  - data.d: remove "Multiple files can also be specified"
  - digest: do not quote algorithm in HTTP authorisation
  - docs/HTTP3: add --enable-alt-svc to curl's configure
  - docs/HTTP3: update the OpenSSL branch to use for ngtcp2
  - docs: fix typo on CURLINFO_RETRY_AFTER
  - easy: remove dead code
  - form.d: fix two minor typos
  - ftp: convert 'sock_accepted' to a plain boolean
  - ftp: remove superfluous checking for crlf in user or pwd
  - ftp: shrink temp buffers used for PORT
  - github: Instructions to post "uname -a" on Unix systems in issues
  - GnuTLS: always send client cert
  - gtls: fixed compilation when using GnuTLS < 3.5.0
  - hostip: move code to resolve IP address literals to 'Curl_resolv'
  - HTTP-COOKIES: describe the cookie file format
  - HTTP-COOKIES: mention that a trailing newline is required
  - http2: make pausing/unpausing set/clear local stream window
  - http2: now requires nghttp2 >= 1.12.0
  - http: added 417 response treatment
  - http: increase EXPECT_100_THRESHOLD to 1Mb
  - http: mark POSTs with no body as "upload done" from the start
  - http: move "oauth_bearer" from connectdata to Curl_easy
  - include: remove non-curl prefixed defines
  - KNOWN_BUGS: Multiple methods in a single WWW-Authenticate: header
  - libssh2: add support for forcing a hostkey type
  - libssh2: fix variable type
  - libssh: improve known hosts handling
  - llist: removed unused Curl_llist_move()
  - location.d: the method change is from POST to GET only
  - md4: fixed compilation issues when using GNU TLS gcrypt
  - md4: use init/update/final functions in Secure Transport
  - md5: added implementation for mbedTLS
  - mk-ca-bundle: add support for CKA_NSS_SERVER_DISTRUST_AFTER
  - multi: change curl_multi_wait/poll to error on negative timeout
  - multi: fix outdated comment
  - multi: if Curl_readwrite sets 'comeback' use expire, not loop
  - multi_done: if multiplexed, make conn->data point to another transfer
  - multi_wait: stop loop when sread() returns zero
  - ngtcp2: add error code for QUIC connection errors
  - ngtcp2: fixed to only use AF_INET6 when ENABLE_IPV6
  - ngtcp2: update to git master and its draft-25 support
  - ntlm: removed the dependency on the TLS libaries when using MD5
  - ntlm_wb: use Curl_socketpair() for greater portability
  - oauth2-bearer.d: works for HTTP too
  - openssl: make CURLINFO_CERTINFO not truncate x509v3 fields
  - openssl: remove redundant assignment
  - os400: fixed the build
  - pause: force-drain the transfer on unpause
  - quiche: update to draft-25
  - README: mention that the docs is in docs/
  - runtests: make random seed fixed for a month
  - runtests: restore the command log
  - schannel_verify: Fix alt names manual verify for UNICODE builds
  - sha256: use crypto implementations when available
  - singleuse.pl: support new API functions, fix curl_dbg_ handling
  - smtp: support the SMTPUTF8 extension
  - smtp: support UTF-8 based host names in MAIL FROM
  - SOCKS: make the connect phase non-blocking
  - strcase: turn Curl_raw_tolower into static
  - strerror: increase STRERROR_LEN 128 -> 256
  - test1323: added missing 'unit test' feature requirement
  - tests: add a unit test for MD4 digest generation
  - tests: add a unit test for SHA256 digest generation
  - tests: add a unit test for the HMAC hash generation
  - tests: deduce the tool name from the test case for unit tests
  - tests: fix Python 3 compatibility of smbserver.py
  - tool_dirhie: allow directory traversal during creation
  - tool_homedir: change GetEnv() to use libcurl's curl_getenv()
  - url: include the failure reason when curl_win32_idn_to_ascii() fails
  - urlapi: guess scheme properly with credentials given
  - urldata: do string enums without #ifdefs for build scripts
  - vtls: refactor Curl_multissl_version to make the code clearer
- Refresh patches:
  * curl-secure-getenv.patch
  * libcurl-ocloexec.patch

==== dracut ====
Version update (049.1+git124.70941b30 -> 049.1+git125.e2b2c9ef)

- Update to version 049.1+git125.e2b2c9ef:
  * 01fips: handle SHA1 on machines without AVX (bsc#1160318)
  * Update: 90kernel-modules: Add PCI host controller modules (boo#1162669)

==== ed ====
Version update (1.15 -> 1.16)

- Update to 1.16
  * regex.c (line_replace): Accept 's/^/#/g' as valid.
    (Reported by Bjoern Wibben).
  * main_loop.c: Removed length limit of prompt string.
    (Reported by Tim Chase).
  * main.c: Set a valid invocation_name even if argc == 0.
  * ed.texi: Extended operators depend on regex implementation.
    (Reported by Brian Zwahr).
  * ed.texi: Several fixes and improvements.

==== elementary-xfce-icon-theme ====
Version update (0.14+git21.6b81725d -> 0.14+git23.0db3af45)

- Update to version 0.14+git23.0db3af45:
  * Fixed close and eject icons for dark theme
  * Fix user-desktop icons

==== ffmpeg-4 ====
Subpackages: libavcodec58 libavdevice58 libavfilter7 libavformat58 libavresample4 libavutil56 libpostproc55 libswresample3 libswscale5

- Enable libmfx support for SLE 15 SP2 and Leap 15.2 via
  conditional, libmfx is available there too now.

==== gd ====
Subpackages: libgd3

- security update
- added patches
  fix CVE-2018-14553 [bsc#1165471], null pointer dereference in gdImageClone()
  + gd-CVE-2018-14553.patch

==== gstreamer-plugins-bad ====
Subpackages: gstreamer-plugins-bad-lang libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstsctp-1_0-0 libgsturidownloader-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0

- Switch to meson buildsystem for tumbleweed.
- Following the above, add pkgconfig(vulkan) BuildRequires and
  tweak options passed to meson, as well as a cleanup in some
  conditionals.
- Add gst-plugins-bad-wayland-headers.patch: Fix build when using
  meson and having wayland-headers in non-default location
  https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/1076.

==== hwdata ====
Version update (0.332 -> 0.333)

- Update to version 0.323:
  * Updated pci, usb and vendor ids.

==== libmfx ====
Version update (19.2.1 -> 19.4.0)
Subpackages: libmfx1

- Update to version 19.4.0:
  * bugfixes and improvements

==== libva ====
Version update (2.5.0 -> 2.6.1)
Subpackages: libva-drm2 libva-x11-2 libva2

- Update to version 2.6.1
  * adjust call sequence to ensure authenticate operation is
    executed this patch is not needed for media-driver, but
    needed for i965 driver which check authentication.
- Update to version 2.6.0:
  * enable the mutiple driver selection logic and enable it for DRM.
  * drm: Add iHD to driver_name_map
  * Add missed slice parameter 'slice_data_num_emu_prevn_bytes'
  * ensure that all meson files are part of the release tarball
  * configure: use correct comparison operator
  * trace: support VAConfigAttribMultipleFrame in trace
  * remove incorrect field of VAConfigAttribValDecJPEG
  * va/va_trace: Dump VP9 parameters for profile 1~3
  * add multiple frame capability report
  * add variable to indicate layer infromation
  * trace: fix memory leak on closing the trace
  * add prediction direction caps report
  * Add comments for colour primaries and transfer characteristics in VAProcColorProperties

==== libva-gl ====
Version update (2.5.0 -> 2.6.1)
Subpackages: libva-glx2 libva-wayland2

- Update to version 2.6.1
  * adjust call sequence to ensure authenticate operation is
    executed this patch is not needed for media-driver, but
    needed for i965 driver which check authentication.
- Update to version 2.6.0:
  * enable the mutiple driver selection logic and enable it for DRM.
  * drm: Add iHD to driver_name_map
  * Add missed slice parameter 'slice_data_num_emu_prevn_bytes'
  * ensure that all meson files are part of the release tarball
  * configure: use correct comparison operator
  * trace: support VAConfigAttribMultipleFrame in trace
  * remove incorrect field of VAConfigAttribValDecJPEG
  * va/va_trace: Dump VP9 parameters for profile 1~3
  * add multiple frame capability report
  * add variable to indicate layer infromation
  * trace: fix memory leak on closing the trace
  * add prediction direction caps report
  * Add comments for colour primaries and transfer characteristics in VAProcColorProperties

==== libvirt ====
Subpackages: libvirt-bash-completion libvirt-client libvirt-daemon libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-gluster libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs

- qemu: Allow format probing under special circumstances
  ae9e6c2a-qemu-allow-cond-format-probe.patch
  bsc#1165588

==== libxcrypt ====
Version update (4.4.12 -> 4.4.15)
Subpackages: libcrypt1 libcrypt1-32bit libxcrypt-devel

- Update to version 4.4.15
  * The compatibility symbols crypt_gensalt_r, xcrypt, xcrypt_r,
    xcrypt_gensalt, and xcrypt_gensalt_r are deprecated further
  * Speed up ka-sunmd5 by skipping most of the test phrases
- Package README.md and TODO.md (bsc#1165389)

==== open-iscsi ====
Subpackages: iscsiuio libopeniscsiusr0_2_0

- Merged in latest upstream (2.1.1), which is mainly a bug-fix
  release over 2.1.0, including changing the test suite from
  shell-based to python3-based, replacing
  open-iscsi.2.1.0-suse.tar.bz2 with open-iscsi-2.1.1-suse.tar.bz2
  and resetting open-iscsi-SUSE-latest-diff.bz2

==== osinfo-db ====
Version update (20191125 -> 20200214)

- bsc#1165855 - Add UEFI support to the database for SLES and
  openSUSE distros
  5bbe30db-opensuse-add-info-about-UEFI-support.patch
  SLE-add-info-about-UEFI-support.patch
- Update database to version 20200214
  osinfo-db-20200214.tar.xz
- Drop patch included in new tarball
  add-sle12sp5-support.patch
- Fix the length of string for the ISO volume id (bsc#1054986)
  fix-sle15sp1-volume-id-string.patch
  add-sle15sp2-support.patch
- Fix release date of SLE12-SP5
  add-sle12sp5-support.patch

==== perl-Date-Manip ====
Version update (6.79 -> 6.81)

- updated to 6.81
  see /usr/share/doc/packages/perl-Date-Manip/Changes
  6.81  2020-03-01
  - Messed up the 6.80 package. This release fixes it.
  6.80  2020-03-01
  - Missed Changes entry for previous version.
    Reported by Tina Muller (GitHub #31)
  6.79  2019-12-01
  - Time zone fixes
    Newest zoneinfo data (tzdata 2019c).

==== perl-DateTime ====
Version update (1.51 -> 1.52)

- updated to 1.52
  see /usr/share/doc/packages/perl-DateTime/Changes
  1.52   2020-02-29
  - Added a $dt->is_between($dt1, $dt2) method. Based on GH #97 by philip r
    brenan.
  - Simplify the calculation of leap seconds in XS. This is a little more
    efficient for most use cases (anything with future or recent past
    datetimes). Contributed by Mark Overmeer. GH #91.

==== perl-DateTime-Format-Strptime ====
Version update (1.76 -> 1.77)

- updated to 1.77
  see /usr/share/doc/packages/perl-DateTime-Format-Strptime/Changes
  1.77     2020-02-29
  * When the parsed string contained an invalid time zone offset (parsed with
    "%z") like "-9999", the error handling set in the parser's constructor was
    ignored and an exception was always thrown. Reported by x-qq. GH #25.

==== permissions ====
Version update (1550_20200213 -> 1550_20200228)
Subpackages: chkstat permissions-config permissions-doc

- Update to version 20200228:
  * chkstat: fix readline() on platforms with unsigned char
- Update to version 20200227:
  * remove capability whitelisting for radosgw
  * whitelist ceph log directory (bsc#1150366)
  * adjust testsuite to post CVE-2020-8013 link handling
  * testsuite: add option to not mount /proc
  * do not follow symlinks that are the final path element: CVE-2020-8013
  * add a test for symlinked directories
  * fix relative symlink handling
  * include cpp compat headers, not C headers
  * Move permissions and permissions.* except .local to /usr/share/permissions
  * regtest: fix the static PATH list which was missing /usr/bin
  * regtest: also unshare the PID namespace to support /proc mounting
  * regtest: bindMount(): explicitly reject read-only recursive mounts
  * Makefile: force remove upon clean target to prevent bogus errors
  * regtest: by default automatically (re)build chkstat before testing
  * regtest: add test for symlink targets
  * regtest: make capability setting tests optional
  * regtest: fix capability assertion helper logic
  * regtests: add another test case that catches set*id or caps in world-writable sub-trees
  * regtest: add another test that catches when privilege bits are set for special files
  * regtest: add test case for user owned symlinks
  * regtest: employ subuid and subgid feature in user namespace
  * regtest: add another test case that covers unknown user/group config
  * regtest: add another test that checks rejection of insecure mixed-owner paths
  * regtest: add test that checks for rejection of world-writable paths
  * regtest: add test for detection of unexpected parent directory ownership
  * regtest: add further helper functions, allow access to main instance
  * regtest: introduce some basic coloring support to improve readability
  * regtest: sort imports, another piece of rationale
  * regtest: add capability test case
  * regtest: improve error flagging of test cases and introduce warnings
  * regtest: support caps
  * regtest: add a couple of command line parameter test cases
  * regtest: add another test that checks whether the default profile works
  * regtests: add tests for correct application of local profiles
  * regtest: add further test cases that test correct profile application
  * regtest: simplify test implementation and readability
  * regtest: add helpers for permissions.d per package profiles
  * regtest: support read-only bind mounts, also bind-mount permissions repo
  * tests: introduce a regression test suite for chkstat
  * Makefile: allow to build test version programmatically
  * README.md: add basic readme file that explains the repository's purpose
  * chkstat: change and harmonize coding style
  * chkstat: switch to C++ compilation unit
- add suse_version to end of permissions package version

==== rubygem-nokogiri ====
Version update (1.10.8 -> 1.10.9)

- updated to version 1.10.9
  [#] Fixed
  * [MRI] Raise an exception when Nokogiri detects a specific
    libxml2 edge case involving blank Schema nodes wrapped
    by Ruby objects that would cause a segfault. Currently no fix
    is available upstream, so we're preventing a dangerous
    operation and informing users to code around it if
    possible. [#1985, #2001]
  * [JRuby] Change NodeSet#to_a to return a RubyArray instead
    of Object, for compilation under JRuby 9.2.9 and later.
    [#1968, #1969] (Thanks, @headius!)

==== samba ====
Version update (4.11.5+git.114.5685848b8fc -> 4.11.6+git.120.e474a78db08)
Subpackages: libdcerpc-binding0 libdcerpc-binding0-32bit libdcerpc0 libdcerpc0-32bit libndr-krb5pac0 libndr-krb5pac0-32bit libndr-nbt0 libndr-nbt0-32bit libndr-standard0 libndr-standard0-32bit libndr0 libndr0-32bit libnetapi0 libnetapi0-32bit libsamba-credentials0 libsamba-credentials0-32bit libsamba-errors0 libsamba-errors0-32bit libsamba-hostconfig0 libsamba-hostconfig0-32bit libsamba-passdb0 libsamba-passdb0-32bit libsamba-policy0-python3 libsamba-util0 libsamba-util0-32bit libsamdb0 libsamdb0-32bit libsmbclient0 libsmbconf0 libsmbconf0-32bit libsmbldap2 libsmbldap2-32bit libtevent-util0 libtevent-util0-32bit libwbclient0 libwbclient0-32bit samba-client samba-client-32bit samba-libs samba-libs-32bit samba-libs-python3 samba-python3 samba-winbind samba-winbind-32bit

- Remove unused pwdutils buildrequires
- Update to samba 4.11.6
  + pygpo: Use correct method flags; (bso#14209);
  + Avoiding bad call flags with python 3.8, using METH_NOARGS
    instead of zero; (bso#14209);
  + source4/utils/oLschema2ldif: Include stdint.h before cmocka.h;
    (bso#14218);
  + docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc;
    (bso#14122);
  + smbd: Fix the build with clang; (bso#14251);
  + upgradedns: Ensure lmdb lock files linked; (bso#14199);
  + s3: VFS: glusterfs: Reset nlinks for symlink entries during
    readdir; (bso#14182);
  + smbc_stat() doesn't return the correct st_mode and also the
    uid/gid is not filled (SMBv1) file; (bso#14101);
  + librpc: Fix string length checking in ndr_pull_charset_to_null();
    (bso#14219);
  + ctdb-scripts: Strip square brackets when gathering connection info;
    (bso#14227);

==== skopeo ====
Version update (0.1.39 -> 0.1.41)

- Removed patches that were merged upstream:
  - 0002-Add-set-of-image-options-used-only-for-docker-transp.patch
  - bsc1115165-0001-Introduce-the-sync-command.patch
  - CVE-2019-10214.patch
- Update to skopeo v0.1.41 (bsc#1165715):
  - Bump github.com/containers/image/v5 from 5.2.0 to 5.2.1
  - Bump gopkg.in/yaml.v2 from 2.2.7 to 2.2.8
  - Bump github.com/containers/common from 0.0.7 to 0.1.4
  - Remove the reference to openshift/api
  - vendor github.com/containers/image/v5@v5.2.0
  - Manually update buildah to v1.13.1
  - add specific authfile options to copy (and sync) command.
  - Bump github.com/containers/buildah from 1.11.6 to 1.12.0
  - Add context to --encryption-key / --decryption-key processing
    failures
  - Bump github.com/containers/storage from 1.15.2 to 1.15.3
  - Bump github.com/containers/buildah from 1.11.5 to 1.11.6
  - remove direct reference on c/image/storage
  - Makefile: set GOBIN
  - Bump gopkg.in/yaml.v2 from 2.2.2 to 2.2.7
  - Bump github.com/containers/storage from 1.15.1 to 1.15.2
  - Introduce the sync command
  - openshift cluster: remove .docker directory on teardown
  - Bump github.com/containers/storage from 1.14.0 to 1.15.1
  - document installation via apk on alpine
  - Fix typos in doc for image encryption
  - Image encryption/decryption support in skopeo
  - make vendor-in-container
  - Bump github.com/containers/buildah from 1.11.4 to 1.11.5
  - Travis: use go v1.13
  - Use a Windows Nano Server image instead of Server Core for
    multi-arch testing
  - Increase test timeout to 15 minutes
  - Run the test-system container without --net=host
  - Mount /run/systemd/journal/socket into test-system containers
  - Don't unnecessarily filter out vendor from (go list ./...)
    output
  - Use -mod=vendor in (go {list,test,vet})
  - Bump github.com/containers/buildah from 1.8.4 to 1.11.4
  - Bump github.com/urfave/cli from 1.20.0 to 1.22.1
  - skopeo: drop support for ostree
  - Don't critically fail on a 403 when listing tags
  - Revert "Temporarily work around auth.json location confusion"
  - Remove references to atomic
  - Remove references to storage.conf
  - Dockerfile: use golang-github-cpuguy83-go-md2man
  - bump version to v0.1.41-dev
  - systemtest: inspect container image different from current
    platform arch
- Changes in v0.1.40:
  - vendor containers/image v5.0.0
  - copy: add a --all/-a flag
  - System tests: various fixes
  - Temporarily work around auth.json location confusion
  - systemtest: copy: docker->storage->oci-archive
  - systemtest/010-inspect.bats: require only PATH
  - systemtest: add simple env test in inspect.bats
  - bash completion: add comments to keep scattered options in sync
  - bash completion: use read -r instead of disabling SC2207
  - bash completion: support --opt arg completion
  - bash-completion: use replacement instead of sed
  - bash completion: disable shellcheck SC2207
  - bash completion: double-quote to avoid re-splitting
  - bash completions: use bash replacement instead of sed
  - bash completion: remove unused variable
  - bash-completions: split decl and assignment to avoid masking
    retvals
  - bash completion: double-quote fixes
  - bash completion: hard-set PROG=skopeo
  - bash completion: remove unused variable
  - bash completion: use `||` instead of `-o`
  - bash completion: rm eval on assigned variable
  - copy: add --dest-compress-format and --dest-compress-level
  - flag: add optionalIntValue
  - Makefile: use go proxy
  - inspect --raw: skip the NewImage() step
  - update OCI image-spec to
    775207bd45b6cb8153ce218cc59351799217451f
  - inspect.go: inspect env variables
  - ostree: use both image and & storage buildtags
- Add patch for CVE-2019-10214. bsc#1144065
  + CVE-2019-10214.patch

==== systemd ====
Subpackages: libsystemd0 libsystemd0-32bit libudev-devel libudev1 libudev1-32bit systemd-32bit systemd-container systemd-lang systemd-logger systemd-sysvinit udev

- move html documentation to sparate package to save space
- move networkd and resolved binaries into correct subpackage

==== vim ====
Version update (8.2.0314 -> 8.2.0348)
Subpackages: gvim vim-data vim-data-common

- Updated to version 8.2.0348, fixes the following problems
  * Short name not set for terminal buffer.
  * Build failure on HP-UX system.
  * ex_getln.c code has insufficient test coverage.
  * MSVC: _CRT_SECURE_NO_DEPRECATE not defined on DEBUG build.
  * Vim9: types not sufficiently tested.
  * File missing in distribution, comments outdated.
  * No Haiku support.
  * Vim9: ":execute" does not work yet.
  * Vim9: error checks not tested.
  * Vim9: calling a function that is defined later is slow.
  * Text property not updated correctly when inserting/deleting.
  * Ex_getln.c code not covered by tests.
  * Compiler warning for using uninitialized variable. (Yegappan Lakshmanan)
  * Crash when opening and closing two popup terminal windows.
  * No redraw when leaving terminal-normal mode in a terminal popup window.
  * Popup filter converts 0x80 bytes.
  * Build error with popup window but without terminal.
  * Internal error when using test_void() and test_unknown(). (Dominique Pelle)
  * Some code in ex_getln.c not covered by tests.
  * Terminal in popup test is flaky.
  * Abort called when using test_void(). (Dominique Pelle)
  * No completion for :disassemble.
  * Vim9: insufficient test coverage for compiling.
  * Build fails on a few systems.
  * Build failure without the channel feature.
  * Vim9: function return type may depend on arguments.
  * Vim9: function and partial types not tested.
  * Using ":for" in Vim9 script gives an error.
  * Some code in ex_getln.c not covered by tests.
  * Vim9: using wrong instruction, limited test coverage.
  * ":def" not skipped properly.
  * Compiler warning when building without the float feature.
  * Vim9: finding common list type not tested.

==== wicked ====
Version update (0.6.62 -> 0.6.63)
Subpackages: wicked-service

- version 0.6.63
- spec: fix old libwicked package provides/obsoletes (bsc#1165180)
- ipv6: support to apply stable secret ifsysctl (jsc#SLE-6960)

==== wireguard ====

- Fix build on openSUSE 15.2
  + wireguard-fix-leap152.patch

==== xscreensaver ====
Version update (5.40 -> 5.43)
Subpackages: xscreensaver-data xscreensaver-data-extra xscreensaver-lang

- Update to version 5.43:
  * New hacks GravityWell, DeepStars, handsy.
  * GLPlanet now supports the Mercator projection.
  * Bouncing Cow has mathematically ideal cows.
  * Foggy toasters.
  * Unknown Pleasures can now use an image file as a clip mask.
  * Updated webcollage for recent changes.
  * Added some sample unlock dialog color schemes to the .ad file.
  * On systemd systems, closing your laptop lid might actually lock
    your screen now, maybe (boo#1101393).
  * sonar can ping without being setuid by using setcap.
  * Those new font-loading fallback heuristics work again. Oops.
  * Fixed `noof' from displaying minimalistically.
  * Rewrote `unknownpleasures' to be faster, and a true waterfall
    graph.
  * If the xscreensaver daemon is setuid, then we can implore the
    kernel's out-of-memory killer to pretty please not unlock the
    screen.
- Drop xscreensaver-lock-after-fade.patch. Upstream has a different
  fix (boo#1101393).
- Refresh xscreensaver-default-screensaver.patch.
- Update xscreensaver-data-extra.list and xscreensaver-data.list.