Packages changed:
  MozillaThunderbird (68.8.0 -> 68.8.1)
  fribidi
  kernel-firmware (20200517 -> 20200519)
  libgphoto2 (2.5.24 -> 2.5.25)
  perl-Mojolicious (8.42 -> 8.50)
  pragha
  python-SQLAlchemy (1.3.16 -> 1.3.17)
  python-Twisted
  python-attrs
  python-bcrypt
  python-cryptography (2.8 -> 2.9.2)
  python-dkimpy
  python-jedi
  python-lxml
  python-netaddr
  python-pywbem (0.17.1 -> 0.17.2)
  rubygem-actioncable-6.0 (6.0.3 -> 6.0.3.1)
  rubygem-actionmailbox-6.0 (6.0.3 -> 6.0.3.1)
  rubygem-actionmailer-6.0 (6.0.3 -> 6.0.3.1)
  rubygem-actionpack-6.0 (6.0.3 -> 6.0.3.1)
  rubygem-actiontext-6.0 (6.0.3 -> 6.0.3.1)
  rubygem-actionview-6.0 (6.0.3 -> 6.0.3.1)
  rubygem-activejob-6.0 (6.0.3 -> 6.0.3.1)
  rubygem-activemodel-6.0 (6.0.3 -> 6.0.3.1)
  rubygem-activerecord-6.0 (6.0.3 -> 6.0.3.1)
  rubygem-activestorage-6.0 (6.0.3 -> 6.0.3.1)
  rubygem-activesupport-6.0 (6.0.3 -> 6.0.3.1)
  rubygem-puma (4.3.3 -> 4.3.5)
  rubygem-rails-6.0 (6.0.3 -> 6.0.3.1)
  rubygem-railties-6.0 (6.0.3 -> 6.0.3.1)
  rubygem-rspec-rails (4.0.0 -> 4.0.1)
  rubygem-websocket-driver (0.7.1 -> 0.7.2)
  xfce4-power-manager (1.6.5 -> 1.6.6)

=== Details ===

==== MozillaThunderbird ====
Version update (68.8.0 -> 68.8.1)
Subpackages: MozillaThunderbird-translations-common

- Mozilla Thunderbird 68.8.1
  * fixed: IMAP stability improvements (bmo#1586494)
  * fixed: HTML tags in IRC topic changes were rendered
    incorrectly (bmo#1607097)
  * fixed: MailExtensions: Websockets could not be used
    (bmo#1627649)

==== fribidi ====
Subpackages: libfribidi0 libfribidi0-32bit

- Add no-config-h.diff - copied from Debian
  Remove HAVE_CONFIG_H from public API
- Add Truncate-isolate_level-to-FRIBIDI_BIDI_MAX_EXPLICIT_.diff -
  copied from Debian, CVE-2019-18397
  Truncate isolate_level to FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL
- Run spec-cleaner

==== kernel-firmware ====
Version update (20200517 -> 20200519)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd

- Update to version 20200519 (git commit 8ba6fa665c52):
  * iwlwifi: update and add new FWs from core50-70 and core52-81 releases
  * rtw88: RTL8821C: add firmware file v24.5
  * iwlwifi: update FWs to core47-142 release
  * iwlwifi: update 8265 FW
- Update modaliases for Intel SST

==== libgphoto2 ====
Version update (2.5.24 -> 2.5.25)
Subpackages: libgphoto2-6 libgphoto2-6-lang

- updated to 2.5.25 release
  - ptp2:
  * Liveview support for Leica SL
  * PTP 1.1 Streaming parameters added.
  * Olympus OMD capture fixes
  * Nikon DSLR/Z:
  * various improvements to liveview error reporting.
  * much more properties added, some values added
  * allow downloading of "large thumbnails" instead of "regular thumbnails",
  can be selected by "thumbsize" gphoto2 local setting.
  * fixes for D3000, D3100 methods
  * maximum capture wait extended to 1000 seconds (as the D870 has 900 seconds max now)
  * Canon EOS
  * initialization fixes (if it breaks your EOS M or PowerShot, please report)
  * liveview enablement fixed
  * maximum capture wait extended to 90seconds
  * EOS R shutterspeed , aperture reporting fixed
  * various bugfixes
  * Cameras added to id list:
  * Sony NEX 5
  * Canon EOS 90D
  * Fuji XT-4
  * Sanyo VPC-FH1
  * Leica SL Typ 601
  - lumix:
  * fixed initialisation, might help capture
  - all:
  * ongoing stability fixes from AFL fuzzing
  - translation updates:
  * sv

==== perl-Mojolicious ====
Version update (8.42 -> 8.50)

updated to 8.50
  see /usr/share/doc/packages/perl-Mojolicious/Changes
  8.50  2020-05-23
  - Increased Perl version requirement to 5.16.0. This is just a first step
    however, at some point in the not so distant future we will increase the
    Perl version requirement to 5.20.0 for full subroutine signatures support.
  - Improved Mojo::Base to enable the Perl 5.16 feature bundle with
    "unicode_strings", "unicode_eval", "evalbytes", "current_sub" and "fc".
  8.43  2020-05-20
  - Removed deprecated argument handling from Mojo::Promise::new.
  - Removed experimental status from all_settled method in Mojo::Promise.
  - Removed experimental status from content_type and file_type methods in
    Mojolicious::Types.
  - Removed experimental status from cleanup event in Mojo::IOLoop::Subprocess.
  - Switched from Storable to JSON serialization for Mojo::IOLoop::Subprocess
    IPC to increase efficiency.
  - Added exit_code method to Mojo::IOLoop::Subprocess.
  - Improved Mojo::Promise to warn when an unhandled rejected promise is
    destroyed.
  - Fixed a bug where the resolve class method in Mojo::Promise would
    unnecessarily create new promises.
  - Fixed a promise chaining bug in Mojo::Promise. (karjala)

==== pragha ====
Subpackages: pragha-lang pragha-plugins

- Fix build for Leap 15.2

==== python-SQLAlchemy ====
Version update (1.3.16 -> 1.3.17)

- update to version 1.3.17:
  * orm
    + Added an accessor Comparator.expressions which provides access
    to the group of columns mapped under a multi-column
    ColumnProperty attribute.  References: #5262
    + Introduce relationship.sync_backref flag in a relationship to
    control if the synchronization events that mutate the in-Python
    attributes are added. This supersedes the previous change #5149,
    which warned that viewonly=True relationship target of a
    back_populates or backref configuration would be disallowed.
    References: #5237
    + Fixed bug where using with_polymorphic() as the target of a join
    via RelationshipComparator.of_type() on a mapper that already
    has a subquery-based with_polymorphic setting that?s equivalent
    to the one requested would not correctly alias the ON clause in
    the join.  References: #5288
    + Fixed issue in the area of where loader options such as
    selectinload() interact with the baked query system, such that
    the caching of a query is not supposed to occur if the loader
    options themselves have elements such as with_polymorphic()
    objects in them that currently are not cache-compatible. The
    baked loader could sometimes not fully invalidate itself in
    these some of these scenarios leading to missed eager loads.
    References: #5303
    + Modified the internal ?identity set? implementation, which is a
    set that hashes objects on their id() rather than their hash
    values, to not actually call the __hash__() method of the
    objects, which are typically user-mapped objects. Some methods
    were calling this method as a side effect of the implementation.
    References: #5304
    + An informative error message is raised when an ORM many-to-one
    comparison is attempted against an object that is not an actual
    mapped instance. Comparisons such as those to scalar subqueries
    aren?t supported; generalized comparison with subqueries is
    better achieved using Comparator.has().  References: #5269
  * engine
    + Fixed fairly critical issue where the DBAPI connection could be
    returned to the connection pool while still in an un-rolled-back
    state. The reset agent responsible for rolling back the
    connection could be corrupted in the case that the transaction
    was ?closed? without being rolled back or committed, which can
    occur in some scenarios when using ORM sessions and emitting
    .close() in a certain pattern involving savepoints. The fix
    ensures that the reset agent is always active.  References:
    [#5326]
  * schema
    + Fixed issue where an Index that is deferred in being associated
    with a table, such as as when it contains a Column that is not
    associated with any Table yet, would fail to attach correctly if
    it also contained a non table-oriented expession.  References:
    [#5298]
    + A warning is emitted when making use of the
    MetaData.sorted_tables attribute as well as the sort_tables()
    function, and the given tables cannot be correctly sorted due to
    a cyclic dependency between foreign key constraints. In this
    case, the functions will no longer sort the involved tables by
    foreign key, and a warning will be emitted. Other tables that
    are not part of the cycle will still be returned in dependency
    order. Previously, the sorted_table routines would return a
    collection that would unconditionally omit all foreign keys when
    a cycle was detected, and no warning was emitted.  References:
    [#5316]
    + Add comment attribute to Column __repr__ method.  References:
    [#4138]
  * postgresql
    + Added support for columns or type ARRAY of Enum, JSON or JSONB
    in PostgreSQL. Previously a workaround was required in these use
    cases.  References: #5265
    + Raise an explicit CompileError when adding a table with a column
    of type ARRAY of Enum configured with Enum.native_enum set to
    False when Enum.create_constraint is not set to False
    References: #5266
  * mssql
    + Fix a regression introduced by the reflection of computed column
    in MSSQL when using the legacy TDS version 4.2. The dialect will
    try to detect the protocol version of first connect and run in
    compatibility mode if it cannot detect it.  References: #5255
    + Fix a regression introduced by the reflection of computed column
    in MSSQL when using SQL server versions before 2012, which does
    not support the concat function.  References: #5271
  * oracle
    + Some modifications to how the cx_oracle dialect sets up
    per-column outputtype handlers for LOB and numeric datatypes to
    adjust for potential changes coming in cx_Oracle 8.  References:
    [#5246]
    + Changed the implementation of fetching CLOB and BLOB objects to
    use cx_Oracle?s native implementation which fetches CLOB/BLOB
    objects inline with other result columns, rather than performing
    a separate fetch. As always, this can be disabled by setting
    auto_convert_lobs to False.
    + As part of this change, the behavior of a CLOB that was given a
    blank string on INSERT now returns None on SELECT, which is now
    consistent with that of VARCHAR on Oracle.  References: #5314
  * firebird
    + Adjusted dialect loading for firebird:// URIs so the external
    sqlalchemy-firebird dialect will be used if it has been
    installed, otherwise fall back to the (now deprecated) internal
    Firebird dialect.  References: #5278

==== python-Twisted ====

- %python3_only -> %python_alternative

==== python-attrs ====

- Do not restrict us to new setuptools, we generate stuff
  even with the older variants

==== python-bcrypt ====

- Relax the setuptools dependency on 40.8.0 to 40.5.0 since that
  version is only required by upstream because of a pip issue
  (see https://github.com/pyca/bcrypt/commit/bc8a55e70e179a59fa89fb109353182f8f438e00).
  This way we can build in SLE 15 SP2 / Leap 15.2 .

==== python-cryptography ====
Version update (2.8 -> 2.9.2)

- update to 2.9.2
  * 2.9.2 - 2020-04-22
  - Updated the macOS wheel to fix an issue where it would not run on macOS versions older than 10.15.
  * 2.9.1 - 2020-04-21
  - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1g.
  * 2.9 - 2020-04-02
  - BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to
    low usage and maintenance burden.
  - BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed.
    Users on older version of OpenSSL will need to upgrade.
  - BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed.
  - Removed support for calling public_bytes() with no arguments, as per
    our deprecation policy. You must now pass encoding and format.
  - BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string()
    returns the RDNs as required by RFC 4514.
  - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1f.
  - Added support for parsing single_extensions in an OCSP response.
  - NameAttribute values can now be empty strings.

==== python-dkimpy ====

- %python3_only -> %python_alternative

==== python-jedi ====

- Skip two tests on leap not just sp1+

==== python-lxml ====

- Remove explicit Provides of python-doc, which is just wrong.

==== python-netaddr ====

- %python3_only -> %python_alternative

==== python-pywbem ====
Version update (0.17.1 -> 0.17.2)

- Update to 0.17.2:
  - Fixed raise error for invalid reference_direction in
    WBEMServer.get_central_instances(). (See issue #2187)
  - Fixed raise error for missing ports in WBEMListener.__init__().
    (See issue #2188)

==== rubygem-actioncable-6.0 ====
Version update (6.0.3 -> 6.0.3.1)

- updated to version 6.0.3.1
  * no changes

==== rubygem-actionmailbox-6.0 ====
Version update (6.0.3 -> 6.0.3.1)

- updated to version 6.0.3.1
  * no changes

==== rubygem-actionmailer-6.0 ====
Version update (6.0.3 -> 6.0.3.1)

- updated to version 6.0.3.1
  * no changes

==== rubygem-actionpack-6.0 ====
Version update (6.0.3 -> 6.0.3.1)
Subpackages: ruby2.6-rubygem-actionpack-6.0 ruby2.7-rubygem-actionpack-6.0

- updated to version 6.0.3.1
  * CVE-2020-8166: HMAC raw CSRF token before masking it, so it
    cannot be used to reconstruct a per-form token
  * CVE-2020-8164: Return self when calling #each, #each_pair, and
    [#]each_value instead of the raw @parameters hash

==== rubygem-actiontext-6.0 ====
Version update (6.0.3 -> 6.0.3.1)

- updated to version 6.0.3.1
  * no changes

==== rubygem-actionview-6.0 ====
Version update (6.0.3 -> 6.0.3.1)
Subpackages: ruby2.6-rubygem-actionview-6.0 ruby2.7-rubygem-actionview-6.0

- updated to version 6.0.3.1
  * CVE-2020-8167: Check that request is same-origin prior to including CSRF token in XHRs

==== rubygem-activejob-6.0 ====
Version update (6.0.3 -> 6.0.3.1)

- updated to version 6.0.3.1
  * no changes

==== rubygem-activemodel-6.0 ====
Version update (6.0.3 -> 6.0.3.1)
Subpackages: ruby2.6-rubygem-activemodel-6.0 ruby2.7-rubygem-activemodel-6.0

- updated to version 6.0.3.1
  * no changes

==== rubygem-activerecord-6.0 ====
Version update (6.0.3 -> 6.0.3.1)

- updated to version 6.0.3.1
  * no changes

==== rubygem-activestorage-6.0 ====
Version update (6.0.3 -> 6.0.3.1)

- updated to version 6.0.3.1
  * CVE-2020-8162: Include Content-Length in signature for ActiveStorage direct upload (bsc#1172163)

==== rubygem-activesupport-6.0 ====
Version update (6.0.3 -> 6.0.3.1)
Subpackages: ruby2.6-rubygem-activesupport-6.0 ruby2.7-rubygem-activesupport-6.0

- updated to version 6.0.3.1
  * CVE-2020-8165: Deprecate Marshal.load on raw cache read in RedisCacheStore
  * CVE-2020-8165: Avoid Marshal.load on raw cache value in MemCacheStore

==== rubygem-puma ====
Version update (4.3.3 -> 4.3.5)
Subpackages: ruby2.6-rubygem-puma ruby2.7-rubygem-puma

- updated to version 4.3.5
  * CVE-2020-11076, CVE-2020-11077: Fixed two separate HTTP smuggling
    vulnerabilities that used the Transfer-Encoding header

==== rubygem-rails-6.0 ====
Version update (6.0.3 -> 6.0.3.1)

- updated to version 6.0.3.1
  Changes are in Rails's modules.
  Release Blog entry:
  https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/

==== rubygem-railties-6.0 ====
Version update (6.0.3 -> 6.0.3.1)
Subpackages: ruby2.6-rubygem-railties-6.0 ruby2.7-rubygem-railties-6.0

- updated to version 6.0.3.1
  * no changes

==== rubygem-rspec-rails ====
Version update (4.0.0 -> 4.0.1)

- updated to version 4.0.1
  Bug Fixes:
  * Remove warning when calling `driven_by` in system specs. (Aubin Lorieux, #2302)
  * Fix comparison of times for `#at` in job matchers. (Jon Rowe, Markus Doits, #2304)
  * Allow `have_enqueued_mail` to match when a sub class of `ActionMailer::DeliveryJob`
    is set using `<Class>.delivery_job=`. (Atsushi Yoshida #2305)
  * Restore Ruby 2.2.x compatibility. (Jon Rowe, #2332)
  * Add `required_ruby_version` to gem spec. (Marc-André Lafortune, #2319, #2338)

==== rubygem-websocket-driver ====
Version update (0.7.1 -> 0.7.2)

- updated to version 0.7.2
  * Emit `ping` and `pong` events from the `Server` driver
  * Handle draft-76 handshakes correctly if the request's body is a frozen string

==== xfce4-power-manager ====
Version update (1.6.5 -> 1.6.6)
Subpackages: xfce4-power-manager-lang xfce4-power-manager-plugin

- Update to version 1.6.6
  * Dismiss critical notification when connecting to AC
  * Fix inhibiting xfce4-screensaver (bxo#16364)
  * settings: Move % sign out of spinbutton (bxo#15994)
  * panel-plugin: Toggle presentation mode on middle click
  * panel-plugin: Properly show 'About' menu item
  * panel-plugin: Add missing about callback
  * panel-plugin: Properly hook up about signal
  * panel-plugin: Replace deprecated call
  * Switch to symbolic window-close icons