Packages changed:
  MozillaFirefox (82.0.3 -> 83.0)
  c-ares
  coreutils
  cpio
  dosfstools
  e2fsprogs
  ed
  filesystem
  fillup
  findutils
  git
  grep (3.5 -> 3.6)
  gzip
  javapackages-tools
  jhbuild (3.36.0+1 -> 3.38.0+3)
  kernel-firmware (20201023 -> 20201120)
  keyutils
  libX11 (1.6.12 -> 1.7.0)
  libqt5-qttranslations (5.15.1 -> 5.15.2)
  libqt5-qtvirtualkeyboard (5.15.1 -> 5.15.2)
  libselinux
  libsepol
  libtirpc
  llvm11
  openssh
  python-kiwi (9.21.23 -> 9.21.26)
  python-pycups
  qpdf (10.0.3 -> 10.0.4)
  schily
  tar
  tcl
  wxWidgets-3_2-nostl
  zlib

=== Details ===

==== MozillaFirefox ====
Version update (82.0.3 -> 83.0)
Subpackages: MozillaFirefox-translations-common

- Mozilla Firefox 83.0
  * major update for SpiderMonkey improving performance significantly
  * optional HTTPS-Only mode
  * more improvements
    https://www.mozilla.org/en-US/firefox/83.0/releasenotes/
  MFSA 2020-50 (bsc#1178824))
  * CVE-2020-26951 (bmo#1667113)
    Parsing mismatches could confuse and bypass security
    sanitizer for chrome privileged code
  * CVE-2020-26952 (bmo#1667685)
    Out of memory handling of JITed, inlined functions could lead
    to a memory corruption
  * CVE-2020-16012 (bmo#1642028)
    Variable time processing of cross-origin images during
    drawImage calls
  * CVE-2020-26953 (bmo#1656741)
    Fullscreen could be enabled without displaying the security UI
  * CVE-2020-26954 (bmo#1657026)
    Local spoofing of web manifests for arbitrary pages in
    Firefox for Android
  * CVE-2020-26955 (bmo#1663261)
    Cookies set during file downloads are shared between normal
    and Private Browsing Mode in Firefox for Android
  * CVE-2020-26956 (bmo#1666300)
    XSS through paste (manual and clipboard API)
  * CVE-2020-26957 (bmo#1667179)
    OneCRL was not working in Firefox for Android
  * CVE-2020-26958 (bmo#1669355)
    Requests intercepted through ServiceWorkers lacked MIME type
    restrictions
  * CVE-2020-26959 (bmo#1669466)
    Use-after-free in WebRequestService
  * CVE-2020-26960 (bmo#1670358)
    Potential use-after-free in uses of nsTArray
  * CVE-2020-15999 (bmo#1672223)
    Heap buffer overflow in freetype
  * CVE-2020-26961 (bmo#1672528)
    DoH did not filter IPv4 mapped IP Addresses
  * CVE-2020-26962 (bmo#610997)
    Cross-origin iframes supported login autofill
  * CVE-2020-26963 (bmo#1314912)
    History and Location interfaces could have been used to hang
    the browser
  * CVE-2020-26964 (bmo#1658865)
    Firefox for Android's Remote Debugging via USB could have
    been abused by untrusted apps on older versions of Android
  * CVE-2020-26965 (bmo#1661617)
    Software keyboards may have remembered typed passwords
  * CVE-2020-26966 (bmo#1663571)
    Single-word search queries were also broadcast to local
    network
  * CVE-2020-26967 (bmo#1665820)
    Mutation Observers could break or confuse Firefox Screenshots
    feature
  * CVE-2020-26968 (bmo#1551615, bmo#1607762, bmo#1656697,
    bmo#1657739, bmo#1660236, bmo#1667912, bmo#1671479,
    bmo#1671923)
    Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
  * CVE-2020-26969 (bmo#1623920, bmo#1651705, bmo#1667872,
    bmo#1668876)
    Memory safety bugs fixed in Firefox 83
- requires
  NSS >= 3.58
  nodejs >= 10.22.1
- removed obsolete mozilla-ppc-altivec_static_inline.patch
- disable LTO on TW because of ICEs in gcc

==== c-ares ====

- add BR for pkg-config to get the provides in the devel package

==== coreutils ====
Subpackages: coreutils-doc coreutils-lang

- prepare usrmerge (boo#1029961)

==== cpio ====
Subpackages: cpio-lang cpio-mt

- prepare usrmerge (boo#1029961)

==== dosfstools ====

- prepare usrmerge (boo#1029961)

==== e2fsprogs ====
Subpackages: e2fsprogs-scrub libcom_err2 libcom_err2-32bit libext2fs2

- prepare usrmerge (boo#1029961)

==== ed ====

- prepare usrmerge (boo#1029961)

==== filesystem ====

- /proc and /sys should be %ghost to allow filesystem package updates in
  rootless container environments (rh#1548403)

==== fillup ====

- prepare usrmerge (boo#1029961)

==== findutils ====
Subpackages: findutils-lang

- prepare usrmerge (boo#1029961)

==== git ====
Subpackages: git-core git-cvs git-daemon git-email git-gui git-svn git-web gitk

- only pull asciidoctor for the default ruby version

==== grep ====
Version update (3.5 -> 3.6)
Subpackages: grep-lang

- Update to grep 3.6
  * The GREP_OPTIONS environment variable no longer affects grep's behavior.
  * grep's DFA matcher performed an invalid regex transformation
    that would convert an ERE like a+a+a+ to a+a+, which would make
    grep a+a+a+ mistakenly match "aa".
  * grep -P now reports the troublesome input filename upon PCRE execution
    failure.
- werror-return-type.patch: work around gcc bug
- prepare usrmerge (boo#1029961)

==== gzip ====

- prepare usrmerge (boo#1029961)

==== javapackages-tools ====
Subpackages: javapackages-filesystem

- Fix the python subpackage generation
  gh#openSUSE/python-rpm-macros#79
- Support python subpackages for each flavor
  gh#openSUSE/python-rpm-macros#66
- Replace old nose with pytest gh#fedora-java/javapackages#86

==== jhbuild ====
Version update (3.36.0+1 -> 3.38.0+3)
Subpackages: jhbuild-lang

- create_deps.sh: Filter out pkgconfig(libpodofo) Requires for now:
  in all released versions of podofo, the .pc file is called
  libpodofo-0, but in git, since April 2019, the .pc file is being
  installed as libpodofo.pc. There is no information if and when
  podofo will ever get a release with this change.
- Update to version 3.38.0+3:
  * defaults: Fix multiarch system_libdirs.
  * Get default branch name from repository.
  * Compare bytes/str correctly in both python 2 & 3.
  * defaults.jhbuildrc: fix detection of /usr/lib64 on Fedora.
  * base: also try for meson on autogenerated modules.
  * doc: Document shallow_clone option.
  * Moduleset updates.

==== kernel-firmware ====
Version update (20201023 -> 20201120)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd

- Fix build with older distros due to missing _firmwaredir
- Update to version 20201120 (bc9cd0b7b0e9):
  including AMDGPU update (bsc#1179062) and ath11k addition (bsc#1178274)
  * linux-firmware: Update AMD SEV firmware
  * amdgpu: add sienna cichlid firmware for 20.45
  * amdgpu: update vega20 firmware for 20.45
  * amdgpu: update vega12 firmware for 20.45
  * amdgpu: update vega10 firmware for 20.45
  * amdgpu: update renoir firmware for 20.45
  * amdgpu: update navi14 firmware for 20.45
  * amdgpu: update navi12 firmware for 20.45
  * amdgpu: update navi10 firmware for 20.45
  * amdgpu: update raven2 firmware for 20.45
  * amdgpu: update raven firmware for 20.45
  * rtlwifi: v88.2 firmware files for RTL8192CU
  * rtw88: RTL8822C: Update firmware to v9.9.4
  * Revert "rtw88: RTL8822C: Update firmware to v9.9.4"
  * vpdma: Move firmware to ti directory
  * amdgpu: update picasso VCN firmware
  * amdgpu: update raven2 VCN firmware
  * amdgpu: update raven VCN firmware
  * rtw88: RTL8822C: Update firmware to v9.9.4
  * rtl_bt: Update RTL8822C BT(USB I/F) FW to 0x099A_281A
  * QCA: Update Bluetooth firmware for QCA6390
  * qcom : updated venus firmware files for v5.4
  * QCA : Fixed BT SSR due to command timeout / IO fatal error
  * ath11k: QCA6390 hw2.0: add to WLAN.HST.1.0.1-01740-QCAHSTSWPLZ_V2_TO_X86-1
  * ath11k: QCA6390 hw2.0: add board-2.bin
  * ath11k: IPQ8074 hw2.0: add to WLAN.HK.2.1.0.1-01238-QCAHKSWPL_SILICONZ-2
  * ath11k: IPQ8074 hw2.0: add board-2.bin
  * ath11k: IPQ6018 hw1.0: add to WLAN.HK.2.1.0.1-01238-QCAHKSWPL_SILICONZ-2
  * ath11k: IPQ6018 hw1.0: add board-2.bin
  * ath10k: QCA6174 hw3.0: add firmware-sdio-6.bin version WLAN.RMH.4.4.1-00077
  * ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00131
  * ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00131
  * ath10k: QCA6174 hw3.0: update board-2.bin
  * ath10k: QCA6174 hw3.0: update firmware-6.bin to WLAN.RM.4.4.1-00157-QCARMSWPZ-1
- ath11k is split into its own subpackage due to its size
- Update topics list and aliases accordingly

==== keyutils ====
Subpackages: libkeyutils1 libkeyutils1-32bit

- prepare usrmerge (boo#1029961)

==== libX11 ====
Version update (1.6.12 -> 1.7.0)
Subpackages: libX11-6 libX11-6-32bit libX11-data libX11-devel libX11-xcb1

- Update to version 1.7.0
  * libX11 version 1.7.0 includes a new API, hence the change from
    the 1.6 series to 1.7:
    XSetIOErrorExitHandler which provides a mechanism for applications
    to recover from I/O error conditions instead of being forced to
    exit. Thanks to Carlos Garnacho for this.
  * This release includes a bunch of bug fixes, some which have been
    pending for over three years:
    + A bunch of nls cleanups to remove obsolete entries and clean up
    formatting of the ist. Thanks to Benno Schulenberg for these.
    + Warning fixes and other cleanups across a huge swath of the
    library. Thanks to Alan Coopersmith for these.
    + Memory allocation bugs, including leaks and use after free in the
    locale code. Thanks to Krzesimir Nowak, Jacek Caban and Vittorio
    Zecca for these.
    + Thread safety fixes in the locale code. Thanks to Jacek Caban for
    these.
    + poll_for_response race condition fix. Thanks to Frediano Ziglio for
    the bulk of this effort, and to Peter Hutterer for careful review
    and improvements.
  * Version 1.7.0 includes a couple of new locales:
    ia and ie locales. Thanks to Carmina16 for these.
  * There are also numerous compose entries added, including:
    + |^ or ^| for ?, |v or v| for ?, ~~ for ?. Thanks to Antti
    Savolainen for this.
    + Allowing use of 'v' for caron, in addition to 'c', so things like
    vC for ?, vc for ?. Thanks to Benno Schulenberg for this.
    + Compose sequences LT, lt for '<', and GT, gt for '>' for keyboards
    where those are difficult to access. Thanks to Jonathan Belsewir
    for this.
- refreshed patches en-locales.diff, p_khmer-compose.diff and
  p_xlib_skip_ext_env.diff

==== libqt5-qttranslations ====
Version update (5.15.1 -> 5.15.2)

- Update to 5.15.2:
  * New bugfix release
  * For more details please see:
    http://code.qt.io/cgit/qt/qttranslations.git/plain/dist/changes-5.15.2/?h=5.15.2

==== libqt5-qtvirtualkeyboard ====
Version update (5.15.1 -> 5.15.2)
Subpackages: libQt5HunspellInputMethod5 libQt5VirtualKeyboard5 libqt5-qtvirtualkeyboard-hunspell

- Update to 5.15.2:
  * New bugfix release
  * For more details please see:
    http://code.qt.io/cgit/qt/qtvirtualkeyboard.git/plain/dist/changes-5.15.2/?h=5.15.2

==== libselinux ====
Subpackages: libselinux1 libselinux1-32bit selinux-tools

- install to /usr (boo#1029961)

==== libsepol ====

- install to /usr (boo#1029961)

==== libtirpc ====
Subpackages: libtirpc-netconfig libtirpc3 libtirpc3-32bit

- install libraries to %{_libdir} (boo#1029961)

==== llvm11 ====
Subpackages: clang-tools clang11 clang11-doc libLLVM11 libLTO11 libc++-devel libc++1 libc++abi-devel libc++abi1 libclang11

- Add compiler-rt-dont-compile-assembly-files-as-c.patch to fix
  build failure with newer CMake versions.
- Let CMake files in {llvm,clang}X-devel refer to the versioned
  binaries that come with the package instead of the symlink
  managed by update-alternatives. (boo#1178513)

==== openssh ====
Subpackages: openssh-clients openssh-common openssh-server

- Fix build breakage caused by missing security key objects:
  + Modify openssh-7.7p1-cavstest-ctr.patch.
  + Modify openssh-7.7p1-cavstest-kdf.patch.
  + Add openssh-link-with-sk.patch.
- Add openssh-fips-ensure-approved-moduli.patch (bsc#1177939).
  This ensures only approved DH parameters are used in FIPS mode.
- Add openssh-8.1p1-ed25519-use-openssl-rng.patch (bsc#1173799).
  This uses OpenSSL's RAND_bytes() directly instead of the internal
  ChaCha20-based implementation to obtain random bytes for Ed25519
  curve computations. This is required for FIPS compliance.

==== python-kiwi ====
Version update (9.21.23 -> 9.21.26)

- Bump version: 9.21.25 ? 9.21.26
- Fixed dnf plugin config setup
  Only create a dnf plugin config if the plugin config directory
  to store that file exists in the system
- Set --releasever=0 for microdnf
  To allow microdnf to work from an empty root directory
  we need to set the release version to zero
- Use custom varsdir for dnf builds
- Partially revert dcounter.c flaw report
  I could not find a problem with this read call
  it does check on the buffer boundaries and it
  only writes the bytes that read returns until
  read returns <= 0
- Fixed dcounter.c flaw report
  Check buffer boundaries if used in a loop
- Fixed dcounter.c flaw report
  Variable scope can be reduced and useless value assignment.
- Fixed microdnf support
  The installroot argument must be used together with --config
  and additionally with --noplugins, as well as --setopt for
  cachedir, reposdir and varsdir. Related to #1625
- Move tools README to ReST
- Fixed Incorrect list-item indent
- Fixed Incorrect list-item indent
  Use two spaces between bullet and content
- Update codacy configuration file
  Exclude .github helper scripts from the analysis
- Update codacy configuration file
  Exclude doc sources and helper scripts from the analysis
- Fix setopt argument for install_weak_deps for microdnf
  Micro DNF does not support "True"/"False", only "1"/"0"...
- Better error reporting if jing is missing
  On validation error we use jing to report detailed error
  messages. However if jing is not present no validation
  errors are displayed. There is a error_log variable as
  part of the relaxNG object which holds the library error
  log. This information is not as good as the jing report
  but better than nothing
- Added microdnf support in XML schema
  The XML schema did not allow to specify microdnf as
  supported package manager
- Added microdnf integration test
- Bump version: 9.21.24 ? 9.21.25
- Use --config instead of -c for DNF and Micro DNF
  The -c option is not supported in Micro DNF, but --config is, and
  it is supported with DNF as well.
- Drop 'microdnf makecache' call for microdnf package manager
  This subcommand does not exist and is not needed. Instead, we
  need to use '--refresh' where this is needed.
- Bump version: 9.21.23 ? 9.21.24
- No bootpartition for XFS by default
  Selecting the xfs filesystem made kiwi to create an extra
  boot partition. This is from times when grub was not able
  to read from XFS. As grub doesn't have this limitation since
  quite some time the bootpartition default in kiwi for XFS
  should be changed. This is realted to #1611
- Create relative boot link for extra boot partition
  If an extra boot partition is used the grub toolchain
  still references files from that partition as /boot/...
  which fails because they are now at the toplevel. To
  avoid this and keep any /boot/some-file reference still
  valid we create a symlink 'boot -> .' This Fixes #1611
- Fix documentation to be consistent with the XML KIWI scheme
  This commit fixes the user section documentation to properly reflect
  XML KIWI scheme constraints. 'home' attribute is optional and 'password'
  attribute is mandatory.
  Fixes #1599
- Add support for the Micro DNF package manager
  Micro DNF is a minimal C implementation of DNF that is usable for
  minimal appliances and containers. While it is not at parity with
  DNF, it implements enough functionality that it is mostly usable
  for building appliance images.
- Added remote overlay boot documentation
  Added a new chapter below: working with images, which describes
  the options to remote boot via kiwi-overlay from an NBD or AOE
  exported root filesystem image.
- use BuildRequires for distros which use fdupes
- Added support for nbd and aoe root overlay
  The kiwi-overlay dracut module can also be used as standalone
  module that is not connected to a disk image. In this case
  it's needed to specify the location for the root filesystem
  and optionally the device to write data (default is ram space).
  This commit adds the opportunity to specify a nbd/aoe location
  for the root filesystem on the kernel cmdline like in the
  following examples:
  root=overlay:nbd=nbd0:192.168.100.42:exportname
  root=overlay:aoe=e0.1
  An optional write space, if it should not be ram space, can be
  provided through the rd.root.overlay.write option on the kernel
  cmdline. This Fixes: OSInside/kiwi-descriptions#78
- Increase allowed complexity level
  Increase overall allowed flake8 complexity level and delete
  the extra exceptions from code as much as possible
- Add editbootinstall script for Arch Linux tests
  This commit adds the editbootinstall script to Arch Linux OEM
  integration tests. The provided script removes the use of linuxefi and
  initrdefi commands on grub configuration since Arch does not support
  linuxefi module.
  Fixes #1559
- Update tox and travis setup for python 3_8
  Move latest python test target to 3.8 and also change
  the deploy travis target to use python 3.8
- Allow console login for the integration tests
  The integration tests for the cloud targets had the console
  login for root disabled. This is correct if the image would
  be really used in the cloud. The integration test however
  will be functional tested within openQA and that requires
  serial console and root console login to be allowed.
- Added universal box to build status helper

==== python-pycups ====

- Let the python-rpm-macros take care of the correct python3
  provides for all python3 flavors gh#openSUSE/python-rpm-macros#66

==== qpdf ====
Version update (10.0.3 -> 10.0.4)

- Update to version 10.0.4
  * Fix a handful of integer overflows.

==== schily ====
Subpackages: cdda2wav cdrecord libcdrdeflt1_0 libdeflt1_0 libedc_ecc1_0 libedc_ecc_dec1_0 libfile1_0 libfind4_0 libparanoia1_0 librmt1_0 librscg1_0 libscg1_0 libscgcmd1_0 libschily2_0 mkisofs readcd spax star

- Update to release 2020.11.25
  * libhfs_iso: changed malloc() to calloc() to avoid
    uninitialized data.
  * ved: A new colon command (ESC : vhelp) has been added.
- Remove fix_junk_in_partition.patch (upstreamed)
- fix_junk_in_partition.patch: Initialize memory that created the
  partition table instead of writing random bytes to it (bsc#1178692)

==== tar ====
Subpackages: tar-lang tar-rmt

- prepare usrmerge (boo#1029961)

==== tcl ====

- Add a manpage symlink for tclsh8.6.

==== wxWidgets-3_2-nostl ====
Subpackages: libwx_baseu-suse-nostl4_0_0 libwx_baseu_net-suse-nostl4_0_0 libwx_baseu_xml-suse-nostl4_0_0 libwx_gtk3u_core-suse-nostl4_0_0 libwx_gtk3u_html-suse-nostl4_0_0 libwx_gtk3u_qa-suse-nostl4_0_0

- Fix an rpmlint warning by moving libwx_base symlinks to their
  own -devel subpackage which is then required by
  (wxWidgets-devel, wxGTK3-devel).

==== zlib ====
Subpackages: libminizip1 libz1 libz1-32bit zlib-devel

- Fix hw compression on z15 bsc#1176201
- Add zlib-s390x-z15-fix-hw-compression.patch