Packages changed:
  MozillaFirefox (83.0 -> 84.0)
  MozillaThunderbird (78.5.1 -> 78.6.0)
  SDL2 (2.0.12 -> 2.0.14)
  akonadi-contact
  boost-base
  boost-extra
  dolphin
  gtk2 (2.24.32+70 -> 2.24.33)
  kaddressbook
  kvm_stat (5.9.12 -> 5.10.1)
  mozilla-nss (3.58 -> 3.59)
  openblas_pthreads (0.3.12 -> 0.3.13)
  orca (3.38.1 -> 3.38.2)
  plasma5-desktop
  python-importlib-metadata (3.1.1 -> 3.3.0)
  python-more-itertools (8.5.0 -> 8.6.0)
  python-pyOpenSSL
  sudo (1.9.4 -> 1.9.4p2)
  timezone (2020d -> 2020e)
  timezone-java (2020d -> 2020e)
  wireshark (3.4.1 -> 3.4.2)
  xmlsec1 (1.2.30 -> 1.2.31)

=== Details ===

==== MozillaFirefox ====
Version update (83.0 -> 84.0)
Subpackages: MozillaFirefox-translations-common

- Mozilla Firefox 84.0
  * Firefox 84 is the final release to support Adobe Flash
  * WebRender is enabled by default when run on GNOME-based X11
    Linux desktops
  MFSA 2020-54 (bsc#1180039))
  * CVE-2020-16042 (bmo#1679003)
    Operations on a BigInt could have caused uninitialized memory
    to be exposed
  * CVE-2020-26971 (bmo#1663466)
    Heap buffer overflow in WebGL
  * CVE-2020-26972 (bmo#1671382)
    Use-After-Free in WebGL
  * CVE-2020-26973 (bmo#1680084)
    CSS Sanitizer performed incorrect sanitization
  * CVE-2020-26974 (bmo#1681022)
    Incorrect cast of StyleGenericFlexBasis resulted in a heap
    use-after-free
  * CVE-2020-26975 (bmo#1661071)
    Malicious applications on Android could have induced Firefox
    for Android into sending arbitrary attacker-specified headers
  * CVE-2020-26976 (bmo#1674343)
    HTTPS pages could have been intercepted by a registered
    service worker when they should not have been
  * CVE-2020-26977 (bmo#1676311)
    URL spoofing via unresponsive port in Firefox for Android
  * CVE-2020-26978 (bmo#1677047)
    Internal network hosts could have been probed by a malicious
    webpage
  * CVE-2020-26979 (bmo#1641287, bmo#1673299)
    When entering an address in the address or search bars, a
    website could have redirected the user before they were
    navigated to the intended url
  * CVE-2020-35111 (bmo#1657916)
    The proxy.onRequest API did not catch view-source URLs
  * CVE-2020-35112 (bmo#1661365)
    Opening an extension-less download may have inadvertently
    launched an executable instead
  * CVE-2020-35113 (bmo#1664831, bmo#1673589)
    Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
  * CVE-2020-35114 (bmo#1607449, bmo#1640416, bmo#1656459,
    bmo#1669914, bmo#1673567)
    Memory safety bugs fixed in Firefox 84
- requires
  NSS >= 3.59
  rust >= 1.44
  rust-cbindgen >= 0.15.0
- remove revert-795c8762b16b.patch and replace with mozilla-pgo.patch
- Add/Enable GNOME search provider

==== MozillaThunderbird ====
Version update (78.5.1 -> 78.6.0)
Subpackages: MozillaThunderbird-translations-common

- Mozilla Thunderbird 78.6.0
  * changes and additions in MailExtensions
  * several bugfixes
  * https://www.thunderbird.net/en-US/thunderbird/78.6.0/releasenotes/
  MFSA 2020-56 (bsc#1180039))
  * CVE-2020-16042 (bmo#1679003)
    Operations on a BigInt could have caused uninitialized memory
    to be exposed
  * CVE-2020-26971 (bmo#1663466)
    Heap buffer overflow in WebGL
  * CVE-2020-26973 (bmo#1680084)
    CSS Sanitizer performed incorrect sanitization
  * CVE-2020-26974 (bmo#1681022)
    Incorrect cast of StyleGenericFlexBasis resulted in a heap
    use-after-free
  * CVE-2020-26978 (bmo#1677047)
    Internal network hosts could have been probed by a malicious
    webpage
  * CVE-2020-35111 (bmo#1657916)
    The proxy.onRequest API did not catch view-source URLs
  * CVE-2020-35112 (bmo#1661365)
    Opening an extension-less download may have inadvertently
    launched an executable instead
  * CVE-2020-35113 (bmo#1664831, bmo#1673589)
    Memory safety bugs fixed in Thunderbird 78.6

==== SDL2 ====
Version update (2.0.12 -> 2.0.14)

- update to 2.0.14:
  * Added support for PS5 DualSense and Xbox Series X controllers to the HIDAPI controller driver
  * Vulkan support to the KMSDRM video driver
  * see details on https://discourse.libsdl.org/t/sdl-2-0-14-released/28470

==== akonadi-contact ====
Subpackages: akonadi-contact-lang akonadi-plugin-contacts libKF5AkonadiContact5 libKF5ContactEditor5

- Obsolete kdepim-apps-libs-lang as well to avoid update problems

==== boost-base ====
Subpackages: boost-license1_75_0 libboost_date_time1_75_0 libboost_filesystem1_75_0 libboost_iostreams1_75_0 libboost_locale1_75_0 libboost_regex1_75_0 libboost_thread1_75_0

- libboost_nowide now uses same pattern of Provides/Conflicts
  and version numbers as other Boost libraries
- Add missing conflicts for Boost 1.66
- Boost.Build (jam) implementation is now obsoletes older versions

==== boost-extra ====

- libboost_nowide now uses same pattern of Provides/Conflicts
  and version numbers as other Boost libraries
- Add missing conflicts for Boost 1.66
- Boost.Build (jam) implementation is now obsoletes older versions

==== dolphin ====
Subpackages: dolphin-part dolphin-part-lang libdolphinvcs5

- Add upstream patch to fix crash on launch (kde#429628,
  kde#430434):
  * 0001-Fix-access-url-navigator-while-creating-new-tab-in-f.patch

==== gtk2 ====
Version update (2.24.32+70 -> 2.24.33)
Subpackages: gtk2-data gtk2-immodule-amharic gtk2-immodule-inuktitut gtk2-immodule-thai gtk2-immodule-tigrigna gtk2-immodule-vietnamese gtk2-immodule-xim gtk2-lang gtk2-tools gtk2-tools-32bit libgtk-2_0-0 libgtk-2_0-0-32bit

- Update to version 2.24.33:
  + This is the final GTK 2.x release. There will be no more
    updates to GTK 2. All users are encouraged to update to GTK 3
    or 4.
  + Make the output of gtk-query-immodules deterministic.
  + GtkCalendar: Use %OB if supported.
  + GtkIconTheme: prefer exact matches.
  + build:
  - Support automake 1.16.
  - Fix compiler warnings with newer gcc.

==== kaddressbook ====
Subpackages: kaddressbook-doc kaddressbook-lang libKPimAddressbookImportExport5

- Obsolete kdepim-apps-libs-lang as well to avoid update problems

==== kvm_stat ====
Version update (5.9.12 -> 5.10.1)

- Fix kernel version comparison for selectively applying patches
  * so that it won't break when, e.g., 5.10.0 hits Factory

==== mozilla-nss ====
Version update (3.58 -> 3.59)
Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs mozilla-nss-tools

- update to NSS 3.59
  Notable changes
  * Exported two existing functions from libnss:
    CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData
  Bugfixes
  * bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race
  * bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA
  * bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent
  * bmo#1670835 - Support enabling and disabling signatures via Crypto Policy
  * bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed
    root certs when SHA1 signatures are disabled.
  * bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to
    solve some test intermittents
  * bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in
    our CVE-2020-25648 fix that broke purple-discord
    (boo#1179382)
  * bmo#1666891 - Support key wrap/unwrap with RSA-OAEP
  * bmo#1667989 - Fix gyp linking on Solaris
  * bmo#1668123 - Export CERT_AddCertToListHeadWithData and
    CERT_AddCertToListTailWithData from libnss
  * bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA
  * bmo#1663091 - Remove unnecessary assertions in the streaming
    ASN.1 decoder that affected decoding certain PKCS8
    private keys when using NSS debug builds
  * bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS.

==== openblas_pthreads ====
Version update (0.3.12 -> 0.3.13)

- Update to version 0.3.13
  common:
  * Added a generic bfloat16 SBGEMV kernel
  * Fixed a potentially severe memory leak after fork in OpenMP builds
    that was introduced in 0.3.12
  * Added detection of the Fujitsu Fortran compiler
  * Added detection of the (e)gfortran compiler on OpenBSD
  * Added support for overriding the default name of the library independently
    from symbol suffixing in the gmake builds (already supported in cmake)
  RISC V:
  * Added a RISC V port optimized for C910V
  POWER:
  * Added optimized POWER10 kernels for SAXPY, CAXPY, SDOT, DDOT and DGEMV_N
  * Improved DGEMM performance on POWER10
  * Improved STRSM and DTRSM performance on POWER9 and POWER10
  * Fixed segmemtation faults in DYNAMIC_ARCH builds
  * Fixed compilation with the PGI compiler
  x86:
  * Fixed compilation of kernels that require SSE2 intrinsics since 0.3.12
  x86_64:
  * Added an optimized bfloat16 SBGEMV kernel for SkylakeX and Cooperlake
  * Improved the performance of SASUM and DASUM kernels through parallelization
  * Improved the performance of SROT and DROT kernels
  * Improved the performance of multithreaded xSYRK
  * Fixed OpenMP builds that use the LLVM Clang compiler together with GNU gfortran
    (where linking of both the LLVM libomp and GNU libgomp could lead to lockups or
    wrong results)
  * Fixed miscompilations by old gcc 4.6
  * Fixed misdetection of AVX2 capability in some Sandybridge cpus
  * Fixed lockups in builds combining DYNAMIC_ARCH with TARGET=GENERIC on OpenBSD
  ARM64:
  * Fixed segmentation faults in DYNAMIC_ARCH builds
  MIPS:
  * Improved kernels for Loongson 3R3 ("3A") and 3R4 ("3B") models, including MSA
  * Fixed bugs in the MSA kernels for CGEMM, CTRMM, CGEMV and ZGEMV
  * Added handling of zero increments in the MSA kernels for SSWAP and DSWAP
  * Added DYNAMIC_ARCH support for MIPS64 (currently Loongson3R3/3R4 only)
  SPARC:
  * Fixed building 32 and 64 bit SPARC kernels with the SolarisStudio compilers
- Fix invalid symlinks (boo#1179764).

==== orca ====
Version update (3.38.1 -> 3.38.2)
Subpackages: orca-lang

- Update to version 3.38.2:
  + Don't treat unknown coordinates as definitely off-screen.
    Should fix the problem seen with flat review resulting from a
    change in Gtk+ 3.24.24.

==== plasma5-desktop ====
Subpackages: plasma5-desktop-emojier plasma5-desktop-lang

- Add upstream patch to fix keyboard repeat settings not being
  applied immediately (boo#1164739, kde#418175):
  * Reparse-the-key-repeat-rate-config-when-we-try-to-load-it.patch

==== python-importlib-metadata ====
Version update (3.1.1 -> 3.3.0)

- New version requires typing_extensions for Python < 3.8
  (Leap and TW python36 flavor)
- update to 3.3.0:
  * * #265: ``EntryPoint`` objects now expose a ``.dist`` object
    referencing the ``Distribution`` when constructed from a
    Distribution.
  * The object returned by ``metadata()`` now has a
    formally-defined protocol called ``PackageMetadata``
    with declared support for the ``.get_all()`` method.
    Fixes #126.
- add typing-extensions dependency for older python versions

==== python-more-itertools ====
Version update (8.5.0 -> 8.6.0)

- update to 8.6.0:
  * :func:`all_unique` (thanks to brianmaissy)
  * :func:`nth_product` and :func:`nth_permutation` (thanks to N8Brooks)
  * :func:`chunked` and :func:`sliced` now accept a ``strict`` parameter (thanks to shlomif and jtwool)
  * Python 3.5 has reached its end of life and is no longer supported.
  * Python 3.9 is officially supported.

==== python-pyOpenSSL ====

- Adjust metadata for skip-networked-test.patch and refer to the proper
  upstream ticket gh#pyca/pyopenssl#68.

==== sudo ====
Version update (1.9.4 -> 1.9.4p2)
Subpackages: sudo-plugin-python

- Update to 1.9.4p2
  * Fixed a bug introduced in sudo 1.9.4p1 which could lead to a crash
    if the sudoers file contains a runas user-specific Defaults entry.
    Bug #951.
- News in 1.9.4p1
  * Fixed a regression introduced in version 1.9.4 where sudo would
    not build when configured using the --without-sendmail option.
    Bug #947.
  * Fixed a problem where if I/O logging was disabled and sudo was
    unable to connect to sudo_logsrvd, the command would still be
    allowed to run even when the "ignore_logfile_errors" sudoers
    option was enabled.
  * Fixed a crash introduced in version 1.9.4 when attempting to run
    a command as a non-existent user.  Bug #948.
  * The installed sudo.conf file now has the default sudoers Plugin
    lines commented out.  This fixes a potential conflict when there
    is both a system-installed version of sudo and a user-installed
    version.  GitHub issue #75.
  * Fixed a regression introduced in sudo 1.9.4 where sudo would run
    the command as a child process even when a pseudo-terminal was
    not in use and the "pam_session" and "pam_setcred" options were
    disabled.  GitHub issue #76.
  * Fixed a regression introduced in sudo 1.8.9 where the "closefrom"
    sudoers option could not be set to a value of 3.  Bug #950.

==== timezone ====
Version update (2020d -> 2020e)

- timezone update 2020e (bsc#1177460)
  * Volgograd switches to Moscow time on 2020-12-27 at 02:00.

==== timezone-java ====
Version update (2020d -> 2020e)

- timezone update 2020e (bsc#1177460)
  * Volgograd switches to Moscow time on 2020-12-27 at 02:00.

==== wireshark ====
Version update (3.4.1 -> 3.4.2)
Subpackages: libwireshark14 libwiretap11 libwsutil12 wireshark-ui-qt

- Wireshark 3.4.2
  * CVE-2020-26422: QUIC dissector crash (boo#1180232)
  * Fix IETF QUIC TLS decryption errors when packets are coalesced
    with random data
  * QUIC: missing dissection of some coalesced SH packets
  * Fix false expect error seen on FCoE frames
  * Updated Protocol Support
    DOCSIS, FC-dNS, FC-SWILS, FCoE, QUIC, SNMP, and USBHID

==== xmlsec1 ====
Version update (1.2.30 -> 1.2.31)
Subpackages: libxmlsec1-1 libxmlsec1-nss1 libxmlsec1-openssl1

- Update to version 1.2.31:
  + Unload error strings in OpenSSL shutdown.
  + Make userData available when executing preExecCallback
    function.
  + Add an option to use secure memset.
- Pass --disable-md5 to configure: The cryptographic strength of
  the MD5 algorithm is sufficiently doubtful that its use is
  discouraged at this time. It is not listed as an algorithm in
  [XMLDSIG-CORE1]
  https://www.w3.org/TR/xmlsec-algorithms/#bib-XMLDSIG-CORE1