Packages changed:
  apparmor
  bc
  dmidecode (3.2 -> 3.3)
  dracut (050+suse.227.g7a9b782d -> 050+suse.250.ge6b6e843)
  filesystem
  installation-images-MicroOS (16.23 -> 16.24)
  kernel-default-base
  kubernetes (1.19.2 -> 1.19.3)
  kubernetes1.18 (1.18.9 -> 1.18.10)
  kubernetes1.19 (1.19.2 -> 1.19.3)
  ldb
  libcontainers-common
  lvm2
  lvm2-device-mapper
  openldap2 (2.4.53 -> 2.4.54)
  openssh
  openssl (1.1.1g -> 1.1.1h)
  openssl-1_1 (1.1.1g -> 1.1.1h)
  permissions (1550_20200930 -> 1550_20201008)
  python38
  python38-core
  qrencode (4.1.0 -> 4.1.1)
  salt
  shadow
  systemd
  talloc
  transactional-update (2.26 -> 2.27)
  vim (8.2.1775 -> 8.2.1840)
  yast2 (4.3.29 -> 4.3.37)
  yomi-formula (0.0.1+git.1598948600.9a9eab0 -> 0.0.1+git.1601999695.6141130)

=== Details ===

==== apparmor ====
Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils perl-apparmor python3-apparmor

- add CAP_CHECKPOINT_RESTORE to severity.db (MR 656,
  cap_checkpoint_restore.diff)
- %service_del_postun_without_restart only works for Tumbleweed,
  keep using DISABLE_RESTART_ON_UPDATE for Leap 15.x

==== bc ====

- fix [bsc#1177579] -- wrong clamping of hexadecimal digits in dc
- deleted patches
  - bc-1.06-dc_ibase.patch (upstreamed)

==== dmidecode ====
Version update (3.2 -> 3.3)

- Update to upstream version 3.3:
  * [COMPATIBILITY] Document how the UUID fields are interpreted.
  * [PORTABILITY] Don't use memcpy on /dev/mem on arm64.
  * Add bios-revision, firmware-revision and system-sku-number to -s option.
  * Use the most appropriate unit for cache size.
  * Decode system slot base bus width and peers.
  * Obsoletes dmidecode-add-enumerated-values-from-smbios-3.3.0.patch,
    dmidecode-add-logical-non-volatile-device.patch,
    dmidecode-allow-overriding-build-settings-from-env.patch,
    dmidecode-dont-choke-on-invalid-processor-voltage.patch,
    dmidecode-fix-formatting-of-tpm-table-output.patch,
    dmidecode-fix-redfish-hostname-print-length.patch,
    dmidecode-fix-system-slot-information-for-pcie-ssd.patch,
    dmidecode-fix-the-alignment-of-type-25-name.patch,
    dmidecode-only-scan-dev-mem-for-entry-point-on-x86.patch, and
    dmidecode-print-type-33-name-unconditionally.patch.

==== dracut ====
Version update (050+suse.227.g7a9b782d -> 050+suse.250.ge6b6e843)
Subpackages: dracut-ima

- Update to version 050+suse.250.ge6b6e843:
  * Revert "Revert "install: also install post weak dependencies of kernel modules""
  * 98dracut-systemd: don't wait for root device if remote cryptsetup active
  * cryptroot-ask: unify /etc/crypttab and rd.luks.key
  * 90kernel-modules: arm: add drivers/hwmon for arm/arm64
  * rootfs-block: only write root argument for block device
  * 90crypt: pull in remote-cryptsetup.target enablement
  * 00systemd: add missing cryptsetup-related targets
  * 95nvmf: Implement 'fc,auto' commandline syntax
  * 95nvmf: add nvmf-autoconnect script
  * 95nvmf: Fixup FC connections
  * 95nvmf: add documentation
  * 95nvmf: rework parameter handling
  * dracut-install: fix edge-case regression with weak modules
  * dracut-install: ignore bogus preload libs
  * dracut.spec: Use make macros
  * dracut.spec: remove fedora pre 30 quirks
  * 50drm: Check drm_encoder_init along drm_crtc_init
  * 50drm: Include drm platform drivers in hostonly
  * 50drm: fix ambiguous redirects
  * Include devfreq drivers in initrd
  * dracut.spec: include the 04watchdog-modules module
- Update to version 050+suse.228.gd0d6792d:
  * 99memstrack: use /bin/bash

==== filesystem ====

- Add /usr/etc/X11 (boo#1173049)
- Add /usr/etc/xdg (boo#1173316)
- Add /usr/etc/profile.d (boo#1173310)

==== installation-images-MicroOS ====
Version update (16.23 -> 16.24)

- merge gh#openSUSE/installation-images#430
- Refresh spec file.
- Support 32bit ARM (boo#1177264).
- 16.24

==== kernel-default-base ====

- Create the list of crypto modules dynamically, supersedes hardcoded
  list of crc32 implementations (boo#1177577)

==== kubernetes ====
Version update (1.19.2 -> 1.19.3)
Subpackages: kubernetes-client kubernetes-kubeadm kubernetes-kubelet

- Bump kubernetes to 1.18.10
- Bump kubernetes to 1.19.3

==== kubernetes1.18 ====
Version update (1.18.9 -> 1.18.10)

- Update to version 1.18.10:
  * Fix reporting network_programming_latency metrics in kube-proxy
  * Azure: fix node removal race condition on VMSS deletion
  * make download-or-bust compatible with both sha512/sha1
  * replace sha1 with sha512
  * use more granular buckets for azure api calls
  * avoid potential secret leaking while reading .dockercfg
  * Mask Ceph RBD adminSecrets in logs when logLevel >= 4
  * fix: azure disk resize error if source does not exist
  * fix detach azure disk issue when vm not exist
  * Fix UpdateSnapshot when Node is partially removed
  * kubeadm: make the CP join handling of kubeconfig similar to "init"
  * kubeadm: warn but do not error out on missing CA keys on CP join
  * fix: detach azure disk broken on Azure Stack
  * Handle nil elements when sorting, instead of panicking
  * do not mutate endpoints in the apiserver
  * Remove HeadlessService label in endpoints controller before comparing
  * Update CHANGELOG/CHANGELOG-1.18.md for v1.18.9
  * count of etcd object should be limited to the specified resource
  * Track pods with required anti-affinity in scheduler NodeInfo and Snapshot.
  * Ensure getPrimaryInterfaceID not panic when network interfaces for Azure VMSS are null
  * Update staging/src/k8s.io/legacy-cloud-providers/azure/azure_loadbalancer_test.go
  * Allow 404 error on lb deletion in azure
  * chore: add diskclient.Update interface
  * chore: add diskclient.ListByResourceGroup interface
  * Fix doc for leader-elect-resource-lock flag

==== kubernetes1.19 ====
Version update (1.19.2 -> 1.19.3)
Subpackages: kubernetes1.19-client kubernetes1.19-client-common kubernetes1.19-kubeadm kubernetes1.19-kubelet kubernetes1.19-kubelet-common

- Update to version 1.19.3:
  * Azure: fix node removal race condition on VMSS deletion
  * Fix reporting network_programming_latency metrics in kube-proxy
  * make download-or-bust compatible with both sha512/sha1
  * replace sha1 with sha512
  * avoid potential secret leaking while reading .dockercfg
  * Mask Ceph RBD adminSecrets in logs when logLevel >= 4
  * upgrade test for BoundServiceAccountTokenVolume
  * fix detach azure disk issue when vm not exist
  * vsphere: improve logging message on node cache refresh event
  * Fix UpdateSnapshot when Node is partially removed
  * kubeadm: make the CP join handling of kubeconfig similar to "init"
  * kubeadm: warn but do not error out on missing CA keys on CP join
  * Return the Kubernetes version which stopped serving deprecated APIs by default
  * fix: detach azure disk broken on Azure Stack
  * Ensuring EndpointSlices are recreated after Service recreation
  * Handle nil elements when sorting, instead of panicking
  * use more granular buckets for azure api calls
  * do not mutate endpoints in the apiserver
  * Remove HeadlessService label in endpoints controller before comparing
  * test: add unit-test for TranslateCSIPVToInTree.
  * fix azure file migration panic
  * kubeadm: relax the validation of kubeconfig server URLs
  * portforward: Fix UDP-only ports calculation
  * make kube::util::find-binary not dependent on bazel-out/ structure
  * output go_binary rule directly from go_binary_conditional_pure
  * hack/lib/util.sh: some bash cleanups
  * bazel: Replace --features with Starlark build settings flag
  * [go1.15] staging/publishing: Set default go version to go1.15.2
  * [go1.15] build: Use go-runner:buster-v2.0.1 (built using go1.15.1)
  * [go1.15] Update to go1.15.2
  * [go1.15] hack/tools: Update to k/repo-infra@v0.1.1 (supports go1.15.2)
  * [go1.15] build: Update to k/repo-infra@v0.1.1 (supports go1.15.2)
  * Update CHANGELOG/CHANGELOG-1.19.md for v1.19.2
  * count of etcd object should be limited to the specified resource
  * Track pods with required anti-affinity
  * Ensure getPrimaryInterfaceID not panic when network interfaces for Azure VMSS are null
  * Fix misusage of RLock in timeCache lru.Cache.Get()
  * support ipv6 in e2e policy tests
  * Allow 404 error on lb deletion in azure
  * fix: azure disk resize error if source does not exist
  * chore: add diskclient.Update interface
  * chore: add diskclient.ListByResourceGroup interface

==== ldb ====

- Remove old if suse_version != 1110 || arch != i386 construct:
  unlikely the current package ever builds for 1110 && 386.

==== libcontainers-common ====

- Simplify %setup statements.

==== lvm2 ====
Subpackages: liblvm2cmd2_03

- Update lvm2.spec file (bsc#1174336)
  - enable lvmlockd remote refresh using libdlmcontrol
  - update libdlm dependency relationship

==== lvm2-device-mapper ====
Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03

- Update lvm2.spec file (bsc#1174336)
  - enable lvmlockd remote refresh using libdlmcontrol
  - update libdlm dependency relationship

==== openldap2 ====
Version update (2.4.53 -> 2.4.54)

- updated to 2.4.54
  OpenLDAP 2.4.54 Release (2020/10/12)
  Fixed slapd delta-syncrepl to ignore delete ops on deleted entry (ITS#9342)
  Fixed slapd delta-syncrepl to be fully serialized (ITS#9330)
  Fixed slapd delta-syncrepl MOD on zero-length context entry (ITS#9352)
  Fixed slapd sessionlog to use a TAVL tree (ITS#8486)
  Fixed slapd syncrepl to be fully serialized (ITS#8102)
  Fixed slapd syncrepl to call check_syncprov on fresh consumer (ITS#9345)
  Fixed slapd syncrepl to propagate errors from overlay_entry_get_ov (ITS#9355)
  Fixed slapd syncrepl to not create empty ADD ops (ITS#9359)
  Fixed slapd syncrepl replace usage on single valued attrs (ITS#9295)
  Fixed slapd-monitor fix monitor_back_register_database for empty suffix DB (ITS#9353)
  Fixed slapo-accesslog normalizer for reqStart (ITS#9358)
  Fixed slapo-accesslog to not generate new contextCSN on purge (ITS#9361)
  Fixed slapo-syncprov contextCSN generation with empty suffix (ITS#9015)

==== openssh ====

- Work around %service_add_post disabling sshd on upgrade with
  package name change (bsc#1177039).
- Fix fillup-template usage:
  + %post server needs to reference ssh (not sshd), which matches
    the sysconfig.ssh file name the package ships.
  + %post client does not need any fillup_ calls, as there is no
    client-relevant sysconfig file present. The naming of the
    sysconfig file (ssh instead of sshd) is unfortunate.
- Use of DISABLE_RESTART_ON_UPDATE is deprecated.
  Replace it with %service_del_postun_without_restart
- Move some Requires to the right subpackage.
- Avoid ">&" bashism in %post.
- Upgrade some old specfile constructs/macros and drop unnecessary
  %{?systemd_*}.
- Trim descriptions and straighten out the grammar.
- Split openssh package into openssh, openssh-common,
  openssh-server and openssh-clients. This allows for the ssh
  clients to be installed without the server component
  (bsc#1176434).

==== openssl ====
Version update (1.1.1g -> 1.1.1h)

- Update to 1.1.1h release

==== openssl-1_1 ====
Version update (1.1.1g -> 1.1.1h)
Subpackages: libopenssl1_1

- Escape rpm command %%expand when used in comment.
- Update to 1.1.1h
  * Disallow explicit curve parameters in verifications chains when X509_V_FLAG_X509_STRICT is used
  * Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS contexts
- refresh openssl-fips_selftest_upstream_drbg.patch
  * DRBG internals got renamed back:
    reseed_gen_counter  -> generate_counter
    reseed_prop_counter -> reseed_counter

==== permissions ====
Version update (1550_20200930 -> 1550_20201008)
Subpackages: chkstat permissions-config

- Update to version 20201008:
  * cleanup now useless /usr/lib entries after move to /usr/libexec (bsc#1171164)
  * drop (f)ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504)

==== python38 ====

- Buildrequire timezone only for general flavor. It's used in this
  flavor for the test suite.

==== python38-core ====
Subpackages: libpython3_8-1_0 python38-base

- Buildrequire timezone only for general flavor. It's used in this
  flavor for the test suite.

==== qrencode ====
Version update (4.1.0 -> 4.1.1)

- update to 4.1.1:
  * Some minor bugs in Micro QR Code generation have been fixed.
  * The data capacity calculations are now correct. These bugs probably did not
    affect the Micro QR Code generation.

==== salt ====
Subpackages: python3-salt salt-master salt-minion salt-standalone-formulas-configuration

- Ensure virt.update stop_on_reboot is updated with its default value
- Added:
  * ensure-virt.update-stop_on_reboot-is-updated-with-it.patch
- Do not break package building for systemd OSes
- Drop wrong mock from chroot unit test
- Added:
  * drop-wrong-mock-from-chroot-unit-test.patch
- Support systemd versions with dot (bsc#1176294)
- Fix for grains.test_core unit test
- Fix file/directory user and group ownership containing UTF-8
  characters (bsc#1176024)
- Several changes to virtualization:
-   - Fix virt update when cpu and memory are changed
-   - Memory Tuning GSoC
-   - Properly fix memory setting regression in virt.update
-   - Expose libvirt on_reboot in virt states
- Support transactional systems (MicroOS)
- zypperpkg module ignores retcode 104 for search() (bsc#1159670)
- Xen disk fixes. No longer generates volumes for Xen disks, but the
  corresponding file or block disk (bsc#1175987)
- Added:
  * fix-grains.test_core-unit-test-277.patch
  * support-transactional-systems-microos-271.patch
  * backport-a-few-virt-prs-272.patch
  * xen-disk-fixes-264.patch
  * zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch
  * bsc-1176024-fix-file-directory-user-and-group-owners.patch
- Invalidate file list cache when cache file modified time is in the future (bsc#1176397)
- Added:
  * invalidate-file-list-cache-when-cache-file-modified-.patch

==== shadow ====

- Add support for /usr/etc/skel to useradd.local script (boo#1173321)
- shadow-login_defs-check.sh: Fix the regexp to get a real variable
  list (boo#1164274).

==== systemd ====
Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev

- Do not include %{release} in a few places where we explicitly mention package versions
  It's usually not a good idea especially when used with conflicts.
- Rely on systemd-default-settings for overriding system default settings
  The new branding packages now ships the drop-ins to customize
  systemd either for an openSUSE or a SLE ditro.

==== talloc ====

- Fix build with RPM 4.16:
  bad %if condition:  01550 != 1110 || "x86_64" == x86_64
  no bare word support, x86_64 needs to be quoted

==== transactional-update ====
Version update (2.26 -> 2.27)
Subpackages: transactional-update-zypp-config

- Version 2.27
  - Add support for network systemd-resolvd network connections in t-u
    environment
  - Mount /var/lib/ca-certificates read-write to prevent SELinux error
  - Prevent calling transactional-update from within transactional-update

==== vim ====
Version update (8.2.1775 -> 8.2.1840)
Subpackages: vim-data-common vim-small

- Updated to version 8.2.1840, fixes the following problems
- refreshed vim-7.3-filetype_changes.patch and vim-8.0.1568-defaults.patch
  * Filetype.vim may be loaded twice.
  * Vim9: some assignment tests in the wrong file.
  * Vim9: returning from a partial call clears outer context, causing a crash.
  * Some debian changelog files are not recognized.
  * Statusline not updated when splitting windows.
  * Writing to prompt buffer interferes with insert mode.
  * Vim9: cannot pass boolean to mapset().
  * Try-catch test fails.
  * commits are not scanned for security problems
  * Compiler warning for strcp() out of bounds. (Christian Brabandt)
  * Various Normal mode commands not fully tested.
  * Crash with 'incsearch' and very long line.
  * Vim9: still allows :let for declarations.
  * Vim9: crash with invalid list constant. (Dhiraj Mishra)
  * Vim9: debugger test fails.
  * Configure does not recognize Racket 6.1+.
  * Not consistently giving the "is a directory" warning.
  * No falsy Coalescing operator.
  * Vim9: operators && and || have a confusing result.
  * Vim9: invalid memory access with weird function name. (Dhiraj Mishra)
  * Vim9: some parts of the code not tested.
  * Vim9: trinary operator condition is too permissive.
  * Some Normal mode commands not fully tested.
  * Vim9: memory leak if "if" condition is invalid.
  * Undo file not found when using ":args" or ":next".
  * Vim9: crash with unterminated dict. (Dhiraj Mishra)
  * A few failures are not tested.
  * resolve('/') returns an empty string.
  * Unix: terminal mode changed when using ":shell".
  * Can use :help in a terminal popup window.
  * No test coverage for ":spelldump!".
  * Mapping some keys with Ctrl does not work properly.
  * Some code in normal.c not covered by tests.
  * Mapping Ctrl-key does not work for '{', '}' and '|'.
  * Vim9: nested closure throws an internal error.
  * Vim9: can assign wrong type to script dict. (Christian J.  Robinson)
  * Missing change to remove "static".
  * Vim9: memory leak when using function reference.
  * Vim9: another memory leak when using function reference.
  * Vim9: wrong instruction when reusing a local variable spot.
  * SE Linux: deprecation warning for security_context_t.
  * Vim9: Memory leak when using a closure.
  * Vim9: crash when error happens in timer callback.
  * Vim9: concatenating to a NULL list doesn't work.
  * List test doesn't fail.
  * "gN" does not select the matched string.
  * Vim9: variables at the script level escape their scope.
  * Vim9: accessing freed memory.
  * Vim9: cannot use a {} block at script level.
  * Filetype detection does not test enough file names.
  * Build failure without the +eval feature.
  * Warnings when executing Github actions.
  * File missing from distribution.
  * readdirex() error is displayed as a message. (Yegappan Lakshmanan)
  * When reading from stdin dup() is called twice.
  * PyEval_InitThreads() is deprecated in Python 3.9.
  * ":help ??" finds the "!!" tag.
  * Autocmd test fails on pacifist systems.
  * Using "gn" after "gN" does not work.
  * Vim9: cannot insert a comment line in an expression.
  * Vim9: memory leaks reported in assign test.
  * Vim9: error message is not clear about compilation error.

==== yast2 ====
Version update (4.3.29 -> 4.3.37)

- Revert changes for hiding the heading of the dialog in text mode
  (the heading has no height if the title is empty).
- bsc#1176808
- 4.3.37
- AutoYaST: SectionWithAttributes#new_from_hashes accepts
  an enumerable as first element (related to bsc#1177405).
- 4.3.36
- AutoYaST: do not crash when sections like 'raid_options' are
  empty (bsc#1177405).
- 4.3.35
- Revert the drop of SuSEFirewall2 as there are still some packages
  which need to be adapted (bsc#1177160)
- 4.3.34
- Drop SuSEFirewall2 code completely (fate#323460)
- 4.3.33
- Fix non-editable ComboBox handling (bsc#1136454).
- 4.3.32
- Small improvements to CWM based widgets (related to bsc#1136454):
  - An editable ComboBox will refresh the list of items when a new
    one is given as its current value.
  - By default, a MenuButton widget listens to events from all its
    buttons.
- 4.3.31
- Do not crash when trying to parse non-existing ("nil") add-on
  product control XML file (bsc#1176593)
- 4.3.30

==== yomi-formula ====
Version update (0.0.1+git.1598948600.9a9eab0 -> 0.0.1+git.1601999695.6141130)

- Update to version 0.0.1+git.1601999695.6141130:
  * README: add user provided config