Packages changed:
  bison
  branding-openSUSE
  ed (1.13 -> 1.14)
  epiphany (3.22.4 -> 3.22.5)
  freetype2 (2.7 -> 2.7.1)
  ft2demos (2.7 -> 2.7.1)
  gmp (6.1.1 -> 6.1.2)
  gnome-settings-daemon
  grub2
  irqbalance (1.1.0 -> 1.2.0)
  kde-branding-openSUSE
  libcap
  libgit2 (0.24.3 -> 0.24.6)
  libraw (0.17.2 -> 0.18.0)
  linux-glibc-devel (4.8 -> 4.9)
  m4 (1.4.17 -> 1.4.18)
  ncftp (3.2.5 -> 3.2.6)
  perl-Math-Base-Convert
  perl-Net-HTTP (6.09 -> 6.12)
  publicsuffix (20161211 -> 20170105)
  python-qt4 (4.11.4 -> 4.12)
  python-sip (4.18.1 -> 4.19)
  python3-qt4 (4.11.4 -> 4.12)
  python3-sip (4.18.1 -> 4.19)
  qalculate (0.9.7 -> 0.9.10)
  qemu (2.6.1 -> 2.7.0)
  qemu-linux-user (2.6.1 -> 2.7.0)
  qscintilla (2.9.3 -> 2.9.4)
  sudo (1.8.18p1 -> 1.8.19p2)
  systemd-rpm-macros
  xz (5.2.2 -> 5.2.3)

=== Details ===

==== bison ====
Subpackages: bison-lang

- gcc7-fix.patch: Add forward declaration to compile with GCC7.

==== branding-openSUSE ====
Subpackages: gfxboot-branding-openSUSE grub2-branding-openSUSE plymouth-branding-openSUSE wallpaper-branding-openSUSE xfce4-splash-branding-openSUSE

- Also require grub2 when using the new update-bootloader-rpm-macros:
  Otherwise the installer might install the branding package before
  grub2, resulting in /etc/default/grub to not exist and the theme
  failing to activate.
- Support %posttrans with macros provided by update-bootloader-rpm-macros
  package (bsc#997317)

==== ed ====
Version update (1.13 -> 1.14)

- Update to version 1.14:
  * Print counts, messages, '?' and '!' to stdout instead of stderr.
  * buffer.c (append_lines): Fixed current address after empty 'i'.
  * regex.c (set_subst_regex): Treat missing delimiters consistently.
  * (extract_replacement): Don't replace 'a' with '%' in 's/a/%'.
  * Fixed infinite loop with EOF in the middle of a replacement.
  * Don't accept newlines in replacement in a global command.
  * Last delimiter can't be omitted if not last in command list.
  * (search_and_replace): Set current address to last line modified.
  * main_loop.c (extract_addresses): Fixed address offsets;
  * '3 ---- 2' was calculated as -2 instead of 1.
  * Accept ranges with the first address omitted.
  * (exec_command): Fixed current address after empty replacement
  text in 'c' command.
  * Don't clear the modified status after writing the buffer to a
  shell command. (Reported by Jérôme Frgacic).
  * (get_command_suffix): Don't allow repeated print suffixes.
  * (command_s): Accept suffixes in any order.
  * Don't allow multiple count suffixes.
  * 'sp' now toggles all print suffixes.
  * (main_loop): Make EOF on stdin behave as a 'q' command.
  * ed.texi: Fixed the description of commands 'acegijkmqrsuw'.
  * Documented that ed allows any combination of print suffixes.
  * testsuite: Improved most tests. Simplified bug reporting.
  * configure: Avoid warning on some shells when testing for gcc.
  * Makefile.in: Detect the existence of install-info.

==== epiphany ====
Version update (3.22.4 -> 3.22.5)
Subpackages: epiphany-lang gnome-shell-search-provider-epiphany

- Update to version 3.22.5:
  + Do not offer to remember empty passwords (bgo#771073).
  + Fix tenth webpage missing in overview (regression from 3.22.4).
  + "Press key to exit fullscreen" message is now legible.
  + Fix memory leak when tab is closed before permission request
    info bar.
  + Store permissions for hosts displayed in info bar, not the
    current page.

==== freetype2 ====
Version update (2.7 -> 2.7.1)
Subpackages: freetype2-devel libfreetype6 libfreetype6-32bit

- Update to version 2.7.1:
  * IMPORTANT CHANGES
    + Support for the new CFF2 font format as introduced with
    OpenType 1.8 has been contributed by Dave Arnolds from Adobe.
    + Preliminary support for variation fonts as specified in
    OpenType 1.8 (in addition to the already existing support for
    Adobe's MM and Apple's GX formats). Dave Arnolds contributed
    handling of advance width change variation; more will come in
    the next version.
  * IMPORTANT BUG FIXES
    + Handling of raw CID fonts was partially broken (bug introduced
    in 2.6.4).
  * MISCELLANEOUS
    + Some limits for TrueType bytecode execution have been tightened
    to speed up FreeType's handling of malformed fonts, in
    particular to quickly abort endless loops.
    + The number of twilight points can no longer be set to an
    arbitrarily large value.
    + The total number of jump opcode instructions (like JMPR) with
    negative arguments is dynamically restricted; the same holds
    for the total number of iterations in LOOPCALL opcodes.
    + The dynamic limits are based on the number of points in a glyph
    and the number of CVT entries. Please report if you encounter a
    font where the selected values are not adequate.
    + PCF family names are made more `colourful'; they now include the
    foundry and information whether they contain wide characters.
    For example, you no longer get `Fixed' but rather `Sony Fixed'
    or `Misc Fixed Wide'.
    + A new function `FT_Get_Var_Blend_Coordinates' (with its alias
    name `FT_Get_MM_Blend_Coordinates') to retrieve the normalized
    blend coordinates of the currently selected variation instance
    has been added to the Multiple Masters interface.
    + A new function `FT_Get_Var_Design_Coordinates' to retrieve the
    design coordinates of the currently selected variation instance
    has been added to the Multiple Masters interface.
    + A new load flag `FT_LOAD_BITMAP_METRICS_ONLY' to retrieve bitmap
    information without loading the (embedded) bitmap itself.
    + Retrieving advance widths from bitmap strikes (using
    `FT_Get_Advance' and `FT_Get_Advances') have been sped up.
    + The usual round of fuzzer fixes to better reject malformed
    fonts.
- Drop freetype2-bitmap-foundry.patch, merged upstream.

==== ft2demos ====
Version update (2.7 -> 2.7.1)

- Update to version 2.7.1
  + The `ftmulti' demo program can now switch engines with key `H'.
  + The `ftstring' demo program can now show some built-in,
    non-latin sample strings (to be selected with the TAB key).
  + The `ftview' demo program can now switch between a font's
    charmaps using the TAB key.
- Remove ftinspect-library.patch, merged upstream.
- Also build ftinspect

==== gmp ====
Version update (6.1.1 -> 6.1.2)
Subpackages: gmp-devel libgmp10 libgmp10-32bit libgmpxx4

- Update to GMP 6.1.2 release.
  * Mini-GMP: Fixed a division bug, which on a machine with 64-bit
    unsigned long affects approximately 1 out of 2^32 divisors.
  * Mini-GMP: Fix mpz_set_str crash on inputs with a large number of
    leading zeros. Also stricter input validation, rejecting inputs
    with no digits.
  * Handle more systems which require PIC code in static libraries (e.g.,
    "hardened" Gentoo and Debian 9).
  * Configuration for arm (-32 and -64) has been rewritten, fixing poor
    code selection for many CPUs.
  * Mini-GMP: Updated to the latest development version, including
    new functions mpn_com and mpn_neg.
- Add gmp-6.1.2-conftest.patch to fix configure test.

==== gnome-settings-daemon ====

- Apply gnome-settings-daemon-initial-keyboard.patch also for
  openSUSE, this fix is also needed there (boo#1009515).
- Also apply gnome-settings-daemon-more-power-button-actions.patch
  on openSUSE.
- Fixup gnome-settings-daemon-bring-back-updates-plugin.patch: also
  backport pk-clear-offline-update from PackageKit into this patch.
- Add gnome-settings-daemon-shutdown-dialog-delay.patch: Fix
  'Shutdown dialog delay 1 to 2 seconds' (bsc#979257, bgo#774452).

==== grub2 ====
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen

- Add serial module to efi image.
  Serial terminal is still useful even with EFI Secure Boot
- Support %posttrans with marcos provided by update-bootloader-rpm-macros
  package (bsc#997317)

==== irqbalance ====
Version update (1.1.0 -> 1.2.0)

- update to 1.2.0:
  * sort_irq logic rework to fix unintended ordering
  * removal of the affinity_hint infrastructure as its not needed
  * fixes for invalid cpumask parsing
  * many other minior fixes (see git log)
  * Aarch64 support
  * live interactive monitoring of irqbalance and live adjustment with irqbalance-ui
- remove fix-aarch64-support.patch: upstreamed
- add install-man-pages.patch
- add aarch64-compile-fixes.patch

==== kde-branding-openSUSE ====
Subpackages: kdelibs4-branding-openSUSE ksplash-qml-branding-openSUSE ksplashx-branding-openSUSE

- Also require grub2 when using the new update-bootloader-rpm-macros:
  Otherwise the installer might install the branding package before
  grub2, resulting in /etc/default/grub to not exist and the theme
  failing to activate.
- Support %posttrans with macros provided by update-bootloader-rpm-macros
  package (bsc#997317)
- enable grub2-branding-openSUSE also for %%arm

==== libcap ====
Subpackages: libcap2 libcap2-32bit

- RPM group association fix

==== libgit2 ====
Version update (0.24.3 -> 0.24.6)

- libgit2 0.24.6, including the following security fixes:
  * bsc#1019036: edge cases in the Git Smart Protocol can lead to
    attempting to parse outside of the buffer
    CVE-2016-10128,CVE-2016-10129
  * bsc#1019037: MITM possible due to lack of parameter for
    certificate parameter
    CVE-2016-10130,CVE-2017-5338,CVE-2017-5339
- includes changes from 0.24.5:
  * add support for OpenSSL 1.1.0 for BIO filter

==== libraw ====
Version update (0.17.2 -> 0.18.0)
Subpackages: libraw-devel libraw15

- update to 0.18.0:
  * License changed to LGPL-2.1/CDDL-1.0
  * Camera support (+87):
    + Apple: iPad Pro, iPhone SE, iPhone 6s, iPhone 6 plus,
    iPhone 7, iPhone 7 plus
    + BlackMagic Micro Cinema Camera, URSA, URSA Mini
    + Canon PowerShot G5 X, PowerShot G7 X Mark II,
    PowerShot G9 X, IXUS 160 (CHDK hack), EOS 5D Mark IV,
    EOS 80D, EOS 1300D, EOS M10, EOS M5, EOS-1D X Mark II
    + Casio EX-ZR4000/5000
    + DXO One,
    + FujiFilm X-Pro2, X70, X-E2S, X-T2
    + Gione E7
    + GITUP GIT2
    + Google Pixel,Pixel XL
    + Hasselblad X1D, True Zoom
    + HTC MyTouch 4G, One (A9), One (M9), 10
    + Huawei P9
    + Leica M (Typ 262), M-D (Typ 262), S (Typ 007),
    SL (Typ 601), X-U (Typ 113), TL
    + LG G3, G4
    + Meizy MX4
    + Nikon D5, D500, D3400
    + Olympus E-PL8, E-M10 Mark II, Pen F, SH-3, E-M1-II
    + Panasonic DMC-G8/80/81/85, DMC-GX80/85,
    DMC-TZ80/81/85/ZS60, DMC-TZ100/101/ZS100,DMC-LX9/10/15,
    FZ2000/FZ2500
    + Pentax K-1, K-3 II, K-70
    + PhaseOne IQ3 100MP
    + RaspberryPi Camera, Camera V2
    + Ricoh GR II
    + Samsung Galaxy S7, S7 Edge
    + Sigma sd Quattro
    + Sony A7S II, ILCA-68 (A68), ILCE-6300, DSC-RX1R II,
    DSC-RX10III, DSC-RX100V,ILCA-99M2 (A99-II), a6500,
    IMX214, IMX219, IMX230, IMX298-mipi 16mp,
    IMX219-mipi 8mp, Xperia L
    + PtGrey GRAS-50S5C
    + YUNEEC CGO4
    + Xiaomi MI3, RedMi Note3 Pro
  * Floating point DNG support
  * More metadata parsed
  * Existing API changes:
    imgdata.params fields (all very specific purpose):
    sony_arw2_options, sraw_ycc, and params.x3f_flags
    replaced with single bit-field raw_processing_options
    See  LIBRAW_PROCESSING_* bits in documentation.
  * Fixed bug in Sony SR2 files black level
  * DNG files with BlackLevel both in vendor makernotes and
    BlackLevel: BlackLevel tag always takes precedence
  * ChannelBlackLevel added to canon makernotes
  * unpack_thumb() data size/offset check against file size
- removed libraw-0.17.1-gcc6-compatibility.patch (fixed upstream)

==== linux-glibc-devel ====
Version update (4.8 -> 4.9)

- Update to kernel headers 4.9
- Remove empty /usr/include/uapi directory

==== m4 ====
Version update (1.4.17 -> 1.4.18)

- Update to version 1.4.18:
  * Diagnose --word-regexp as unsupported if it was not configured.
  * Preliminary support for OS/2.
  * A number of portability improvements inherited from gnulib.
- Some packaging changes:
  * Use https url's
  * Get keyring from savannah
  * Use xs compressed files
  * Make building more verbose

==== ncftp ====
Version update (3.2.5 -> 3.2.6)

- update to 3.2.6:
  * If a recursive download operation is also requested with delete mode,
    attempt to remove empty directories after all files have completed
    successfully.
  * No longer trying to utime() after every single block on downloads,
    which could cause noticable performance degradation when the local
    filesystem was not local.
  * Changed behavior of resuming downloads where the timestamp wasn't
    preserved (because of the utime change, above). The new behavior is
    to resume the download when the local copy has a recent timestamp
    (less than a week).
  * You can now disable use of MFMT like you could similarly disable
    SITE UTIME (e.g., "-o noMFMT" and "-o noSITE_UTIME").
  * Now able to use sendfile() for uploads, on Linux/FreeBSD/Mac.
    Progress reports work too, with a small performance penalty.
    Ncftpput has a "-s" option to toggle whether it is used (defaults
    to on in ncftpput and ncftpbatch, off in ncftp).
  * Ncftpbatch/spooler now use larger buffers for pathnames, allowing
    for deeper directory trees.
  * Ncftpbatch/spooler now interpret a received SIGUSR1 as a hint to
    exit when the current file has finished.
  * Ncftpbatch/spooler now interpret a received SIGUSR2 to request it
    to stop sleeping and recheck the queue immediately.
  * Ncftpbatch/spooler's spool files now allow for you to specify that
    the local and/or remote file be renamed after a successful transfer.
  * Ncftpbatch/spooler now a little less chatty by reducing the number
    of PWD/CWD operations.
  * Ncftpbatch/spooler now log some xfer stats in its general log file,
    and ncftpspooler has a new "-x" option to specify a separate
    xfer log file.
  * Ncftpbatch/spooler now use a larger default maximum for its log
    file (10 MiB rather than 200 kB), and ncftpspooler has an -O command
    line option that can set this limit. Use "-O 0" for no maximum.
  * Ncftpbatch/spooler now try to present time in local timezone rather
    than UTC where possible.
  * Ncftpbatch/spooler now support multiple items per transaction
    (spool) file.

==== perl-Math-Base-Convert ====

- Add reproducible.patch to allow for reproducible builds

==== perl-Net-HTTP ====
Version update (6.09 -> 6.12)

- updated to 6.12
  see /usr/share/doc/packages/perl-Net-HTTP/Changes
  6.12      2017-01-04 23:32:54-05:00 America/Toronto
  - Fix prereqs

==== publicsuffix ====
Version update (20161211 -> 20170105)

- Update to version 20170105:
  * Add Amune.org to Public Suffix List (#357)
  * Adding TwoDNS TLD's to public_suffix_list.dat (#328)
  * Remove ro.com from Public Suffix List (#346)
  * Add 1gb.ua domains (#353)
  * Add homeoffice.gov.uk (#342)
  * Update list of .RU reserved domains (#359)
  * Add remotewd.com for Western Digital
- Enable syntax checks

==== python-qt4 ====
Version update (4.11.4 -> 4.12)

- Update to 4.12
  - SIP v4.19 is now required.
  - Bug fixes.

==== python-sip ====
Version update (4.18.1 -> 4.19)
Subpackages: python-sip-devel

- Update to 4.19
  * added the assign() function to the sip module
  * added support for the final keyword
  * added the use_limited_api argument to the %Module directive
  * added the %HideNamespace directive.

==== python3-qt4 ====
Version update (4.11.4 -> 4.12)

- Update to 4.12
  - SIP v4.19 is now required.
  - Bug fixes.

==== python3-sip ====
Version update (4.18.1 -> 4.19)

- Update to 4.19
  * added the assign() function to the sip module
  * added support for the final keyword
  * added the use_limited_api argument to the %Module directive
  * added the %HideNamespace directive.

==== qalculate ====
Version update (0.9.7 -> 0.9.10)
Subpackages: libqalculate-devel

- Update to 0.9.10:
  * Unit conversion fixes (e.g. "1/s to ms" and "1/ns to GHz")
  * Fixed parsing of degrees sign (used in defult symbol for temperature units)
- Update to 0.9.9:
  * libqalculate will no longer cause segmentation faults when using a locale unsupported by the users system
  * Parsing of "today" fixed and "tomorrow" and "yesterday" added
  * Qalculate! now compiles, without errors and warning, using clang
  * New commands/options in qalc which list available variables, functions and units
  * New command in qalcfor deletion of variables
- Update to 0.9.8:
  * Lots of bug fixes and minor improvements
  * Three different parsing modes can be chosen from (providing mainly different handling of implicit multiplication). The default 'adaptive' mode has been enhanced.
  * By default prefixes will not be added to for example imperial units.
  * Changed handling of degrees Celsius and Fahrenheit. Conversion will take place already during parsing.
  * When converting to unit without prefix, no prefix will be added to the result unless the unit expression is prepended with '?' ('0' works in the opposite direction).
  * Option to ignore commas in numbers (for use as thousands separator).
  * Possibility to abort slow number printing without using crash prone thread cancellation (use Calculator::startPrintControl() and related functions).
  * New function: fibonacci (Qalculate! can now tell you that the millionth fibonacci number is approximately 1,953282129 * 10^208987, although for obvious reasons the exact number cannot be displayed).
  * New units: Hartree, Rydberg, Dalton (same as u)
  * Currencies have been updated to reflect the available data from ECB.
  * Physical constant have been updated with the CODATA values from 2014.
  * Use ~/.local and ~/.conf to store configuration and definitions
  * 'to' can now not only be used for conversion to unit expressions. "to bin", "to oct", "to hex" and "to bases" changes number base displayed, "to factors" factorizes, "to fraction" displays as fraction, and "to base" and "to optimal" auto-converts units. (CLI)
- Now using https://github.com/Qalculate/libqalculate as source
- Remove gcc-6-compile.patch, fixed upstream

==== qemu ====
Version update (2.6.1 -> 2.7.0)
Subpackages: qemu-arm qemu-block-curl qemu-block-dmg qemu-block-gluster qemu-block-iscsi qemu-block-ssh qemu-extra qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-ppc qemu-s390 qemu-seabios qemu-sgabios qemu-tools qemu-vgabios qemu-x86

- Despite the previous entry about re-enabling ceph on Nov 19, 2016
  the change wasn't actually done. Do it now.
- sgabios-stable-buildid.patch: Use geeko@buildhost
- slof_xhci.patch: XHCI fixes (boo#977027)
- Recommend x86 ROMs for emulated PCI cards on ppc, arm, others
  (bsc#1005869, michals)
- Tidy SLOF patch boilerplate (michals)
- Build with spice on all archs. (boo#1009438, michals)
- Refine the approach to producing stable builds in our ROM based
  packages. All built roms which have hostname or date calls now
  produce consistent results build to build via patch changes, so
  remove the hostname and date call workarounds. (bsc#1011213)
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7
  * Patches added:
  0069-roms-Makefile-pass-a-packaging-time.patch
  sgabios-stable-buildid.patch
- Re-enable ceph (rbd) functionality in OBS builds as we've been told
  the issues which prompted us to disable it are resolved
- Address various security/stability issues
  * Fix OOB access in VMware SVGA emulation (CVE-2016-7170 bsc#998516)
  0041-vmsvga-correct-bitmap-and-pixmap-si.patch
  * Fix DOS in LSI SAS1068 emulation (CVE-2016-7157 bsc#997860)
  0042-scsi-mptconfig-fix-an-assert-expres.patch
  0043-scsi-mptconfig-fix-misuse-of-MPTSAS.patch
  * Fix DOS in Vmware pv scsi interface (CVE-2016-7156 bsc#997859)
  0044-scsi-pvscsi-limit-loop-to-fetch-SG-.patch
  * Fix DOS in USB xHCI emulation (CVE-2016-7466 bsc#1000345)
  0045-usb-xhci-fix-memory-leak-in-usb_xhc.patch
  * Fix OOB access in LSI SAS1068 emulation (CVE-2016-7423 bsc#1000397)
  0046-scsi-mptsas-use-g_new0-to-allocate-.patch
  * Fix DOS in Vmware pv scsi interface (CVE-2016-7421 bsc#999661)
  0047-scsi-pvscsi-limit-process-IO-loop-t.patch
  * Fix NULL pointer dereference in virtio processing
  (CVE-2016-7422 bsc#1000346)
  0048-virtio-add-check-for-descriptor-s-m.patch
  * Fix DOS in ColdFire Fast Ethernet Controller emulation
  (CVE-2016-7908 bsc#1002550)
  0049-net-mcf-limit-buffer-descriptor-cou.patch
  * Fix DOS in USB EHCI emulation (CVE-2016-7995 bsc#1003612)
  0050-usb-ehci-fix-memory-leak-in-ehci_pr.patch
  * Fix DOS in USB xHCI emulation (CVE-2016-8576 bsc#1003878)
  0051-xhci-limit-the-number-of-link-trbs-.patch
  * Fix DOS in virtio-9pfs (CVE-2016-8578 bsc#1003894)
  0052-9pfs-allocate-space-for-guest-origi.patch
  * Fix DOS in virtio-9pfs (CVE-2016-9105 bsc#1007494)
  0053-9pfs-fix-memory-leak-in-v9fs_link.patch
  * Fix DOS in virtio-9pfs (CVE-2016-8577 bsc#1003893)
  0054-9pfs-fix-potential-host-memory-leak.patch
  * Plug data leak in virtio-9pfs interface (CVE-2016-9103 bsc#1007454)
  0055-9pfs-fix-information-leak-in-xattr-.patch
  * Fix DOS in virtio-9pfs interface (CVE-2016-9102 bsc#1007450)
  0056-9pfs-fix-memory-leak-in-v9fs_xattrc.patch
  * Fix DOS in virtio-9pfs (CVE-2016-9106 bsc#1007495)
  0057-9pfs-fix-memory-leak-in-v9fs_write.patch
  * Fix DOS in 16550A UART emulation (CVE-2016-8669 bsc#1004707)
  0058-char-serial-check-divider-value-aga.patch
  * Fix DOS in PC-Net II emulation (CVE-2016-7909 bsc#1002557)
  0059-net-pcnet-check-rx-tx-descriptor-ri.patch
  * Fix DOS in PRO100 emulation (CVE-2016-9101 bsc#1007391)
  0060-net-eepro100-fix-memory-leak-in-dev.patch
  * Fix OOB access in Rocker switch emulation (CVE-2016-8668 bsc#1004706)
  0061-net-rocker-set-limit-to-DMA-buffer-.patch
  * Plug data leak in vmxnet3 emulation (CVE-2016-6836 bsc#994760)
  0062-net-vmxnet-initialise-local-tx-desc.patch
  * Fix DOS in RTL8139 emulation (CVE-2016-8910 bsc#1006538)
  0063-net-rtl8139-limit-processing-of-rin.patch
  * Fix DOS in Intel HDA controller emulation (CVE-2016-8909 bsc#1006536)
  0064-audio-intel-hda-check-stream-entry-.patch
  * Fix DOS in virtio-gpu (CVE-2016-7994 bsc#1003613)
  0065-virtio-gpu-fix-memory-leak-in-virti.patch
  * Fix DOS in virtio-9pfs (CVE-2016-9104 bsc#1007493)
  0066-9pfs-fix-integer-overflow-issue-in-.patch
  * Fix DOS in JAZZ RC4030 emulation (CVE-2016-8667 bsc#1004702)
  0067-dma-rc4030-limit-interval-timer-rel.patch
  * Fix DOS in i.MX NIC emulation (CVE-2016-7907 bsc#1002549)
  0068-net-imx-limit-buffer-descriptor-cou.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7
- Use fixed timestamps and stable build_id in ipxe and other ROMs
  * Patches added:
  ipxe-stable-buildid.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7
  * Patch updated:
  0040-linux-user-skip-0-flag-from-proc-se.patch -> 0040-linux-user-remove-all-traces-of-qem.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7
  * Patches added:
  0040-linux-user-skip-0-flag-from-proc-se.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7
  * Patches added:
  0039-Fix-tlb_vaddr_to_host-with-CONFIG_U.patch
- Document two new options, but leave jemalloc disabled for now
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7
  * Patches dropped:
  0034-build-link-with-libatomic-on-powerp.patch
  * Patches renamed:
  0035-xen-SUSE-xenlinux-unplug-for-emulat.patch -> 0034-xen-SUSE-xenlinux-unplug-for-emulat.patch
  0036-qemu-bridge-helper-reduce-security-.patch -> 0035-qemu-bridge-helper-reduce-security-.patch
  0037-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -> 0036-qemu-binfmt-conf-use-qemu-ARCH-binf.patch
  0038-configure-Fix-detection-of-seccomp-.patch -> 0037-configure-Fix-detection-of-seccomp-.patch
  0039-linux-user-properly-test-for-infini.patch -> 0038-linux-user-properly-test-for-infini.patch
- Updated to v2.7.0: See http://wiki.qemu-project.org/ChangeLog/2.7
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7
  * Patches added:
  0039-linux-user-properly-test-for-infini.patch
- Use new kvm_stat package where available, else provide updated
  kvm_stat script.
- Update to v2.7.0-rc5: See http://wiki.qemu-project.org/ChangeLog/2.7
- Updated to v2.7.0-rc2: See http://wiki.qemu-project.org/ChangeLog/2.7
  * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7
  * Patches dropped:
  0002-qemu-0.9.0.cvs-binfmt.patch (script rewritten upstream)
  0009-block-vmdk-Support-creation-of-SCSI.patch (deprecated)
  0014-linux-user-Ignore-broken-loop-ioctl.patch (implemented upstream)
  0024-linux-user-add-more-blk-ioctls.patch (more implemented upstream)
  0034-qtest-Increase-socket-timeout.patch (increased further upstream)
  0036-configure-Enable-libseccomp-for-ppc.patch (enabled upstream)
  0038-block-split-large-discard-requests-.patch
  0041-xen-introduce-dummy-system-device.patch
  0042-xen-write-information-about-support.patch
  0043-xen-add-pvUSB-backend.patch
  0044-xen-move-xen_sysdev-to-xen_backend..patch
  0045-vnc-add-configurable-keyboard-delay.patch
  0046-configure-add-echo_version-helper.patch
  0047-configure-support-vte-2.91.patch
  0048-hw-arm-virt-mark-the-PCIe-host-cont.patch
  0050-scsi-esp-fix-migration.patch
  0051-xen-when-removing-a-backend-don-t-r.patch
  0052-xen-drain-submit-queue-in-xen-usb-b.patch
  0053-qcow2-avoid-extra-flushes-in-qcow2.patch
  0055-xen-use-a-common-function-for-pv-an.patch
  ipxe-ath9k-Fix-buffer-overrun-for-ar9287.patch
  ipxe-mucurses-Fix-GCC-6-nonnull-compare-errors.patch
  ipxe-sis190-Fix-building-with-GCC-6.patch
  ipxe-skge-Fix-building-with-GCC-6.patch
  ipxe-ath-Fix-building-with-GCC-6.patch
  ipxe-legacy-Fix-building-with-GCC-6.patch
  ipxe-util-v5.24-perl-errors-on-redeclare.patch
  ipxe-efi-fix-garbage-bytes-in-device-path.patch
  ipxe-efi-fix-uninitialised-data-in-HII.patch
  * Patches renamed:
  0010-linux-user-add-binfmt-wrapper-for-a.patch -> 0009-linux-user-add-binfmt-wrapper-for-a.patch
  0011-PPC-KVM-Disable-mmu-notifier-check.patch  -> 0010-PPC-KVM-Disable-mmu-notifier-check.patch
  0012-linux-user-fix-segfault-deadlock.patch    -> 0011-linux-user-fix-segfault-deadlock.patch
  0013-linux-user-binfmt-support-host-bina.patch -> 0012-linux-user-binfmt-support-host-bina.patch
  0015-linux-user-lock-tcg.patch                 -> 0013-linux-user-lock-tcg.patch
  0016-linux-user-Run-multi-threaded-code-.patch -> 0014-linux-user-Run-multi-threaded-code-.patch
  0017-linux-user-lock-tb-flushing-too.patch     -> 0015-linux-user-lock-tb-flushing-too.patch
  0018-linux-user-Fake-proc-cpuinfo.patch        -> 0016-linux-user-Fake-proc-cpuinfo.patch
  0019-linux-user-implement-FS_IOC_GETFLAG.patch -> 0017-linux-user-implement-FS_IOC_GETFLAG.patch
  0020-linux-user-implement-FS_IOC_SETFLAG.patch -> 0018-linux-user-implement-FS_IOC_SETFLAG.patch
  0021-linux-user-XXX-disable-fiemap.patch       -> 0019-linux-user-XXX-disable-fiemap.patch
  0022-slirp-nooutgoing.patch                    -> 0020-slirp-nooutgoing.patch
  0023-vnc-password-file-and-incoming-conn.patch -> 0021-vnc-password-file-and-incoming-conn.patch
  0025-linux-user-use-target_ulong.patch         -> 0022-linux-user-use-target_ulong.patch
  0026-block-Add-support-for-DictZip-enabl.patch -> 0023-block-Add-support-for-DictZip-enabl.patch
  0027-block-Add-tar-container-format.patch      -> 0024-block-Add-tar-container-format.patch
  0028-Legacy-Patch-kvm-qemu-preXX-dictzip.patch -> 0025-Legacy-Patch-kvm-qemu-preXX-dictzip.patch
  0029-console-add-question-mark-escape-op.patch -> 0026-console-add-question-mark-escape-op.patch
  0030-Make-char-muxer-more-robust-wrt-sma.patch -> 0027-Make-char-muxer-more-robust-wrt-sma.patch
  0031-linux-user-lseek-explicitly-cast-no.patch -> 0028-linux-user-lseek-explicitly-cast-no.patch
  0032-virtfs-proxy-helper-Provide-__u64-f.patch -> 0029-virtfs-proxy-helper-Provide-__u64-f.patch
  0033-configure-Enable-PIE-for-ppc-and-pp.patch -> 0030-configure-Enable-PIE-for-ppc-and-pp.patch
  0035-AIO-Reduce-number-of-threads-for-32.patch -> 0031-AIO-Reduce-number-of-threads-for-32.patch
  0037-dictzip-Fix-on-big-endian-systems.patch   -> 0032-dictzip-Fix-on-big-endian-systems.patch
  0039-xen_disk-Add-suse-specific-flush-di.patch -> 0033-xen_disk-Add-suse-specific-flush-di.patch
  0040-build-link-with-libatomic-on-powerp.patch -> 0034-build-link-with-libatomic-on-powerp.patch
  0049-xen-SUSE-xenlinux-unplug-for-emulat.patch -> 0035-xen-SUSE-xenlinux-unplug-for-emulat.patch
  0054-qemu-bridge-helper-reduce-security-.patch -> 0036-qemu-bridge-helper-reduce-security-.patch
  * Patches added:
  0002-qemu-binfmt-conf-Modify-default-pat.patch
  0037-qemu-binfmt-conf-use-qemu-ARCH-binf.patch
  * Package renamed trace-events-all file and linuxboot_dma.bin
  * Handle building and packaging roms for e1000e and vmxnet3 (Bruce)
  * Remove ipxe patches which are now enabled upstream (Bruce)
  * Enable seccomp for s390x (Mark Post):
  0038-configure-Fix-detection-of-seccomp-.patch

==== qemu-linux-user ====
Version update (2.6.1 -> 2.7.0)

- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7
  * Patches added:
  0069-roms-Makefile-pass-a-packaging-time.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7
  * Patches added:
  0041-vmsvga-correct-bitmap-and-pixmap-si.patch
  0042-scsi-mptconfig-fix-an-assert-expres.patch
  0043-scsi-mptconfig-fix-misuse-of-MPTSAS.patch
  0044-scsi-pvscsi-limit-loop-to-fetch-SG-.patch
  0045-usb-xhci-fix-memory-leak-in-usb_xhc.patch
  0046-scsi-mptsas-use-g_new0-to-allocate-.patch
  0047-scsi-pvscsi-limit-process-IO-loop-t.patch
  0048-virtio-add-check-for-descriptor-s-m.patch
  0049-net-mcf-limit-buffer-descriptor-cou.patch
  0050-usb-ehci-fix-memory-leak-in-ehci_pr.patch
  0051-xhci-limit-the-number-of-link-trbs-.patch
  0052-9pfs-allocate-space-for-guest-origi.patch
  0053-9pfs-fix-memory-leak-in-v9fs_link.patch
  0054-9pfs-fix-potential-host-memory-leak.patch
  0055-9pfs-fix-information-leak-in-xattr-.patch
  0056-9pfs-fix-memory-leak-in-v9fs_xattrc.patch
  0057-9pfs-fix-memory-leak-in-v9fs_write.patch
  0058-char-serial-check-divider-value-aga.patch
  0059-net-pcnet-check-rx-tx-descriptor-ri.patch
  0060-net-eepro100-fix-memory-leak-in-dev.patch
  0061-net-rocker-set-limit-to-DMA-buffer-.patch
  0062-net-vmxnet-initialise-local-tx-desc.patch
  0063-net-rtl8139-limit-processing-of-rin.patch
  0064-audio-intel-hda-check-stream-entry-.patch
  0065-virtio-gpu-fix-memory-leak-in-virti.patch
  0066-9pfs-fix-integer-overflow-issue-in-.patch
  0067-dma-rc4030-limit-interval-timer-rel.patch
  0068-net-imx-limit-buffer-descriptor-cou.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7
  * Patch updated:
  0040-linux-user-skip-0-flag-from-proc-se.patch -> 0040-linux-user-remove-all-traces-of-qem.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7
  * Fix issue with diffutils under qemu-ARCH-binfmt (schwab)
  0040-linux-user-skip-0-flag-from-proc-se.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7
  * Fix ppc test failure
  0039-Fix-tlb_vaddr_to_host-with-CONFIG_U.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7
  * Patches dropped:
  0034-build-link-with-libatomic-on-powerp.patch
  * Patches renamed:
  0035-xen-SUSE-xenlinux-unplug-for-emulat.patch -> 0034-xen-SUSE-xenlinux-unplug-for-emulat.patch
  0036-qemu-bridge-helper-reduce-security-.patch -> 0035-qemu-bridge-helper-reduce-security-.patch
  0037-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -> 0036-qemu-binfmt-conf-use-qemu-ARCH-binf.patch
  0038-configure-Fix-detection-of-seccomp-.patch -> 0037-configure-Fix-detection-of-seccomp-.patch
  0039-linux-user-properly-test-for-infini.patch -> 0038-linux-user-properly-test-for-infini.patch
- Updated to v2.7.0: See http://wiki.qemu-project.org/ChangeLog/2.7
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7
- Properly test for infinite timeout in poll (schwab)
  0039-linux-user-properly-test-for-infini.patch
- Update to v2.7.0-rc5: See http://wiki.qemu-project.org/ChangeLog/2.7
- Updated to v2.7.0-rc2: See http://wiki.qemu-project.org/ChangeLog/2.7
  * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7
  * Patches dropped:
  0002-qemu-0.9.0.cvs-binfmt.patch (script rewritten upstream)
  0009-block-vmdk-Support-creation-of-SCSI.patch (deprecated)
  0014-linux-user-Ignore-broken-loop-ioctl.patch (implemented upstream)
  0024-linux-user-add-more-blk-ioctls.patch (more implemented upstream)
  0034-qtest-Increase-socket-timeout.patch (increased further upstream)
  0036-configure-Enable-libseccomp-for-ppc.patch (enabled upstream)
  0038-block-split-large-discard-requests-.patch
  0041-xen-introduce-dummy-system-device.patch
  0042-xen-write-information-about-support.patch
  0043-xen-add-pvUSB-backend.patch
  0044-xen-move-xen_sysdev-to-xen_backend..patch
  0045-vnc-add-configurable-keyboard-delay.patch
  0046-configure-add-echo_version-helper.patch
  0047-configure-support-vte-2.91.patch
  0048-hw-arm-virt-mark-the-PCIe-host-cont.patch
  0050-scsi-esp-fix-migration.patch
  0051-xen-when-removing-a-backend-don-t-r.patch
  0052-xen-drain-submit-queue-in-xen-usb-b.patch
  0053-qcow2-avoid-extra-flushes-in-qcow2.patch
  0055-xen-use-a-common-function-for-pv-an.patch
  * Patches renamed:
  0010-linux-user-add-binfmt-wrapper-for-a.patch -> 0009-linux-user-add-binfmt-wrapper-for-a.patch
  0011-PPC-KVM-Disable-mmu-notifier-check.patch  -> 0010-PPC-KVM-Disable-mmu-notifier-check.patch
  0012-linux-user-fix-segfault-deadlock.patch    -> 0011-linux-user-fix-segfault-deadlock.patch
  0013-linux-user-binfmt-support-host-bina.patch -> 0012-linux-user-binfmt-support-host-bina.patch
  0015-linux-user-lock-tcg.patch                 -> 0013-linux-user-lock-tcg.patch
  0016-linux-user-Run-multi-threaded-code-.patch -> 0014-linux-user-Run-multi-threaded-code-.patch
  0017-linux-user-lock-tb-flushing-too.patch     -> 0015-linux-user-lock-tb-flushing-too.patch
  0018-linux-user-Fake-proc-cpuinfo.patch        -> 0016-linux-user-Fake-proc-cpuinfo.patch
  0019-linux-user-implement-FS_IOC_GETFLAG.patch -> 0017-linux-user-implement-FS_IOC_GETFLAG.patch
  0020-linux-user-implement-FS_IOC_SETFLAG.patch -> 0018-linux-user-implement-FS_IOC_SETFLAG.patch
  0021-linux-user-XXX-disable-fiemap.patch       -> 0019-linux-user-XXX-disable-fiemap.patch
  0022-slirp-nooutgoing.patch                    -> 0020-slirp-nooutgoing.patch
  0023-vnc-password-file-and-incoming-conn.patch -> 0021-vnc-password-file-and-incoming-conn.patch
  0025-linux-user-use-target_ulong.patch         -> 0022-linux-user-use-target_ulong.patch
  0026-block-Add-support-for-DictZip-enabl.patch -> 0023-block-Add-support-for-DictZip-enabl.patch
  0027-block-Add-tar-container-format.patch      -> 0024-block-Add-tar-container-format.patch
  0028-Legacy-Patch-kvm-qemu-preXX-dictzip.patch -> 0025-Legacy-Patch-kvm-qemu-preXX-dictzip.patch
  0029-console-add-question-mark-escape-op.patch -> 0026-console-add-question-mark-escape-op.patch
  0030-Make-char-muxer-more-robust-wrt-sma.patch -> 0027-Make-char-muxer-more-robust-wrt-sma.patch
  0031-linux-user-lseek-explicitly-cast-no.patch -> 0028-linux-user-lseek-explicitly-cast-no.patch
  0032-virtfs-proxy-helper-Provide-__u64-f.patch -> 0029-virtfs-proxy-helper-Provide-__u64-f.patch
  0033-configure-Enable-PIE-for-ppc-and-pp.patch -> 0030-configure-Enable-PIE-for-ppc-and-pp.patch
  0035-AIO-Reduce-number-of-threads-for-32.patch -> 0031-AIO-Reduce-number-of-threads-for-32.patch
  0037-dictzip-Fix-on-big-endian-systems.patch   -> 0032-dictzip-Fix-on-big-endian-systems.patch
  0039-xen_disk-Add-suse-specific-flush-di.patch -> 0033-xen_disk-Add-suse-specific-flush-di.patch
  0040-build-link-with-libatomic-on-powerp.patch -> 0034-build-link-with-libatomic-on-powerp.patch
  0049-xen-SUSE-xenlinux-unplug-for-emulat.patch -> 0035-xen-SUSE-xenlinux-unplug-for-emulat.patch
  0054-qemu-bridge-helper-reduce-security-.patch -> 0036-qemu-bridge-helper-reduce-security-.patch
  * Patches added:
  0002-qemu-binfmt-conf-Modify-default-pat.patch
  * Drop renamed trace-events-all file
  * Use qemu-ARCH-binfmt again with the new qemu-binfmt-conf.sh (schwab)
  0037-qemu-binfmt-conf-use-qemu-ARCH-binf.patch
  * Patches added:
  0038-configure-Fix-detection-of-seccomp-.patch

==== qscintilla ====
Version update (2.9.3 -> 2.9.4)

- Update to 2.9.4
  - Added the .api file for Python v3.6.
  - Bug fixes.

==== sudo ====
Version update (1.8.18p1 -> 1.8.19p2)

- update to 1.8.19p2
  Major changes between sudo 1.8.19p2 and 1.8.19p1:
  * Fixed a crash in visudo introduced in sudo 1.8.9 when an IP address
  or network is used in a host-based Defaults entry.  Bug #766
  * Added a missing check for the ignore_iolog_errors flag when
  the sudoers plugin generates the I/O log file path name.
  * Fixed a typo in sudo's vsyslog() replacement that resulted in
  garbage being logged to syslog.
- add /usr/lib/tmpfiles.d directory to the %files section and fix
  build for SLE12SP2
- update to 1.8.19p1
  Major changes between sudo 1.8.19p1 and 1.8.19:
  * Fixed a bug introduced in sudo 1.8.19 that resulted in the wrong
  syslog priority and facility being used.
  Major changes between sudo 1.8.19 and 1.8.18p1:
  * New "syslog_maxlen" Defaults option to control the maximum size of
  syslog messages generated by sudo.
  * Sudo has been run against PVS-Studio and any issues that were
  not false positives have been addressed.
  * I/O log files are now created same group ID as the parent directory
  and not the invoking user's group ID.
  * I/O log permissions and ownership are now configurable via the
  "iolog_mode", "iolog_user" and "iolog_group" sudoers Defaults
  variables.
  * Fixed configuration of the sudoers I/O log plugin debug subsystem.
  Previously, I/O log information was not being written to the
  sudoers debug log.
  * Fixed a bug in visudo that broke editing of files in an include
  dir that have a syntax error.  Normally, visudo does not edit
  those files, but if a syntax error is detected in one, the user
  should get a chance to fix it.
  * Warnings about unknown or unparsable sudoers Defaults entries now
  include the file and line number of the problem.
  * Visudo will now use the file and line number information about an
  unknown or unparsable Defaults entry to go directly to the file
  with the problem.
  * Fixed a bug in the sudoers LDAP back-end where a negated sudoHost
  entry would prevent other sudoHost entries following it from matching.
  * Warnings from visudo about a cycle in an Alias entry now include the
  file and line number of the problem.
  * In strict mode, visudo will now use the file and line number
  information about a cycle in an Alias entry to go directly to the
  file with the problem.
  * The sudo_noexec.so file is now linked with -ldl on systems that
  require it for the wordexp() wrapper.
  * Fixed linking of sudo_noexec.so on macOS systems where it must be
  a dynamic library and not a module.
  * Sudo's "make check" now includes a test for sudo_noexec.so
  working.
  * The sudo front-end now passes the user's umask to the plugin.
  Previously the plugin had to determine this itself.
  * Sudoreplay can now display the stdin and ttyin streams when they
  are explicitly added to the filter list.
  * Fixed a bug introduced in sudo 1.8.17 where the "all" setting
  for verifypw and listpw was not being honored.  Bug #762.
  * The syslog priority (syslog_goodpri and syslog_badpri) can now
  be negated or set to "none" to disable logging of successful or
  unsuccessful sudo attempts via syslog.

==== systemd-rpm-macros ====

- RPM group fix

==== xz ====
Version update (5.2.2 -> 5.2.3)
Subpackages: liblzma5 liblzma5-32bit xz-devel

- xz 5.2.3:
  * xz: always close a file before trying to delete it to avoid
    problems on some operating system and file system combinations.
  * C99/C11 conformance fixes to liblzma. The issues affected at
    least some builds using link-time optimizations.
  * Fixed bugs in the rarely-used function lzma_index_dup().
  * Use of external SHA-256 code is now disabled by default.
    It can still be enabled by passing --enable-external-sha256
  * Changed CPU core count detection to use sched_getaffinity() on
    GNU/Linux and GNU/kFreeBSD.
  * Fixes to the build-system