Packages changed:
  ImageMagick (7.0.5.4 -> 7.0.5.5)
  Mesa (17.0.4 -> 17.0.5)
  MozillaFirefox (52.0.2 -> 52.1.0)
  MozillaFirefox-branding-openSUSE
  autofs
  ceph (12.0.1+git.1491557762.4e47e9f -> 12.0.2+git.1493295295.8c88dc6)
  cpupower (4.10 -> 4.11)
  hwinfo (21.39 -> 21.40)
  libsolv (0.6.26 -> 0.6.27)
  libvirt (3.2.0 -> 3.3.0)
  libzypp (16.8.0 -> 16.9.0)
  mxml
  open-iscsi
  parted
  python-kiwi (9.4.10 -> 9.6.0)
  samba (4.6.2+git.19.c267455e57b -> 4.6.3+git.21.0735c828d4f)
  slrn (1.0.2 -> 1.0.3)
  tcsh
  tmux
  vim
  xine-ui
  xmlbeans
  zypper (1.13.24 -> 1.13.25)

=== Details ===

==== ImageMagick ====
Version update (7.0.5.4 -> 7.0.5.5)
Subpackages: ImageMagick-devel ImageMagick-extra libMagick++-7_Q16HDRI2 libMagickCore-7_Q16HDRI2 libMagickWand-7_Q16HDRI0 perl-PerlMagick

- updated to 7.0.5-5
  * Minimize buffer copies to improve OpenCL performance.
  * Morphology thinning is no longer a no-op.
  * Patch two PCD writer problems, corrupt output and dark pixels.
  * Support ICC based PDF's.
  * Fix improper EPS clip path rendering.
- workaround failed test
  + ImageMagick-relax-filter.t.patch

==== Mesa ====
Version update (17.0.4 -> 17.0.5)
Subpackages: Mesa-dri-devel Mesa-dri-nouveau Mesa-libEGL-devel Mesa-libEGL1 Mesa-libGL-devel Mesa-libGL1 Mesa-libglapi0 Mesa-libglapi0-32bit Mesa-libva libOSMesa8 libOSMesa8-32bit libgbm1 libvdpau_nouveau libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libvulkan_intel libvulkan_radeon libwayland-egl1 libxatracker2

- update to 17.0.5
  * fdo#97524 - Samplers referring to the same texture unit with different
    types should raise GL_INVALID_OPERATION
  * nvc0/ir: Properly handle a "split form" of predicate destination
  * nir: Destination component count of shader_clock intrinsic is 2
  * winsys/sw/dri: don't use GNU void pointer arithmetic
  * st/clover: add space between < and ::
  * configure.ac: check require_basic_egl only if egl enabled
  * st/mesa: automake: honour the vdpau header install location
  * intel/fs: Use regs_written() in spilling cost heuristic for improved accuracy
  * intel/fs: Take into account amount of data read in spilling cost heuristic.
  * radv: report timestampPeriod correctly
  * anv/blorp: Flush the texture cache in UpdateBuffer
  * anv/cmd_buffer: Flush the VF cache at the top of all primaries
  * anv/cmd_buffer: Always set up a null surface state
  * anv/cmd_buffer: Use the null surface state for ATTACHMENT_UNUSED
  * anv/blorp: Properly handle VK_ATTACHMENT_UNUSED
  * i965/vec4: Avoid reswizzling MACH instructions in opt_register_coalesce()
  * st/mesa: invalidate the readpix cache in st_indirect_draw_vbo
  * anv/cmd_buffer: Disable CCS on BDW input attachments
  * mesa: fix remaining xfb prims check for GLES with multiple instances
  * mesa: validate sampler type across the whole program
  * vbo: fix gl_DrawID handling in glMultiDrawArrays
  * util/queue: don't hang at exit
  * mesa: fix remaining xfb prims check for GLES with multiple instances
  * mesa: extract need_xfb_remaining_prims_check
  * mesa: move glMultiDrawArrays to vbo and fix error handling
  + update Mesa.keyring to both upstream release managers
- u_gallivm-correct-channel-shift-logic-on-big-endian.patch:
  * instead of reverse applying a change on s390x
    ("U_draw-use-SoA-fetch-not-AoS-one.patch") address the
    issue by a real fix (bsc#1032272, fdo#100613)
- baselibs.conf: added libvulkan_intel-32bit as a requirement for
  Mesa-libd3d (boo#1036282)
- No OpenCL on ppc

==== MozillaFirefox ====
Version update (52.0.2 -> 52.1.0)
Subpackages: MozillaFirefox-translations-common

- update to Firefox 52.1.0esr (boo#1035082)
  MFSA 2017-12
  * CVE-2017-5443 (bmo#1342661)
    Out-of-bounds write during BinHex decoding
  * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894,
    bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088)
    Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and
    Firefox ESR 52.1
  * CVE-2017-5464 (bmo#1347075)
    Memory corruption with accessibility and DOM manipulation
  * CVE-2017-5465 (bmo#1347617)
    Out-of-bounds read in ConvolvePixel
  * CVE-2017-5466 (bmo#1353975)
    Origin confusion when reloading isolated data:text/html URL
  * CVE-2017-5467 (bmo#1347262)
    Memory corruption when drawing Skia content
  * CVE-2017-5460 (bmo#1343642)
    Use-after-free in frame selection
  * CVE-2017-5461 (bmo#1344380)
    Out-of-bounds write in Base64 encoding in NSS
  * CVE-2017-5448 (bmo#1346648)
    Out-of-bounds write in ClearKeyDecryptor
  * CVE-2017-5449 (bmo#1340127)
    Crash during bidirectional unicode manipulation with animation
  * CVE-2017-5446 (bmo#1343505)
    Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
  * CVE-2017-5447 (bmo#1343552)
    Out-of-bounds read during glyph processing
  * CVE-2017-5444 (bmo#1344461)
    Buffer overflow while parsing application/http-index-format content
  * CVE-2017-5445 (bmo#1344467)
    Uninitialized values used while parsing application/http-index-format
    content
  * CVE-2017-5442 (bmo#1347979)
    Use-after-free during style changes
  * CVE-2017-5469 (bmo#1292534)
    Potential Buffer overflow in flex-generated code
  * CVE-2017-5440 (bmo#1336832)
    Use-after-free in txExecutionState destructor during XSLT processing
  * CVE-2017-5441 (bmo#1343795)
    Use-after-free with selection during scroll events
  * CVE-2017-5439 (bmo#1336830)
    Use-after-free in nsTArray Length() during XSLT processing
  * CVE-2017-5438 (bmo#1336828)
    Use-after-free in nsAutoPtr during XSLT processing
  * CVE-2017-5437 (bmo#1343453)
    Vulnerabilities in Libevent library
  * CVE-2017-5436 (bmo#1345461)
    Out-of-bounds write with malicious font in Graphite 2
  * CVE-2017-5435 (bmo#1350683)
    Use-after-free during transaction processing in the editor
  * CVE-2017-5434 (bmo#1349946)
    Use-after-free during focus handling
  * CVE-2017-5433 (bmo#1347168)
    Use-after-free in SMIL animation functions
  * CVE-2017-5432 (bmo#1346654)
    Use-after-free in text input selection
  * CVE-2017-5430 (bmo#1329796, bmo#1337418, bmo#1339722, bmo#1340482,
    bmo#1342101, bmo#1344081, bmo#1344305, bmo#1344686, bmo#1346140,
    bmo#1346419, bmo#1348143, bmo#1349621, bmo#1349719, bmo#1353476)
    Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1
  * CVE-2017-5459 (bmo#1333858)
    Buffer overflow in WebGL
  * CVE-2017-5462 (bmo#1345089)
    DRBG flaw in NSS
  * CVE-2017-5455 (bmo#1341191)
    Sandbox escape through internal feed reader APIs
  * CVE-2017-5454 (bmo#1349276)
    Sandbox escape allowing file system read access through file
    picker
  * CVE-2017-5456 (bmo#1344415)
    Sandbox escape allowing local file system access
  * CVE-2017-5451 (bmo#1273537)
    Addressbar spoofing with onblur event
- requires NSS 3.28.4
- rebased patches

==== MozillaFirefox-branding-openSUSE ====

- recognize Leap 42.3 (boo#1036679)

==== autofs ====

- remove rpmlintrc, review was boo#782691
- Fix spurious ELOOP on certain kinds of failures (bsc#968918):
  * autofs: fix yp map age not updated in s/_/./g case
  * autofs: properly handle errors in lookup_nss_mount
  * Added patches:
    autofs-5.1.1-properly-handle-errors-in-lookup_nss_mount.patch
    autofs-5.1.1-fix-yp-map-age-not-updated-during-map-lookup.patch

==== ceph ====
Version update (12.0.1+git.1491557762.4e47e9f -> 12.0.2+git.1493295295.8c88dc6)
Subpackages: librados2 librbd1

- Update to version 12.0.2+git.1493291471.adb6a43:
  + rocksdb: sync with upstream (bsc#1025891)
  + build/ops: cmake: explicitly disable MSSE 4.2 if not supported
- _constraints: set higher disk and memory constraints so s390x
  builds don't fail
- Update to version 12.0.2+git.1493238434.71681fd:
  + cmake: added empty RPATH to libceph_crypto_isal.so
- Update to version 12.0.2+git.1493227670.3396ca1:
  + rgw: use a vector for options passed to civetweb
- Update to version 12.0.2+git.1493192333.3305a0c
  + merge upstream master (0d368d2c8544247a4aed9c71c74e77b0c6bbfb22)
    including 12.0.2 development release
- revert commit a9a50f690085091bb4446095418237f9fef712c8 in preparation for
  rebasing against the upstream implementation.  (bsc#1035937)

==== cpupower ====
Version update (4.10 -> 4.11)
Subpackages: libcpupower0

- Update to latest mainline sources
- turbostat changed versioning scheme (we now have version 17.04.12)

==== hwinfo ====
Version update (21.39 -> 21.40)
Subpackages: hwinfo-devel

- enhance documentation
- merge gh#openSUSE/hwinfo#45
- small doc changes
- 21.40

==== libsolv ====
Version update (0.6.26 -> 0.6.27)
Subpackages: libsolv-devel libsolv-tools perl-solv python-solv

- change queue resize code to use adaptive chunk sizes
- fix potential segfault in testcase_depstr [bnc#1036002]
- fix performance issues with name = md5sum dependencies
  [bnc#1035946]
- improve "forcebest with uninstall" handling
- make dirid handling more robust
- build with libxml2 instead of libexpat
- bump version to 0.6.27

==== libvirt ====
Version update (3.2.0 -> 3.3.0)
Subpackages: libvirt-client libvirt-daemon libvirt-daemon-config-network libvirt-daemon-config-nwfilter libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-driver-uml libvirt-daemon-driver-vbox libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs

- Update to libvirt 3.3.0 RC1
  - Many incremental improvements and bug fixes, see
    http://libvirt.org/news.html
  - Dropped patches:
    ae102b5d7-qemu-fix-regression-when-hyperv-vendor_id-feature-is-used.patch
  - Bug fixes:
    bsc#978121, bsc#1017017, bsc#1032863, bsc#1033117, bsc#1034024,
    bsc#1034146
- libxl: add default controllers for USB devices
  libxl-def-usbctrl.patch
  bsc#1031056

==== libzypp ====
Version update (16.8.0 -> 16.9.0)

- PoolQuery: Treat explicit queries for 'kind:name' correctly
  (bsc#1035729)
- version 16.9.0 (0)

==== mxml ====
Subpackages: libmxml1

- Add reproducible.patch to make build reproducible

==== open-iscsi ====
Subpackages: iscsiuio

- Added support for qedi ping (bsc#1036238)

==== parted ====
Subpackages: libparted0

- Use latest fdasd/vtoc code base from s390-tools (fate#321531)
  - add: libparted-dasd-unify-vtoc-handling-for-cdl-ldl.patch
  - add: libparted-dasd-update-and-improve-fdasd-functions.patch
  - add: libparted-dasd-add-new-fdasd-functions.patch
- libparted: Don't warn if the HDIO_GET_IDENTITY ioctl isn't
  supported (bsc#964012, bsc#1001967)
  - add: libparted-dont-warn-if-no-HDIO_GET_IDENTITY.patch
- Amend patch description:
  - libparted-open-the-device-RO-and-lazily-switch-to-RW.patch

==== python-kiwi ====
Version update (9.4.10 -> 9.6.0)
Subpackages: kiwi-pxeboot kiwi-tools

- Bump version: 9.5.0 ? 9.6.0
- Additional container commandline options
  Added --set-container-derived-from and --set-container-tag
  commandline options which allows to overwrite the data set
  in the XML configuration
- Implement obsrepositories source on derived_from
  The following reference to a derived container:
  obsrepositories:/container#latest
  Will be translated into the following buildservice
  local path:
  /usr/src/packages/SOURCES/containers/_obsrepositories/container#latest
- Implement obs source on derived_from
  The following reference to a derived container:
  obs:/project/repo/container#tag
  Will be translated into the following buildservice
  local path:
  /usr/src/packages/SOURCES/containers/project/repo/container#tag
- Use urlparse to detect uri scheme
  The source location postfix can contain several different
  formats e.g :/, or :// or even just :, python's urlparse
  is able to cope with all that which allows to work with
  the url scheme base name and thus makes handling this
  code more robust
- Bump version: 9.4.11 ? 9.5.0
- Include '--delete' in OCI images DataSync
  This commit includes #310 patch for OCI images.
  It also corrects the end of line format for kiwi/container/docker.py
  and test/unit/container_image_docker_test.py, so flake tests are all
  green.
- Include --delete flag in DataSync for docker images
  This commit includes the --delete flag in order to synchronize the
  docker images. This is relevant for derived images where the new
  layer might not only add files, but also remove something from the
  base image.
  Fixes #309
- Define correct default locations for sources-dir and preferences-dir
  In order to ensure that the defined repositories in the KIWI configuration
  are set to the correct places for installing into the image, the
  sources-dir and preferences-dir need to be redefined to point to the
  in-image location, as it is done for the other package managers.
- Do not purge the repositories before inserting them
  There are no good reasons to be purging the repo directories, especially
  when it is common for some distributions (Red Hat/CentOS/Fedora, for example)
  to ship repository configuration as packages. Deleting them puts the package
  manager in the system into a weird state, so we want to avoid this.
- Fix default reposdir path for Yum
- Add support for OCI images
  This commit adds support for OCI images. Most of the docker related
  code is reused for OCI classes and Docker classes have been refactored
  so now they are a splecialization of the OCI classes. It is done this
  way since KIWI internally only uses OCI format to operate with
  containers, therefore docker images just differ from OCI images by
  the way they are packaged or unpackaged.
- Add clear attribute for entrypoint and subcommand sections
  This commit adds the possibility of clearing asny subcommand or
  entrypoint. This is relevant for docker derived images, as they
  inherit the configuration and it might lead to some bad behavior.
- Bump version: 9.4.10 ? 9.4.11
- Add require/recommend installation support for yum
  This commit adds support to install required only or required plus
  recommended packages using yum as the package manager.
- Add support for required/recommended packages
  This commit enables support to install only required packages
  or install required plus recommended packages.
- Include 'plusRecommended' management for dnf
  Add support to enable/disable installation of recommended packages
  for dnf package manager. With this commit 'plusRecommended'
  patternType triggers on installation of recommended packages, which
  is turned off by default.
- Make sure debian repositories database is populated before install
  This commit includes an 'apt-get update' call before any 'apt-get
  install' command. This way the packages database is always ready,
  even if no bootstrap procedure has been executed.

==== samba ====
Version update (4.6.2+git.19.c267455e57b -> 4.6.3+git.21.0735c828d4f)
Subpackages: libdcerpc-binding0 libdcerpc-binding0-32bit libdcerpc0 libdcerpc0-32bit libndr-krb5pac0 libndr-krb5pac0-32bit libndr-nbt0 libndr-nbt0-32bit libndr-standard0 libndr-standard0-32bit libndr0 libndr0-32bit libnetapi0 libnetapi0-32bit libsamba-credentials0 libsamba-credentials0-32bit libsamba-errors0 libsamba-errors0-32bit libsamba-hostconfig0 libsamba-hostconfig0-32bit libsamba-passdb0 libsamba-passdb0-32bit libsamba-util0 libsamba-util0-32bit libsamdb0 libsamdb0-32bit libsmbclient-devel libsmbclient0 libsmbconf0 libsmbconf0-32bit libsmbldap0 libsmbldap0-32bit libtevent-util0 libtevent-util0-32bit libwbclient0 libwbclient0-32bit samba-client samba-client-32bit samba-doc samba-libs samba-libs-32bit samba-winbind samba-winbind-32bit

- Update to 4.6.3; (bsc#1036011)
  + s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots
    from shares with GlusterFS backend; (bso#12743).
  + Fix for Solaris C compiler; (bso#12559).
  + s3: locking: Update oplock optimization for the leases era; (bso#12628).
  + Make the Solaris C compiler happy; (bso#12693).
  + s3: libgpo: Allow skipping GPO objects that don't have the
    expected LDAP attributes; (bso#12695).
  + Fix buffer overflow caused by wrong use of getgroups; (bso#12747).
  + lib: debug: Avoid negative array access; (bso#12746).
  + cleanupdb: Fix a memory read error; (bso#12748).
  + streams_xattr and kernel oplocks results in
    NT_STATUS_NETWORK_BUSY; (bso#7537).
  + winbindd: idmap_autorid allocates ids for unknown SIDs from other
    backends; (bso#11961).
  + vfs_fruit: Resource fork open request with
    flags=O_CREAT|O_RDONLY; (bso#12565).
  + manpages/vfs_fruit: Document global options; (bso#12615).
  + lib/pthreadpool: Fix a memory leak; (bso#12624).
  + Lookup-domain for well-known SIDs on a DC; (bso#12727).
  + winbindd: Fix error handling in rpc_lookup_sids(); (bso#12728).
  + winbindd: Trigger possible passdb_dsdb initialisation; (bso#12729).
  + credentials_krb5: use gss_acquire_cred for client-side GSSAPI
    use case; (bso#12611).
  + lib/crypto: Implement samba.crypto Python module for RC4; (bso#12690).
  + ctdb-readonly: Avoid a tight loop waiting for revoke to
    complete; (bso#12697).
  + ctdb_event monitor command crashes if event is not specified;
    (bso#12723).
  + ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'; (bso#12733).
  + smbd: Fix smb1 findfirst with DFS; (bso#12558).
  + smbd: Do an early exit on negprot failure; (bso#12610).
  + winbindd: Fix substitution for 'template homedir'; (bso#12699).
  + s4:kdc: Disable principal based autodetected referral detection;
    (bso#12554).
  + idmap_autorid: Allocate new domain range if the callers knows
    the sid is valid; (bso#12613).
  + LINKFLAGS_PYEMBED should not contain -L/some/path; (bso#12724).
  + PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy for
    trusted domain; (bso#12725).
  + rpcclient: Allow -U'OTHERDOMAIN\user' again; (bso#12731).
  + winbindd: Fix password policy for pam authentication; (bso#12725).
  + s3:gse: Correctly handle external trusts with MIT; (bso#12554).
  + auth/credentials: Always set the realm if we set the principal
    from the ccache; (bso#12611).
  + replace: Include sysmacros.h; (bso#12686).
  + s3:vfs_expand_msdfs: Do not open the remote address as a file;
    (bso#12687).
  + s3:libsmb: Only print error message if kerberos use is forced;
    (bso#12704).
  + winbindd: Child process crashes when kerberos-authenticating
    a user with wrong password; (bso#12708).
  + vfs_fruit: Office document opens as read-only on macOS due to
    CNID semantics; (bso#12715).
  + vfs_acl_xattr: Fix failure to get ACL on Linux if memory is
    fragmented; (bso#12737).
- Generate and update vendor-files tarball from Git
  + SuSEfirewall2 service samba-client only setup IPv4 rule; (bsc#1034416).

==== slrn ====
Version update (1.0.2 -> 1.0.3)
Subpackages: slrn-lang

- remove unused files with restrictive licenses - bsc#1036331
- Ensure neutrality in description.
- slrn 1.0.3:
  * A quoted-string in the display portion of an address was not
    being marked as allowing mime-encoded text.
  * After calling iconv to perform a character set conversion on an
    article line, call it again with just the newline character.
    This resets the state for some conversion types (UTF-7).
  * Disable support for SSLv3, which is vulnerable to POODLE
    attacks CVE-2014-3566 bsc#1031023
  * The reject_long_lines option was not working as documented.
    Setting it to 0 had no effect when netiquette_warnings was set
    to a non-zero value.
  * replace_article_with_mime_obj, also decode
    quoted-printable/base64.
  * Add a file from the autoconf archive that detects libraries
    needed for socket support.  The old method used X_EXTRA_LIBS,
    which breaks if X in not installed.
  * Added support for large (>2GB) files on 32 bit unix systems.
  * Updated Danish translation
  * If a mime message has already been base64/QP converted, do not
    try to convert it again.
  * Do not use SSL_CTX_set_options if gnutls is being used
  * Use labs instead of abs for long integer
  * Removed compilation date info for a reproducible build
  * rfc1522_encode_word: max_nbytes was not being properly limit
    checked.

==== tcsh ====
Subpackages: tcsh-lang

- Add patch tcsh-6.20.00-8bit-cmdkeys.patch
  Do not convert current used control bytes into wide characters
- Extend bindkey.tcsh with 8-bit controls key escape sequences

==== tmux ====

- Fix boo#1037468 - tmux_issue889.patch

==== vim ====
Subpackages: gvim vim-data

- Extend vimrc with mappings for  8-bit controls key escape sequences
- Conflict with old vim versions to fix the upgrade from 12.3
  boo#1036583

==== xine-ui ====

- Add reproducible.patch to make build fully reproducible
  by not having variations in mime type order in .desktop file

==== xmlbeans ====

- Buildignore xml-commons-jaxp-1.3-apis and xml-commons-resolver12
  only when building xmlbeans-mini.

==== zypper ====
Version update (1.13.24 -> 1.13.25)
Subpackages: zypper-aptitude zypper-log

- Fix translation shortcut error (bsc#1035344)
- version 1.13.25