Packages changed:
  MozillaThunderbird
  alsa (1.1.4 -> 1.1.4.1)
  glu
  initviocons
  installation-images-Kubic (14.315 -> 14.317)
  installation-images-openSUSE (14.315 -> 14.317)
  lapack
  libXfont
  libXrandr
  libglvnd
  libvdpau
  libxfce4ui
  libzypp (16.11.0 -> 16.12.0)
  marble
  openmpi
  openssh
  python-kiwi (9.6.2 -> 9.7.0)
  qemu (2.8.0 -> 2.9.0)
  qemu-linux-user (2.8.0 -> 2.9.0)
  qtcurve-kde4 (1.8.19~git20170506 -> 1.9.0)
  sudo (1.8.19p2 -> 1.8.20p2)
  tigervnc (1.7.1 -> 1.8.0)
  wireshark (2.2.6 -> 2.2.7)
  xen (4.9.0_04 -> 4.9.0_07)
  xf86-input-evdev
  xf86-input-synaptics
  xf86-input-vmmouse
  xf86-input-void
  xf86-video-ast
  xf86-video-cirrus
  xf86-video-fbdev
  xf86-video-nv
  xf86-video-vesa
  xf86-video-vmware
  xfce4-vala
  xorg-x11-driver-video
  xrandr
  xtrans
  zypper (1.13.27 -> 1.13.28)

=== Details ===

==== MozillaThunderbird ====
Subpackages: MozillaThunderbird-translations-common

- explicitely optimize with -O2 for openSUSE > 13.2/Leap 42 to work
  with gcc7 (boo#1040105, boo#1042090)

==== alsa ====
Version update (1.1.4 -> 1.1.4.1)
Subpackages: alsa-devel libasound2 libasound2-32bit

- Update to alsa-lib 1.1.4.1: it's a bug-fix release, including
  all previous patches:
  * pcm: dmix: Fix the inconsistent PCM state
  * pcm: dshare: Call snd_pcm_dshare_state() directly
  * pcm: dmix: Workaround for binary incompatibility
  * test: add a test for list operation to user-defined element sets
  * conf: Check the availability of PTHREAD_MUTEX_RECURSIVE
  * build: Define __USE_UNIX98 for old glibc
- Obsoleted patches:
  0001-build-Define-__USE_UNIX98-for-old-glibc.patch
  0098-dmix-Workaround-for-binary-incompatibility.patch

==== glu ====
Subpackages: glu-devel libGLU1 libGLU1-32bit

- includes everything needed for missing sle issue entries:
  fate #315643-315645, 319159-319161, 319618 (bsc#1041327)

==== initviocons ====

- Actually build with RPM_OPT_FLAGS, will also catch
  too long -F arguments (bsc#1041840)

==== installation-images-Kubic ====
Version update (14.315 -> 14.317)

- merge gh#openSUSE/installation-images#186
- etc: update module.config to match 4.12
- 14.317
- sle15: don't require obsolete sles-release-DVD package (bsc#1041893)
- merge gh#openSUSE/installation-images#185
- allow driver updates also to be applied to the rescue system
  (bsc#1025621)
- avoid build problems when different openssl versions exist
- new skelcd-control-<BRANDING> packages have files in /usr/lib/skelcd
- 14.316
- rewrite spec file to simplify building different flavors (bsc#1039285)

==== installation-images-openSUSE ====
Version update (14.315 -> 14.317)

- merge gh#openSUSE/installation-images#186
- etc: update module.config to match 4.12
- 14.317
- sle15: don't require obsolete sles-release-DVD package (bsc#1041893)
- merge gh#openSUSE/installation-images#185
- allow driver updates also to be applied to the rescue system
  (bsc#1025621)
- avoid build problems when different openssl versions exist
- new skelcd-control-<BRANDING> packages have files in /usr/lib/skelcd
- 14.316
- rewrite spec file to simplify building different flavors (bsc#1039285)

==== lapack ====
Subpackages: libblas3 liblapack3

- Build the man pages in a separate .spec file (lapack-man). The
  resulting rpm names are kept identical. This allows us to drop
  doxygen out of lapack's main package buildroot, thus eliminating
  a build cycle.

==== libXfont ====

- includes everything needed for missing sle issue entries:
  fate #320388 (bsc#1041641)
  boo#958383, bnc#921978, bnc#857544 (bsc#1041641)
  CVE-2015-1802, CVE-2015-1803, CVE-2015-1804 (bsc#1041641)
  CVE-2014-0209, CVE-2014-0210, CVE-2014-0211 (bsc#1041641)

==== libXrandr ====
Subpackages: libXrandr2 libXrandr2-32bit

- includes everything needed for missing sle issue entries:
  fate #320388, bnc#1003000, CVE-2016-7947, CVE-2016-7948 (bsc#1041366)

==== libglvnd ====
Subpackages: libglvnd-32bit libglvnd-devel

- Obsolete libglvnd0 <= %version-%release instead of only older
  versions in order to fix conflicts on TW.

==== libvdpau ====

- includes everything needed for missing sle issue entries:
  * fate #315643-315645, 319159-319161, 319618 (bsc#1041623)
  * bnc#943967, bnc#943968, bnc#943969 (bsc#1041623)
  * CVE-2015-5198, CVE-2015-5199, CVE-2015-5200 (bsc#1041623)

==== libxfce4ui ====
Subpackages: libxfce4ui-1-0 libxfce4ui-2-0 libxfce4ui-lang libxfce4ui-tools

- Add conditional for pkgconfig(gladeui-1.0) BuildRequires and
  corresponding subpackage glade3-catalog-libxfce4ui. No longer
  build glade integration for Tumbleweed.

==== libzypp ====
Version update (16.11.0 -> 16.12.0)

- Testcase: add missing solver flags (bsc#1041889)
- version 16.12.0 (0)

==== marble ====
Subpackages: libastro1 libmarblewidget-qt5-27 marble-devel

- Fix libastro1 Provides/Obsoletes

==== openmpi ====
Subpackages: openmpi-devel openmpi-libs

- Add openmpi-config package which contains runtime configuration
  files for OpenMPI 1 and/or 2
- Remove execution rights from NEWS doc file

==== openssh ====
Subpackages: openssh-helpers

- Fix preauth seccomp separation on mainframes (bsc#1016709)
  [openssh-7.2p2-s390_hw_crypto_syscalls.patch]
  [openssh-7.2p2-s390_OpenSSL-ibmpkcs11_syscalls.patch]
- enable case-insensitive hostname matching (bsc#1017099)
  [openssh-7.2p2-ssh_case_insensitive_host_matching.patch]
- add CAVS tests
  [openssh-7.2p2-cavstest-ctr.patch]
  [openssh-7.2p2-cavstest-kdf.patch]
- Adding missing pieces for user matching (bsc#1021626)
- Properly verify CIDR masks in configuration
  (bsc#1005893)
  [openssh-7.2p2-verify_CIDR_address_ranges.patch]
- Remove pre-auth compression support from the server to prevent
  possible cryptographic attacks.
  (CVE-2016-10012, bsc#1016370)
  [openssh-7.2p2-disable_preauth_compression.patch]
- limit directories for loading PKCS11 modules
  (CVE-2016-10009, bsc#1016366)
  [openssh-7.2p2-restrict_pkcs11-modules.patch]
- Prevent possible leaks of host private keys to low-privilege
  process handling authentication
  (CVE-2016-10011, bsc#1016369)
  [openssh-7.2p2-prevent_private_key_leakage.patch]
- Do not allow unix socket forwarding when running without
  privilege separation
  (CVE-2016-10010, bsc#1016368)
  [openssh-7.2p2-secure_unix_sockets_forwarding.patch]
- prevent resource depletion during key exchange
  (bsc#1005480, CVE-2016-8858)
  [openssh-7.2p2-kex_resource_depletion.patch]
- fix suggested command for removing conflicting server keys from
  the known_hosts file (bsc#1006221)
- enable geteuid{,32} syscalls on mainframes, since it may be
  called from libica/ibmica on machines with hardware crypto
  accelerator (bsc#1004258)
  [openssh-7.2p2-seccomp_geteuid.patch]
- fix regression of (bsc#823710)
  [openssh-7.2p2-audit_fixes.patch]
- add slogin (removed upstreams)
  [openssh-7.2p2-keep_slogin.patch]
- require OpenSSL < 1.1 where that one is a default

==== python-kiwi ====
Version update (9.6.2 -> 9.7.0)
Subpackages: kiwi-pxeboot kiwi-tools

- Bump version: 9.6.2 ? 9.7.0
- Make sure all required yum repo options are set
  enabled and gpgcheck parameters has to be set for any
  configured yum repository
- Fixup repository setup for yum
  Yum cannot handle spaces between the key and the value.
  This patch provides a method to tell ConfigParser to use
  no spaces for the '=' delimiter and thus Fixes #357
- Reactivate warnings report in pytest
- Fixup kernel name lookup
  If multiple abi compatible kernel module packages are installed
  the kernel version of the boot kernel could be different from
  the kernel module versions. In order to find the boot kernel
  all kernel versions found must be checked. Fixes #355
- Fix/workaround invalid xsd pattern translation
  The data structures are auto generated by the generateDS
  tool which works nicely except for the arch-name xsd pattern
  used in the RelaxNG schema. For some reason the used regular
  expression is translated by generateDS into a python
  expression not matching the original expression from the
  schema. The result is an invalid python warning message after
  the schema has successfully validated the arch string.
  The problem has been reported to the generateDS developer.
  As long as their is no fix available in generateDS the
  following workaround in kiwi applies: The original xs:token
  pattern validation will be disabled on the generateDS
  level and applies only to the schema. This Fixes #347
- Some fine tune updates
  * Updated the docs for system_create command
  * Reverted dracut image initialization
  * Updated yum comment about repo_gpgcheck option
  * Updated variable name in disk builder
  * Typo correction
- Include signing-key feature for boot images
  This commit extends the behavior of --signing-key options in order
  to import the provided key file into the boot image, in addition to
  the regular image root tree.
  Related to #342
- Fix use of pre requires in spec file
- Fixup working dir for editboot scripts
  editbootconfig and editbootinstall scripts needs to be
  called from within the correct directory to allow access
  to the written bootloader config files. For live images
  the working directory was set to the wrong place. This
  Fixes #353
- remove duplicated code from dhclient setup
  IPADDR is assigned within dhclientImportInfo
  original patch by Dinar Valeev <k0da@opensuse.org>
- Fix spelling of 'processor'
  https://bugzilla.opensuse.org/show_bug.cgi?id=957927
- Fixed pre-req for kiwi-pxeboot subpackage
  the binaries groupadd and useradd used in the preinstall
  scriptlet and provided by the shadow package needs a pre
  requirement on shadow to make sure they exist when the
  package gets installed. Fixes (bsc#1040256)
- Fix existing root check, fixes #349
  This commit fixes the validation of an existing root directory
  for the command 'system build'. System build used to create the root
  directory before performing the root existance check, thus the
  check was always failing in any case. The root directory is created
  inside the RootInit class within the 'create' method.
  Fixes #349
- Extend --signing-key to Apt package manager
  This commit extends support for --siging-key to the Apt package
  manager. However it has only been included for the chrooted
  operations, as current implementation of the bootstrap procedure does
  not provide signature check capabilities.
  Related to #342
- Extend --signing-key option to Yum and Dnf
  This commit extends the --signing-key options support to Yum and Dnf
  package managers. In addition, signature check for repositories
  had to be disabled for Yum and Dnf, as kiwi unrelated issues were
  found while testing. Nevertheless, package signature checks are
  fully functional.
  Related to #342
- Add --signing-key option
  This commit adds --signing-key option which sets a key file to import
  into the package manager trusted keys database. This commit adds this
  flag support only for zypper.
  Fixes #342
- Don't print warning report
  The auto generated xml_parse.py uses the python warnings module
  The unit tests uses the coverage module in py.test to create
  a report. The latest py.test update now also creates a warnings
  report which is unwanted because some of the unit tests
  intentionally causes the creation of a warning as the expected
  result but we don't want to see that in a py.test warnings
  report. Therfore this patch switches off the creation of that
  warnings report
- Update manual page of build command
  Add information for --allow-existing-root option
- Fixup default behavior of build command
  The build command automatically used an existing root tree
  from a former build attempt. However this could cause an
  inconsistent image if the former build root was not based on
  the same image type setup. Thus it is better to allow this
  only if the --allow-existing-root option is specified along
  with the build command call
- Fixed alpha sorting of options
- Complete zypper cache cleanup
  also the raw and solv cache needs to be deleted
- Update manual pages
  Add information and use case for --clear-cache option
- Added --clear-cache option
  The system prepare and build commands now provides the
  option --clear-cache which deletes all cache data
  associated with the repositories to build the image.
  This Fixes #341
- Let dracut create a compressed initrd
  dracut was called in a way to create an uncompressed initrd archive
  and kiwi later runs the xz compression on it. That way the default
  compression parameters used by dracut get lost. Fixes #335
- Improve rpm-check-signatures support
  This commit ensures the signatures are checked for both: the
  repository and the rpm package. It applies for zypper, dnf and
  yum package managers.
- Fixup boot-load-size for efi loader in iso
  Pass the real boot-load-size of the used loader as number
  of 512byte blocks to the iso creation call. Related to
  (bsc#939456)
- Update documentation to meet review results
- Added GCE image primary setup information
- Added Azure image primary setup information
- Added EC2 image primary setup information
- Map partition ID's from sgdisk to lowercase
- rework building virtual disk image chapter
  Adapt to style as used in the live iso chapter and add
  references to low level topics regarding the setup of
  the image to work in the public cloud. Related to #323

==== qemu ====
Version update (2.8.0 -> 2.9.0)
Subpackages: qemu-arm qemu-block-curl qemu-block-dmg qemu-block-gluster qemu-block-iscsi qemu-block-rbd qemu-block-ssh qemu-extra qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-ppc qemu-s390 qemu-seabios qemu-sgabios qemu-tools qemu-vgabios qemu-x86

- Fixes for gcc7 compatability (bsc#1040228) (in behalf of Liang Yan)
  0056-jazz_led-fix-bad-snprintf.patch
  0057-slirp-smb-Replace-constant-strings-.patch
  0058-altera_timer-fix-incorrect-memset.patch
  0059-Hacks-for-building-on-gcc-7-Fedora-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Protect access to metadata in virtio-9pfs (CVE-2017-7493 bsc#1039495)
  0055-9pfs-local-forbid-client-access-to-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Address various security/stability issues
  * Fix DOS potential in vnc interface (CVE-2017-8379 bsc#1037334)
  0051-input-limit-kbd-queue-depth.patch
  * Fix DOS potential in vnc interface (CVE-2017-8309 bsc#1037242)
  0052-audio-release-capture-buffers.patch
  * Fix OOB access in megasas device emulation (CVE-2017-8380
  bsc#1037336)
  0053-scsi-avoid-an-off-by-one-error-in-m.patch
  * Fix DOS in Vmware pv scsi emulation (CVE-2017-8112 bsc#1036211)
  0054-vmw_pvscsi-check-message-ring-page-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Fix building packages for some older distros.
- Further refine our handling of building firmware (or not) for
  the various arch's and distro versions we build for. Note that
  if we don't build x86 firmware, (eg: x86 Leap 42.1) the upstream
  binary blobs are used, which may have migration incompatibilities
  with previous versions of qemu provided.
- Fix issue in shipping qemu v2.9.0, where pci-passthrough for Xen
  HVM guests got broken (bsc#1034131)
  0049-ACPI-don-t-call-acpi_pcihp_device_p.patch
- Include experimental, unsupported feature to assist in some
  performance analysis work.
  0050-i386-Allow-cpuid-bit-override.patch
- Updated to v2.9.0: See http://wiki.qemu-project.org/ChangeLog/2.9
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Updated to v2.9.0-rc5: See http://wiki.qemu-project.org/ChangeLog/2.9
  * Includes fix for CVE-2017-7471, a virtfs security issue.
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Add empty keyboard queue tracepoint to help openQA testing work
  better (bsc#1031692)
  0048-input-Add-trace-event-for-empty-key.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Updated to v2.9.0-rc4: See http://wiki.qemu-project.org/ChangeLog/2.9
- Enable ceph/rbd support for s390x (bsc#1030068)
- Enable ceph/rbd support for ppc* as available
- Update ARM in-kernel-timers patch (bsc#1033416)
  * Patches renamed:
  0041-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0047-ARM-KVM-Enable-in-kernel-timers-wit.patch
  0042-string-input-visitor-Fix-uint64-par.patch -> 0041-string-input-visitor-Fix-uint64-par.patch
  0043-test-string-input-visitor-Add-int-t.patch -> 0042-test-string-input-visitor-Add-int-t.patch
  0044-test-string-input-visitor-Add-uint6.patch -> 0043-test-string-input-visitor-Add-uint6.patch
  0045-tests-Add-QOM-property-unit-tests.patch -> 0044-tests-Add-QOM-property-unit-tests.patch
  0046-tests-Add-scsi-disk-test.patch -> 0045-tests-Add-scsi-disk-test.patch
  * Patches added (support patch):
  0046-RFC-update-Linux-headers-from-irqs-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Updated to v2.9.0-rc3: See http://wiki.qemu-project.org/ChangeLog/2.9
  * Patches dropped (included in upstream source archive):
  0047-hw-intc-arm_gicv3_kvm-Check-KVM_DEV.patch
  0048-i386-Replace-uint32_t-with-FeatureW.patch
  0049-i386-Don-t-override-cpu-options-on-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Added additional documentation provided with v2.9.0
- Fix build failure with gcc7 (bsc#1031340)
  ipxe-build-Avoid-implicit-fallthrough-warnings-on-GCC-7.patch
- Made miscellaneous spec file refinements
- The support documents included are now fairly accurate for the
  arm and s390 world, and the x86 version also received a few
  tweaks. Also included in those docs is a url reference to upstream
  qemu deprecation plans and discussions.
  (fate#321146)
- Add post v2.9.0-rc2 upstream patches which fix -cpu host and -cpu
  max feature overrides for libvirt compatability.
  0048-i386-Replace-uint32_t-with-FeatureW.patch
  0049-i386-Don-t-override-cpu-options-on-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Updated to v2.9.0-rc2: See http://wiki.qemu-project.org/ChangeLog/2.9
  * Includes fix for in guest privilege escalation when using TCG
  (bsc#1030624)
  * Patches dropped (equivalent included in upstream source archive):
  0047-linux-user-exclude-cpu-model-code-w.patch
- Fix failure booting SLE12-SP2 Aarch64 guest (bsc#1031384)
  0047-hw-intc-arm_gicv3_kvm-Check-KVM_DEV.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Updated to v2.9.0-rc1: See http://wiki.qemu-project.org/ChangeLog/2.9
  * Patches dropped (no longer needed based on what we now build for):
  0024-virtfs-proxy-helper-Provide-__u64-f.patch
  * Patches dropped (included in upstream source archive):
  0034-dma-rc4030-limit-interval-timer-rel.patch
  * Patches renamed:
  0025-configure-Enable-PIE-for-ppc-and-pp.patch -> 0024-configure-Enable-PIE-for-ppc-and-pp.patch
  0026-AIO-Reduce-number-of-threads-for-32.patch -> 0025-AIO-Reduce-number-of-threads-for-32.patch
  0027-dictzip-Fix-on-big-endian-systems.patch -> 0026-dictzip-Fix-on-big-endian-systems.patch
  0028-xen_disk-Add-suse-specific-flush-di.patch -> 0027-xen_disk-Add-suse-specific-flush-di.patch
  0029-qemu-bridge-helper-reduce-security-.patch -> 0028-qemu-bridge-helper-reduce-security-.patch
  0030-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -> 0029-qemu-binfmt-conf-use-qemu-ARCH-binf.patch
  0031-configure-Fix-detection-of-seccomp-.patch -> 0030-configure-Fix-detection-of-seccomp-.patch
  0032-linux-user-properly-test-for-infini.patch -> 0031-linux-user-properly-test-for-infini.patch
  0033-linux-user-remove-all-traces-of-qem.patch -> 0032-linux-user-remove-all-traces-of-qem.patch
  0035-roms-Makefile-pass-a-packaging-time.patch -> 0033-roms-Makefile-pass-a-packaging-time.patch
  0036-Raise-soft-address-space-limit-to-h.patch -> 0034-Raise-soft-address-space-limit-to-h.patch
  0037-increase-x86_64-physical-bits-to-42.patch -> 0035-increase-x86_64-physical-bits-to-42.patch
  0038-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch -> 0036-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch
  0039-i8254-Fix-migration-from-SLE11-SP2.patch -> 0037-i8254-Fix-migration-from-SLE11-SP2.patch
  0040-acpi_piix4-Fix-migration-from-SLE11.patch -> 0038-acpi_piix4-Fix-migration-from-SLE11.patch
  0041-Fix-tigervnc-long-press-issue.patch -> 0039-Fix-tigervnc-long-press-issue.patch
  0042-fix-xen-hvm-direct-kernel-boot.patch -> 0040-fix-xen-hvm-direct-kernel-boot.patch
  0043-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0041-ARM-KVM-Enable-in-kernel-timers-wit.patch
  0044-string-input-visitor-Fix-uint64-par.patch -> 0042-string-input-visitor-Fix-uint64-par.patch
  0045-test-string-input-visitor-Add-int-t.patch -> 0043-test-string-input-visitor-Add-int-t.patch
  0046-test-string-input-visitor-Add-uint6.patch -> 0044-test-string-input-visitor-Add-uint6.patch
  0047-tests-Add-QOM-property-unit-tests.patch -> 0045-tests-Add-QOM-property-unit-tests.patch
  0048-tests-Add-scsi-disk-test.patch -> 0046-tests-Add-scsi-disk-test.patch
  0049-linux-user-exclude-cpu-model-code-w.patch -> 0047-linux-user-exclude-cpu-model-code-w.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Updated to v2.9.0-rc0: See http://wiki.qemu-project.org/ChangeLog/2.9
  * Updated version carries fixes for the following reported issues:
  CVE-2016-9602 bsc#1020427, CVE-2016-9923 bsc#1014703,
  CVE-2017-2630 bsc#1025396, CVE-2017-2633 bsc#1026612,
  CVE-2017-5579 bsc#1021741, CVE-2017-5931 bsc#1024114,
  CVE-2017-5973 bsc#1025109, CVE-2017-5987 bsc#1025311,
  CVE-2017-6058 bsc#1025837, CVE-2017-6505 bsc#1028184
  * Patches dropped:
  seabios_128kb.patch (no longer required)
  * Patches dropped (included in upstream source archive):
  0035-net-imx-limit-buffer-descriptor-cou.patch
  0045-virtio-gpu-call-cleanup-mapping-fun.patch
  0051-virtio-gpu-fix-information-leak-in-.patch
  0052-display-cirrus-ignore-source-pitch-.patch
  0053-s390x-kvm-fix-small-race-reboot-vs..patch
  0054-target-s390x-use-qemu-cpu-model-in-.patch
  0056-tests-check-path-to-avoid-a-failing.patch
  0057-display-virtio-gpu-3d-check-virgl-c.patch
  0058-watchdog-6300esb-add-exit-function.patch
  0059-virtio-gpu-3d-fix-memory-leak-in-re.patch
  0060-virtio-gpu-fix-memory-leak-in-resou.patch
  0061-virtio-fix-vq-inuse-recalc-after-mi.patch
  0062-audio-es1370-add-exit-function.patch
  0063-audio-ac97-add-exit-function.patch
  0064-megasas-fix-guest-triggered-memory-.patch
  0065-cirrus-handle-negative-pitch-in-cir.patch
  0066-cirrus-fix-blit-address-mask-handli.patch
  0067-cirrus-fix-oob-access-issue-CVE-201.patch
  0068-usb-ccid-check-ccid-apdu-length.patch
  0069-sd-sdhci-check-data-length-during-d.patch
  0070-virtio-gpu-fix-resource-leak-in-vir.patch
  0071-cirrus-fix-patterncopy-checks.patch
  0072-cirrus-add-blit_is_unsafe-call-to-c.patch
  * Patches renamed:
  0036-roms-Makefile-pass-a-packaging-time.patch -> 0035-roms-Makefile-pass-a-packaging-time.patch
  0037-Raise-soft-address-space-limit-to-h.patch -> 0036-Raise-soft-address-space-limit-to-h.patch
  0038-increase-x86_64-physical-bits-to-42.patch -> 0037-increase-x86_64-physical-bits-to-42.patch
  0039-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch -> 0038-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch
  0040-i8254-Fix-migration-from-SLE11-SP2.patch -> 0039-i8254-Fix-migration-from-SLE11-SP2.patch
  0041-acpi_piix4-Fix-migration-from-SLE11.patch -> 0040-acpi_piix4-Fix-migration-from-SLE11.patch
  0042-Fix-tigervnc-long-press-issue.patch -> 0041-Fix-tigervnc-long-press-issue.patch
  0043-fix-xen-hvm-direct-kernel-boot.patch -> 0042-fix-xen-hvm-direct-kernel-boot.patch
  0044-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0043-ARM-KVM-Enable-in-kernel-timers-wit.patch
  0046-string-input-visitor-Fix-uint64-par.patch -> 0044-string-input-visitor-Fix-uint64-par.patch
  0047-test-string-input-visitor-Add-int-t.patch -> 0045-test-string-input-visitor-Add-int-t.patch
  0048-test-string-input-visitor-Add-uint6.patch -> 0046-test-string-input-visitor-Add-uint6.patch
  0049-tests-Add-QOM-property-unit-tests.patch -> 0047-tests-Add-QOM-property-unit-tests.patch
  0050-tests-Add-scsi-disk-test.patch -> 0048-tests-Add-scsi-disk-test.patch
  0055-linux-user-exclude-cpu-model-code-w.patch -> 0049-linux-user-exclude-cpu-model-code-w.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9

==== qemu-linux-user ====
Version update (2.8.0 -> 2.9.0)

- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
  * Patches added:
  0056-jazz_led-fix-bad-snprintf.patch
  0057-slirp-smb-Replace-constant-strings-.patch
  0058-altera_timer-fix-incorrect-memset.patch
  0059-Hacks-for-building-on-gcc-7-Fedora-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
  * Patches added:
  0055-9pfs-local-forbid-client-access-to-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
  * Patches added:
  0051-input-limit-kbd-queue-depth.patch
  0052-audio-release-capture-buffers.patch
  0053-scsi-avoid-an-off-by-one-error-in-m.patch
  0054-vmw_pvscsi-check-message-ring-page-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
  * Patches added:
  0049-ACPI-don-t-call-acpi_pcihp_device_p.patch
  0050-i386-Allow-cpuid-bit-override.patch
- Updated to v2.9.0: See http://wiki.qemu-project.org/ChangeLog/2.9
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Updated to v2.9.0-rc5: See http://wiki.qemu-project.org/ChangeLog/2.9
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
  * Patches added:
  0048-input-Add-trace-event-for-empty-key.patch
- Updated to v2.9.0-rc4: See http://wiki.qemu-project.org/ChangeLog/2.9
  * Patches renamed:
  0041-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0047-ARM-KVM-Enable-in-kernel-timers-wit.patch
  0042-string-input-visitor-Fix-uint64-par.patch -> 0041-string-input-visitor-Fix-uint64-par.patch
  0043-test-string-input-visitor-Add-int-t.patch -> 0042-test-string-input-visitor-Add-int-t.patch
  0044-test-string-input-visitor-Add-uint6.patch -> 0043-test-string-input-visitor-Add-uint6.patch
  0045-tests-Add-QOM-property-unit-tests.patch -> 0044-tests-Add-QOM-property-unit-tests.patch
  0046-tests-Add-scsi-disk-test.patch -> 0045-tests-Add-scsi-disk-test.patch
  * Patches added:
  0046-RFC-update-Linux-headers-from-irqs-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Updated to v2.9.0-rc3: See http://wiki.qemu-project.org/ChangeLog/2.9
  * Patches dropped:
  0047-hw-intc-arm_gicv3_kvm-Check-KVM_DEV.patch
  0048-i386-Replace-uint32_t-with-FeatureW.patch
  0049-i386-Don-t-override-cpu-options-on-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Made miscellaneous spec file refinements
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
  * Patches added:
  0048-i386-Replace-uint32_t-with-FeatureW.patch
  0049-i386-Don-t-override-cpu-options-on-.patch
- Updated to v2.9.0-rc2: See http://wiki.qemu-project.org/ChangeLog/2.9
  * Patches dropped:
  0047-linux-user-exclude-cpu-model-code-w.patch
  * Patches added:
  0047-hw-intc-arm_gicv3_kvm-Check-KVM_DEV.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Updated to v2.9.0-rc1: See http://wiki.qemu-project.org/ChangeLog/2.9
  * Patches dropped (no longer needed based on what we now build for):
  0024-virtfs-proxy-helper-Provide-__u64-f.patch
  * Patches dropped (included in upstream source archive):
  0034-dma-rc4030-limit-interval-timer-rel.patch
  * Patches renamed:
  0025-configure-Enable-PIE-for-ppc-and-pp.patch -> 0024-configure-Enable-PIE-for-ppc-and-pp.patch
  0026-AIO-Reduce-number-of-threads-for-32.patch -> 0025-AIO-Reduce-number-of-threads-for-32.patch
  0027-dictzip-Fix-on-big-endian-systems.patch -> 0026-dictzip-Fix-on-big-endian-systems.patch
  0028-xen_disk-Add-suse-specific-flush-di.patch -> 0027-xen_disk-Add-suse-specific-flush-di.patch
  0029-qemu-bridge-helper-reduce-security-.patch -> 0028-qemu-bridge-helper-reduce-security-.patch
  0030-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -> 0029-qemu-binfmt-conf-use-qemu-ARCH-binf.patch
  0031-configure-Fix-detection-of-seccomp-.patch -> 0030-configure-Fix-detection-of-seccomp-.patch
  0032-linux-user-properly-test-for-infini.patch -> 0031-linux-user-properly-test-for-infini.patch
  0033-linux-user-remove-all-traces-of-qem.patch -> 0032-linux-user-remove-all-traces-of-qem.patch
  0035-roms-Makefile-pass-a-packaging-time.patch -> 0033-roms-Makefile-pass-a-packaging-time.patch
  0036-Raise-soft-address-space-limit-to-h.patch -> 0034-Raise-soft-address-space-limit-to-h.patch
  0037-increase-x86_64-physical-bits-to-42.patch -> 0035-increase-x86_64-physical-bits-to-42.patch
  0038-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch -> 0036-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch
  0039-i8254-Fix-migration-from-SLE11-SP2.patch -> 0037-i8254-Fix-migration-from-SLE11-SP2.patch
  0040-acpi_piix4-Fix-migration-from-SLE11.patch -> 0038-acpi_piix4-Fix-migration-from-SLE11.patch
  0041-Fix-tigervnc-long-press-issue.patch -> 0039-Fix-tigervnc-long-press-issue.patch
  0042-fix-xen-hvm-direct-kernel-boot.patch -> 0040-fix-xen-hvm-direct-kernel-boot.patch
  0043-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0041-ARM-KVM-Enable-in-kernel-timers-wit.patch
  0044-string-input-visitor-Fix-uint64-par.patch -> 0042-string-input-visitor-Fix-uint64-par.patch
  0045-test-string-input-visitor-Add-int-t.patch -> 0043-test-string-input-visitor-Add-int-t.patch
  0046-test-string-input-visitor-Add-uint6.patch -> 0044-test-string-input-visitor-Add-uint6.patch
  0047-tests-Add-QOM-property-unit-tests.patch -> 0045-tests-Add-QOM-property-unit-tests.patch
  0048-tests-Add-scsi-disk-test.patch -> 0046-tests-Add-scsi-disk-test.patch
  0049-linux-user-exclude-cpu-model-code-w.patch -> 0047-linux-user-exclude-cpu-model-code-w.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Updated to v2.9.0-rc0: See http://wiki.qemu-project.org/ChangeLog/2.9
  * Patches dropped (included in upstream source archive):
  0035-net-imx-limit-buffer-descriptor-cou.patch
  0045-virtio-gpu-call-cleanup-mapping-fun.patch
  0051-virtio-gpu-fix-information-leak-in-.patch
  0052-display-cirrus-ignore-source-pitch-.patch
  0053-s390x-kvm-fix-small-race-reboot-vs..patch
  0054-target-s390x-use-qemu-cpu-model-in-.patch
  0056-tests-check-path-to-avoid-a-failing.patch
  0057-display-virtio-gpu-3d-check-virgl-c.patch
  0058-watchdog-6300esb-add-exit-function.patch
  0059-virtio-gpu-3d-fix-memory-leak-in-re.patch
  0060-virtio-gpu-fix-memory-leak-in-resou.patch
  0061-virtio-fix-vq-inuse-recalc-after-mi.patch
  0062-audio-es1370-add-exit-function.patch
  0063-audio-ac97-add-exit-function.patch
  0064-megasas-fix-guest-triggered-memory-.patch
  0065-cirrus-handle-negative-pitch-in-cir.patch
  0066-cirrus-fix-blit-address-mask-handli.patch
  0067-cirrus-fix-oob-access-issue-CVE-201.patch
  0068-usb-ccid-check-ccid-apdu-length.patch
  0069-sd-sdhci-check-data-length-during-d.patch
  0070-virtio-gpu-fix-resource-leak-in-vir.patch
  0071-cirrus-fix-patterncopy-checks.patch
  0072-cirrus-add-blit_is_unsafe-call-to-c.patch
  * Patches renamed:
  0036-roms-Makefile-pass-a-packaging-time.patch -> 0035-roms-Makefile-pass-a-packaging-time.patch
  0037-Raise-soft-address-space-limit-to-h.patch -> 0036-Raise-soft-address-space-limit-to-h.patch
  0038-increase-x86_64-physical-bits-to-42.patch -> 0037-increase-x86_64-physical-bits-to-42.patch
  0039-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch -> 0038-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch
  0040-i8254-Fix-migration-from-SLE11-SP2.patch -> 0039-i8254-Fix-migration-from-SLE11-SP2.patch
  0041-acpi_piix4-Fix-migration-from-SLE11.patch -> 0040-acpi_piix4-Fix-migration-from-SLE11.patch
  0042-Fix-tigervnc-long-press-issue.patch -> 0041-Fix-tigervnc-long-press-issue.patch
  0043-fix-xen-hvm-direct-kernel-boot.patch -> 0042-fix-xen-hvm-direct-kernel-boot.patch
  0044-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0043-ARM-KVM-Enable-in-kernel-timers-wit.patch
  0046-string-input-visitor-Fix-uint64-par.patch -> 0044-string-input-visitor-Fix-uint64-par.patch
  0047-test-string-input-visitor-Add-int-t.patch -> 0045-test-string-input-visitor-Add-int-t.patch
  0048-test-string-input-visitor-Add-uint6.patch -> 0046-test-string-input-visitor-Add-uint6.patch
  0049-tests-Add-QOM-property-unit-tests.patch -> 0047-tests-Add-QOM-property-unit-tests.patch
  0050-tests-Add-scsi-disk-test.patch -> 0048-tests-Add-scsi-disk-test.patch
  0055-linux-user-exclude-cpu-model-code-w.patch -> 0049-linux-user-exclude-cpu-model-code-w.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9

==== qtcurve-kde4 ====
Version update (1.8.19~git20170506 -> 1.9.0)
Subpackages: libqtcurve-cairo1 libqtcurve-utils2 qtcurve-gtk2 qtcurve-qt5

- Update to 1.9.0
  * Make X11 drop shadow size configurable

==== sudo ====
Version update (1.8.19p2 -> 1.8.20p2)

- update to 1.8.20p2 which obsoletes patches:
  * sudo-1.8.19p2-CVE-2017-1000367.patch
  * sudo-1.8.19p2-decrement_env_len.patch
  * sudo-1.8.19p2-dont_overwrite_ret_val.patch
  Major changes between sudo 1.8.20p2 and 1.8.20p1:
  * Fixed a bug parsing /proc/pid/stat on Linux when the process
  name contains newlines.  This is not exploitable due to the /dev
  traversal changes in sudo 1.8.20p1.
  Major changes between sudo 1.8.20p1 and 1.8.20:
  * Fixed "make check" when using OpenSSL or GNU crypt.
  Bug #787.
  * Fixed CVE-2017-1000367, a bug parsing /proc/pid/stat on Linux
  when the process name contains spaces.  Since the user has control
  over the command name, this could potentially be used by a user
  with sudo access to overwrite an arbitrary file on systems with
  SELinux enabled.  Also stop performing a breadth-first traversal
  of /dev when looking for the device; only a hard-coded list of
  directories are checked,
  Major changes between sudo 1.8.20 and 1.8.19p2:
  * Added support for SASL_MECH in ldap.conf. Bug #764
  * Added support for digest matching when the command is a glob-style
  pattern or a directory. Previously, only explicit path matches
  supported digest checks.
  * New "fdexec" Defaults option to control whether a command
  is executed by path or by open file descriptor.
  * The embedded copy of zlib has been upgraded to version 1.2.11.
  * Fixed a bug that prevented sudoers include files with a relative
  path starting with the letter 'i' from being opened.  Bug #776.
  * Added support for command timeouts in sudoers.  The command will
  be terminated if the timeout expires.
  * The SELinux role and type are now displayed in the "sudo -l"
  output for the LDAP and SSSD backends, just as they are in the
  sudoers backend.
  * A new command line option, -T, can be used to specify a command
  timeout as long as the user-specified timeout is not longer than
  the timeout specified in sudoers.  This option may only be
  used when the "user_command_timeouts" flag is enabled in sudoers.
  * Added NOTBEFORE and NOTAFTER command options to the sudoers
  backend similar to what is already available in the LDAP backend.
  * Sudo can now optionally use the SHA2 functions in OpenSSL or GNU
  crypt instead of the SHA2 implementation bundled with sudo.
  * Fixed a compilation error on systems without the stdbool.h header
  file.  Bug #778.
  * Fixed a compilation error in the standalone Kerberos V authentication
  module.  Bug #777.
  * Added the iolog_flush flag to sudoers which causes I/O log data
  to be written immediately to disk instead of being buffered.
  * I/O log files are now created with group ID 0 by default unless
  the "iolog_user" or "iolog_group" options are set in sudoers.
  * It is now possible to store I/O log files on an NFS-mounted
  file system where uid 0 is remapped to an unprivileged user.
  The "iolog_user" option must be set to a non-root user and the
  top-level I/O log directory must exist and be owned by that user.
  * Added the restricted_env_file setting to sudoers which is similar
  to env_file but its contents are subject to the same restrictions
  as variables in the invoking user's environment.
  * Fixed a use after free bug in the SSSD backend when the fqdn
  sudoOption is enabled and no hostname value is present in
  /etc/sssd/sssd.conf.
  * Fixed a typo that resulted in a compilation error on systems
  where the killpg() function is not found by configure.
  * Fixed a compilation error with the included version of zlib
  when sudo was built outside the source tree.
  * Fixed the exit value of sudo when the command is terminated by
  a signal other than SIGINT.  This was broken in sudo 1.8.15 by
  the fix for Bug #722.  Bug #784.
  * Fixed a regression introduced in sudo 1.8.18 where the "lecture"
  option could not be used in a positive boolean context, only
  a negative one.
  * Fixed an issue where sudo would consume stdin if it was not
  connected to a tty even if log_input is not enabled in sudoers.
  Bug #786.
  * Clarify in the sudoers manual that the #includedir directive
  diverts control to the files in the specified directory and,
  when parsing of those files is complete, returns control to the
  original file.  Bug #775.

==== tigervnc ====
Version update (1.7.1 -> 1.8.0)

- removed unneeded -fPIC flags for CFLAGS, these made it avoid
  PIE support.
- Update to tigervnc 1.8.0
  * Overhaul of the Java client to match the look and behaviour of the native client
  * Initial work for multi-threaded decoding in the Java client
  * vncconfig no longer needed for clipboard with Xvnc/libvnc.so
  * vncserver has system wide config support
  * Full support for alpha cursors in Xvnc/libvnc.so and both viewers
- Removed patches:
  * U_Add-xorg-xserver-1.19-support.patch
  * U_tigervnc-fix-inetd-not-working-with-xserver-1-19.patch
  * U_tigervnc-better-check-for-screen-visibility.patch
- U_tigervnc-better-check-for-screen-visibility.patch
  * Crop operations to visible screen. (bnc#1032272)

==== wireshark ====
Version update (2.2.6 -> 2.2.7)
Subpackages: libwireshark8 libwiretap6 libwscodecs1 libwsutil7 wireshark-ui-qt

- Wireshark 2.2.7 (bsc#1042330):
  This release fixes minor vulnerabilities that could be used to
  trigger dissector crashes, infinite loopsm or cause excessive use
  of CPU resources by making Wireshark read specially crafted
  packages from the network or a capture file:
  * CVE-2017-9352: Bazaar dissector infinite loop (bsc#1042304)
  * CVE-2017-9348: DOF dissector read overflow (bsc#1042303)
  * CVE-2017-9351: DHCP dissector read overflow (bsc#1042302)
  * CVE-2017-9346: SoulSeek dissector infinite loop (bsc#1042301)
  * CVE-2017-9345: DNS dissector infinite loop (bsc#1042300)
  * CVE-2017-9349: DICOM dissector infinite loop (bsc#1042305)
  * CVE-2017-9350: openSAFETY dissector memory exhaustion (bsc#1042299)
  * CVE-2017-9344: BT L2CAP dissector divide by zero (bsc#1042298)
  * CVE-2017-9343: MSNIP dissector crash (bsc#1042309)
  * CVE-2017-9347: ROS dissector crash (bsc#1042308)
  * CVE-2017-9354: RGMP dissector crash (bsc#1042307)
  * CVE-2017-9353: IPv6 dissector crash (bsc#1042306)

==== xen ====
Version update (4.9.0_04 -> 4.9.0_07)
Subpackages: xen-doc-html xen-libs xen-tools xen-tools-domU

- bsc#1042160 - VUL-1: CVE-2017-9330: xen: usb: ohci: infinite loop
  due to incorrect return value
  CVE-2017-9330-qemut-usb-ohci-infinite-loop-due-to-incorrect-return-value.patch
- bsc#1037243 - VUL-1: CVE-2017-8309: xen: audio: host memory
  leakage via capture buffer
  CVE-2017-8309-qemut-audio-host-memory-leakage-via-capture-buffer.patch
- Update to Xen 4.9.0-rc7 (fate#321394, fate#323108)
  xen-4.9.0-testing-src.tar.bz2
- Update to Xen 4.9.0-rc6 (fate#321394, fate#323108)
  xen-4.9.0-testing-src.tar.bz2

==== xf86-input-evdev ====

- includes everything needed for missing sle issue entries:
  fate #320263, fate#315643-315645, 319159-319161, 319618 (bsc#1041371)
- 50-elotouch.conf: Make sure an 'TouchSystems CarrollTouch 4500U'
  is an absolute device (bnc#876089, bsc#1041371)

==== xf86-input-synaptics ====

- includes everything needed for missing sle issue entries:
  fate #315643-315645, 319159-319161, 319618 (bsc#1041556)

==== xf86-input-vmmouse ====

- includes everything needed for missing sle issue entries:
  fate #320612, fate #315643-315645, 319159-319161, 319618, bnc#922188
  (bsc#1041589)

==== xf86-input-void ====

- includes everything needed for missing sle issue entries:
  fate #315643-315645, 319159-319161, 319618 (bsc#1041352)

==== xf86-video-ast ====

- includes everything needed for missing sle issue entries:
  fate #315643-315645, 319159-319161, 319618, bnc#867165 (bsc#1041346)

==== xf86-video-cirrus ====

- includes everything needed for missing sle issue entries:
  fate #315643-315645, 319159-319161, 319618 (bsc#1041347)

==== xf86-video-fbdev ====

- includes everything needed for missing sle issue entries:
  fate #320388 (bsc#1041351)

==== xf86-video-nv ====

- commented out modalias lines in specfile in order to no longer
  install xf86-video-nv driver by default (bnc#868732, bsc#1041416)
- covers missing SLE entry fate#320388 (bsc#1041416)

==== xf86-video-vesa ====

- includes everything needed for missing sle issue entries:
  fate #315643-315645, 319159-319161, 319618 (bsc#1041379)

==== xf86-video-vmware ====

- includes everything needed for missing sle issue entries:
  fate #315643-315645, 319159-319161, 319618 (bsc#1041651)

==== xfce4-vala ====

- Simplify situation around vala versions:
  + BuildRequire libvala-devel: this is a virtual symbol provided
    by the various libvala-*-devel versions.
  + Programatically find the API version provided by libvala-devel
    to pass this to configure.
- Add 0%{?leap_version} == 420300 to allow build on Leap 42.3.

==== xorg-x11-driver-video ====

- get rid of old and no longer supported drivers
  xorg-x11-driver-video-{radeonhd,unichrome} (bnc#873443, bsc#1041398)

==== xrandr ====

- includes everything needed for missing sle issue entries:
  fate #320388 (bsc#1041382)
- Add xrandr-print-outputs-per-provider.patch from sle12. This makes
  the --listproviders option in xrandr(1) also print which outputs are
  supported by each provider or GPU. (patch by federico@suse.com)

==== xtrans ====

- includes everything needed for missing sle issue entries:
  fate #320388 (bsc#1041610)

==== zypper ====
Version update (1.13.27 -> 1.13.28)
Subpackages: zypper-aptitude zypper-log

- Accept --auto-agree-with-product-licenses from SUSEconnect (bsc#1037783)
- version 1.13.28