Packages changed:
  NetworkManager-applet (1.8.2 -> 1.8.4)
  NetworkManager-openvpn (1.2.10 -> 1.8.0)
  PackageKit
  apparmor
  cups
  emacs (25.2 -> 25.3)
  file (5.31 -> 5.32)
  gnome-session
  gnome-shell
  gnome-tweak-tool (3.26.0 -> 3.26.1)
  gnutls (3.5.15 -> 3.6.0)
  gstreamer (1.12.2 -> 1.12.3)
  gstreamer-plugins-bad (1.12.2 -> 1.12.3)
  gstreamer-plugins-base (1.12.2 -> 1.12.3)
  gstreamer-plugins-good (1.12.2 -> 1.12.3)
  gstreamer-plugins-ugly (1.12.2 -> 1.12.3)
  gstreamer-rtsp-server (1.12.2 -> 1.12.3)
  gstreamer-transcoder (1.12.0 -> 1.12.1)
  gstreamer-validate (1.12.2 -> 1.12.3)
  libffi
  libvirt
  libzypp (16.17.0 -> 16.17.1)
  lightdm (1.22.0 -> 1.24.0)
  lightdm-gtk-greeter (2.0.2 -> 2.0.3)
  mariadb
  mozilla-nspr (4.15 -> 4.16)
  mozilla-nss (3.31.1 -> 3.32.1)
  multipath-tools (0.7.2+44+suse.3a8d750c -> 0.7.3+10+suse.70ccb55b0439)
  mysql-connector-cpp (1.1.8 -> 1.1.9)
  obs-service-source_validator (0.6+git20170830.0775ae8 -> 0.6+git20170922.230bbc4)
  openjpeg
  openldap2
  patterns-devel-base
  pciutils-ids (20170710 -> 20170917)
  perl-IO-Socket-SSL (2.025 -> 2.051)
  perl-List-MoreUtils (0.419 -> 0.425)
  perl-libwww-perl (6.26 -> 6.27)
  permissions (20170913 -> 20170922)
  python-M2Crypto (0.26.0 -> 0.26.3)
  python-chardet
  python-gst (1.12.2 -> 1.12.3)
  python-pyasn1 (0.3.5 -> 0.3.6)
  qemu
  qemu-linux-user
  samba (4.6.7+git.38.90b2cdb4f22 -> 4.6.7+git.49.562d44faa9d)
  shared-mime-info (1.8 -> 1.9)
  squid (3.5.26 -> 3.5.27)
  swig
  tbb (2017_20170412 -> 2018_20170726)
  virtualbox (5.1.26_k4.13.3_1 -> 5.1.28_k4.13.3_1)
  wget
  wine (2.15 -> 2.17)
  yast2-theme (3.3.0 -> 4.0.0)
  zypper (1.13.35 -> 1.13.36)

=== Details ===

==== NetworkManager-applet ====
Version update (1.8.2 -> 1.8.4)
Subpackages: NetworkManager-connection-editor libnm-gtk0 libnma0 nma-data typelib-1_0-NMGtk-1_0

- Update to version 1.8.4:
  + nm-c-e:
  - Major rework of the nm-connection-editor UI.
  - Add support for MACsec.
  - Add support for new PPPoE connections not limited to
    ethernet.
  - Add support for bridge's group-forward-mask property.
  + applet:
  - Fix nm-applet's status icon when a VPN has the default route.
  - Always center dialogs on the screen.
  + libnma: Fix handling empty password for certificate chooser.
  + Various bugfixes and minor improvements.
  + Updated translations.
- Only BuildRequire pkgconfig(dbusmenu-gtk3-0.4) when building
  with appindicator support.

==== NetworkManager-openvpn ====
Version update (1.2.10 -> 1.8.0)
Subpackages: NetworkManager-openvpn-gnome

- Update to version 1.8.0:
  + Use gresources for ui files.
  + Use NMACertChooser for PKCS#11 support.
  + Support --ifconfig option not only for static key connections
    (bgo#774727).
  + Fix import for key-direction to make it independent of the
    order (bgo#778154).
  + Extend support for address family specifier for remote protocol
    (bgo#731620).
  + Updated translations.
- Drop
  add-support-for-IP-address-family-specifier-for-remote.patch:
  Fixed upstream.
- Drop obsolete post(un) handling of icon_theme_cache_post(un), no
  longer needed, there is no icon files anymore.
- Run spec-cleaner, modernize spec.

==== PackageKit ====
Subpackages: PackageKit-backend-zypp PackageKit-gstreamer-plugin PackageKit-gtk3-module PackageKit-lang libpackagekit-glib2-18 typelib-1_0-PackageKitGlib-1_0

- No longer BuildRequires libqt4-devel, this part is in a separate
  project since version 0.8.6.

==== apparmor ====
Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-profiles apparmor-utils pam_apparmor pam_apparmor-32bit perl-apparmor python3-apparmor

- add apparmor-fix-podsyntax.patch from mailing list to fix
  compilation with perl 5.26

==== cups ====
Subpackages: cups-client cups-devel cups-libs cups-libs-32bit

- Pre-require user(lp) in cups-libs

==== emacs ====
Version update (25.2 -> 25.3)
Subpackages: emacs-info emacs-nox emacs-x11 etags

- Update to emacs version 25.2 a security release
  * * Security vulnerability related to Enriched Text mode is removed.
- Modified patches
  * emacs-24.4-ps-bdf.patch
  * emacs-25.2-ImageMagick7.patch
  * emacs-25.2-bsc1058425.patch now partly upstream
- Rename emacs-25.2.dif to emacs-25.3.dif

==== file ====
Version update (5.31 -> 5.32)
Subpackages: file-devel file-magic libmagic1 libmagic1-32bit

- Update to file version 5.32
  * Always reset state in {file,buffer}_apprentice (Krzysztof Wilczynski)
  * Fix always true condition (Thomas Jarosch)
  * pickier parsing of numeric values in magic files.
  * PR/615 add magic_getflags()
- This release fix the bug bsc#1056838 for CVE-2017-1000249
- Remove patch file-5.31-fix-tga.dif as now upstream
- Rename patch file-5.31.dif which now becomes file-5.32.dif
- Modify the patches
  * file-5.16-ocloexec.patch
  * file-5.19-biorad.dif
  * file-5.19-printf.dif
  * file-5.23-endian.patch
  * file-5.28-btrfs-image.dif

==== gnome-session ====
Subpackages: gnome-session-core gnome-session-default-session gnome-session-lang

- Re-add
  gnome-session-logging-to-systemd-journal-configurable.patch (not
  yet upstream [bsc#979498], [bgo#768982]).
- Revert "Enable SLE-Classic for wayland": the SLE-Classic session
  requires gnome-shell-extensions, which is the reason why the
  X-Session is shipped as part of that package. The wayland session
  should also be there.
- Register GNOME with u-a handler for default.desktop
  implementation, which obsoletes the change in
  /etc/sysconfig/windowmanager to pick the 'default window manager'
  (boo#1039756).

==== gnome-shell ====
Subpackages: gnome-shell-browser-plugin gnome-shell-calendar gnome-shell-lang

- Add gnome-shell-only-listen-window-created-events-once.patch:
  gtk-embed: ensure we only listen for window-created events once
  (bgo#787361).

==== gnome-tweak-tool ====
Version update (3.26.0 -> 3.26.1)
Subpackages: gnome-tweak-tool-lang

- Update to version 3.26.1:
  + New bugfix release:
  - Fix enabling and disabling GNOME Shell extensions.
  - Fix Workspace tweaks in GNOME Shell and "modes".
  - Hide Workspaces panel if GNOME Shell isn't running.
  - Add "Activities Overview Hot Corner" tweak. This is disabled
    by default because it requires a patch from bgo#688320 that
    hasn't been committed yet.
  + Updated translations.

==== gnutls ====
Version update (3.5.15 -> 3.6.0)
Subpackages: libgnutls-dane0 libgnutls-devel libgnutls30 libgnutls30-32bit

- Disable flaky dtls_resume test on Power
  * add gnutls-3.6.0-disable-flaky-dtls_resume-test.patch
- GnuTLS 3.6.0:
  * Introduce a lock-free random generator which operates per-
    thread and eliminates random-generator related bottlenecks in
    multi-threaded operation.
  * Replace the Salsa20 random generator with one based on CHACHA.
    The goal is to reduce code needed in cache (CHACHA is also
    used for TLS), and the number of primitives used by the
    library. That does not affect the AES-DRBG random generator
    used in FIPS140-2 mode.
  * Add support for RSA-PSS key type as well as signatures in
    certificates, and TLS key exchange
  * Add support for Ed25519 signing in certificates and TLS key
    exchange following draft-ietf-tls-rfc4492bis-17
  * Enable X25519 key exchange by default, following
    draft-ietf-tls-rfc4492bis-17.
  * Add support for Diffie-Hellman group negotiation following
    RFC7919.
  * Introduce various sanity checks on certificate import
  * Introduce gnutls_x509_crt_set_flags(). This function can set
    flags in the crt structure. The only flag supported at the
    moment is GNUTLS_X509_CRT_FLAG_IGNORE_SANITY which skips the
    certificate sanity checks on import.
  * PKIX certificates with unknown critical extensions are rejected
    on verification with status GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS
  * Refuse to generate a certificate with an illegal version, or an
    illegal serial number. That is, gnutls_x509_crt_set_version()
    and gnutls_x509_crt_set_serial(), will fail on input considered
    to be invalid in RFC5280.
  * Call to gnutls_record_send() and gnutls_record_recv() prior to
    handshake being complete are now refused
  * Add support for PKCS#12 files with no salt (zero length) in
    their password encoding, and PKCS#12 files using SHA384 and
    SHA512 as MAC.
  * libgnutls: Exported functions to encode and decode DSA and ECDSA
    r,s values.
  * Add new callback setting function to gnutls_privkey_t for
    external keys. The new function (gnutls_privkey_import_ext4),
    allows signing in addition to previous algorithms (RSA PKCS#1
    1.5, DSA, ECDSA), with RSA-PSS and Ed25519 keys.
  * Introduce the %VERIFY_ALLOW_BROKEN and
    %VERIFY_ALLOW_SIGN_WITH_SHA1 priority string options. These
    allows enabling all broken and SHA1-based signature algorithms
    in certificate verification, respectively.
  * 3DES-CBC is no longer included in the default priorities list.
    It has to be explicitly enabled, e.g., with a string like
    "NORMAL:+3DES-CBC".
  * SHA1 was marked as insecure for signing certificates.
    Verification of certificates signed with SHA1 is now considered
    insecure and will fail, unless flags intended to enable broken
    algorithms are set. Other uses of SHA1 are still allowed.
  * RIPEMD160 was marked as insecure for certificate signatures.
    Verification of certificates signed with RIPEMD160 hash
    algorithm is now considered insecure and will fail, unless
    flags intended to enable broken algorithms are set.
  * No longer enable SECP192R1 and SECP224R1 by default on TLS
    handshakes. These curves were rarely used for that purpose,
    provide no advantage over x25519 and were deprecated by TLS 1.3.
  * Remove support for DEFLATE, or any other compression method.
  * OpenPGP authentication was removed; the resulting library is ABI
    compatible, with the openpgp related functions being stubs that
    fail on invocation.
    Drop gnutls-broken-openpgp-tests.patch, no longer required.
  * Remove support for libidn (i.e., IDNA2003); gnutls can now be
    compiled only with libidn2 which provides IDNA2008.
  * certtool: The option '--load-ca-certificate' can now accept
    PKCS#11 URLs in addition to files.
  * certtool: The option '--load-crl' can now be used when
    generating PKCS#12 files (i.e., in conjunction with '--to-p12' option).
  * certtool: Keys with provable RSA and DSA parameters are now
    only read and exported from PKCS#8 form, following
    draft-mavrogiannopoulos-pkcs8-validated-parameters-00.txt.
    This removes support for the previous a non-standard key format.
  * certtool: Added support for generating, printing and handling
    RSA-PSS and Ed25519 keys and certificates.
  * certtool: the parameters --rsa, --dsa and --ecdsa to
  - -generate-privkey are now deprecated, replaced by the
  - -key-type option.
  * p11tool: The --generate-rsa, --generate-ecc and --generate-dsa
    options were replaced by the --generate-privkey option.
  * psktool: Generate 256-bit keys by default.
  * gnutls-server: Increase request buffer size to 16kb, and added
    the --alpn and --alpn-fatal options, allowing testing of ALPN
    negotiation.
  * Enables FIPS 140-2 mode during build

==== gstreamer ====
Version update (1.12.2 -> 1.12.3)
Subpackages: gstreamer-devel gstreamer-utils libgstreamer-1_0-0 libgstreamer-1_0-0-32bit typelib-1_0-Gst-1_0

- Update to version 1.12.3:
  + Fix for infinite recursion on buffer free in v4l2.
  + Fix for glimagesink crash on macOS when used via autovideosink.
  + Fix for huge overhead in matroskamux caused by writing one
    Cluster per audio-frame in audio-only streams. Also use
    SimpleBlocks for Opus and other audio codecs, which works
    around a bug in VLC that prevented Opus streams to be played
    and decreases overhead even more.
  + Fix for flushing seeks in rtpmsrc always causing an error.
  + Fix for timestamp overflows in calculations in audio encoder
    base class.
  + Fix for RTP h265 depayloader marking P-frames as I-frames.
  + Fix for long connection delays of clients in RTSP server.
  + Fixes for event handling in queue and queue2 elements, and
    updates to buffering levels on NOT_LINKED streams.
  + Various fixes to event and buffering handling in
    decodebin3/playbin3.
  + Various fixes for memory leaks, deadlocks and crashes in all
    modules.
  + Bugs fixed: bgo#778193, bgo#786034, bgo#786056, bgo#786561.

==== gstreamer-plugins-bad ====
Version update (1.12.2 -> 1.12.3)
Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbadbase-1_0-0 libgstbadvideo-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstgl-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgsturidownloader-1_0-0 libgstwayland-1_0-0

- Update to version 1.12.3:
  + Bugs fixed: bgo#767462, bgo#782379, bgo#784887, bgo#785119,
    bgo#785941, bgo#785957, bgo#785987, bgo#786036, bgo#786201,
    bgo#786250, bgo#787234, bgo#787309, bgo#787442, bgo#787727.
- Replace pkgconfig(libopenjpeg1) with pkgconfig(libopenjp2)
  BuildRequires: Build against the new branch of libopenjpeg.

==== gstreamer-plugins-base ====
Version update (1.12.2 -> 1.12.3)
Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstaudio-1_0-0-32bit libgstfft-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgsttag-1_0-0-32bit libgstvideo-1_0-0 libgstvideo-1_0-0-32bit typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0

- Update to version 1.12.3:
  + Bugs fixed: bgo#785011, bgo#771088, bgo#777735, bgo#785065,
    bgo#785331, bgo#785341, bgo#785799, bgo#785948, bgo#785951,
    bgo#786200.

==== gstreamer-plugins-good ====
Version update (1.12.2 -> 1.12.3)
Subpackages: gstreamer-plugins-good-extra

- Update to version 1.12.3:
  + Bugs fixed: bgo#759292, bgo#781458, bgo#783086, bgo#784250,
    bgo#784971, bgo#785429, bgo#785435, bgo#785990, bgo#785991,
    bgo#786268, bgo#786670, bgo#786718, bgo#787160, bgo#787254,
    bgo#787313.

==== gstreamer-plugins-ugly ====
Version update (1.12.2 -> 1.12.3)

- Update to version 1.12.3:
  + Bugs fixed: bgo#784982, bgo#785388, bgo#787398.
- Drop gst-ugly-fix-caps-and-memory-leaks.patch: Fixed upstream.

==== gstreamer-rtsp-server ====
Version update (1.12.2 -> 1.12.3)

- Update to version 1.12.3:
  + Bugs fixed: bgo#784094, bgo#786457.

==== gstreamer-transcoder ====
Version update (1.12.0 -> 1.12.1)
Subpackages: libgsttranscoder-1_0-0 typelib-1_0-GstTranscoder-1_0

- Update to version 1.12.1:
  + No changelog provided, please check upstream git log.

==== gstreamer-validate ====
Version update (1.12.2 -> 1.12.3)
Subpackages: libgstvalidate-1_0-0 typelib-1_0-GstValidate-1_0

- Update to version 1.12.3:
  + launcher: Automatically disable output coloration if not
    supported.
  + meson: Fix the way we set the testsuite version.
  + validate:launcher: Use the number of failed test as exit code.

==== libffi ====
Subpackages: libffi-devel libffi7 libffi7-32bit

- aarch64-struct-by-value.patch: fix passing struct by value on aarch64

==== libvirt ====
Subpackages: libvirt-client libvirt-daemon libvirt-daemon-config-network libvirt-daemon-config-nwfilter libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-driver-uml libvirt-daemon-driver-vbox libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs

- apparmor: add temporary profile fixes to allow starting domains
  apparmor-ptrace-support.patch
  bsc#1058847

==== libzypp ====
Version update (16.17.0 -> 16.17.1)

- Default to 'solver.dupAllowVendorChange = false' on SLE15
  (FATE#323478)
- Remove unused legacy notify-message script (bsc#1058783)
- version 16.17.1 (0)

==== lightdm ====
Version update (1.22.0 -> 1.24.0)
Subpackages: liblightdm-gobject-1-0 lightdm-lang

- Update to version 1.24.0:
  * No changes.

==== lightdm-gtk-greeter ====
Version update (2.0.2 -> 2.0.3)
Subpackages: lightdm-gtk-greeter-lang

- Update to version 2.0.3:
  * gnome-common is no longer required or used.
  * Build errors with gcc-7 have been resolved.
  * Fix enabling Orca screen reader freezes the greeter (lp#1483864).
  * Scale user image to fit instead of expanding the greeter window
    (lp#1512963).
  * Replace usage of deprecated GNOME macros (lp#1599486, deb#829931).
  * Disable Alt+F4 shutdown accelerator if power indicator is not
    present (lp#1690129).
  * Pre-fill logged in username when locked and hide-users is
    enabled (lp#1701577).
  * Reset xsession to default if selected user is not found
    (lp#1701745).
  * Fix missing break in switch.
  * Fix deference after null check.
  * Update translations.

==== mariadb ====
Subpackages: libmysqlclient-devel libmysqlclient18 libmysqlclient_r18 libmysqld18 mariadb-client mariadb-errormessages

- Explicitly require libopenssl-1_0_0-devel, to successfully build
  once we switch openssl to 1.1 (bsc#1042632)

==== mozilla-nspr ====
Version update (4.15 -> 4.16)

- update to version 4.16
  * contains various correctness fixes
    see
    https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&query_format=advanced&product=NSPR&target_milestone=4.16
    for details

==== mozilla-nss ====
Version update (3.31.1 -> 3.32.1)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-tools

- update to NSS 3.32.1
  * no upstream changelog/releasenote provided

==== multipath-tools ====
Version update (0.7.2+44+suse.3a8d750c -> 0.7.3+10+suse.70ccb55b0439)
Subpackages: kpartx

- Update to version 0.7.3+10+suse.70ccb55b0439:
- Rebase to upstream release 0.7.3
  * libmultipath: add pthread_cleanup hook for udev monitor
  * libmultipath: pull functions into util.c
  * libmultipath: change reservation_key to a be64
  * libmpathpersist: fix update_prflag code
  * multipath: add alternate reservation_key method
  * mpathpersist: add support for prkeys file
  * multipath-tools: minor edition and corrections in multipath.conf.5
  * multipath-tools: fix incorrect length for strncmp in uevent.c
  * multipath-tools: clarify how to dump the multipathd config
  * multipath-tools: replace "setting: array" with "setting: storage device" at multipath output
  * libmultipath: sanitize fd handling
  * multipath-tools: link internal libraries before foreigns
  * multipath-tools: remove Sun StorEdge T4(6020,6120,6320) arrays from hwtable
  * multipath-tools: add support for all arrays from Sun StorEdge 3000 family
  * multipath-tools: add Xiotech iglu blaze arrays to hwtable
  * multipath-tools: add Dot Hill/Seagate arrays to hwtable
  * libmultipath: update INFINIDAT builtin config
  * multipath-tools: add info about adding new hardware
  * multipath-tools: Remove the limitation of IPC command reply length.
  * multipath-tools: libdmmp: Improve timeout mechanism
  * multipath-tools: libdmmp: New function to flush and reconfig
  * Bump version to 0.7.3
- minor fixes for upstream 0.7.3
  * libmultipath: ensure checker->fd == -1 if not set
  * libmpathpersist: add support for prkeys file v3
  * multipath: add man page info for my prkey changes
- Patch series for NVMe discovery and failover (bsc#1038865)
  * discovery: sanitize NVMe discovery
  * libmultipath/discovery: modify NVMe path states
  * Add 'none' checker
  * hwtable: set 'none' as default checker for NVMe
- Update to version 0.7.2+49+suse.993a29b1188d:
  * Revert "11-dm-mpath.rules: Remember DM_ACTIVATION" (boo#1059227)
  * Revert "11-dm-mpath.rules: don't set READY->ACTIVATION"
  (boo#1059227)
  * multipath: delegate using libmpathcmd (bsc#1047639)
- split off rados support into separate multipath-tools-rbd package.
  This avoids pulling in the whole rados/ibverbs/rdma stack with
  multipath-tools. (bsc#1058504).
- multipath-tools-rbd is Recommended but not Required by multipath-tools.

==== mysql-connector-cpp ====
Version update (1.1.8 -> 1.1.9)

- Update to version 1.1.9:
  * release notes:
    https://dev.mysql.com/doc/relnotes/connector-cpp/en/news-1-1-9.html
- Remove installing of ANNOUNCEMENT and CHANGES files that are no
  longer present
- Add "Requires: libboost_headers-devel" for libmysqlcppconn-devel
  subpackage ("Requires: boost-devel" for the older distros that
  don't have libboost_headers-devel available yet) [bsc#838038]

==== obs-service-source_validator ====
Version update (0.6+git20170830.0775ae8 -> 0.6+git20170922.230bbc4)

- Update to version 0.6+git20170922.230bbc4:
  * deal with nil, flavor defines in output_versions
  * defining flavor in last change was not needed, remove
  * 45-stale-changes: use spec_query instead of output_versions
    using the specfile parser from the build package
    (boo#1059858)

==== openjpeg ====

- Convert to pkgconfig
- Remove fedora conditionals as nothing in opensuse
  actually builds against it
- Add patch to fix ffast-math issue bsc#1029609 bsc#1059440:
  * openjpeg-fast-math.patch

==== openldap2 ====
Subpackages: libldap-2_4-2 libldap-2_4-2-32bit libldap-data openldap2-client openldap2-devel

- added 0012-ITS8051-sockdnpat.patch

==== patterns-devel-base ====
Subpackages: patterns-devel-base-devel_basis patterns-devel-base-devel_kernel patterns-devel-base-devel_rpm_build patterns-devel-base-devel_web

- Swap web pattern from php5 to php7

==== pciutils-ids ====
Version update (20170710 -> 20170917)

- Rectify package summary.
- Update to 20170917

==== perl-IO-Socket-SSL ====
Version update (2.025 -> 2.051)

- update to 2.051
  - syswrite: if SSL_write sets SSL_ERROR_SYSCALL but no $! (as seen with
    OpenSSL 1.1.0 on Windows) set $! to EPIPE to propagate a useful error up
    https://github.com/noxxi/p5-io-socket-ssl/issues/62
  - removed unecessary settings of SSL_version and SSL_cipher_list from tests
  - protocol_version.t can now deal when TLS 1.0 and/or TLS 1.1 are not supported
    as is the case with openssl versions in latest Debian (buster)
  - fixed problem caused by typo in the context of session cache
    https://github.com/noxxi/p5-io-socket-ssl/issues/60
  - update PublicSuffix information from publicsuffix.org
  - fixed small memory leaks during destruction of socket and context, RT#120643
  - better fix for problem which 2.046 tried to fix but broke LWP this way
  - cleanup everything in DESTROY and make sure to start with a fresh %{*self}
    in configure_SSL because it can happen that a GLOB gets used again without
    calling DESTROY (https://github.com/noxxi/p5-io-socket-ssl/issues/56)
  - fixed memory leak caused by not destroying CREATED_IN_THIS_THREAD for SSL
    objects -> github pull#55
  - optimization: don't track SSL objects and CTX in *CREATED_IN_THIS_THREAD
    if perl is compiled w/o thread support
  - small fix in t/protocol_version.t to use older versions of Net::SSLeay
    with openssl build w/o SSLv3 support
  - when setting SSL_keepSocketOnError to true the socket will not be closed
    on fatal error. This is a modified version of
    https://github.com/noxxi/p5-io-socket-ssl/pull/53/
  - protect various 'eval'-based capability detections at startup with a localized
    __DIE__ handler. This way dynamically requiring IO::Socket::SSL as done by
    various third party software should cause less problems even if there is a
    global __DIE__ handler which does not properly deal with 'eval'.
  - make t/session_ticket.t work with OpenSSL 1.1.0. With this version the
    session does not get reused any longer if it was not properly closed which
    is now done using an explicit close by the client which causes a
    proper SSL_shutdown
  - enable session ticket callback with Net::SSLeay>=1.80
  - leave session ticket callback off for now until the needed patch is
    included in Net::SSLeay. See
    https://rt.cpan.org/Ticket/Display.html?id=116118#txn-1696146
  - fix detection of default CA path for OpenSSL 1.1.x
  - Utils::CERT_asHash now includes the signature algorithm used
  - Utils::CERT_asHash can now deal with large serial numbers
  - OpenSSL 1.1.0c changed the behavior of SSL_read so that it now returns -1 on
    EOF without proper SSL shutdown. Since it looks like that this behavior will
    be kept at least for 1.1.1+ adapt to the changed API by treating errno=NOERR
    on SSL_ERROR_SYSCALL as EOF.
  - restrict session ticket callback to Net::SSLeay 1.79+ since version before
    contains bug. Add test for session reuse
  - extend SSL fingerprint to pubkey digest, i.e. 'sha1$pub$xxxxxx....'
  - fix t/external/ocsp.t to use different server (under my control) to check
    OCSP stapling
  - fix session cache del_session: it freed the session but did not properly
    remove it from the cache. Further reuse causes crash.
  - disable OCSP support when Net::SSLeay 1.75..1.77 is used, see RT#116795
  - move handling of global SSL arguments into creation of context, so that these
    get also applied when creating a context only.
  - support for session ticket reuse over multiple contexts and processes
    (if supported by Net::SSLeay)
  - small optimizations, like saving various Net::SSLeay constants into variables
    and access variables instead of calling the constant sub all the time
  - make t/dhe.t work with openssl 1.1.0
  - Set session id context only on the server side. Even if the documentation for
    SSL_CTX_set_session_id_context makes clear that this function is server side
    only it actually affects hndling of session reuse on the client side too and
    can result in error "SSL3_GET_SERVER_HELLO:attempt to reuse session in
    different context" at the client.
  - Utils::CERT_create - don't add given extensions again if they were already
    added. Firefox croaks with sec_error_extension_value_invalid if (specific?)
    extensions are given twice.
  - assume that Net::SSLeay::P_PKCS12_load_file will return the CA certificates
    with the reverse order as in the PKCS12 file, because that's what it does.
  - support for creating ECC keys in Utils once supported by Net::SSLeay
  - remove internal sub session_cache and access cache directly (faster)
  - fix del_session method in case a single item was in the cache
  - use SSL_session_key as the real key for the cache and not some derivate of it,
    so that it works to remove the entry using the same key
  - add del_session method to session cache
  - only added Changes for 2.026
  - update default server and client ciphers based on recommendation of
    Mozilla and what the current browsers use. Notably this finally disables
    RC4 for the client (was disabled for server long ago) and adds CHACHA20.
- drop perl-IO-Socket-SSL_add_DHE-RSA_to_default_client_cipher_list.patch
  (upstream)

==== perl-List-MoreUtils ====
Version update (0.419 -> 0.425)

- updated to 0.425
  see /usr/share/doc/packages/perl-List-MoreUtils/Changes
  0.425	2017-09-06
  - release 0.424_001 as 0.425 with XS is META.* after 136:0 PASS:FAIL
    on CPAN Tester Matrix
  0.424_001	2017-09-05
  - Makefile.PL: modify PREREQ_PM instead of recommend dynamically
  0.423	2017-08-22
  - sync version with List::MoreUtils::XS
  - add examples for binsert/bremove (LMU::XS issue #1, Thanks to shawnlaffan)
  - update tests to latest List::MoreUtils::XS
  - recommend List::MoreUtils::XS 0.423
  0.420_001	2017-08-15
  - add some new functions:
  * qsort (XS only)
  * binsert
  * bremove
  * listcmp
  * arrayify (RT#17230)
  * samples (RT#77562)
  * minmaxstr (RT#106401)
  * lower_bound
  * upper_bound
  * equal_range
  * frequencies
  * occurrences
  * mode (RT#91991)
  * zip6 (RT#42921)
  * reduce_0
  * reduce_1
  * reduce_u
  - improve tests
  - make List::MoreUtils::XS independent from List::MoreUtils
    Note that List::MoreUtils::XS doesn't guarantee API stability - this
    feature is only provided through List::MoreUtils as frontend.
  - improve Makefile.PL regarding some build artifacts

==== perl-libwww-perl ====
Version update (6.26 -> 6.27)

- updated to 6.27
  see /usr/share/doc/packages/perl-libwww-perl/Changes
  6.27      2017-09-21
  - Switch to Getopt::Long in lwp-download (GH #262)
  - Fix lwp-request -C (GH #261)
  - Hide LWP::Protocol::http::Socket, LWP::Protocol::http::SocketMethods and
    LWP::Debug::TraceHTTP::Socket from PAUSE
  - Add tests for the "get" & "head" functions (GH #252)
  - Update lwpcook.pod (GH #256)
  - Handle undefined values in ->credentials (GH #157)
  - Fix lwp-mirror options checks.
  - Update bin/ scripts to use $LWP::VERSION instead of ->Version()
  - Improve lwp-download --help (GH #262)

==== permissions ====
Version update (20170913 -> 20170922)

- Update to version 20170922:
  * Allow setuid root for singularity (group only) bsc#1028304

==== python-M2Crypto ====
Version update (0.26.0 -> 0.26.3)

- Update to 0.26.3 with fix for a syntax error
- Update to 0.26.2
  * compatibility with OpenSSL 1.1.0

==== python-chardet ====
Subpackages: python2-chardet python3-chardet

- add update-alternatives post-requires

==== python-gst ====
Version update (1.12.2 -> 1.12.3)

- Update to version 1.12.3:
  + plugin: Always initialize GIL state.
  + Add support for Gst.Bitmask.
  + tests: Stop using deprecated assertion methods.
  + tests: Move all Fundamental types tests in a file.
  + structure: Add a .keys() method and implement __str__.
  + Return a Gst.*Range instead of a python range converting from
    GValue to python.
  + structures: Override __new__ to make it more pythonic.
  + overrides: Remove IntRange And Int64Range on Python2.

==== python-pyasn1 ====
Version update (0.3.5 -> 0.3.6)
Subpackages: python2-pyasn1 python3-pyasn1

- updated to upstream release 0.3.6
  * End-of-octets encoding optimized at ASN.1 encoders
  * The __getitem__/__setitem__ behavior of Set/Sequence and
    SetOf/SequenceOf objects aligned with the canonical Mapping
    and Sequence protocols in part
  * Fixed crash in ASN.1 encoder when encoding an explicitly tagged
    component of a Sequence

==== qemu ====
Subpackages: qemu-arm qemu-block-curl qemu-block-dmg qemu-block-gluster qemu-block-iscsi qemu-block-rbd qemu-block-ssh qemu-extra qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-ppc qemu-s390 qemu-seabios qemu-sgabios qemu-tools qemu-vgabios qemu-x86

- For SLE15 pre-release testing, add support for the EPYC processor.
  This will be officially supported once it is included in the v2.11
  release. (bsc#1052825)
  0036-target-i386-cpu-Add-new-EPYC-CPU-mo.patch
- Fix some support statements in our SLE support documents.

==== qemu-linux-user ====

- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10
  * Patches added:
  0036-target-i386-cpu-Add-new-EPYC-CPU-mo.patch

==== samba ====
Version update (4.6.7+git.38.90b2cdb4f22 -> 4.6.7+git.49.562d44faa9d)
Subpackages: libdcerpc-binding0 libdcerpc-binding0-32bit libdcerpc0 libdcerpc0-32bit libndr-krb5pac0 libndr-krb5pac0-32bit libndr-nbt0 libndr-nbt0-32bit libndr-standard0 libndr-standard0-32bit libndr0 libndr0-32bit libnetapi0 libnetapi0-32bit libsamba-credentials0 libsamba-credentials0-32bit libsamba-errors0 libsamba-errors0-32bit libsamba-hostconfig0 libsamba-hostconfig0-32bit libsamba-passdb0 libsamba-passdb0-32bit libsamba-util0 libsamba-util0-32bit libsamdb0 libsamdb0-32bit libsmbclient-devel libsmbclient0 libsmbconf0 libsmbconf0-32bit libsmbldap0 libsmbldap0-32bit libtevent-util0 libtevent-util0-32bit libwbclient0 libwbclient0-32bit samba-client samba-client-32bit samba-doc samba-libs samba-libs-32bit samba-winbind samba-winbind-32bit

- CVE-2017-12163: Prevent client short SMB1 write from
  writing server memory to file; (bso#13020); (bsc#1058624).
- CVE-2017-12150: Some code path don't enforce smb signing,
  when they should; (bso#12997); (bsc#1058622).
- CVE-2017-12151: Keep required encryption across SMB3 dfs
  redirects; (bso#12996); (bsc#1058565).

==== shared-mime-info ====
Version update (1.8 -> 1.9)

- Update to version 1.9:
  + Add x-systemd-unit and x-dbus-service MIME types.
  + Fix magic for application/x-java-keystore on little endian.
  + Add mime-type for STL 3D models and GCODE.
  + Add application/x-executable as a supertype of
    application/ecmascript.
  + Add shebang magic for gjs JavaScript files.
  + Add a mimetype for Khronos texture files.
  + Add a mime-type for Famicom Disk System images.
  + Add "font" top level type, and use IANA registered type for
    TTF, OTF, WOFF, TTC and WOFF2.
  + Add OpenCL mime-type.
  + Add text/x-python3 content type.
  + Add Audible.com mime type.
  + Add application/x-atari-lynx-rom.
  + Add application/x-wonderswan-rom.
  + Add application/x-virtual-boy-rom.
  + Better JPEG 2000 MIME type support.
  + Add support for GIMP data files (.gbr, .gih, .pat).
  + Add an alias for Adobe Illustrator formats.
  + Add *.mjs glob for Javascript.
  + Rename application/x-trig to application/trig.
  + Rename Panasonic RAW image mime-types to image/x-panasonic-rw*.
  + Change the preferred suffix for image/x-tga from icb to tga.
  + Correct "PostScript" capitalisation.
  + Add mimetype for AppImage Type 2.
  + Remove AppImage glob with different casing.

==== squid ====
Version update (3.5.26 -> 3.5.27)

- Add missing build dependency on libnsl-devel for Factory.
  libnsl was split from glibc
- Update Squid to 3.5.27
  * bug fix release - for complete list of changes see
    http://www.squid-cache.org/Versions/v3/3.5/changesets/

==== swig ====

- add swig-perl526.patch from upstream to work with perl 5.26

==== tbb ====
Version update (2017_20170412 -> 2018_20170726)

- Update to version 2018 release
  * Now fully supports this_task_arena::isolate() function.
  * Parallel STL, an implementation of the C++ standard library
    algorithms with support for execution policies, has been
    introduced.
  * Fixed a bug preventing use of streaming_node and opencl_node
    with Clang.
  * Fixed this_task_arena::isolate() function to work correctly
    with parallel_invoke and parallel_do algorithms.
  * Fixed a memory leak in composite_node.
  * Fixed an assertion failure in debug tbbmalloc binaries when
    TBBMALLOC_CLEAN_ALL_BUFFERS is used.

==== virtualbox ====
Version update (5.1.26_k4.13.3_1 -> 5.1.28_k4.13.3_1)
Subpackages: virtualbox-guest-kmp-default virtualbox-guest-tools virtualbox-guest-x11

- Add file "fixes_for_4.14.patch" to handle API change in kernel 4.14.
  Remove file "vbox_fix_42.3_api.patch" as that fix is included in upstream code.
- Version bump to 5.1.28 (released 2017-09-13 by Oracle)
  This is a maintenance release. The following items were fixed and/or added:
    Audio: fixed accidental crashes when using the AC'97 sound emulation (bug #16959)
    Audio: fixed crash when default input or output devices have changed (bugs #16968, #16969, #17004)
    Audio: fixed recording when using the ALSA backend
    Audio: fixed handle leak when using the OSS backend
    E1000: fixed a crash related to VLAN traffic over internal network (5.1.26 regression; bug #16960)
    NAT: apply --natbindip1 to TCP connections (bug #16478)
    OVF: when importing an appliance with XHCI controller, don't add an OHCI controller.
    Linux hosts: fixed creating fixed sized VDI images (bug #17010)
    Linux hosts / guests: fixes for Linux 4.4 of openSUSE Leap 42.3 (bug #16966)
    Bridged networking: align outgoing packet at word boundary, preventing Windows host crash in MsLbfoProvider.
    Linux Additions: kernel drm driver support for custom EL7 Linux 3.10 kernel

==== wget ====

- Retry http GET when server responds with "416 Requested Range
  Not Satisfiable" but file is not complete.
  [boo#1058204, wget-416-but-file-not-complete.patch]

==== wine ====
Version update (2.15 -> 2.17)
Subpackages: wine-32bit

- Update to 2.17 development snapshot
  - Better support for grayscale mode in DirectWrite.
  - Per-application StartupWMClass in desktop files.
  - Virtual memory compatibility improvements.
  - Palette handling improvements in WindowsCodecs.
  - Reply messages improvements in WebServices.
  - Various bug fixes.
- updated winetricks
- Update to 2.16 development snapshot
  - Support for pasting metafiles in RichEdit.
  - Better support for grayscale PNG images.
  - Support for safety features in library loading.
  - Better handling of transforms in GdiPlus.
  - Rendering improvements in DirectWrite.
  - Various bug fixes.
- updated winetricks

==== yast2-theme ====
Version update (3.3.0 -> 4.0.0)
Subpackages: yast2-branding-openSUSE yast2-branding-openSUSE-Oxygen

- fix packaging for SLE (bsc#1057838)
- 4.0.0

==== zypper ====
Version update (1.13.35 -> 1.13.36)
Subpackages: zypper-aptitude zypper-log

- Unify '(add|modify)(repo|service)' property related arguments.
  Fixed 'add' commands supporting to set only a subset of properties.
  Introduced '-f/-F' as preferred short option for --[no-]refresh
  in all four commands. (bsc#661410, bsc#1053671)
- version 1.13.36