Packages changed:
  apache2
  bind
  calligra
  digikam
  installation-images-Kubic (14.342 -> 14.343)
  kiwi (7.04.38 -> 7.04.40)
  kmod
  libfabric (1.5.1 -> 1.5.2)
  liblogging
  libnettle (3.3 -> 3.4)
  libpsm2 (10.2.260 -> 10.3.17)
  libyui (3.3.3 -> 3.4.0)
  libyui-ncurses (2.48.4 -> 2.49.0)
  lynx (2.8.9~dev.14 -> 2.8.9~dev.16)
  ovmf (2017+git1505340320.5afa5b8159 -> 2017+git1510945757.b2662641d5)
  perl-Devel-StackTrace (2.02 -> 2.03)
  perl-JSON (2.94 -> 2.97000)
  pidgin
  python-numpy
  python3
  python3-base
  ruby2.4 (2.4.1 -> 2.4.2)
  spamassassin
  time (1.7 -> 1.8)
  unison (2.48.3 -> 2.48.4)
  xkbcomp
  xkeyboard-config
  xrandr
  xset
  ypserv

=== Details ===

==== apache2 ====
Subpackages: apache2-devel apache2-doc apache2-example-pages apache2-prefork apache2-utils

- APACHE_MODULES now contains authn_core in default configuration
  [bsc#1066661]

==== bind ====
Subpackages: bind-chrootenv bind-doc bind-utils idnkit libbind9-140 libdns165 libidnkit1 libirs141 libisc160 libisccc140 libisccfg140 liblwres141

- Use python3 by default (fate#323526)

==== calligra ====
Subpackages: calligra-doc calligra-extras-dolphin calligra-extras-okular calligra-lang calligra-sheets calligra-stage calligra-words

- Add fix-build-with-newer-kcalcore.patch to make it build with
  KDE Applications 17.12

==== digikam ====
Subpackages: kipi-plugins kipi-plugins-lang

- Add Adapt-to-KCalCore-API-changes.patch to make it build with
  KDE Applications 17.12

==== installation-images-Kubic ====
Version update (14.342 -> 14.343)

- merge gh#openSUSE/installation-images#216
- adjust to ruby2.5
- 14.343

==== kiwi ====
Version update (7.04.38 -> 7.04.40)
Subpackages: kiwi-desc-isoboot kiwi-desc-netboot kiwi-desc-oemboot kiwi-desc-vmxboot kiwi-doc kiwi-media-requires kiwi-templates

- v7.04.40 released
- Tumbleweed templates: drop pam-modules dependency
- kiwi.spec: Prepare for Tumbleweed moving to suse_version 1550
- v7.04.39 released
- KIWIImage: add grub2-mkimage prefix option
  grub2-mkimage on openSUSE Leap 42.3 now requires "-p" option.
  See also ece8cb9e
- Keep Melanox and hyperv kernel modules in the initrd
  + Due to jitters in boot on Azure the drivers are not always found, keeping
    then in the initrd avoids the issue in the virtualized environment
- Fixed blocksize setup in losetup
  The -L option was used to set the blocksize value for losetup
  However there is an option name clash between suse util-linux
  and upstream which now leads to the problem that option -L
  has changed its meaning and actually means --nooverlap which
  completely breaks the call in kiwi. This patch changes the
  call to use the long form --logical-blocksize.
  This Fixes bsc#1066873

==== kmod ====
Subpackages: kmod-compat libkmod2

- Move dependency on suse-module-tools to kmod-compat (bsc#1047911).

==== libfabric ====
Version update (1.5.1 -> 1.5.2)

- Update to v1.5.2
  - Core
  - Fix Power PC 32-bit build
  - Sockets
  - Fix incorrect reporting of counter attributes
  - Verbs
  - Fix reporting attributes based on device limits
  - Fix incorrect CQ size reported for iWarp NICs
  - Update man page with known issues for specific NICs
  - Fix FI_RX_CQ_DATA mode check
  - Disable on-demand paging by default (can cause data corruption)
  - Disable loopback (localhost) addressing (causing failures in MPI)

==== liblogging ====

- fix SLE 12 build

==== libnettle ====
Version update (3.3 -> 3.4)
Subpackages: libhogweed4 libhogweed4-32bit libnettle-devel libnettle6 libnettle6-32bit

- libnettle 3.4:
  * Fixed an improper use of GMP mpn_mul, breaking curve2559 and
    eddsa on certain platforms
  * Fixed memory leak when handling invalid signatures in
    ecdsa_verify. Fix contributed by Nikos Mavrogiannopoulos.
  * Reorganized the way certain data items are made available:
    Nettle header files now define the symbols
    nettle_hashes, nettle_ciphers, and nettle_aeads, as
    preprocessor macros invoking a corresponding accessor
    function. For backwards ABI compatibility, the symbols are
    still present in the compiled libraries, and with the same
    sizes as in nettle-3.3.
  * Support for RSA-PSS signatures
  * Support for the HKDF key derivation function, defined by RFC
    5869
  * Support for the Cipher Feedback Mode (CFB)
  * New accessor functions: nettle_get_hashes,
    nettle_get_ciphers, nettle_get_aeads, nettle_get_secp_192r1,
    nettle_get_secp_224r1, nettle_get_secp_256r1,
    nettle_get_secp_384r1, nettle_get_secp_521r1.
    Direct access to data items is deprecated going forward.
  * The base16 and base64 functions now use the type char * for
    ascii data, rather than uint8_t *. This eliminates the last
    pointer-signedness warnings when building Nettle
  * The contents of the header file nettle/version.h is now
    architecture independent, except in --enable-mini-gmp
  * Prevent data sizes from leaking into the ABI
- Fixes previously carried as patches:
  * Fix compilation error with --enable-fat om ARM
    Drop nettle-3.3-fix-fat-arm.patch

==== libpsm2 ====
Version update (10.2.260 -> 10.3.17)
Subpackages: libpsm2-2 libpsm2-compat

- Updated to version 10.3.17:
  - Small bug fixes and some enhanced debugging.
  - Assigned context is not freed on close() which could lead to
    context starvation. Therefore release hfi1 mappings when closing a
    context.
  - Close receive thread only while closing last endpoint
- Rebase libpsm2-include-ioctl_h.patch, libpsm2-use_RPM_OPT_FLAGS.patch and
  libpsm2-use-exported-variable-for-version-and-release.patch to the
  latest sources.

==== libyui ====
Version update (3.3.3 -> 3.4.0)

- Support for sending a widget ID with Shift-F6 for automated testing
  (fate#324098)
- 3.4.0

==== libyui-ncurses ====
Version update (2.48.4 -> 2.49.0)

- Send a widget ID with Shift-F6 for automated testing (fate#324098)
- 2.49.0

==== lynx ====
Version update (2.8.9~dev.14 -> 2.8.9~dev.16)

- update to 2.8.9dev.16:
  * add a note in the comments for INCLUDE in lynx.cfg regarding the default
  directory searches LYOpenCFG(), added in 2.8.4dev.20 (Debian #818047) -TD
  * add a check to ensure that HTML_put_string() will not append a chunk onto
  itself (report by Ned Williamson) -TD
  * add note in lynx.cfg about default values (Debian #408448) -TD
  * amended Backes' change to the COLLAPSE_BR_TAGS feature for compatibility -TD
  + use ENABLE_LYNXRC to determine whether it is written to the .lynxrc file.
  + add command-line option, etc., for controlling whether blank lines are
    trimmed, e.g., trailing lines as well as the special case for collapsing
    br-tags.  Leading blank lines at the top of the document are untouched.
  + modify limit for trimmed lines to retain as little as 1 line; previously
    the trimming would go no smaller than 2 lines.
  * add command-line option and options-menu item for COLLAPSE_BR_TAGS (patch
  by Peter Backes).
  * correct logic in HTCopy() when re-reading a page (Debian #863008) -TD

==== ovmf ====
Version update (2017+git1505340320.5afa5b8159 -> 2017+git1510945757.b2662641d5)
Subpackages: qemu-ovmf-x86_64

- Update to 2017+git1510945757.b2662641d5
  + ArmPlatformPkg/ArmPlatformLibNull: remove bogus PCD dependencies
  + MdeModulePkg/UsbMassStorageDxe: Enhance Request Sense Handling
  + OvmfPkg: save on I/O port accesses when the debug port is not
    in use
  + OvmfPkg: create a separate PlatformDebugLibIoPort instance for
    SEC
  + OvmfPkg: make PlatformDebugLibIoPort a proper BASE library
  + OvmfPkg: restore temporary SEC/PEI RAM size to 64KB
  + OvmfPkg/Sec/X64: seed the temporary RAM with PcdInitValueInTempStack
  + ArmVirtPkg: switch to new PL011UartLib implementation
  + OvmfPkg/XenHypercallLib: enable virt extensions for ARM
  + MdeModulePkg/PiSmmCore: Implement heap guard feature for SMM mode
  + MdeModulePkg/DxeCore: Implement heap guard feature for UEFI
  + ArmVirtPkg/ArmVirtQemu: use non-accelerated CopyMem for
    VariableRuntimeDxe
  + NetworkPkg: Fix incorrect SizeofHeaders returned from
    HttpTcpReceiveHeader()
  + NetworkPkg: Print error message to screen if error occurs
    during HTTP boot
  + MdeModulePkg/PartitionDxe: Fix UDF fs access on certain CD/DVD
    medias
  + MdeModulePkg/UsbMassStorageDxe: Fix USB Mass Storage detection
  + MdeModulePkg SerialDxe: Handle Timeout change more robustly
  + CryptoPkg/BaseCryptLib: Fix mismatched memory allocation/free
  + CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc
    wrapper
  + ArmPlatformPkg/PlatformPeim: allow PlatformPeiLib to set the
    boot mode
  + Deprecate EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
  + SecurityPkg: Remove Counter Based AuthVariable support
  + BaseTools/tools_def AARCH64 ARM: disable PIE linking
  + NetworkPkg/TlsAuthConfigDxe: Remove the extra FreePool
  + NetworkPkg/HttpBootDxe: Add IPv6 support condition check
  + NetworkPkg/IScsiDxe: Fix the incorrect/needless DHCP process
  + MdeModulePkg/PciBus: Fix bug that PCI BUS claims too much resource
  + UefiCpuPkg/MtrrLib: Use SetMem instead of SetMem64 to fix hang
  + NetworkPkg: Remove ping6 and ifconfig shell application
  + OvmfPkg: fix dynamic default for oprom verification policy PCD
    without SB
  + OvmfPkg/PlatformPei: DENY_EXECUTE_ON_SECURITY_VIOLATION when
    SEV is active
  + SecurityPkg\Tcg2Pei: FV measure performance enhancement
  + SecurityPkg:AuthVariableLib:Implement ECR1707 for Private Auth
    Variable
  + ArmPlatformPkg: Store initial timer value
  + ArmVirtPkg ArmVirtDxeHobLib: Implement BuildFv3Hob
  +  MdeModulePkg/Variable/RuntimeDxe: delete and lock OS-created
    MOR variable
  + ArmPkg/PlatformBootManagerLib: fix bug in ESRT invocation
  + OvmfPkg/PciHotPlugInitDxe: translate QEMU's resource
    reservation hints
  + OvmfPkg/PciHotPlugInitDxe: generalize RESOURCE_PADDING
    composition
  + OvmfPkg/IndustryStandard: define PCI Capabilities for QEMU's
    PCI Bridges
  + MdeModulePkg/BdsDxe: Don't delete "BootNext" until booting it
  + Clarify the usage of HttpConfigData in HTTP protocol
  + SecurityPkg/SecureBootConfigImpl.c: Secure Boot DBX UI
    Enhancement
  + MdeModulePkg/UDF: Fix creation of UDF logical partition
  + CryptoPkg: Add new API to retrieve commonName of X.509 certificate
  + OvmfPkg/VirtioNetDxe: log debug message in VirtioNetExitBoot()
  + OvmfPkg/QemuBootOrderLib: recognize "usb-storage" devices in
    XHCI ports
  + MdeModulePkg/Core: Fix out-of-sync issue in GCD
  + UefiCpuPkg/CpuDxe: Fix out-of-sync issue in page attributes
  + OvmfPkg/QemuVideoDxe/VbeShim: handle PAM1 register on Q35
    correctly
  + OvmfPkg/QemuVideoDxe/VbeShim: rename Status to
    Segment0AllocationStatus
  + OvmfPkg/CsmSupportLib: move PAM register addresses to
    IndustryStandard
  + NetworkPkg/IScsiDxe: Remove redundant call to StrLen
  + BaseTools/tools_def AARCH64: enable frame pointers for RELEASE
    builds
  + ArmPkg/PlatformBootManagerLib: process pending capsules
  + MdeModulePkg/Udf: Avoid declaring and initializing local GUID
    variable
  + MdeModulePkg/UdfDxe: Avoid short (single character) variable name
  + MdeModulePkg/UdfDxe: Use compare operator for non-boolean
    comparisons
  + MdeModulePkg/UdfDxe: Fix operands of different size in bitwise
    OP
  + MdeModulePkg/UdfDxe: Add checks to ensure no possible NULL ptr
    deref
  + MdeModulePkg/SerialDxe: Fix not able to change serial attributes
  + NetworkPkg: Remove the redundant '/' in the end of returned
    ISCSIMacAddr keyword
  + MdeModulePkg/UdfDxe: Fix NULL pointer dereference
  + OvmfPkg/VirtioNetDxe: negotiate VIRTIO_F_IOMMU_PLATFORM
  + OvmfPkg/VirtioNetDxe: map caller-supplied Tx packet to
    device-address
  + OvmfPkg/VirtioNetDxe: add Tx packet map/unmap helper functions
  + OvmfPkg/VirtioNetDxe: update TechNotes
  + OvmfPkg/VirtioNetDxe: dynamically alloc transmit header
  + OvmfPkg/VirtioNetDxe: alloc RxBuf using AllocateSharedPages()
  + OvmfPkg/VirtioNetDxe: map VRINGs using VirtioRingMap()
  + OvmfPkg/VirtioNetDxe: add helper VirtioNetUninitRing()
- Update openssl to 1.1.0g

==== perl-Devel-StackTrace ====
Version update (2.02 -> 2.03)

- updated to 2.03
  see /usr/share/doc/packages/perl-Devel-StackTrace/Changes
  2.03   2017-11-18
  - If all frames in the trace were skipped (via skip_frames, frame_filter,
    ignore_*, etc.), then the stringified stack trace would be an empty
    string. Now this has been changed to always return the message given to the
    constructor or the string "Trace begun". Fixes GH #15, reported by Karen
    Etheridge.

==== perl-JSON ====
Version update (2.94 -> 2.97000)

- updated to 2.97000
  see /usr/share/doc/packages/perl-JSON/Changes
  2.97000 2017-11-21
  - updated backportPP with JSON::PP 2.97000
  - use 5 digit minor version number for a while to avoid
    confusion
  - fixed is_bool to use blessed() instead of ref()
- updated to 2.96
  see /usr/share/doc/packages/perl-JSON/Changes
  2.96 2017-11-20
  - fixed packaging issue
  - updated backportPP with JSON::PP 2.96
  - not to use newer Test::More features (RT-122421; ilmari++)
  2.95 2017-11-20
  - updated backportPP with JSON::PP 2.95

==== pidgin ====
Subpackages: libpurple libpurple-lang libpurple-plugin-sametime libpurple-tcl

- Add purple-import-empathy Recommends for SLE15 (FATE#322984).

==== python-numpy ====
Subpackages: python2-numpy python3-numpy

- Add 'family "NumPy"' to modules file to avoid that different
  versions of this get loaded.

==== python3 ====
Subpackages: python3-curses python3-dbm python3-tk

- move 2to3 to python3-tools package

==== python3-base ====
Subpackages: libpython3_6m1_0 python3-idle

- move 2to3 to python3-tools package

==== ruby2.4 ====
Version update (2.4.1 -> 2.4.2)
Subpackages: libruby2_4-2_4 ruby2.4-devel ruby2.4-stdlib

- disable jemalloc again because of: (boo#1068883)
  https://github.com/jemalloc/jemalloc/issues/937
- Add conflicts to libruby to make sure ruby and ruby-stdlib are
  also updated when libruby is updated (bsc#1048072.)
- devel package needs to require jemalloc-devel when building with
  it
- only use jemalloc on opensuse and sle >= 15
- update to 2.4.2
  - CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
    (boo#1058755)
  - CVE-2017-10784: Escape sequence injection vulnerability in the
    Basic authentication of WEBrick (boo#1058754)
  - CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1
    decode (boo#1058757)
  - CVE-2017-14064: Heap exposure in generating JSON
    (boo#1056782)
  - Multiple vulnerabilities in RubyGems (boo#1056286)
    CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902
  - Update bundled libyaml to version 0.1.7.
  - There are also many bug-fixes. For more details see:
    https://github.com/ruby/ruby/compare/v2_4_1...v2_4_2
- added https://bugs.ruby-lang.org/attachments/download/6735/configure-2.4.2.diff
  to allow building with libgmp and libjemalloc again
- provide a ruby-default symbol and conflict with other providers
  of that symbol so we can uninstall older default ruby versions
  during zypper dup.

==== spamassassin ====
Subpackages: perl-Mail-SpamAssassin

- Update umask in cronjob (boo#861539)
- Make sure that spamd can start (boo#961291)

==== time ====
Version update (1.7 -> 1.8)

- time 1.8:
  * license changed to GPL-3.0+
- incorporate functionality previously carried as patches:
  * -q/--quiet option to suppresses abnormal program terminal
    (non-exit codes or signals).
    Drop time-debian-quiet.patch
    Drop time-fedora-verbose.patch
  * use the following exit codes (same as GNU coreutils' env):
    125 = Wrong usage or internal error prior to exec attempt.
    126 = Program located, but not usable.
    127 = Could not find program to exec.
  * exit with code '128 + Signal number' when the program
    is terminated by a signal.
    Drop time-debian-non-normal-exit.patch
  * report MAX-RSS values correctly on modern systems
    Drop time-fedora-ru_maxrss-is-in-kilobytes-on-Linux.patch
    Drop time-fedora-Recompute-CPU-usage-at-microsecond-level.patch
  * Use gnulib modules and build infrastructure.
  * New tests infrastructure (make check).
- drop unneeded patches:
  * time-debian-bug-address.patch
  * time-alpha.patch
  * time-debian-configure.patch
  * time-debian-info-direntry.patch
  * time-debian-info-nav.patch
  * time-debian-rusage-portability.patch
  * time-fsf-address.patch
- add upstream keyring and verify source signature

==== unison ====
Version update (2.48.3 -> 2.48.4)

- Update to 2.48.4
  * Fix build for OCaml 4.03
    (and add Makefile improvements for exporting under git)
  * Better reporting for OCaml compiler version mismatch
- drop patch unison-ocaml-4.03.patch: Change included in upstream sources

==== xkbcomp ====

- Add U_xkbcomp_pkgconfig-add-bindir.patch: pkgconfig: Add our
  bindir to xkbcomp.pc.

==== xkeyboard-config ====
Subpackages: xkeyboard-config-lang

- Add U_xkeyboard-config_fix-typo-hungarian.patch: Fix typo in
  hungarian (fdo#103123).

==== xrandr ====

- Add U_xrandr_suppress-misleading-indentation-warning.patch: When
  printing out rotations, we print a space before any item other
  than the first, and set `first = False` in each block where we
  print. However, this is done in the same line as the conditional
  that checks if first is set, which may give the impression that
  the assignment is also under the conditional. This is not the
  case, and recent GCC warns about this.
- Add U_xrandr_add-filter-flag.patch: Flag can be set to
  "nearest" or "bilinear".

==== xset ====

- Add U_xset_fix-warning-about-usage-format-string.patch: Fix one
  last warning about usage() format string.

==== ypserv ====

- Prepare for new fillup location
- Remove check for transactional-update, done in systemd macros now