Packages changed:
  apulse
  autogen
  bluez (5.48 -> 5.49)
  chrony
  colord (1.4.1 -> 1.4.2)
  curl (7.58.0 -> 7.59.0)
  dbus-1
  dbus-1-x11
  elfutils (0.168 -> 0.170)
  exempi (2.2.2 -> 2.4.5)
  firewalld (0.5.1 -> 0.5.2)
  freerdp
  gnome-contacts (3.27.92 -> 3.28.0)
  grub2
  gtk3 (3.22.28 -> 3.22.29)
  gucharmap
  kernel-firmware (20180222 -> 20180312)
  kernel-source (4.15.9 -> 4.15.10)
  lftp
  libgit2 (0.26.0 -> 0.26.3)
  libiscsi
  libvirt
  libxml2 (2.9.7 -> 2.9.8)
  lightsoff (3.27.92 -> 3.28.0)
  ntp (4.2.8p10 -> 4.2.8p11)
  osinfo-db (20170813 -> 20180311)
  perl-GD-Graph3d
  perl-GDTextUtil
  perl-HTTP-Message (6.14 -> 6.15)
  polkit-default-privs
  python-libxml2-python (2.9.7 -> 2.9.8)
  sharutils
  swell-foop (3.27.92 -> 3.28.0)
  systemd-presets-branding-openSUSE
  thin-provisioning-tools
  time (1.8 -> 1.9)
  xmlto (0.0.26 -> 0.0.28)

=== Details ===

==== apulse ====
Subpackages: apulse-32bit

- Refresh spec-file via spec-cleaner.
  * Add %license macro.
  * Add cmake -LA option for print local variables.

==== autogen ====
Subpackages: libopts-devel libopts25

- Add autogen-reproducible-tar.patch to make .tar.gz build reproducible
  ( https://sourceforge.net/p/autogen/bugs/182/ )
- Add autogen-constant-timeout.patch to make build reproducible (boo#1041534)
- Set MAN_PAGE_DATE to not include build date into man pages (boo#1047218)

==== bluez ====
Version update (5.48 -> 5.49)
Subpackages: bluez-cups bluez-devel libbluetooth3

- update to version 5.49:
  This is mostly a bug fix release, with fixes to features such as
  AVCTP, OBEX, GATT and Mesh. There are however some notable new
  features also, such as improved heartbeat management support in
  meshctl as well as a new experimental ConnectDevice D-Bus method
  on the Adapter interface, which can be used for quick device
  object creation for testing purpose or when information about the
  device has been received over some Out-of-Band channel.
- remove 0001-core-Fixes-order-InterfaceAdded.patch (upstream)

==== chrony ====

- Fix name of fillup template (was never installed before)
- Fix Requires for fillup, it's used in post, not pre.

==== colord ====
Version update (1.4.1 -> 1.4.2)
Subpackages: colord-color-profiles colord-lang libcolord2 libcolorhug2

- Update to version 1.4.2:
  + New Features:
  - Add cd_icc_set_created.
  - Add --enable-timestamps option for CREATED header.
  + Bugfixes:
  - Avoid buffer overflow when reading profile_id.
  - Fix the detection of duplicate EDIDs.
  - Make udev hwdb optional by using pnp.ids as fallback.
  - Raise _XOPEN_SOURCE to 700 to enable C99 on FreeBSD.
  - Refactor build directory selection.
  - Set cd-create-profile date to SOURCE_DATE_EPOCH.
- Pass new option enable-udev-rules=true to meson.

==== curl ====
Version update (7.58.0 -> 7.59.0)
Subpackages: libcurl-devel libcurl4

- Added message about protocol redirection not supported or
  disabled to the function findprotocol() [bsc#1076446]
  * Added curl-disabled-redirect-protocol-message.patch
- Update to version 7.59.0
  [bsc#1084521, CVE-2018-1000120][bsc#1084524, CVE-2018-1000121]
  [bsc#1084532, CVE-2018-1000122]
  Changes:
  * curl: add --proxy-pinnedpubkey
  * added: CURLOPT_TIMEVALUE_LARGE and CURLINFO_FILETIME_T
  * CURLOPT_RESOLVE: Add support for multiple IP addresses per entry
  * Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS
  * Add new tool option --happy-eyeballs-timeout-ms
  * Add CURLOPT_RESOLVER_START_FUNCTION and CURLOPT_RESOLVER_START_DATA
  Bugfixes:
  * openldap: check ldap_get_attribute_ber() results for NULL before using
  * FTP: reject path components with control codes
  * readwrite: make sure excess reads don't go beyond buffer end
  * lib555: drop text conversion and encode data as ascii codes
  * lib517: make variable static to avoid compiler warning
  * lib544: sync ascii code data with textual data
  * GSKit: restore pinnedpubkey functionality
  * darwinssl: Don't import client certificates into Keychain on macOS
  * parsedate: fix date parsing for systems with 32 bit long
  * openssl: fix pinned public key build error in FIPS mode
  * SChannel/WinSSL: Implement public key pinning
  * cookies: remove verbose "cookie size:" output
  * progress-bar: don't use stderr explicitly, use bar->out
  * build: open VC15 projects with VS 2017
  * curl_ctype: private is*() type macros and functions
  * configure: set PATH_SEPARATOR to colon for PATH w/o separator
  * curl_easy_reset: clear digest auth state
  * curl/curl.h: fix comment typo for CURLOPT_DNS_LOCAL_IP6
  * range: commonize FTP and FILE range handling
  * progress-bar docs: update to match implementation
  * fnmatch: do not match the empty string with a character set
  * fnmatch: accept an alphanum to be followed by a non-alphanum in char set
  * build: fix termios issue on android cross-compile
  * getdate: return -1 for out of range
  * formdata: use the mime-content type function
  * openssl: Don't add verify locations when verifypeer==0
  * fnmatch: optimize processing of consecutive *s and ?s pattern characters
  * schannel: fix compiler warnings
  * content_encoding: Add "none" alias to "identity"
  * get_posix_time: only check for overflows if they can happen
  * http_chunks: don't write chunks twice with CURLOPT_HTTP_TRANSFER_DECODING
  * README: language fix
  * sha256: build with OpenSSL < 0.9.8
  * smtp: fix processing of initial dot in data
  * --tlsauthtype: works only if libcurl is built with TLS-SRP support
  * tests: new tests for http raw mode
  * libcurl-security.3: man page discussion security concerns when using libcurl
  * curl_gssapi: make sure this file too uses our *printf()
  * BINDINGS: fix curb link (and remove ruby-curl-multi)
  * nss: use PK11_CreateManagedGenericObject() if available
  * travis: add build with iconv enabled
  * ssh: add two missing state names
  * CURLOPT_HEADERFUNCTION.3: mention folded headers
  * http: fix the max header length detection logic
  * header callback: don't chop headers into smaller pieces
  * CURLOPT_HEADER.3: clarify problems with different data sizes
  * curl --version: show PSL if the run-time lib has it enabled
  * examples/sftpuploadresume: resume upload via CURLOPT_APPEND
  * Return error if called recursively from within callbacks
  * sasl: prefer PLAIN mechanism over LOGIN
  * winbuild: Use CALL to run batch scripts
  * curl_share_setopt.3: connection cache is shared within multi handles
  * projects/README: remove reference to dead IDN link/package
  * lib655: silence compiler warning
  * configure: Fix version check for OpenSSL 1.1.1
  * docs/MANUAL: formfind.pl is not accessible on the site anymore
  * unit1307: proper cleanup on OOM to fix torture tests
  * curl_ctype: fix macro redefinition warnings
  * build: get CFLAGS (including -werror) used for examples and tests
  * NO_PROXY: fix for IPv6 numericals in the URL
  * krb5: use nondeprecated functions
  * http2: mark the connection for close on GOAWAY
  * limit-rate: kick in even before "limit" data has been received
  * HTTP: allow "header;" to replace an internal header with a blank one
  * http2: verbose output new MAX_CONCURRENT_STREAMS values
  * SECURITY: distros' max embargo time is 14 days
  * curl tool: accept --compressed also if Brotli is enabled and zlib is not
  * WolfSSL: adding TLSv1.3
  * checksrc.pl: add -i and -m options
  * CURLOPT_COOKIEFILE.3: "-" as file name means stdin
- Refreshed patch libcurl-ocloexec.patch

==== dbus-1 ====
Subpackages: dbus-1-devel libdbus-1-3 libdbus-1-3-32bit

- Don't spit out a warning if /usr/bin/dbus-daemon does not exist
  when we run the pre-script.

==== dbus-1-x11 ====

- Don't spit out a warning if /usr/bin/dbus-daemon does not exist
  when we run the pre-script.

==== elfutils ====
Version update (0.168 -> 0.170)
Subpackages: elfutils-lang libasm1 libdw1 libebl-plugins libelf-devel libelf1

- Update to version 0.170
  libdw: Added new DWARF5 attribute, tag, character encoding, language code,
    calling convention, defaulted member function and macro constants
    to dwarf.h.
  New functions dwarf_default_lower_bound and dwarf_line_file.
  dwarf_peel_type now handles DWARF5 immutable, packed and shared tags.
  dwarf_getmacros now handles DWARF5 .debug_macro sections.
  strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.
  backends: The bpf disassembler is now always build on all platforms.
- Includes changes in 0.169
  backends: Add support for EM_PPC64 GNU_ATTRIBUTES.
    Frame pointer unwinding fallback support for i386, x86_64, aarch64.
  translations: Update Polish translation.
- Remove obsolete 0001-backends-Add-support-for-EM_PPC64-GNU_ATTRIBUTES.patch
  and ppc-machine-flags.patch
- Add elfutils-0.170-stripnothing.patch to robustify test and avoid a FAIL.
- Add elfutils-0.170-Wpackednotaligned.patch to fix build with GCC 8.
  (boo#1084637)

==== exempi ====
Version update (2.2.2 -> 2.4.5)
Subpackages: libexempi-devel libexempi3

- Extend descriptions.
- Update to 2.4.5:
  * Fix a buffer overflow in the PSD parser. (CVE-2018-7730 bnc#1085295)
  * Fix a buffer overflow in the TIFF parser. (CVE-2018-7728 bnc#1085297)
  * Fix a buffer overflow in PostScript parser. (CVE-2018-7729 bnc#1085296)
  * Fix a null dereference in WEBP parser. (CVE-2018-7731 bnc#1085294)
  * Properly initialize pointers in WEBP.
  * Fix an infinite loop in RIFF parser.
  * Fix an infinite loop in QuickTime parser.
  * Fix an infinite loop in ASF parser.
  * Adjust minimum version for gcc in documentation.
  * Fix a buffer overrun, memcpy() on overlapping regions, use after free in
    the exception handling.  Fix a fatal assert with corrupt WEBP.
  * Fix a crash on a corrupt file.
  * Upgrade XMPCore to Adobe XMP CC 2014.12.
  * New flag to optimize layout on MPEG4 files.
  * GoPro MPEG4 video files support.
  * Improved JPEG support.
  * iXML support in WAVE files.
  * Several bugs and memory leaks fixes.
  * Changes from Adobe XMP CC 2013.06.
  * Pluggable file handlers (not exposed yet in Exempi)
  * Support for Exif 2.3 properties
  * New RIFF file handler
  * Better Postscript support.
  * Lot of bug fixes.
  * Now require (partial) C++11 support to compile (gcc 4.4.7 tested)
  * WebP format handler (contributed: Frankie Dintino, The Atlantic)
  * Several API improvements
  * Fix potential crash with corrupt TIFF file.
  * Fix header to pass -Wstrict-prototypes

==== firewalld ====
Version update (0.5.1 -> 0.5.2)
Subpackages: firewalld-lang python3-firewall

- Update to 0.5.2
  * fix rule deduplication causing accidental removal of rules
  * log failure to parse direct rules xml as an error
  * firewall-config: Break infinite loop when firewalld is not running
  * fix set-log-denied not taking effect
  * po: update translations

==== freerdp ====
Subpackages: libfreerdp2 libwinpr2

- Added no_connection_to_windows_10_17101.patch to fix
  Windows-connection-problem after Windows march 2018 updates.
  This fix is related to boo#1085416
- Do not use xorg-x11-devel, instead buildrequire individual
  x components.
- Only attempt to ge rid of __DATE__ and __TIME__ if
  SOURCE_DATE_EPOCH is not set.

==== gnome-contacts ====
Version update (3.27.92 -> 3.28.0)
Subpackages: gnome-contacts-lang gnome-shell-search-provider-contacts

- Update to version 3.28.0:
  + Favorite contacts, which are shown at the top of the contact
    list.
  + Sort contacts by their first name or surname.
  + Small tweaks to the UI, such as a more welcoming setup screen
    and rounded avatars.
  + Performance improvements to the GNOME Shell search provider.
  + A slightly decreased memory usage.
  + Updated translations.
- Update:
  + URL tag to https://wiki.gnome.org/Apps/Contacts: currently
    the Contacts' web page.
  + Package description to be a bit more verbose.
- Add geocode-glib-1.0 and gmodule-export-2.0 pkgconfig modules
  BuildRequires to avoid implicit dependencies.
- Drop:
  + pkgconfig(champlain-0.12) BuildRequires: it is not a
    requirement anymore.
  + update-desktop-files BuildRequires and its macro: they are no
    longer required.
  + glib2_gsettings_schema_requires macro: it is not used anymore
    since RPM file triggers.

==== grub2 ====
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen

- Fix UEFI HTTPS Boot from ISO installation image (bsc#1076132)
  * 0001-add-support-for-UEFI-network-protocols.patch
- fix wrong command output when default subvolume is toplevel tree with
  id 5 (bsc#1078775)
  * grub2-btrfs-09-get-default-subvolume.patch
- insert mdraid modules to support software RAID (bsc#1078775)
  * grub2-xen-pv-firmware.cfg
- Rename grub2-btrfs-workaround-grub2-once.patch to
  grub2-grubenv-in-btrfs-header.patch
- Store GRUB environment variable health_checker_flag in Btrfs header

==== gtk3 ====
Version update (3.22.28 -> 3.22.29)
Subpackages: gtk3-data gtk3-immodule-amharic gtk3-immodule-inuktitut gtk3-immodule-thai gtk3-immodule-vietnamese gtk3-immodule-xim gtk3-lang gtk3-tools libgtk-3-0 typelib-1_0-Gtk-3_0

- Update to version 3.22.29:
  + Wayland: add an input method based on the text protocol.
  + File chooser: Stop activating without double-click.
  + Bugs fixed: bgo#710888, bgo#743975, bgo#775546, bgo#794008.
  + Updated translations.
- Drop gtk3-restore-filechooser-click-behavior.patch: fixed
  upstream.

==== gucharmap ====
Subpackages: gucharmap-lang libgucharmap_2_90-7

- Drop ineffective --with-pic. Replace fragile LDFLAGS=-ldl.

==== kernel-firmware ====
Version update (20180222 -> 20180312)
Subpackages: ucode-amd

- Update to version 20180312:
  * Mellanox: Add new mlxsw_spectrum firmware 13.1620.192
  * qed: Add firmware 8.33.11.0
  * BCM-0bb4-0306: Cypress Bluetooth firmware for HTC Vive
  * linux-firmware:Update firmware patch for Intel Bluetooth 7265 (D1)
  * qed: Add firmwares 8.20.0.0 8.18.9.0 and 8.14.6.0
  * iwlwifi: update firmware version 34 for 9000 series

==== kernel-source ====
Version update (4.15.9 -> 4.15.10)
Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms

- Linux 4.15.10 (bnc#1012628).
- RDMA/ucma: Limit possible option size (bnc#1012628).
- RDMA/ucma: Check that user doesn't overflow QP state
  (bnc#1012628).
- RDMA/mlx5: Fix integer overflow while resizing CQ (bnc#1012628).
- IB/uverbs: Improve lockdep_check (bnc#1012628).
- mac80211_hwsim: don't use WQ_MEM_RECLAIM (bnc#1012628).
- net/smc: fix NULL pointer dereference on sock_create_kern()
  error path (bnc#1012628).
- regulator: stm32-vrefbuf: fix check on ready flag (bnc#1012628).
- drm/i915: Check for fused or unused pipes (bnc#1012628).
- drm/i915/audio: fix check for av_enc_map overflow (bnc#1012628).
- drm/i915: Fix rsvd2 mask when out-fence is returned
  (bnc#1012628).
- drm/i915: Clear the in-use marker on execbuf failure
  (bnc#1012628).
- drm/i915: Disable DC states around GMBUS on GLK (bnc#1012628).
- drm/i915: Update watermark state correctly in
  sanitize_watermarks (bnc#1012628).
- drm/i915: Try EDID bitbanging on HDMI after failed read
  (bnc#1012628).
- drm/i915/perf: fix perf stream opening lock (bnc#1012628).
- scsi: core: Avoid that ATA error handling can trigger a kernel
  hang or oops (bnc#1012628).
- scsi: qla2xxx: Fix NULL pointer crash due to active timer for
  ABTS (bnc#1012628).
- drm/i915: Always call to intel_display_set_init_power() in
  resume_early (bnc#1012628).
- workqueue: Allow retrieval of current task's work struct
  (bnc#1012628).
- drm: Allow determining if current task is output poll worker
  (bnc#1012628).
- drm/nouveau: Fix deadlock on runtime suspend (bnc#1012628).
- drm/radeon: Fix deadlock on runtime suspend (bnc#1012628).
- drm/amdgpu: Fix deadlock on runtime suspend (bnc#1012628).
- drm/nouveau: prefer XBGR2101010 for addfb ioctl (bnc#1012628).
- drm/amd/powerplay/smu7: allow mclk switching with no displays
  (bnc#1012628).
- drm/amd/powerplay/vega10: allow mclk switching with no displays
  (bnc#1012628).
- Revert "drm/radeon/pm: autoswitch power state when in balanced
  mode" (bnc#1012628).
- drm/amd/display: check for ipp before calling cursor operations
  (bnc#1012628).
- drm/radeon: insist on 32-bit DMA for Cedar on PPC64/PPC64LE
  (bnc#1012628).
- drm/amd/powerplay: fix power over limit on Fiji (bnc#1012628).
- drm/amd/display: Default HDMI6G support to true. Log VBIOS
  table error (bnc#1012628).
- drm/amdgpu: used cached pcie gen info for SI (v2) (bnc#1012628).
- drm/amdgpu: Notify sbios device ready before send request
  (bnc#1012628).
- drm/radeon: fix KV harvesting (bnc#1012628).
- drm/amdgpu: fix KV harvesting (bnc#1012628).
- drm/amdgpu:Correct max uvd handles (bnc#1012628).
- drm/amdgpu:Always save uvd vcpu_bo in VM Mode (bnc#1012628).
- ovl: redirect_dir=nofollow should not follow redirect for
  opaque lower (bnc#1012628).
- MIPS: BMIPS: Do not mask IPIs during suspend (bnc#1012628).
- MIPS: ath25: Check for kzalloc allocation failure (bnc#1012628).
- MIPS: OCTEON: irq: Check for null return on kzalloc allocation
  (bnc#1012628).
- PCI: dwc: Fix enumeration end when reaching root subordinate
  (bnc#1012628).
- Input: matrix_keypad - fix race when disabling interrupts
  (bnc#1012628).
- Revert "Input: synaptics - Lenovo Thinkpad T460p devices should
  use RMI" (bnc#1012628).
- bug: use %pB in BUG and stack protector failure (bnc#1012628).
- lib/bug.c: exclude non-BUG/WARN exceptions from report_bug()
  (bnc#1012628).
- mm/memblock.c: hardcode the end_pfn being -1 (bnc#1012628).
- loop: Fix lost writes caused by missing flag (bnc#1012628).
- virtio_ring: fix num_free handling in error case (bnc#1012628).
- KVM: s390: fix memory overwrites when not using SCA entries
  (bnc#1012628).
- arm64: mm: fix thinko in non-global page table attribute check
  (bnc#1012628).
- IB/core: Fix missing RDMA cgroups release in case of failure
  to register device (bnc#1012628).
- Revert "nvme: create 'slaves' and 'holders' entries for hidden
  controllers" (bnc#1012628).
- kbuild: Handle builtin dtb file names containing hyphens
  (bnc#1012628).
- dm bufio: avoid false-positive Wmaybe-uninitialized warning
  (bnc#1012628).
- IB/mlx5: Fix incorrect size of klms in the memory region
  (bnc#1012628).
- bcache: fix crashes in duplicate cache device register
  (bnc#1012628).
- bcache: don't attach backing with duplicate UUID (bnc#1012628).
- x86/MCE: Save microcode revision in machine check records
  (bnc#1012628).
- x86/MCE: Serialize sysfs changes (bnc#1012628).
- perf tools: Fix trigger class trigger_on() (bnc#1012628).
- x86/spectre_v2: Don't check microcode versions when running
  under hypervisors (bnc#1012628).
- ALSA: hda/realtek - Add support headset mode for DELL WYSE
  (bnc#1012628).
- ALSA: hda/realtek - Add headset mode support for Dell laptop
  (bnc#1012628).
- ALSA: hda/realtek: Limit mic boost on T480 (bnc#1012628).
- ALSA: hda/realtek - Fix dock line-out volume on Dell Precision
  7520 (bnc#1012628).
- ALSA: hda/realtek - Make dock sound work on ThinkPad L570
  (bnc#1012628).
- ALSA: seq: Don't allow resizing pool in use (bnc#1012628).
- ALSA: seq: More protection for concurrent write and ioctl races
  (bnc#1012628).
- ALSA: hda - Fix a wrong FIXUP for alc289 on Dell machines
  (bnc#1012628).
- ALSA: hda: add dock and led support for HP EliteBook 820 G3
  (bnc#1012628).
- ALSA: hda: add dock and led support for HP ProBook 640 G2
  (bnc#1012628).
- scsi: qla2xxx: Fix NULL pointer crash due to probe failure
  (bnc#1012628).
- scsi: qla2xxx: Fix recursion while sending terminate exchange
  (bnc#1012628).
- dt-bindings: Document mti,mips-cpc binding (bnc#1012628).
- MIPS: CPC: Map registers using DT in
  mips_cpc_default_phys_base() (bnc#1012628).
- nospec: Kill array_index_nospec_mask_check() (bnc#1012628).
- nospec: Include <asm/barrier.h> dependency (bnc#1012628).
- x86/entry: Reduce the code footprint of the 'idtentry' macro
  (bnc#1012628).
- x86/entry/64: Use 'xorl' for faster register clearing
  (bnc#1012628).
- x86/mm: Remove stale comment about KMEMCHECK (bnc#1012628).
- x86/asm: Improve how GEN_*_SUFFIXED_RMWcc() specify clobbers
  (bnc#1012628).
- x86/IO-APIC: Avoid warning in 32-bit builds (bnc#1012628).
- x86/LDT: Avoid warning in 32-bit builds with older gcc
  (bnc#1012628).
- x86-64/realmode: Add instruction suffix (bnc#1012628).
- Revert "x86/retpoline: Simplify vmexit_fill_RSB()"
  (bnc#1012628).
- x86/speculation: Use IBRS if available before calling into
  firmware (bnc#1012628).
- x86/retpoline: Support retpoline builds with Clang
  (bnc#1012628).
- x86/speculation, objtool: Annotate indirect calls/jumps for
  objtool (bnc#1012628).
- x86/speculation: Move firmware_restrict_branch_speculation_*()
  from C to CPP (bnc#1012628).
- x86/paravirt, objtool: Annotate indirect calls (bnc#1012628).
- x86/boot, objtool: Annotate indirect jump in
  secondary_startup_64() (bnc#1012628).
- x86/mm/sme, objtool: Annotate indirect call in
  sme_encrypt_execute() (bnc#1012628).
- objtool: Use existing global variables for options
  (bnc#1012628).
- objtool: Add retpoline validation (bnc#1012628).
- objtool: Add module specific retpoline rules (bnc#1012628).
- objtool, retpolines: Integrate objtool with retpoline support
  more closely (bnc#1012628).
- objtool: Fix another switch table detection issue (bnc#1012628).
- objtool: Fix 32-bit build (bnc#1012628).
- x86/kprobes: Fix kernel crash when probing .entry_trampoline
  code (bnc#1012628).
- watchdog: hpwdt: SMBIOS check (bnc#1012628).
- watchdog: hpwdt: Check source of NMI (bnc#1012628).
- watchdog: hpwdt: fix unused variable warning (bnc#1012628).
- watchdog: hpwdt: Remove legacy NMI sourcing (bnc#1012628).
- netfilter: add back stackpointer size checks (bnc#1012628).
- netfilter: ipt_CLUSTERIP: fix a race condition of proc file
  creation (bnc#1012628).
- netfilter: xt_hashlimit: fix lock imbalance (bnc#1012628).
- netfilter: x_tables: fix missing timer initialization in xt_LED
  (bnc#1012628).
- netfilter: nat: cope with negative port range (bnc#1012628).
- netfilter: IDLETIMER: be syzkaller friendly (bnc#1012628).
- netfilter: bridge: ebt_among: add missing match size checks
  (bnc#1012628).
- netfilter: ipv6: fix use-after-free Write in
  nf_nat_ipv6_manip_pkt (bnc#1012628).
- netfilter: use skb_to_full_sk in ip6_route_me_harder
  (bnc#1012628).
- tpm_tis: Move ilb_base_addr to tpm_tis_data (bnc#1012628).
- tpm: Keep CLKRUN enabled throughout the duration of
  transmit_cmd() (bnc#1012628).
- tpm: delete the TPM_TIS_CLK_ENABLE flag (bnc#1012628).
- tpm: remove unused variables (bnc#1012628).
- tpm: only attempt to disable the LPC CLKRUN if is already
  enabled (bnc#1012628).
- x86/xen: Calculate __max_logical_packages on PV domains
  (bnc#1012628).
- scsi: qla2xxx: Fix system crash for Notify ack timeout handling
  (bnc#1012628).
- scsi: qla2xxx: Fix gpnid error processing (bnc#1012628).
- scsi: qla2xxx: Move session delete to driver work queue
  (bnc#1012628).
- scsi: qla2xxx: Skip IRQ affinity for Target QPairs
  (bnc#1012628).
- scsi: qla2xxx: Fix re-login for Nport Handle in use
  (bnc#1012628).
- scsi: qla2xxx: Retry switch command on time out (bnc#1012628).
- scsi: qla2xxx: Serialize GPNID for multiple RSCN (bnc#1012628).
- scsi: qla2xxx: Fix login state machine stuck at GPDB
  (bnc#1012628).
- scsi: qla2xxx: Fix NPIV host cleanup in target mode
  (bnc#1012628).
- scsi: qla2xxx: Relogin to target port on a cable swap
  (bnc#1012628).
- scsi: qla2xxx: Fix Relogin being triggered too fast
  (bnc#1012628).
- scsi: qla2xxx: Fix PRLI state check (bnc#1012628).
- scsi: qla2xxx: Fix abort command deadlock due to spinlock
  (bnc#1012628).
- scsi: qla2xxx: Replace fcport alloc with qla2x00_alloc_fcport
  (bnc#1012628).
- scsi: qla2xxx: Fix scan state field for fcport (bnc#1012628).
- scsi: qla2xxx: Clear loop id after delete (bnc#1012628).
- scsi: qla2xxx: Defer processing of GS IOCB calls (bnc#1012628).
- scsi: qla2xxx: Remove aborting ELS IOCB call issued as part
  of timeout (bnc#1012628).
- scsi: qla2xxx: Fix system crash in qlt_plogi_ack_unref
  (bnc#1012628).
- scsi: qla2xxx: Fix memory leak in dual/target mode
  (bnc#1012628).
- NFS: Fix an incorrect type in struct nfs_direct_req
  (bnc#1012628).
- pNFS: Prevent the layout header refcount going to zero in
  pnfs_roc() (bnc#1012628).
- NFS: Fix unstable write completion (bnc#1012628).
- Refresh
  patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
- Refresh
  patches.suse/0002-x86-speculation-Add-inlines-to-control-Indirect-Bran.patch.
- Refresh
  patches.suse/0005-x86-enter-Use-IBRS-on-syscall-and-interrupts.patch.
- commit 5e4329c
- Bluebooth: btusb: Fix quirk for Atheros 1525/QCA6174
  (bsc#1082504).
- commit e8a80ec
- netfilter: ebtables: fix erroneous reject of last rule
  (bsc#1085107).
- netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
  (bsc#1085107).
- commit bfb5701
- brcmsmac: allocate ucode with GFP_KERNEL (bsc#1085174).
- commit 8e06b20
- mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
  (CVE-2018-8087,bsc#1085053).
- commit cddf6d5

==== lftp ====

- Added openSUSE-specific patches that implement a wrapper script
  called "ftp" on top of the lftp command that is compatible to
  lukemftp. Those patches are maintained in a fork of the upstream
  project at https://github.com/opensuse/lftp. [bsc#1083331]
  * 0001-Add-content-of-the-SUSE-lftp-vi-1.1-archive.patch
  * 0002-Add-content-of-lftp-compat-addfiles.patch.patch
  * 0003-Add-content-of-lftp-completion.patch.patch
  * 0004-Include-config.h-to-detect-gnulib-macros.patch
  * 0005-Add-the-wrapper-code-to-the-Makefile-in-order-to-bui.patch

==== libgit2 ====
Version update (0.26.0 -> 0.26.3)

- Update to 0.26.3:
  * Fix cloning of the libgit2 project with git clone --recursive by removing an
    invalid submodule from our testing data.
  * Fix endianness of the port in p_getaddrinfo().
  * Fix handling of negative gitignore rules with wildcards.
  * Fix handling of case-insensitive negative gitignore rules.
  * Fix resolving references to a tag if the reference is stored with its fully
    resolved OID in the packed-refs file.
  * Fix checkout not treating worktree files as modified when only their mode has
    changed.
  * Fix rename detection with GIT_DIFF_FIND_RENAMES_FROM_REWRITES.
  * Fixes memory handling issues when reading crafted repository index files.
    The issues allow for possible denial of service due to allocation of large
    memory and out-of-bound reads.
    (CVE-2018-8098 bnc#1085257 CVE-2018-8099 bnc#1085256)
  * Updates the bundled zlib to 1.2.11. Users who build the bundled zlib are
    vulnerable to security issues in the prior version.

==== libiscsi ====

- Morernise spec file with spec-clener

==== libvirt ====
Subpackages: libvirt-client libvirt-daemon libvirt-daemon-config-network libvirt-daemon-config-nwfilter libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-driver-uml libvirt-daemon-driver-vbox libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs

- lockd: fix typo in virtlockd-admin.socket
  fb327ac2-virtlockd-admin-socket.patch
  bsc#1085386
- Install correct firewall service file depending on availability
  of firewalld vs SuSEfirewall2
  libvirtd-relocation-server.xml
  bsc#1083455
- qemu: avoid denial of service reading from QEMU guest agent
  CVE-2018-1064
  fbf31e1a-CVE-2018-1064.patch
  bsc#1083625
- virtlockd: fix loosing lock on re-exec
  464889ff-rpc-aquire-ref-dispatch.patch,
  c6f1d519-rpc-simplify-dispatch.patch,
  06e7ebb6-rpc-invoke-dispatch-unlocked.patch,
  86cae503-rpc-fix-pre-exec.patch,
  eefabb38-rpc-virtlockd-virtlogd-single-thread.patch
  bsc#1076861
- libvirtd: fix potential deadlock when reloading
  33c6eb96-fix-libvirtd-reload-deadlock.patch
  bsc#1079150

==== libxml2 ====
Version update (2.9.7 -> 2.9.8)
Subpackages: libxml2-2 libxml2-2-32bit libxml2-devel libxml2-tools

- Version update to 2.9.8:
  * Various -Werror fixes and compilation updates as travis is now
    used by upstream
  * Few additional tests added for ICU operations

==== lightsoff ====
Version update (3.27.92 -> 3.28.0)
Subpackages: lightsoff-lang

- Fix some dangling symlinks in lang subpackage if doc subpackage
  is not installed: revert doc subpackage split and obsolete it and
  package it into the main package instead.
- Update to version 3.28.0:
  + Updated translations.

==== ntp ====
Version update (4.2.8p10 -> 4.2.8p11)
Subpackages: ntp-doc

- Update to 4.2.8p11 (bsc#1082210):
  * CVE-2016-1549: Sybil vulnerability: ephemeral association
    attack. While fixed in ntp-4.2.8p7, there are significant
    additional protections for this issue in 4.2.8p11.
  * CVE-2018-7182, bsc#1083426: ctl_getitem(): buffer read overrun
    leads to undefined behavior and information leak.
  * CVE-2018-7170, bsc#1083424: Multiple authenticated ephemeral
    associations.
  * CVE-2018-7184, bsc#1083422: Interleaved symmetric mode cannot
    recover from bad state.
  * CVE-2018-7185, bsc#1083420: Unauthenticated packet can reset
    authenticated interleaved association.
  * CVE-2018-7183, bsc#1083417: ntpq:decodearr() can write beyond
    its buffer limit.
  * Obsoletes these patches: ntp-sntp-a.patch, ntp-warnings.patch
- Remove dead code from conf.start-ntpd (bsc#1082063).
- Don't use libevent's cached time stamps in sntp.
  (bsc#1077445, ntp-sntp-libevent.patch)

==== osinfo-db ====
Version update (20170813 -> 20180311)

- bsc#1085757 - Leap 15 patch for osinfo-db has wrong information
  in it
  add-opensuse-leap-15-support.patch
- fate#322156 - Update database to version 20180311
  osinfo-db-20180311.tar.xz
- Drop
  add-opensuse-leap-42.3-support.patch
  add-sle12sp3-support.patch
  add-win2k16-support.patch

==== perl-GD-Graph3d ====

- Remove buildrequires on jpeg and xorg-x11-devel

==== perl-GDTextUtil ====

- remove buildrequires on jpeg and xorg-x11-devel, both unused.

==== perl-HTTP-Message ====
Version update (6.14 -> 6.15)

- updated to 6.15
  see /usr/share/doc/packages/perl-HTTP-Message/Changes
  6.15      2018-03-13 13:02:56Z
  - Whenever possible, use an absolute four digit year for Time::Local (GH#97)
  - Add is_cacheable_by_default() (GH#98) (Theo van Hoesel)

==== polkit-default-privs ====

- polkit-default-privs: mass amnesty whitelisting of untracked privileges. See
  https://lists.opensuse.org/opensuse-factory/2018-02/msg01044.html for
  rationale. This allows existing packages in Factory to continue building
  after the tighter rpmlint-Factory checks become effective. Following
  packages are affected:
  - blueman (bsc#1083066)
  - cinnamon settings-daemon (bnc#1083067)
  - connman (bsc#1083069)
  - flatpak (bsc#984817)
  - fwupd (bsc#1083022)
  - gsmartcontrol (bsc#1084693)
  - gvfs (bsc#1073214)
  - laptop-mode-tools (bsc#1084695)
  - mate-system-monitor (bsc#1084701)
  - nemo (bsc#1084702)
  - nemo-extensions (bsc#1084703)
  - PackageKit (bnc#993505)
  - pantheon-files (bsc#1084704)
  - scap-workbench (bsc#1084706)
  - spice-gtk (bsc#1083025)
  - sysprof (bsc#1083055)

==== python-libxml2-python ====
Version update (2.9.7 -> 2.9.8)

- Version update to 2.9.8:
  * Various -Werror fixes and compilation updates as travis is now
    used by upstream
  * Few additional tests added for ICU operations
- Drop patch python3.6-verify_fd.patch merged upstream

==== sharutils ====
Subpackages: sharutils-lang

- Add sharutils-CVE-2018-1000097-fix_buffer_overflow.patch to fix
  a possibility to overflow the stack (bsc#1085004, CVE-2018-1000097).

==== swell-foop ====
Version update (3.27.92 -> 3.28.0)
Subpackages: swell-foop-lang

- Update to version 3.28.0:
  + Updated translations.

==== systemd-presets-branding-openSUSE ====

- Enable hostinfo.service as well
- Enable hostinfo.timer

==== thin-provisioning-tools ====

- Modernise spec file with spec-cleaner

==== time ====
Version update (1.8 -> 1.9)

- time 1.9:
  * reports percent CPU usage for programs lasting less then 1s
  * "time -p" no longers adds the "Command exited with non-zero
    status" message (POSIX compliance)
- Use %license (boo#1082318)

==== xmlto ====
Version update (0.0.26 -> 0.0.28)

- update to 0.0.28:
  - fix broken temp files removal
  - do not detect links browser as elinks
- includes 0.0.27:
  - remove several bashisms in scripts
  - new option --profile for preprocessing documents with
    profiling stylesheet
  - fix several potential crashes in xmlif
- cleanup with spec-cleaner
- switch urls to new fedora upstream
- patches:
  * rebase xmlto-xsltopts.patch
  * format xmlto-codecleanup.patch for -p1
  * format xmlto-nonvoid.patch for -p1
  * drop xmlto-overflow.patch (xmlif.c is regenerated anyway)
  * drop xmlto-lynx-empty-file.patch (obsolete)
  * renumber patches