Packages changed:
  apparmor
  apr (1.6.2 -> 1.6.3)
  autoyast2 (4.0.52 -> 4.0.53)
  babl
  gegl
  geoclue2
  grub2
  hwdata (0.311 -> 0.312)
  hylafax+
  jemalloc (5.0.1 -> 5.1.0)
  kauth
  kernel-source (4.16.7 -> 4.16.8)
  krita (4.0.2 -> 4.0.3)
  kwalletmanager5
  libdrm (2.4.91 -> 2.4.92)
  libtool
  openssl-1_1
  ovmf (2018+git1521096615.b3fa393f477a -> 2018+git1525854636.13e3f8c03339)
  patch
  permissions (20180125 -> 20180508)
  php7
  plasma-nm5
  plasma5-pk-updates
  postfix
  python-kiwi (9.14.7 -> 9.15.1)
  sddm
  xen (4.10.0_18 -> 4.10.0_20)
  yast2-installation (4.0.55 -> 4.0.59)
  yast2-storage-ng (4.0.178 -> 4.0.179)

=== Details ===

==== apparmor ====
Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang pam_apparmor pam_apparmor-32bit perl-apparmor python3-apparmor

- add fix-samba-profiles.patch - smbd loads new shared libraries.
  Allow winbindd to access new kerberos credential cache location
  (boo#1092099)

==== apr ====
Version update (1.6.2 -> 1.6.3)
Subpackages: apr-devel libapr1

- Version 1.6.3:
  * apr_file_trunc: Truncating a buffered file could add unexpected
  data after the truncate position. PR 51017.
  * apr_file_trunc: Fix an issue where reading from a buffered file
  after truncate could return stale data from the buffer.
  * apr_ipsubnet_create() now fails for an empty input string.

==== autoyast2 ====
Version update (4.0.52 -> 4.0.53)
Subpackages: autoyast2-installation

- Handle DASD or zFCP devices even when the profile is not in a
  remote location (bsc#1089554).
- 4.0.53

==== babl ====

- Add baselibs.conf, build 32-bit support.

==== gegl ====
Subpackages: gegl-0_4 gegl-0_4-lang libgegl-0_4-0

- Add gegl-port-ffmpeg4.patch: Fix build with ffmpeg4 (bgo#795625).
- Add baselibs.conf, build 32-bit support.

==== geoclue2 ====
Subpackages: system-user-srvGeoClue typelib-1_0-Geoclue-2_0

- Add geoclue2-Fix-safety-header-name.patch: public-api: Fix safety
  header name. It should be based on the filename.
- Add geoclue2-Fix-potentially-unused-variable.patch: locator: Fix
  a potentially unused variable declaration.
- Add geoclue2-Fix-duplicate-decl-specifier.patch:Fix compiler
  warning about duplicate decl specifier.

==== grub2 ====
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen

- Add grub2-freetype-pkgconfig.patch to fix build with new freetype
  use pkgconfig to find Freetype libraries.

==== hwdata ====
Version update (0.311 -> 0.312)

- Update to version 0.312:
  * Updated pci, usb and vendor ids.

==== hylafax+ ====
Subpackages: hylafax+-client libfaxutil5_5_9

- boo#1091476: faxq must always run as real user root

==== jemalloc ====
Version update (5.0.1 -> 5.1.0)

- Update to version 5.1.0:
  * remove patches: 0001-ARM-Don-t-extend-bit-LG_VADDR-to-compute-high-addres.patch
  and 0001-remove-CPU_SPINWAIT.patch.
  New features:
  * Implement transparent huge page support for internal metadata. (@interwq)
  * Add opt.thp to allow enabling / disabling transparent huge pages for all mappings. (@interwq)
  * Add maximum background thread count option. (@djwatson)
  * Allow prof_active to control opt.lg_prof_interval and prof.gdump. (@interwq)
  * Allow arena index lookup based on allocation addresses via mallctl. (@lionkov)
  * Allow disabling initial-exec TLS model. (@davidtgoldblatt, @KenMacD)
  * Add opt.lg_extent_max_active_fit to set the max ratio between the size of the active extent selected (to split off from) and the size of the requested allocation. (@interwq, @davidtgoldblatt)
  * Add retain_grow_limit to set the max size when growing virtual address space. (@interwq)
  * Add mallctl interfaces:
  * arena.<i>.retain_grow_limit (@interwq)
  * arenas.lookup (@lionkov)
  * max_background_threads (@djwatson)
  * opt.lg_extent_max_active_fit (@interwq)
  * opt.max_background_threads (@djwatson)
  * opt.metadata_thp (@interwq)
  * opt.thp (@interwq)
  * stats.metadata_thp (@interwq)
  Portability improvements:
  * Support GNU/kFreeBSD configuration. (@paravoid)
  * Support m68k, nios2 and SH3 architectures. (@paravoid)
  * Fall back to FD_CLOEXEC when O_CLOEXEC is unavailable. (@zonyitoo)
  * Fix symbol listing for cross-compiling. (@tamird)
  * Fix high bits computation on ARM. (@davidtgoldblatt, @paravoid)
  * Disable the CPU_SPINWAIT macro for Power. (@davidtgoldblatt, @marxin)
  * Fix MSVC 2015 & 2017 builds. (@rustyx)
  * Improve RISC-V support. (@EdSchouten)
  * Set name mangling script in strict mode. (@nicolov)
  * Avoid MADV_HUGEPAGE on ARM. (@marxin)
  * Modify configure to determine return value of strerror_r. (@davidtgoldblatt, @cferris1000)
  * Make sure CXXFLAGS is tested with CPP compiler. (@nehaljwani)
  * Fix 32-bit build on MSVC. (@rustyx)
  * Fix external symbol on MSVC. (@maksqwe)
  * Avoid a printf format specifier warning. (@jasone)
  * Add configure option --disable-initial-exec-tls which can allow jemalloc to be dynamically loaded after program startup. (@davidtgoldblatt, @KenMacD)
  * AArch64: Add ILP32 support. (@cmuellner)
  * Add --with-lg-vaddr configure option to support cross compiling. (@cmuellner, @davidtgoldblatt)
  Optimizations and refactors:
  * Improve active extent fit with extent_max_active_fit. This considerably reduces fragmentation over time and improves virtual memory and metadata usage. (@davidtgoldblatt, @interwq)
  * Eagerly coalesce large extents to reduce fragmentation. (@interwq)
  * sdallocx: only read size info when page aligned (i.e. possibly sampled), which speeds up the sized deallocation path significantly. (@interwq)
  * Avoid attempting new mappings for in place expansion with retain, since it rarely succeeds in practice and causes high overhead. (@interwq)
  * Refactor OOM handling in newImpl. (@wqfish)
  * Add internal fine-grained logging functionality for debugging use. (@davidtgoldblatt)
  * Refactor arena / tcache interactions. (@davidtgoldblatt)
  * Refactor extent management with dumpable flag. (@davidtgoldblatt)
  * Add runtime detection of lazy purging. (@interwq)
  * Use pairing heap instead of red-black tree for extents_avail. (@djwatson)
  * Use sysctl on startup in FreeBSD. (@trasz)
  * Use thread local prng state instead of atomic. (@djwatson)
  * Make decay to always purge one more extent than before, because in practice large extents are usually the ones that cross the decay threshold. Purging the additional extent helps save memory as well as reduce VM fragmentation. (@interwq)
  * Fast division by dynamic values. (@davidtgoldblatt)
  * Improve the fit for aligned allocation. (@interwq, @edwinsmith)
  * Refactor extent_t bitpacking. (@rkmisra)
  * Optimize the generated assembly for ticker operations. (@davidtgoldblatt)
  * Convert stats printing to use a structured text emitter. (@davidtgoldblatt)
  * Remove preserve_lru feature for extents management. (@djwatson)
  * Consolidate two memory loads into one on the fast deallocation path. (@davidtgoldblatt, @interwq)
  Bug fixes (most of the issues are only relevant to jemalloc 5.0):
  * Fix deadlock with multithreaded fork in OS X. (@davidtgoldblatt)
  * Validate returned file descriptor before use. (@zonyitoo)
  * Fix a few background thread initialization and shutdown issues. (@interwq)
  * Fix an extent coalesce + decay race by taking both coalescing extents off the LRU list. (@interwq)
  * Fix potentially unbound increase during decay, caused by one thread keep stashing memory to purge while other threads generating new pages. The number of pages to purge is checked to prevent this. (@interwq)
  * Fix a FreeBSD bootstrap assertion. (@strejda, @interwq)
  * Handle 32 bit mutex counters. (@rkmisra)
  * Fix a indexing bug when creating background threads. (@davidtgoldblatt, @binliu19)
  * Fix arguments passed to extent_init. (@yuleniwo, @interwq)
  * Fix addresses used for ordering mutexes. (@rkmisra)
  * Fix abort_conf processing during bootstrap. (@interwq)
  * Fix include path order for out-of-tree builds. (@cmuellner)
  Incompatible changes:
  * Remove --disable-thp. (@interwq)
  * Remove mallctl interfaces:
  * config.thp (@interwq)
  Documentation:
  * Add TUNING.md. (@interwq, @davidtgoldblatt, @djwatson)

==== kauth ====
Subpackages: libKF5Auth5 libKF5Auth5-lang

- Removed setBadness() from spec file, since it is no longer needed.

==== kernel-source ====
Version update (4.16.7 -> 4.16.8)
Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms

- Linux 4.16.8 (bnc#1012628).
- ACPI / button: make module loadable when booted in non-ACPI mode
  (bnc#1012628).
- arm64: Add work around for Arm Cortex-A55 Erratum 1024718
  (bnc#1012628).
- ALSA: hda - Fix incorrect usage of IS_REACHABLE() (bnc#1012628).
- ALSA: pcm: Check PCM state at xfern compat ioctl (bnc#1012628).
- ALSA: seq: Fix races at MIDI encoding in
  snd_virmidi_output_trigger() (bnc#1012628).
- ALSA: dice: fix kernel NULL pointer dereference due to invalid
  calculation for array index (bnc#1012628).
- ALSA: aloop: Mark paused device as inactive (bnc#1012628).
- ALSA: aloop: Add missing cable lock to ctl API callbacks
  (bnc#1012628).
- errseq: Always report a writeback error once (bnc#1012628).
- tracepoint: Do not warn on ENOMEM (bnc#1012628).
- scsi: target: Fix fortify_panic kernel exception (bnc#1012628).
- Input: leds - fix out of bound access (bnc#1012628).
- Input: atmel_mxt_ts - add touchpad button mapping for Samsung
  Chromebook Pro (bnc#1012628).
- swiotlb: fix inversed DMA_ATTR_NO_WARN test (bnc#1012628).
- rtlwifi: cleanup 8723be ant_sel definition (bnc#1012628).
- xfs: prevent creating negative-sized file via INSERT_RANGE
  (bnc#1012628).
- tools: power/acpi, revert to LD = gcc (bnc#1012628).
- RDMA/cxgb4: release hw resources on device removal
  (bnc#1012628).
- RDMA/ucma: Allow resolving address w/o specifying source address
  (bnc#1012628).
- RDMA/mlx5: Fix multiple NULL-ptr deref errors in rereg_mr flow
  (bnc#1012628).
- RDMA/mlx4: Add missed RSS hash inner header flag (bnc#1012628).
- RDMA/mlx5: Protect from shift operand overflow (bnc#1012628).
- NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2
  (bnc#1012628).
- IB/mlx5: Use unlimited rate when static rate is not supported
  (bnc#1012628).
- infiniband: mlx5: fix build errors when INFINIBAND_USER_ACCESS=m
  (bnc#1012628).
- IB/hfi1: Fix handling of FECN marked multicast packet
  (bnc#1012628).
- IB/hfi1: Fix loss of BECN with AHG (bnc#1012628).
- IB/hfi1: Fix NULL pointer dereference when invalid num_vls is
  used (bnc#1012628).
- iw_cxgb4: Atomically flush per QP HW CQEs (bnc#1012628).
- btrfs: Take trans lock before access running trans in
  check_delayed_ref (bnc#1012628).
- drm/vc4: Make sure vc4_bo_{inc,dec}_usecnt() calls are balanced
  (bnc#1012628).
- drm/vmwgfx: Fix a buffer object leak (bnc#1012628).
- drm/bridge: vga-dac: Fix edid memory leak (bnc#1012628).
- test_firmware: fix setting old custom fw path back on exit,
  second try (bnc#1012628).
- xhci: Fix use-after-free in xhci_free_virt_device (bnc#1012628).
- USB: serial: visor: handle potential invalid device
  configuration (bnc#1012628).
- usb: dwc3: gadget: Fix list_del corruption in dwc3_ep_dequeue
  (bnc#1012628).
- USB: Accept bulk endpoints with 1024-byte maxpacket
  (bnc#1012628).
- USB: serial: option: reimplement interface masking
  (bnc#1012628).
- USB: serial: option: adding support for ublox R410M
  (bnc#1012628).
- usb: musb: host: fix potential NULL pointer dereference
  (bnc#1012628).
- usb: musb: trace: fix NULL pointer dereference in musb_g_tx()
  (bnc#1012628).
- platform/x86: asus-wireless: Fix NULL pointer dereference
  (bnc#1012628).
- platform/x86: Kconfig: Fix dell-laptop dependency chain
  (bnc#1012628).
- KVM: x86: remove APIC Timer periodic/oneshot spikes
  (bnc#1012628).
- x86/tsc: Always unregister clocksource_tsc_early (bnc#1012628).
- x86/tsc: Fix mark_tsc_unstable() (bnc#1012628).
- irqchip/qcom: Fix check for spurious interrupts (bnc#1012628).
- clocksource: Allow clocksource_mark_unstable() on unregistered
  clocksources (bnc#1012628).
- clocksource: Initialize cs->wd_list (bnc#1012628).
- clocksource: Consistent de-rate when marking unstable
  (bnc#1012628).
- tracing: Fix bad use of igrab in trace_uprobe.c (bnc#1012628).
- Delete patches.suse/tools-power-acpi-revert-to-LD-gcc.patch.
- Update config files.
- commit 9269cc1

==== krita ====
Version update (4.0.2 -> 4.0.3)
Subpackages: krita-lang

- Update to 4.0.3:
  * https://krita.org/en/item/krita-4-0-3-released/
  * Fix a crash when copy/pasting (kde#394068)
  * Krita can open .rw2 RAW files
  * The splash screen is updated to work better on HiDPI or Retina
    displays (kde#392282)
  * The OpenEXR export filter will convert images with an integer
    channel depth before saving, instead of giving an error
  * The OpenEXR export filter no longer gives export warnings
    calling itself the TIFF filter
  * The emtpy error message dialog that would erroneously be shown
    after running some export filters is no longer shown
    (kde#393850)
  * The setBackGroundColor method in the Python API has been
    renamed to setBackgroundColor for consistency
  * Fix a crash in KisColorizeMask (kde#393753)

==== kwalletmanager5 ====
Subpackages: kwalletmanager5-lang

- Remove setBadness calls (wtf) (boo#1090647)

==== libdrm ====
Version update (2.4.91 -> 2.4.92)
Subpackages: libdrm-devel libdrm2 libdrm_amdgpu1 libdrm_intel1 libdrm_nouveau2 libdrm_radeon1

- update to 2.4.92
  + drm/atomic: Refuse to add invalid objects to requests
  + freedreno: add missing symbols to symbol-check
  + libdrm: Use readdir instead of readdir_r to avoid build warnings
  + Intel: Add a Kaby Lake PCI ID
  + amdgpu: Deinitialize vamgr_high{,_32}
  + intel: add support for ICL 11
  + amdgpu:support 16 ibs per submit for PAL/SRIOV
  + freedreno: add fd_pipe refcounting
  + drm/amdgpu: Remove IB count checking
  + intel/intel_chipset.h: Sync Cannonlake IDs.
  + libdrm: amdgpu: Adding DRM_RDWR flag in amdgpu_bo_export
  + amdgpu: enlarge the maximum number of cards supported

==== libtool ====
Subpackages: libltdl7 libltdl7-32bit

- Add libtool-reproducible-hostname.patch
  to make package build reproducible (boo#1084909)

==== openssl-1_1 ====
Subpackages: libopenssl-1_1-devel libopenssl1_1 libopenssl1_1-32bit

- OpenSSL Security Advisory [16 Apr 2018]
  * Cache timing vulnerability in RSA Key Generation
    (CVE-2018-0737, bsc#1089039)
  * add openssl-CVE-2018-0737.patch
- Fix escaping in c_rehash (boo#1091961, bsc#1091963)
  * add 0001-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch

==== ovmf ====
Version update (2018+git1521096615.b3fa393f477a -> 2018+git1525854636.13e3f8c03339)
Subpackages: qemu-ovmf-x86_64

- Update to 2018+git1525854636.13e3f8c03339
  + BaseTools/VfrCompile: Avoid using uninitialized pointer
  + MdeModulePkg/PciHostBridge: Count the (mm)io overhead when polling
  + UefiCpuPkg/SecMain: Add NORETURN decorator to SecStartup()
  + CryptoPkg/CrtLibSupport: add secure_getenv() stub function
  + MdeModulePkg/AcpiPlatformDxe: Unload after execution
  + SecurityPkg/OpalPassword: Add support for pyrite 2.0 devices
  + NetworkPkg/NetworkPkg.dsc: Add the instance of library class
    [SafeIntLib]
  + ArmVirtPkg: use protocol-based DevicePathLib instance for most
    DXE modules
  + OvmfPkg/QemuVideoDxe: round up FrameBufferSize to full page
  + ArmVirtPkg: reinstate timer unmask quirk for Xen
  + ArmPkg/TimerDxe: remove workaround for KVM timer handling
  + FatPkg/EnhancedFatDxe: Ensure traverse of subtasks is
    delete-safe
  + OvmfPkg/PlatformBootManagerLib: add USB keyboard to ConIn
  + CryptoPkg/OpensslLib: Update OpenSSL version to 1.1.0h
  + OvmfPkg/TlsAuthConfigLib: configure trusted cipher suites for
    HTTPS boot
  + ArmVirtPkg/ArmVirtQemu: hook NvVarStoreFormattedLib into
    VariableRuntimeDxe
  + ArmPlatformPkg/NorFlashDxe: cue the variable driver with
    NvVarStoreFormatted
  + ArmPlatformPkg/NorFlashDxe: initialize varstore headers eagerly
  + OvmfPkg: remove BLOCK_MMIO_PROTOCOL and BlockMmioToBlockIoDxe
  + OvmfPkg/TlsAuthConfigLib: configure trusted CA certs for
    HTTPS boot
  + MdeModulePkg/Variable/RuntimeDxe: introduce
    PcdMaxVolatileVariableSize
  + NetworkPkg/TlsAuthConfigDxe: preserve TlsCaCertificate variable
    attributes
  + NetworkPkg/HttpDxe: drop misleading comment / status code in
    cert config
  + NetworkPkg/HttpDxe: use error handler epilogue in
    TlsConfigCertificate()
  + NetworkPkg/HttpBootDxe: fix typo in DHCPv4 packet parsing
  + OvmfPkg/QemuVideoDxe: handle invalid BltOperation gracefully
  + NetworkPkg/UefiPxeBcDxe: Configure the ARP Instance/RouteTable
    with new address
  + NetworkPkg/HttpDxe: Handle the large data request via HTTPS
    channel
  + NetworkPkg/TlsDxe: Handle the multiple TLS record messages
    encryption/decryption
  + SecurityPkg Tpm12CommandLib: Fix TPM12 GetCapability response
    error
  + SecurityPkg Tpm2CommandLib: Fix TPM2.0 response memory overflow
  + MdeModulePkg/DxeMain: Fix BSP interrupts reenabled in
    ExitBootServices
  + UefiCpuPkg/MpInitLib: Disable interrupt at ExitBootServices AP
    Mwait
  + OvmfPkg/PlatformBootManagerLib: process "-kernel" before boot
    devices
  + OvmfPkg/PlatformBootManagerLib: hoist PciAcpiInitialization()
  + ArmVirtPkg/PlatformBootManagerLib: return to "-kernel before
    boot devices"
  + MdeModulePkg/Core: allow HeapGuard even before CpuArchProtocol
    installed
  + UefiCpuPkg CpuExceptionHandlerLib: use FixedPcdGetSize() as the
    macro value
  + remove TrEE
  + MdeModulePkg/PciBus: return CPU address for GetBarAttributes
  + MdeModulePkg/PciBus: convert host address to device address
  + MdeModulePkg/PciHostBridgeDxe: Add support for address translation
  + OvmfPkg/PciHostBridgeLib: clear PCI aperture vars for (re)init
  + ArmPkg/TimerDxe: Add ISB for timer compare value reload
  + BaseTools code refactoring

==== patch ====

- ed-style-07-dont-leak-tmp-file.patch,
  ed-style-08-dont-leak-tmp-file-multi.patch: Fix temporary file
  leak when applying ed-style patches (bsc#1092500,
  savannah#53820).

==== permissions ====
Version update (20180125 -> 20180508)

- Update to version 20180508:
  * Capabilities for usage of Wireshark for non-root (bsc#957624)

==== php7 ====
Subpackages: apache2-mod_php7 php7-bcmath php7-bz2 php7-calendar php7-ctype php7-curl php7-dba php7-devel php7-dom php7-exif php7-fastcgi php7-ftp php7-gd php7-gettext php7-gmp php7-iconv php7-json php7-ldap php7-mbstring php7-mysql php7-odbc php7-openssl php7-pdo php7-pear php7-pear-Archive_Tar php7-pgsql php7-shmop php7-snmp php7-sockets php7-sqlite php7-sysvsem php7-sysvshm php7-tidy php7-tokenizer php7-wddx php7-xmlreader php7-xmlwriter php7-xsl php7-zip php7-zlib

- better workaround for [bsc#1089487]: build mod_phpN.so
  instead of libphpN.so
- rename freetype-pkgconfig.patch to php7-freetype-pkgconfig.patch
  to align with the rest of patch names
- Add freetype-pkgconfig.patch to fix build with new Freetype:
  use pkg-config to find Freetype libraries

==== plasma-nm5 ====
Subpackages: plasma-nm5-lang plasma-nm5-openconnect plasma-nm5-openvpn plasma-nm5-pptp plasma-nm5-vpnc

- Add supplements to avoid hard requires (part of fix for boo#982962)

==== plasma5-pk-updates ====
Subpackages: plasma5-pk-updates-lang

- Add patch to fix tooltip text with security or important updates (boo#1090375):
  * 0001-Use-n-instead-of-br-for-the-extra-part-of-the-summar.patch

==== postfix ====
Subpackages: postfix-doc

- remove pre-requirements on sysvinit(network) and sysvinit(syslog).
  There seems to be no good reason for that other than blowing up
  the dependencies (bsc#1092408).

==== python-kiwi ====
Version update (9.14.7 -> 9.15.1)

- Bump version: 9.15.0 ? 9.15.1
- Add a chapter for uninstall package requests in docs (#726)
  Add a chapter for uninstall package requests in docs
- Update arm integration test
  Existing panda build was outdated and non functional.
  Move the test to a more popular target and write the
  image description to use technology matching the
  suse arm development effort. Target is now Rpi(64bit)
- Use latest version of sphinx
  Formerly sphinx==1.6.7 was used because travis-sphinx failed
  with latest sphinx. Now travis-sphinx fails with 1.6.7 and
  I hope using latest sphinx will fix that
- Bump version: 9.14.7 ? 9.15.0
- Add comment in pinch_system calls
- Refining the uninstall type implementation

==== sddm ====
Subpackages: sddm-branding-openSUSE

- Amend patch to also canonicalize desktop session paths (boo#1092251):
  * 0003-Leave-duplicate-symlinks-out-of-the-SessionModel.patch
- Add patch to fix build with Qt 5.11:
  * 0001-Fix-build-with-Qt-5.11-1024.patch

==== xen ====
Version update (4.10.0_18 -> 4.10.0_20)
Subpackages: xen-doc-html xen-libs xen-tools xen-tools-domU

- bsc#1092543 - GCC 8: xen build fails
  5ac72a48-gcc8.patch
  5ac72a5f-gcc8.patch
  5ac72a64-gcc8.patch
  5ac72a69-gcc8.patch
  5ac72a6e-gcc8.patch
  5ac72a74-gcc8.patch
  5ac72a7b-gcc8.patch
  gcc8-inlining-failed.patch
- bsc#1090820 - VUL-0: CVE-2018-8897: xen: x86: mishandling of
  debug exceptions (XSA-260)
  xsa260-1.patch
  xsa260-2.patch
  xsa260-3.patch
  xsa260-4.patch
- bsc#1090822 - VUL-0: xen: x86 vHPET interrupt injection errors
  (XSA-261)
  xsa261.patch
- bsc#1090823 - VUL-0: xen: qemu may drive Xen into unbounded loop
  (XSA-262)
  xsa262.patch

==== yast2-installation ====
Version update (4.0.55 -> 4.0.59)

- Log a warning when umounting a filesystem fails after
  installation/upgrade (related to bsc#1090018).
- 4.0.59
- disable mdadm auto assembly for installation (bsc#1090690)
- 4.0.58
- Keep the selected product in the desktop selection dialog
  (bsc#1088660)
- 4.0.57
- Copy new /var/log/YaST2/storage-inst/ subdir to target at the
  end of the installation (part of fate #318196)
- 4.0.56

==== yast2-storage-ng ====
Version update (4.0.178 -> 4.0.179)

- Partitioner: check whether required packages are installed
  before committing changes to disk (bsc#1089508).
- 4.0.179
- Partitioner: fix buttons to abort and to go back
  (part of fate#318196 and related to bsc#1075443).
- Partitioner: fixed detection of reprobed system to avoid
  unnecessary proposal re-calculation.
- Partitioner: allow to select only valid parity algorithms when
  creating a new MD RAID (bsc#1090182).
- Partitioner: "Configure..." button allowing to execute the
  YaST clients for iSCI, FCoE, DASD, zFCP and XPRAM (bsc#1090753).